How to remove $RI5HZEE.exe
- File Details
- Overview
- Analysis
$RI5HZEE.exe
The module $RI5HZEE.exe has been detected as Virtool.AutoKMS
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
4d134abda29924cd562fac93ee8ab476 |
| Size: |
4 MB |
| First Published: |
2017-06-15 18:03:46 (6 years ago) |
| Latest Published: |
2020-08-25 18:39:42 (3 years ago) |
| Status: |
Virtool.AutoKMS (on last analysis) |
|
| Analysis Date: |
2020-08-25 18:39:42 (3 years ago) |
| %commonappdata% |
| %sysdrive%\downloads\różny\kmsauto\kmsauto net 2014 v1.3.0 portable ru.zip |
| %desktop% |
| %sysdrive%\сборники портейбл программ\wpi portable\programs\bonus\kmsauto net 2014 v1.3.0.rar\kmsauto net 2014 v1.3.0 |
| %sysdrive%\$recycle.bin |
| %desktop%\fromflash\w7\keys\portabkmsauto-2.27 |
| %desktop%\fromflash\mamina\kmsauto-2.27-portab |
| %desktop%\soft |
| %sysdrive%\programs |
| %sysdrive%\soft\активация\активация windows |
| KMSAuto Net.exe |
| $RI5HZEE.exe |
| KMSAuto Net-ru.exe |
|
45.9% |
|
|
32.4% |
|
|
16.2% |
|
|
2.7% |
|
|
2.7% |
|
| Windows 7 |
59.5% |
|
| Windows 10 |
29.7% |
|
| Windows 8.1 |
8.1% |
|
| Windows Server 2012 R2 |
2.7% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x0048775e |
| MVID: |
0ee3b8bd-b4be-46f3-8c48-7f7b9b72127f |
| Typelib ID: |
fcad9796-cfc1-41fa-93da-378996c2a356 |
| Name |
Size of data |
MD5 |
| .text |
4741120 |
408077dabf005cfc980c935348ed940a |
| .rsrc |
48640 |
dc232490b934f982ed9871b25daadd60 |
| .reloc |
512 |
1c1e91c8156e0b46b3a43015fb5f6d34 |
