How to remove KMSELDI.exe

KMSELDI.exe

The module KMSELDI.exe has been detected as Virtool.Gen

KMSELDI.exe
Remove KMSELDI.exe

File Details

Product Name:

KMS GUI ELDI
Company Name:

@ByELDI
MD5: 7e2c9c23f6ff001837cb0a1a90006bca
Size: 1 MB
First Published: 2017-05-21 15:03:44 (8 years ago)
Latest Published: 2021-01-05 16:39:07 (4 years ago)
Status: Virtool.Gen (on last analysis)
Analysis Date: 2021-01-05 16:39:07 (4 years ago)

Common Places:

%programfiles%\kmsnano
%commonprograms%\microsoft office 2013\kmsnano
%programfiles%
%sysdrive%\pobieralnia\microsoft office 2013 activator (kmsnano 24) by dhruvloves007!
%sysdrive%\_programs\programs
%sysdrive%\_programs
%programfiles%
%windir%
%programfiles%
%programfiles%

Geography:

40.8%
6.9%
5.4%
4.6%
3.8%
3.1%
3.1%
3.1%
2.3%
2.3%
1.5%
1.5%
1.5%
1.5%
1.5%
1.5%
1.5%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%

OS Version:

Windows 7 53.1%
Windows 10 36.9%
Windows 8 6.2%
Windows 8.1 3.8%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x000d9b6e

.NET Info:

MVID: b4e4c52f-bd77-4c34-b32b-155a178c7cb8
Typelib ID: 863d9135-9365-4bee-95bf-0d83ded34d9f

PE Sections:

Name Size of data MD5
.text 883712 3801ac04a244f8b1133608747c9d19e9
.sdata 512 31bc527df3d3a922520f566d6bdba078
.rsrc 374272 f5c64af67921a0e107fab2f60ffd1f02
.reloc 512 be594699d9dfde7ea6c5b571fa87fe90

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for KMSELDI.exe
copyright for information about KMSELDI.exe