How to remove KMS.exe

KMS.exe

The module KMS.exe has been detected as Hack.KMS

KMS.exe
Remove KMS.exe

File Details

MD5: a2d60b5c01a305af1ac76c95e12fdf4a
Size: 5 MB
First Published: 2017-05-28 11:07:46 (8 years ago)
Latest Published: 2025-04-17 23:00:43 (9 months ago)
Status: Hack.KMS (on last analysis)
Analysis Date: 2025-04-17 23:00:43 (9 months ago)

Overview

Signed By: Ratiborus MSFree Inc.
Status: Valid

Common Places:

%sysdrive%\windows
%sysdrive%\activators\kmsauto lite portable v1.2.2
%profile%\downloads\kmsauto_lite_portable_v1.2.2_1\kmsauto lite portable v1.2.2
%windir%\setup\scripts\activator\kmsauto
%desktop%\kmsauto lite portable v1.2.2
%desktop%\bonus\81\kms\kmsauto lite portable v1.2.2
%localappdata%\temp
%desktop%\help\kmsauto lite portable v1.2.2
%desktop%\bonus\10\kms\kmsauto lite portable v1.2.2
%sysdrive%\$windows.~ls\sources\$oem$\$1\users\public\desktop\help\kmsauto lite portable v1.2.2

File Names:

KMSAuto.exe
KMS.exe
2016-06 - KMSAuto Lite 1.2.2.exe
$RC3J4SI.exe
kmsauto.exe
trzDE21.tmp
trz4F0D.tmp
KMSAuto.exe.quarantined

Geography:

41.2%
33.2%
6.5%
2.3%
1.7%
1.2%
1.1%
0.9%
0.9%
0.9%
0.6%
0.6%
0.5%
0.5%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.3%
0.3%
0.3%
0.3%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%
0.1%

OS Version:

Windows 10 50.1%
Windows 7 43.2%
Windows 8.1 5.6%
Windows Server 2012 R2 0.6%
Windows 8 0.2%
Windows XP 0.2%
Windows Embedded 8.1 0.1%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00001000

PE Sections:

Name Size of data MD5
.code 107520 55faece7f03ed94d213ea0e84078af03
.text 307200 ffb876c1dc507a8361f4482e2a49ac95
.rdata 35840 845b07f0ebd235da7031a74ca0534020
.data 5734912 e54f7a8abcae5c213ece6a0a50720a05
.rsrc 45568 b52985ba379d32960e88b52d459946e8

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for KMS.exe
copyright for information about KMS.exe