How to remove kms-r@1n.exe

» File
File Details
Overview
Analysis

kms-r@1n.exe

The module kms-r@1n.exe has been detected as Hack.KMS

Remove kms-r@1n.exe

File Details

Main Info:

MD5:	0f9fd9565e6eb157fa9be11ed9c1dc9f
Size:	25 KB
First Published:	2017-05-21 03:01:57 (8 years ago)
Latest Published:	2025-04-27 23:01:22 (3 weeks ago)

Analysis:

Status:	Hack.KMS (on last analysis)
Analysis Date:	2025-04-27 23:01:22 (3 weeks ago)

Common Places:

%sysdrive%\windows

%appdata%\zhp\quarantine

%sysdrive%\windows.old\windows

%sysdrive%\system recovery\repair\backup

%sysdrive%\system volume information\systemrestore\frstaging\windows

%commonappdata%\emco\network malware cleaner 6\storage\quarantined threats\suspicious threats\chiara-pc\suspicious threat 4450\rootkit\file\windir

%commonappdata%\emco\network malware cleaner 6\storage\quarantined threats\suspicious threats\luana-pc\suspicious threat 412\rootkit\file\windir

%commonappdata%\emco\network malware cleaner 6\storage\quarantined threats\suspicious threats\luana-pc\suspicious threat 3898\rootkit\file\windir

%sysdrive%\$recycle.bin\s-1-5-21-3903732087-1911127918-809877525-1001

%sysdrive%\$recycle.bin\s-1-5-21-3377759190-1378281995-3082478433-1001

File Names:

KMS-R@1n.exe

kms-r@1n.exe

FB205252C895DBBDDE04B0429941C651D51C8F12.exe

KMS-R@1n(91).exe

KMS-R@1n_bk.exe

KMS-R@1n.exe.quarantined

$RB9A64O.exe

$RZOYGWV.exe

KMS-R@1n(1433).exe

$RIUWHK7.exe

$R2YVJV1.exe

$RT5Y1J4.exe

$ROGW01D.exe

KMS-R@1N.del

$RVSR9QQ.exe

$RI3BMU7.exe

$R7MIRB8.exe

$RQWB3DT.exe

11111....exe

KMS-R@1n.exe.q_Quarantine_2CF6600_q

KMS-R@1n(3).exe

$R0WJBSK.exe

{3BF16B0E-62E3-4487-8476-30BAF61CFB19}

$R50G15Y.exe

2495E5BCD4E6121B.vir

6417BEB774F051E0.vir

$R1HXAQ5.exe

$RZA3XBP.exe

KMS-R@1n.VIR

$RQN60U6.exe

Geography:

Brazil	17.6%
Thailand	9.1%
Taiwan	8.5%
Turkey	7.0%
Italy	7.0%
Vietnam	6.1%
Indonesia	5.4%
Russia	2.5%
Egypt	2.5%
India	2.1%
Hong Kong	1.8%
United States	1.8%
South Korea	1.4%
Philippines	1.3%
Poland	1.2%
Israel	1.2%
Iran	1.1%
Saudi Arabia	1.0%
Portugal	0.9%
Ukraine	0.9%
United Kingdom	0.7%
Spain	0.7%
Germany	0.7%
Malaysia	0.7%
Greece	0.6%
Romania	0.6%
Colombia	0.6%
Bulgaria	0.6%
Mexico	0.6%
Pakistan	0.6%
France	0.5%
Serbia	0.5%
Bangladesh	0.5%
Algeria	0.4%
Argentina	0.4%
Sweden	0.4%
Peru	0.4%
Belgium	0.3%
Netherlands	0.3%
Australia	0.3%
Canada	0.3%
Ecuador	0.3%
Iraq	0.3%
Morocco	0.3%
Guatemala	0.3%
Japan	0.2%
Bosnia and Herzegovina	0.2%
South Africa	0.2%
China	0.2%
Syria	0.2%
Croatia	0.2%
Lebanon	0.2%
Jordan	0.2%
Ghana	0.2%
Sri Lanka	0.2%
Czech Republic	0.2%
United Arab Emirates	0.2%
Chile	0.2%
Palestine	0.2%
Belarus	0.2%
Hungary	0.2%
Bolivia	0.2%
Lithuania	0.2%
Myanmar	0.2%
Cambodia	0.1%
Tunisia	0.1%
Ethiopia	0.1%
Singapore	0.1%
Macau	0.1%
New Zealand	0.1%
Austria	0.1%
Norway	0.1%
Azerbaijan	0.1%
Kazakhstan	0.1%
Laos	0.1%
Estonia	0.1%
Slovenia	0.1%
Oman	0.1%
Mongolia	0.1%
Latvia	0.1%
Yemen	0.1%
Trinidad and Tobago	0.1%
Albania	0.1%
Nigeria	0.1%
Switzerland	0.1%
Kenya	0.1%
Kuwait	0.1%
Slovakia	0.1%
Mozambique	0.1%
Georgia	0.1%
Ireland	0.1%
Finland	0.1%
Denmark	0.1%
Nicaragua	0.1%
Nepal	0.1%
Bahrain	0.1%
Venezuela	0.1%
Panama	0.1%

OS Version:

Windows 10	79.6%
Windows 7	14.2%
Windows 8.1	5.1%
Windows 8	0.6%
Windows Server 2012 R2	0.2%
Windows Server 2016	0.2%
Windows Vista	0.1%
Windows Embedded 8.1	0.1%

Analysis

PE Info:

Subsystem:	Windows CUI
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x000030e4

PE Sections:

Name	Size of data	MD5
.text	8704	010b3216a1b2d2bbfc534ae515ab26a6
.rdata	10752	fdeaef32ab18e3ca3fb52e395afd68d7
.data	3072	27861e636a3d4cce16d909ec08b2f43b
.pdata	512	4fe33dd7d5ee4c11c4b6715e0a589498
.rsrc	1536	1a4372f1b43f082c357b9ee44dd5dc4f
.reloc	512	43434ed5dc93aa6c5aa41a6c1bc03a8a

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for kms-r@1n.exe

copyright for information about kms-r@1n.exe