How to remove KMSELDI.exe
- File Details
- Overview
- Analysis
KMSELDI.exe
The module KMSELDI.exe has been detected as Virtool.Gen
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
56ba17c77cc27d746b7f52ed2575a804 |
| Size: |
1 MB |
| First Published: |
2017-05-21 03:02:01 (6 years ago) |
| Latest Published: |
2023-10-25 23:51:26 (6 months ago) |
| Status: |
Virtool.Gen (on last analysis) |
|
| Analysis Date: |
2023-10-25 23:51:26 (6 months ago) |
| %temp%\kmsnano |
| %sysdrive%\windows.old\users\vikto\appdata\local\temp\kmsnano |
| %sysdrive%\ \program\office 2013\main\!jb-team\jb office 2013 activator (windows 8) |
| %temp% |
| %sysdrive%\2-valiasr programs to day\2- select programs-office\office pro 2003 ++ 2007 full\2013 office\office 2013\office 2013 activator (windows 8) |
| %sysdrive%\activador office2013\medof15\lasmartv5.2.zip |
| %sysdrive%\00 softwer\2-valiasr programs\2- select programs-office\office pro 2003 ++ 2007 full\2013 office\office 2013\office 2013 activator (windows 8) |
| %windir% |
| %sysdrive%\04-software\06_phan mem office\02-active.office.2013.full |
| %sysdrive%\.da spostare altro hdd\usb pnp\cure win-office\old\kmsnano\lasmartv5.2.zip |
|
21.4% |
|
|
16.7% |
|
|
11.9% |
|
|
7.1% |
|
|
4.8% |
|
|
4.8% |
|
|
4.8% |
|
|
4.8% |
|
|
4.8% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
|
2.4% |
|
| Windows 10 |
47.6% |
|
| Windows 7 |
42.9% |
|
| Windows XP |
4.8% |
|
| Windows 8.1 |
4.8% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x000d43ae |
| MVID: |
b2172a48-f110-4ae9-8986-40c36b3d136f |
| Typelib ID: |
863d9135-9365-4bee-95bf-0d83ded34d9f |
| Name |
Size of data |
MD5 |
| .text |
861184 |
a4f4246471dc5ea1ea11e4965aeca7fb |
| .sdata |
512 |
8f7e79c73edace4881ba2c62444a9a3f |
| .rsrc |
374272 |
3ef9393a6605d8df3ae1d3a55be41cc6 |
| .reloc |
512 |
31fda6aed02cf5ce0fd1593ff36a1f84 |
