How to remove W8T_kms.exe

» File
File Details
Overview
Analysis

W8T_kms.exe

The module W8T_kms.exe has been detected as Ransom.Blocker

W8T_kms.exe

Remove W8T_kms.exe

File Details

Main Info:

Product Name:	7-Zip SFX
Company Name:	Oleg N. Scherbakov
MD5:	f7f3fc70dc0b2dfb6b6874055b8822e5
Size:	33 MB
First Published:	2017-07-08 23:07:34 (6 years ago)
Latest Published:	2022-12-29 23:49:44 (a year ago)

Analysis:

Status:	Ransom.Blocker (on last analysis)
Analysis Date:	2022-12-29 23:49:44 (a year ago)

Common Places:

%desktop%\desktop\nueva carpeta\office 2013

%temp%\ir_ext_temp_0\autoplay

%sysdrive%\office_2013\wofft-act-richi.rar

Geography:

	50.0%
	25.0%
	25.0%

OS Version:

Windows 10	50.0%
Windows 7	50.0%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x00015cbf

PE Sections:

Name	Size of data	MD5
.text	87040	028307629f1504bf915a08c35b380228
.rdata	13312	bbb7f0625afbf270703ead6b71d297a1
.data	2048	0780a67ca2e1087945c4f0611d25f813
.rsrc	164352	eab6b0fa542b736c38cdc36c5a90886a

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for W8T_kms.exe

copyright for information about W8T_kms.exe