How to remove KMSELDI.exe

» File
File Details
Overview
Analysis

KMSELDI.exe

The module KMSELDI.exe has been detected as Hack.KMS

Remove KMSELDI.exe

File Details

Main Info:

Product Name:	KMS GUI ELDI
MD5:	425514d77abdd65efc094ae12bd49d39
Size:	676 KB
First Published:	2017-05-21 09:01:15 (6 years ago)
Latest Published:	2019-06-06 20:34:33 (4 years ago)

Analysis:

Status:	Hack.KMS (on last analysis)
Analysis Date:	2019-06-06 20:34:33 (4 years ago)

Common Places:

%programfiles%\kmspico

%desktop%\acer\nouveau dossier (2)\مفتاح التفعيل الاوفيس 2013\¼þ ƒúûùóñ

%profile%\downloads\compressed\تفعيل الافيس 2013.rar\تفعيل الافيس 2013

%desktop%\برامج\تفعيل الافيس 2013

%sysdrive%\downloads\تفعيل-الافيس-2013.zip

%programfiles%

%sysdrive%\$recycle.bin\s-1-5-21-2906582270-31254485-4057278674-1000\$r9niqna\backup set 2015-09-21 201647\backup files 2015-09-21 201647\backup files 1.zip\c\users\win7\desktop

%sysdrive%\برامج\اوفيس 64 بت عربي2013

%profile%\downloads\compressed

%sysdrive%\برامج\win10\اوفيس 2013

Geography:

	21.1%
	18.4%
	10.5%
	10.5%
	7.9%
	7.9%
	5.3%
	5.3%
	2.6%
	2.6%
	2.6%
	2.6%
	2.6%

OS Version:

Windows 10	42.1%
Windows 7	39.5%
Windows 8.1	15.8%
Windows 8	2.6%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x000a546e

.NET Info:

MVID:	c22ccc0d-66f5-42fc-9738-270c9d4bf064
Typelib ID:	863d9135-9365-4bee-95bf-0d83ded34d9f

PE Sections:

Name	Size of data	MD5
.text	669184	b32114a1f75997d5cadcb17670f0b91c
.sdata	512	e3ed8e4c83482bed6d14887dbd081b95
.rsrc	20992	acf1ac3811943cd72a8e63dc5623b523
.reloc	512	58ff5b99b706d754831b7f32117c58b0

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for KMSELDI.exe

copyright for information about KMSELDI.exe