» KMSELDI.exe
Overview
Analysis
File Details

KMSELDI.exe

KMS GUI ELDI

@ByELDI

The application KMSELDI.exe by @ByELDI has been detected as a potentially unwanted program by 2 anti-malware scanners.

File name:

KMSELDI.exe

Publisher:

@ByELDI (signed and verified)

Product:

KMS GUI ELDI

Version:

32.0.0.0

MD5:

1d65bc78b1ac1d620730c530a7552f0d

SHA-1:

7d1287034e30038b88f5a8c86c05627ac80dcdc6

SHA-256:

793654a241bee8f7e02759403244c00e0b6dd3dabb9d54b54c4af8b43d00a777

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 12:03:39 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

MSIL/HackTool.IdleKMS (variant)

8.9388

Reason Heuristics

PUP.ByELDI.Meta

15.4.25.13

File size:

1.1 MB (1,196,224 bytes)

Product version:

32.0.0.0

Original file name:

KMSELDI.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\kmspico\kmseldi.exe

Digital Signature

Signed by:

@ByELDI

Authority:

@ByELDI Certificate Authority

Valid from:

2/3/2014 11:17:06 AM

Valid to:

2/3/2044 11:17:06 AM

Subject:

CN=@ByELDI

Issuer:

CN=@ByELDI Certificate Authority

Serial number:

DC0E43711C7C40D18044372CAF69F6A1

File PE Metadata

Compilation timestamp:

2/3/2014 11:10:30 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:MRe38oWiAH7UrbwIpmOazROXsfJahBjpxNHXTrw90HSPxHyieFFqhQfnGhZb:yq8oWiq7UrbnbadO+Ufjr28rOZhZb

Entry address:

0x11F5DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 76, BF, EF, 52, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, 00, 12, 00, 1C, DA, 11, 00, 52, 53, 44, 53, 4C, 94, 4B, A0, FC, 84, 76, 46, A3, 40, 80, FF, 92, 6E, DA, 7A, 01, 00, 00, 00, 4B, 3A, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F, 20, 32, 30, 31, 33, 5C, 50, 72, 6F, 6A, 65, 63, 74, 73, 5C, 4B... 
[+]

Entropy:

6.3820

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.1 MB (1,168,896 bytes)

Remove KMSELDI.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.