KMSELDI.exe

KMS GUI ELDI

@ByELDI

The executable KMSELDI.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
@ByELDI  (signed and verified)

Product:
KMS GUI ELDI

Version:
33.3.0.0

MD5:
754916065c9c3ba680d488d204af7b14

SHA-1:
368ffadf58b2331498ef632a58e67510a46dc1dc

SHA-256:
7a6bc0ae4129f80c321dd2500a974a6b1e77829f76fddb57f36cbb886e6c295f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 4:14:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
KeycodeTool.ByELDI (M)
16.12.4.8

File size:
1.1 MB (1,118,912 bytes)

Product version:
33.3.0.0

Original file name:
KMSELDI.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\kmspico\kmseldi.exe

Digital Signature
Signed by:

Authority:
@ByELDI Certificate Authority

Valid from:
6/22/2014 3:19:27 PM

Valid to:
6/22/2044 3:19:27 PM

Subject:
CN=@ByELDI

Issuer:
CN=@ByELDI Certificate Authority

Serial number:
4A35098748EDA459DCA4BD6658107C9A

File PE Metadata
Compilation timestamp:
6/29/2014 2:54:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:nRe38oWiAH7UrbwIpmOa+YRR3J8NHXTrw90HSPxHT4TTuGnBXlUsz54sFpQZZI5O:Rq8oWiq7Urbnba9R5ujr28ykX9NySBo

Entry address:
0x10C7CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F3, 6E, B0, 53, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, E0, 10, 00, 1C, AC, 10, 00, 52, 53, 44, 53, 0B, 6C, 39, E6, 1A, AB, B6, 4F, 97, F6, 91, 21, 7B, 39, CD, 51, 01, 00, 00, 00, 4A, 3A, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F...
 
[+]

Entropy:
6.4046

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,091,584 bytes)

Windows Firewall Allowed Program
Name:
kms emulator: kmseldi.exe


Remove KMSELDI.exe - Powered by Reason Core Security