Gridinsoft Logo
File Icon

RemoveWAT.exe Hack KMS Analysis

Updated 1 year ago
Checked by Malware Check
RemoveWAT.exe

Technical Analysis

File Name RemoveWAT.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.178.174
Database Version 2024-06-06 01:01:41 UTC

Hack.Win32.KMS.ad!i

Malware family: KMS

KMS malware is associated with illegal software activation tools that bypass legitimate licensing mechanisms. It can introduce security vulnerabilities and legal compliance issues.
N/A
Detection Rate
4,307,449
File Size (bytes)
2024-06-06
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
54a6a8cabc531eb1284c1354901b9d02
SHA1
1f717590fbc2ea2765c5b526fb088d97678e7dd5
SHA256
f8da86a971286477700fa39e6c2ad7e9856eaeeef3c4d8eae3ad40df05019628
SHA512
f48439cb0adcaff79fa123f015dd0fa15d191ef86faa2a02d03602cc0621cbc07231bf7547e3985951a015f8187accf57792602d8f9983e64e0849ed23a97843
ImpHash
fcf1390e9ce472c7270447fc5c61a0c1

PE Analysis

Basic Information

Icon
Hash: b24ce001b56c09a8de953b607499ec30
Fuzzy: 16d7721f0f4154a191236bd2cdeee9fa
dHash: 0200811997960110
Image Base 0x00400000
Entry Point 0x0041e239
Compilation Time 2019-12-05 07:37:23
Checksum 0x0042908f (Actual: 0x0042908f)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
PDB Path D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb
Digital Signature The PE file does not contain a certificate table.
Imports 2 libraries
KERNEL32, gdiplus
Exports 0 functions
Resources 25 Resources
Sections 6 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 198,159 bytes 198,656 bytes 6.69 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5C34491FEE255555D49145E7743274FB
.rdata 0x00032000 41,986 bytes 42,496 bytes 5.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 46BA011F50AD8D65A6B8D983B050AC7F
.data 0x0003d000 145,584 bytes 4,608 bytes 3.84 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CE7EE73DF4E6A3A0F245A2D8FA63B9DF
.gfids 0x00061000 232 bytes 512 bytes 2.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 79C1564768C1621D256D8D36E32E89FA
.rsrc 0x00062000 118,591 bytes 118,784 bytes 3.70 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2CCDF2D39B1BEC16EEE3C15309CD2BA8
.reloc 0x0007f000 8,492 bytes 8,704 bytes 6.62 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3E4166C697FACADAC24F07E8B3E0774B
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 25 (117,055 bytes)
Resource Type Count Total Size Percentage
PNG 2 8,430 bytes
7.2%
RT_ICON 5 99,592 bytes
85.1%
RT_DIALOG 6 2,916 bytes
2.5%
RT_STRING 10 4,166 bytes
3.6%
RT_GROUP_ICON 1 76 bytes
0.1%
RT_MANIFEST 1 1,875 bytes
1.6%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Hack.Win32.KMS.ad!i Removal

Gridinsoft has the capability to identify and eliminate Hack.Win32.KMS.ad!i without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware