How to remove officekms.exe
- File Details
- Overview
- Analysis
officekms.exe
The module officekms.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
caa3c0893546ff62c2ed1e54694bc91e |
| Size: |
2 MB |
| First Published: |
2020-08-17 12:16:25 (5 years ago) |
| Latest Published: |
2022-02-12 23:02:17 (3 years ago) |
| Status: |
Trojan.CoinMiner (on last analysis) |
|
| Analysis Date: |
2022-02-12 23:02:17 (3 years ago) |
| %commonappdata% |
| %commonappdata% |
| %sysdrive%\$recycle.bin |
| %sysdrive%\$recycle.bin |
| %commonappdata% |
| %commonappdata% |
| %commonappdata% |
| %commonappdata% |
| %commonappdata% |
| %commonappdata% |
| Windows 10 |
75.9% |
|
| Windows Server 2008 R2 |
20.7% |
|
| Windows 7 |
3.4% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
64 |
| Image Base: |
0x0000000140000000 |
| Entry Address: |
0x0016da88 |
| Name |
Size of data |
MD5 |
| .text |
1832448 |
f61a5a1acd0a9e64e800ad564a107a22 |
| .rdata |
628736 |
027113504673685037d03fe38bc81b56 |
| .data |
48640 |
7d5f3e87bbe396537fe9b194a67ff655 |
| .pdata |
62464 |
a4b314b38bc430d8d5d9bd3c35879586 |
| _RANDOMX |
2048 |
b182bf6976fc56dcc30743b1e5cbdaae |
| _SHA3_25 |
2560 |
c14f9aad5e95192cd7523ba6675549fd |
| _TEXT_CN |
6656 |
6a7f77e47f77f65bef85036ae5a71106 |
| _TEXT_CN |
4608 |
409bf3f918f2402291cb56c2e9354b47 |
| _RDATA |
512 |
ad034ba066f9301848a7dc7e9671f5a4 |
| .rsrc |
23040 |
a221ccc8b4d94db57f4851e080da5e0a |
| .reloc |
10752 |
86cb18166f37f7f1295454a867c7f5d6 |
