» KMSELDI.exe
Overview
Analysis
File Details
Behaviors (1)

KMSELDI.exe

KMS GUI ELDI

@ByELDI

The executable KMSELDI.exe has been detected as malware by 1 anti-virus scanner.

File name:

KMSELDI.exe

Publisher:

@ByELDI (signed and verified)

Product:

KMS GUI ELDI

Version:

33.3.0.0

MD5:

754916065c9c3ba680d488d204af7b14

SHA-1:

368ffadf58b2331498ef632a58e67510a46dc1dc

SHA-256:

7a6bc0ae4129f80c321dd2500a974a6b1e77829f76fddb57f36cbb886e6c295f

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/15/2024 12:37:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

KeycodeTool.ByELDI (M)

16.12.4.8

File size:

1.1 MB (1,118,912 bytes)

Product version:

33.3.0.0

Original file name:

KMSELDI.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\kmspico\kmseldi.exe

Digital Signature

Signed by:

@ByELDI

Authority:

@ByELDI Certificate Authority

Valid from:

6/22/2014 3:19:27 PM

Valid to:

6/22/2044 3:19:27 PM

Subject:

CN=@ByELDI

Issuer:

CN=@ByELDI Certificate Authority

Serial number:

4A35098748EDA459DCA4BD6658107C9A

File PE Metadata

Compilation timestamp:

6/29/2014 2:54:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:nRe38oWiAH7UrbwIpmOa+YRR3J8NHXTrw90HSPxHT4TTuGnBXlUsz54sFpQZZI5O:Rq8oWiq7Urbnba9R5ujr28ykX9NySBo

Entry address:

0x10C7CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F3, 6E, B0, 53, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, E0, 10, 00, 1C, AC, 10, 00, 52, 53, 44, 53, 0B, 6C, 39, E6, 1A, AB, B6, 4F, 97, F6, 91, 21, 7B, 39, CD, 51, 01, 00, 00, 00, 4A, 3A, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F... 
[+]

Entropy:

6.4046

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1 MB (1,091,584 bytes)

Windows Firewall Allowed Program

Name:

kms emulator: kmseldi.exe

Remove KMSELDI.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.