How to remove gAutoKMS.exe
- File Details
- Overview
- Analysis
gAutoKMS.exe
The module gAutoKMS.exe has been detected as Trojan.Agent
File Details
| Product Name: |
|
| MD5: |
a351f99236a011d4027886215b843317 |
| Size: |
435 KB |
| First Published: |
2017-05-21 10:03:38 (8 years ago) |
| Latest Published: |
2022-05-03 23:12:11 (3 years ago) |
| Status: |
Trojan.Agent (on last analysis) |
|
| Analysis Date: |
2022-05-03 23:12:11 (3 years ago) |
| %sysdrive%\windows |
| %temp%\rarsfx0\resources\autokms |
| %temp%\rarsfx2\resources\autokms |
| %temp%\rarsfx1\resources\autokms |
| %windir% |
| %sysdrive%\prg\office_\office 2010_\office2010x86tr\ez-activator32\ez-activator32.exe\resources |
| %sysdrive%\windows.old\users\win10\appdata\local\temp\rarsfx0\resources |
| %temp%\rarsfx0\resources |
| %sysdrive%\ofis\15311552.rar\resources |
| %sysdrive%\ofis\office_2010_professional_plus_vl_-32_bit\ez-activator32.exe\resources |
|
43.5% |
|
|
25.2% |
|
|
6.9% |
|
|
2.6% |
|
|
1.9% |
|
|
1.2% |
|
|
1.2% |
|
|
1.2% |
|
|
1.2% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
| Windows 7 |
79.9% |
|
| Windows 10 |
14.0% |
|
| Windows 8.1 |
2.8% |
|
| Windows 8 |
1.9% |
|
| Windows XP |
1.2% |
|
| Windows Server 2003 |
0.2% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x00014da6 |
| Name |
Size of data |
MD5 |
| .text |
87040 |
614622e4762848a87131a09b6d207ef1 |
| .rdata |
15360 |
cf0e5bba2b06e14bb69adda7e9b5d6ad |
| .data |
5120 |
832b3ae16685d72c45dde5184f8c68c9 |
| .rsrc |
51712 |
9bc6e042e5b941ba6f85584256249ae1 |
