How to remove KMSELDI.exe.vir

KMSELDI.exe.vir

The module KMSELDI.exe.vir has been detected as Crack.AutoKMS

KMSELDI.exe.vir
Remove KMSELDI.exe.vir

File Details

Product Name:

KMS GUI ELDI
MD5: 6bbedd3e5505afa3c9ce2b81a0c1362d
Size: 1 MB
First Published: 2017-05-21 06:07:16 (6 years ago)
Latest Published: 2024-01-28 23:35:51 (3 months ago)
Status: Crack.AutoKMS (on last analysis)
Analysis Date: 2024-01-28 23:35:51 (3 months ago)

Overview

Signed By: @ByELDI
Status: Valid

Common Places:

%programfiles%\kmspico
%appdata%\zhp\quarantine\kmspico
%programfiles%\panda security\panda security protection\lostandfound
%programfiles%
%desktop%\desktop
%desktop%
%programfiles%\panda security\panda security protection
%sysdrive%\$recycle.bin\s-1-5-21-1705778768-239233795-1564717606-1001
%sysdrive%\windows.old\program files
%desktop%\spico

File Names:

KMSELDI.exe
KMSELDI.exe.vir

Geography:

15.0%
11.6%
11.3%
6.5%
4.4%
3.2%
3.2%
3.2%
2.6%
2.4%
2.3%
2.1%
1.6%
1.6%
1.6%
1.6%
1.5%
1.3%
1.3%
1.1%
1.0%
1.0%
1.0%
1.0%
0.8%
0.8%
0.8%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%

OS Version:

Windows 8.1 39.5%
Windows 7 31.2%
Windows 10 24.8%
Windows 8 2.4%
Windows Server 2008 R2 1.1%
Windows Embedded 8.1 0.5%
Windows Server 2012 R2 0.3%
Windows Vista 0.2%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x0010774e

.NET Info:

MVID: 858763be-b485-49fe-bd97-0e5a4a38be6b

PE Sections:

Name Size of data MD5
.text 1071104 52c797e52d382dad4334e2d4e7517761
.sdata 512 576c4293c24890c7b0d1d0e333d55730
.rsrc 20992 63424a2815c8919d2d6b6f2f61ae98a9
.reloc 512 a8d3351b914f0963aa7c031c1ee9fa31

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for KMSELDI.exe.vir
copyright for information about KMSELDI.exe.vir