How to remove 00000051
00000051
The module 00000051 has been detected as Hack.KMS
File Details
| MD5: | b85f4ce841f3ae1ebdf76835d2eadbef |
| Size: | 13 KB |
| First Published: | 2017-05-24 20:03:02 (6 years ago) |
| Latest Published: | 2024-05-04 23:02:11 (a week ago) |
| Status: | Hack.KMS (on last analysis) | |
| Analysis Date: | 2024-05-04 23:02:11 (a week ago) |
Overview
| Signed By: | WZT |
| Status: | Invalid (digital signature could be stolen or file could be patched) |
Common Places:
| %commonappdata%\kmsautos\bin\driver\x64wdv |
| %commonappdata%\kmsauto\bin\driver\x64wdv |
| %sysdrive%\windows.old\programdata\kmsautos\bin\driver\x64wdv |
| %appdata%\zhp\quarantine\kmsautos\bin\driver\x64wdv |
| %sysdrive%\$recycle.bin\s-1-5-21-2275429643-1357250638-3055656149-1001\$rjaj0uu\bin\driver\x64wdv |
| %commonappdata%\kmsautos\bin\driver |
| %commonappdata%\kmsauto\bin\driver |
| %appdata%\zhp\quarantine\kmsauto\bin\driver |
| %sysdrive%\$recycle.bin |
| %appdata%\zhp\quarantine\kmsautos\bin\driver |
File Names:
| FakeClient.exe |
| fakeclient.exe |
| $R5EXLYY.exe |
| $RB3CBLV.exe |
| FakeClient(152).exe |
| 00000051 |
Geography:
| 24.5% | ||
| 12.0% | ||
| 11.0% | ||
| 3.8% | ||
| 2.6% | ||
| 2.6% | ||
| 2.2% | ||
| 2.0% | ||
| 2.0% | ||
| 1.9% | ||
| 1.9% | ||
| 1.7% | ||
| 1.6% | ||
| 1.5% | ||
| 1.4% | ||
| 1.3% | ||
| 1.3% | ||
| 1.2% | ||
| 1.2% | ||
| 1.1% | ||
| 1.0% | ||
| 0.9% | ||
| 0.9% | ||
| 0.8% | ||
| 0.7% | ||
| 0.6% | ||
| 0.6% | ||
| 0.6% | ||
| 0.5% | ||
| 0.5% | ||
| 0.5% | ||
| 0.5% | ||
| 0.5% | ||
| 0.5% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.4% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.3% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.2% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% | ||
| 0.1% |
OS Version:
| Windows 10 | 82.6% | |
| Windows 7 | 10.1% | |
| Windows 8.1 | 6.1% | |
| Windows 8 | 0.5% | |
| Windows Server 2012 R2 | 0.3% | |
| Windows Server 2008 R2 | 0.2% | |
| Windows Embedded 8.1 | 0.1% | |
| Windows Server 2016 | 0.1% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x000012fc |
PE Sections:
| Name | Size of data | MD5 |
| .text | 3584 | f8517e2e06a0264d414dac4fcb846c29 |
| .rdata | 3072 | adb76d07d82659b2e10b2b3acc3db7b7 |
| .data | 512 | 04d489f71119c8a139d74098d1680891 |
| .pdata | 512 | 516aab97049c71124ac40d5b54cdc95c |
| .rsrc | 512 | df9214180541147e51ae67c9a5ca59ac |
| .reloc | 512 | aec081bf54f5bd13a0a802758e7496ea |
More information:
Download GridinSoft
Anti-Malware - Removal tool for 00000051
