How to remove KMSELDI.exe
- File Details
- Overview
- Analysis
KMSELDI.exe
The module KMSELDI.exe has been detected as Hack.KMS
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
7d2733ac8fdce88e2e74428513a307e6 |
| Size: |
1 MB |
| First Published: |
2017-05-24 14:02:27 (7 years ago) |
| Latest Published: |
2020-04-28 08:28:20 (4 years ago) |
| Status: |
Hack.KMS (on last analysis) |
|
| Analysis Date: |
2020-04-28 08:28:20 (4 years ago) |
| %programfiles%\kmspico |
| %temp%\7zipsfx.003\officevl\officekms.exe |
| %temp%\7zipsfx.001\officevl\officekms.exe |
| %temp%\7zipsfx.002\officevl\officekms.exe |
| %temp%\7zipsfx.000\officevl\officekms.exe |
| %programfiles% |
| %temp%\7zipsfx.000\officevl |
| %temp%\7zipsfx.001\officevl |
| %profile%\dministrator\local settings\temp\7zipsfx.000\officevl |
| %appdata%\zhp\quarantine\zhpcleaner |
|
16.7% |
|
|
10.0% |
|
|
8.3% |
|
|
6.7% |
|
|
6.7% |
|
|
5.0% |
|
|
5.0% |
|
|
3.3% |
|
|
3.3% |
|
|
3.3% |
|
|
3.3% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
|
1.7% |
|
| Windows 7 |
53.3% |
|
| Windows 8 |
21.7% |
|
| Windows 10 |
16.7% |
|
| Windows 8.1 |
5.0% |
|
| Windows Server 2003 |
1.7% |
|
| Windows XP |
1.7% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x000da4ce |
| MVID: |
39bd41bd-2784-4a82-8c30-6fb51df2039a |
| Typelib ID: |
863d9135-9365-4bee-95bf-0d83ded34d9f |
| Name |
Size of data |
MD5 |
| .text |
886272 |
ca8ffd1c3c4ac2a00bfacdd7483b646a |
| .sdata |
512 |
4efc309f5c794d856dd604b0a0aa5bd2 |
| .rsrc |
374272 |
01cf3c86a14e84aa9d09d5d1f6f77c29 |
| .reloc |
512 |
ce4e0a868b084e882ce76794b2f61549 |
