How to remove kmseldi.exe
- File Details
- Overview
- Analysis
kmseldi.exe
The module kmseldi.exe has been detected as Suspicious Object
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
f0280de3880ef581bf14f9cc72ec1c16 |
| Size: |
921 KB |
| First Published: |
2017-05-21 06:07:21 (7 years ago) |
| Latest Published: |
2024-03-11 23:33:05 (9 months ago) |
| Status: |
Suspicious Object (on last analysis) |
|
| Analysis Date: |
2024-03-11 23:33:05 (9 months ago) |
Overview
| %programfiles%\kmspico |
| %desktop%\kmspico 10.2 final by gdaily\kmspico 10.2 final\kmspico portable |
| %temp%\rar$exa0.516\bkshare.com-kmspico 10.2.0\kmspico portable |
| %profile%\downloads\[phanmemaz.com].kmspico 10.2.0\kmspico portable |
| %appdata%\zhp\quarantine\kmspico portable\kmspico portable |
| %sysdrive%\activators\kmspico v10.2.0 portable |
| %mydoc%\kmspico portable |
| %desktop%\tool\kmspico portable v10.2.0 final\kmspico portable |
| %temp%\rar$exa0.027\[khukho.com]kmspico.v10.2.0.portable |
| %profile%\downloads\kmspico 10.2.0 final + portable (office and windows 10 activator) [techtools]\kmspico 10.2.0 final + portable (office and windows 10 activator) [techtools.net]\kmspico portable |
| KMSELDI.exe |
| kmseldi.exe |
| vKMSELDI.exe |
| KMSELDI (1).exe |
| KMSELDI (2017_09_11 13_07_55 UTC).exe |
| KMSELDI (2017_08_10 13_53_02 UTC).exe |
| KMSELDI.exe.quarantined |
| Happy.exe |
| KMSELDI(1).exe |
|
13.5% |
|
|
12.1% |
|
|
9.0% |
|
|
8.3% |
|
|
7.5% |
|
|
3.6% |
|
|
2.6% |
|
|
2.6% |
|
|
2.5% |
|
|
2.2% |
|
|
1.8% |
|
|
1.8% |
|
|
1.8% |
|
|
1.8% |
|
|
1.7% |
|
|
1.6% |
|
|
1.5% |
|
|
1.3% |
|
|
1.2% |
|
|
1.1% |
|
|
1.1% |
|
|
1.0% |
|
|
0.9% |
|
|
0.9% |
|
|
0.9% |
|
|
0.9% |
|
|
0.8% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
| Windows 10 |
69.5% |
|
| Windows 7 |
18.3% |
|
| Windows 8.1 |
10.5% |
|
| Windows 8 |
1.0% |
|
| Windows XP |
0.4% |
|
| Windows Embedded 8.1 |
0.2% |
|
| Windows Vista |
0.1% |
|
| Windows Server 2012 |
0.1% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x000e1e8e |
| MVID: |
fb786781-bb6e-4788-b6fc-5c1e5cbbfad6 |
| Name |
Size of data |
MD5 |
| .text |
917504 |
170cafa364c3f012edc6cfc39114912f |
| .rsrc |
20992 |
aa3247d901ae5d369bee5a66ac3de307 |
| .reloc |
512 |
33dee5dbd9b3ae9b070060031d8fa474 |
