How to remove KrnlUI.exe
KrnlUI.exe
The module KrnlUI.exe has been detected as Trojan.Conteban
File Details
| Product Name: | KrnlUI |
| MD5: | 39ed86952a1e7926924a18802c0b75e4 |
| Size: | 1 MB |
| First Published: | 2022-10-15 23:13:56 (3 years ago) |
| Latest Published: | 2025-05-25 23:01:17 (8 months ago) |
| Status: | Trojan.Conteban (on last analysis) | |
| Analysis Date: | 2025-05-25 23:01:17 (8 months ago) |
Overview
| Signed By: | 1305119 B.C. Ltd |
| Status: | Valid |
Common Places:
| %appdata% |
| %appdata% |
| %appdata% |
| %sysdrive%\$recycle.bin\s-1-5-21-4177888961-2283354288-175648139-1001 |
| %appdata% |
| %appdata% |
| %appdata% |
| %appdata% |
| %sysdrive%\$recycle.bin\s-1-5-21-3540677031-51706847-3939426433-1008 |
| %sysdrive%\$recycle.bin\s-1-5-21-3540677031-51706847-3939426433-1008 |
Geography:
| 25.0% | ||
| 12.5% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% | ||
| 6.3% |
OS Version:
| Windows 10 | 100.0% |
Analysis
| Subsystem: | Windows GUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x000ffc2e |
.NET Info:
| MVID: | 43661eba-4c7a-4d25-aec6-5081db24b804 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 1039872 | a8d4c7ab6cf63c50485628aff5a1411b |
| .rsrc | 108544 | 6e4c6540c717c0f2d39b9acabdcc76fb |
| .reloc | 512 | b9897153c248e3f684a04c29e33d79b1 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for KrnlUI.exe
