home

KMSELDI.exe

KMS GUI ELDI

@ByELDI

The application KMSELDI.exe by @ByELDI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including KMSpico and KMSpico v9.1.3. The file has been seen being downloaded from s6942.chomikuj.pl.
Publisher:
@ByELDI  (signed and verified)

Product:
KMS GUI ELDI

Version:
34.0.0.7

MD5:
73853d00674b63ae2e3d450a358bc56c

SHA-1:
42881e08a50e1e9a336cbf01e728c8a546d41ae5

SHA-256:
f1f65a42f04b976fc7b8cbf8adc203b63f7e878eebf024fbb224c4dcbcf50f73

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 7:26:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ByELDI.Meta
15.4.25.13

File size:
1 MB (1,088,192 bytes)

Product version:
34.0.0.7

Original file name:
KMSELDI.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
@ByELDI

Authority:
@ByELDI Certificate Authority

Valid from:
12/4/2014 7:07:19 PM

Valid to:
12/4/2044 7:07:19 PM

Subject:
CN=@ByELDI

Issuer:
CN=@ByELDI Certificate Authority

Serial number:
984575F6396A7D57D30E4D7A9E43EF56

File PE Metadata
Compilation timestamp:
12/4/2014 7:02:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:+SAbjr28aBv6yZY2F9q8oWiq7Urbnb0k6:Q/2d6Sjq8oWimUrbW

Entry address:
0x10525E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4069

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,061,888 bytes)

The file KMSELDI.exe has been discovered within the following programs.

KMSpico
About 8% of users remove it
KMSpico v9.1.3
About 4% of users remove it
 
Powered by Should I Remove It?

The file KMSELDI.exe has been seen being distributed by the following URL.

http://s6942.chomikuj.pl/File.aspx?e=QkD-SPZuDQYl7lB0Tw9ZYeVx7bmqUpZjQOANwxsYGH5ZSMLx86DfGeMXQDEtzR1N4b1coWhhfsv4ZXMyPBkWLkX_OTkish1adgOKPzS5c83AWe2cvirPljq_Ji8zvDSfQ-gDh2NK0HFURY_EHXyiDQ&pv=2

Remove KMSELDI.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.