home

cmd.exe

Windows Command Processor

Microsoft Corporation

It is installed with the Windows 8 pre-release build (RTM). The file has been seen being downloaded from mg.mail.yahoo.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Command Processor

 
Part of the Windows 8.1 (Blue) Operating System

Version:
6.3.9600.16384 (winblue_rtm.130821-1623)

MD5:
622d21c40a25f9834a03bfd5ff4710c1

SHA-1:
98a9ac93fe31f38f47f38db78bf12fa0c6214f9a

SHA-256:
48985b22a895154cc44f9eb77489cfdf54fa54506e8ecaef492fe30f40d27e90

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
6/19/2025 4:01:47 AM UTC  (today)

File size:
308 KB (315,392 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
Cmd.Exe.MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\cmd.exe

File PE Metadata
Compilation timestamp:
10/28/2014 8:05:24 PM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
6144:LrUi/7k80mXSkVh+/H3FISmtc4tkVk2zVDm:LQsBhXSkS/Xbmtc4tqk2h

Entry address:
0x9F20

Entry point:
E8, 8E, FF, FF, FF, 6A, 10, 68, 10, A0, 40, 00, E8, 57, 87, FF, FF, 33, DB, 89, 5D, FC, 64, A1, 18, 00, 00, 00, 8B, 70, 04, 8B, FB, BA, 68, 61, 42, 00, 8B, CE, 33, C0, F0, 0F, B1, 0A, 85, C0, 0F, 85, D6, 00, 00, 00, 33, F6, 46, 39, 35, BC, 60, 42, 00, 0F, 84, E5, 00, 00, 00, 39, 1D, BC, 60, 42, 00, 75, 78, 89, 35, BC, 60, 42, 00, 68, 08, A0, 40, 00, 68, FC, 9F, 40, 00, E8, C6, FE, FF, FF, 59, 59, 85, C0, 0F, 85, CB, 00, 00, 00, 39, 35, BC, 60, 42, 00, 75, 1B, 68, F8, 9F, 40, 00, 68, F0, 9F, 40, 00, E8, 65...
 
[+]

Entropy:
4.6216

Code size:
145.5 KB (148,992 bytes)

The file cmd.exe has been seen being distributed by the following 44 URLs.

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_86881_ALlhUtQACSGrVmetPQDmeAJj7qc&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://www.edmodo.com/file?id=3b9e1c5712869b692dc9552d73babb44

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-_G6_0QCi2eZGK3WdbKM54A20dW-P0HVu2mzo6JbE0aglU6w_T4EV46yRWmiJG8r4UWhjIv2uHVC2R0Wv8Q9VgQ/messages/@.id==AAR3w0MABAiwV2jxAQOCcCVwBXg/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=1a93be58-d2ef-b733-0145-6b0010010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZUH1rl_TOfFUhFr0XuOYTo1BJVPkELeAhpkiHPZOFHARh-J5C6LyUnkpuuSevalNc&error=https://mg.mail.yahoo.com/.../iframemsg?id=9a96f345-bef4-aca9-d048-2627ecd7b94d

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-UFpBp7n0jlGtaLJLi-QO8NBjt5u5eXbXe70OdeRhRnXq_1GGUrd-_K8pAS4pyhLuyqtsdt-jko-uK0ko8KHOrw/messages/@.id==AM--imIAAAQTWBOxBAW8wMLe2vM/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=20d702b2-5e63-02dc-0156-4b0036010000&token=jdt5DSPBRnMCDbOWw1kTHHejKHH7vqVPCa_zjPxCPrUCLRrirrD8s87UF3qFKrKyR2PaWTKNvSwGCZqYnjXhhedoGW5aNDhyZ6KmtbKD5N3oXrvqWXAmKM0cYz1HHvee&error=https://mg.mail.yahoo.com/.../iframemsg?id=25383022-dc42-6cf9-f0d7-44dc9c65747c

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-M7GMquEEOcmnGofLQEtB11qr0oLEwJuBDY_pe-Pk0KuLoBOtBcUyclVPaXv4EiKYGH4nkLovJSeSm65J69qU1w/messages/@.id==AIi_imIAANWlV7VMEgE8aBWelG4/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBadlP9bWKeM7hT6uxd_kIncGCtoMoQo-ymsR28wEq8vr8QNhI7bpgPcD6bJliVIu-FRaGMi_a4dULZHRa_xD1WB&error=https://mg.mail.yahoo.com/.../iframemsg?id=c4fce6a7-3cc3-2687-4d0d-7425b699518a&ymreqid=b586ed75-82ba-fdeb-0124-66000e010000

https://doc-00-14-docs.googleusercontent.com/docs/securesc/o030ap0i8s6a0u77fkmqlt21i5s9b7vo/45mpv41sr2kn5nlfrihd9jhuurp8l1pu/1477332000000/.../05850532010022704048/0B4fOIWd-lp8gTERsakFYekRTRVU?e=download

https://onedrive.live.com/download.aspx?cid=8628ACC3BAED1320&authKey=!AGA49Sh94tfRRSU&resid=8628ACC3BAED1320!150&ithint=.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-yjzZhECAiTQDK6lBP4sB9UWhHYC3XIygRMteJuFYpRPIvciezyvjydPZSY7HlJe6w1rWp2uaGHwxb0t-vKf2nQ/messages/@.id==APWH8QoAAQtsVx3I4ARlAJGqFSw/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=0ad1be16-71eb-e4da-01a1-ae000d010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYeV4OqKvJ-Omx0fzHYsKTGeqNICCcMZKBtlWalS5CMPvavmVJFX0ZuAlDFAKtOl_Q&error=https://mg.mail.yahoo.com/.../iframemsg?id=463e6b14-6580-87d6-c89b-752269fe8a99

https://onedrive.live.com/.../Sjkaeq0FI=7&ithint=.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-0HFMm5tLIivD8X1DzOxZXZgf6QcfsoVOt2LdfPjGnDLkuwd5rEKzkvvtTQ6kxaNapVATGjFd3tWQkn7sAKtr2Q/messages/@.id==AN9LyAoAAWQ5V45PiwSvOJva0yM/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=efe6ce7e-a987-e59a-0150-e10016010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbYKwUPvOuI2O6BgmlvkZyf8QYl54ActmOMP_l-96cndRh-J5C6LyUnkpuuSevalNc&error=https://uk-mg42.mail.yahoo.com/.../iframemsg?id=0ec509c5-5e10-d1b2-9ffc-fd18ef2360b8

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-CkT8ldjVH7gxob7kRKi8ig-3zC93VWJhuAqtdMrA1jnhG8eThxDnzHPwk8xYQQw8-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==AHR2w0MAGp4gWDazkAbCeG4ko50/content/parts/@.id==4/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBY5xxqYHf-s52GHV1nK8ugRXGteBmGEM6Fl6M29opWnn5B5qDYxVH6Yffk0gY_2UxA6y0cZDZK87O4GU8LnZAz6&error=https://mg.mail.yahoo.com/.../iframemsg?id=97fa3227-6b14-76ad-99af-70fcaf6fb472&ymreqid=cfae9ccb-309f-744b-0145-a6001f010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-B8gYgCnTX4J2OC7N8qW3O_q57pkYdQHkwxDLJ7LkjF-M7ZZJoI3bFRFVzjfsz1t4GH4nkLovJSeSm65J69qU1w/messages/@.id==AFnuw0MADYupVytpIgbWADxHaEg/content/parts/@.id==7/raw?appid=YahooMailNeo&ymreqid=dbbcaa0b-d659-c571-011a-ad0027010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbI3uzhcF_3wujWTi-mgJNdhDkl2XRrH0DbT3I1eJbbtQ&error=https://br-mg6.mail.yahoo.com/.../iframemsg?id=2cb72246-019d-135b-8f71-279e132f9fec

https://mail.google.com/mail/u/.../?ui=2&ik=3b17957401&view=att&th=1522dfd9567455a6&attid=0.1&disp=safe&realattid=f_ij97cb9o0&zw

https://docs.google.com/uc?authuser=0&id=0B8BoSmiQQpv8OExxLVVySEpOUlE&export=download

https://schneiderele.taleo.net/.../viewAttachedFile.jss?attachmentNo=2724052&portalCode=2&candidateNo=2172989

https://webmail-seguro.com.br/.../?_task=mail&_action=get&_mbox=INBOX.enviadas&_uid=780&_part=2&_download=1

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-vjiVSGUIQBiOsDrftmk0TNGiLLHQJ_8OHbkSSo2M17qDx_X1tPdh_BzjkTJjVo8C/messages/@.id==AMlhUtQAAYVLV49B1AzFiLrRvGw/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=3095ddb1-59c2-9ff7-0164-60001b010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBafDOfsWH5c4GhWw_9Xm_IuvJ_josKc0NTe5reqVcg1QQ&error=https://fr-mg42.mail.yahoo.com/.../iframemsg?id=b67233ed-5e2b-e11b-657b-e14117aae0b4

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-USePtF9Vbf5mNJ6RC0RANCIOKmdxSVu9yFzsjawrq7GEmgU9LHSoo3hudE3TK9rOGH4nkLovJSeSm65J69qU1w/messages/@.id==AEPFCmoAACdHWA6gUgaXgKhuKjg/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBa_SAeprnUYZqGcYA-hf2zXgceA0OA2FfOoha5AByz5FXK5hPuMTie8GCTH1hZ9bRnXouixpM58iZRjXLT7YuMB&error=https://mg.mail.yahoo.com/.../iframemsg?id=6c451073-b869-bbd9-8bd3-e9dba7b10b0e&ymreqid=945ec452-192b-a396-01bd-17001a010000

http://www.avm.edu.br/docente/professores/91/.../cmd.exe

https://onedrive.live.com/download.aspx?cid=8467E6719A824B5D&authKey=!AFvcslaRECTNB8U&resid=8467E6719A824B5D!106&ithint=.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-5QB3-Lyo_RUFlGzlt8iMB47Bb2vJ0E3o9wf2TCo59yj0wp50_0Zt9lQ8A2brFi8WQv4c4iUXZ0n8-D-n3jtmIQ/messages/@.id==AEVUimIAAWo9V5uJ1gBpeIXbSFU/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=2a9a4ae8-308a-f996-0197-7b0016010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbfPeMckBcE6s1mpMruNY3_spwJc22gjwmnr2UTbmTD4A&error=https://br-mg5.mail.yahoo.com/.../iframemsg?id=aeaf3eb6-3cda-413a-8d09-b2b5fc6233de

http://bmail.uol.com.br/attachment?msg_id=MTc2&ctype=cmd.exe&disposition=attachment&folder=DRAFT

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-y-4Vz6NxdFnmu71Znmp_20kqRvFkZCObTLWlR3B7pIrbjMSkwCfqstRq-argQOdBQv4c4iUXZ0n8-D-n3jtmIQ/messages/@.id==AGzsw0MAACoAVvqBSQTSYKgXvGE/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbkl_CQm9DIY8paofXkH-vGQUIQUu3TZpHxb-5EvaQ8Zg&error=https://br-mg6.mail.yahoo.com/.../iframemsg?id=fa0d7496-18b0-af12-1016-28f41a59f718&ymreqid=bf869c11-977c-c5f7-0183-fc0060010000

https://doc-0g-4o-docs.googleusercontent.com/docs/securesc/bf92d3le7s34bcft3mkqket6o7rffki0/v8f3prn452q0t02c6cs4q9bkegvurhbs/1474905600000/.../06255563509646440297/0B8Y-lEND1OxnNmZ4QzJDOWZlNmM?e=download

https://cetys.blackboard.com/courses/1/MXL1602-PME08-04/db/.../cmd.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-s7s2ro6SLF6JPBVyDr-WFhJLyfiLQ4E1GmFOilAW-YOJ782tB5l9A--CeMItE1dmZjgxA_TiLsRFjprRoXe0sQ/messages/@.id==AMR2imIAB1mcV4GvyQe8eDMkIrM/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=09ccb78e-3b27-a2db-01ac-99004e010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYq9XJEh9VrnUxra7DMZx_6R6eHkJq8dSh6ywFdOpdbLQ&error=https://ar-mg5.mail.yahoo.com/.../iframemsg?id=1528b000-41f4-ad39-7d05-b1de85ab725d

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_1964_AElUimIAADkBVkiuCgOZ4FLZjk0&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

http://bmail.uol.com.br/attachment?msg_id=MzM0Nw&folder=DRAFT&disposition=attachment&ctype=cmd.exe&&accountId=0

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==MTIwNDcxMjkxMjE0NzgwODgxIDE2MzIyNCAxNjMyIHdhZmZhYV9hZGVsQHlhaG9vLmNvbQ/messages/@.id==ADwNiWIAACaMVcBmgwPUeIPgrKQ/content/parts/.../raw?appid=YahooMailNeo&ymreqid=d156a34c-caa6-fe03-0121-9a0064010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZWsGryvZIKHxHTkmmR89ud_tmbZU_QP6bd5QzJLzvu9w

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-O0cGz0_041bPnYnihm_sQ_zQhPK--dRmFXba-Q-H10fl1hSpQsrvaJFc51afvTOV/messages/@.id==ACXkimIAAClmV0Bmlg3yUNip8Sw/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBY62W5XuV4M4oRPj5IM_91XDGVGQzbycySR0JrToCvLXg&error=https://br-mg5.mail.yahoo.com/.../iframemsg?id=de8e4f68-73ee-3cc3-ba89-f3a2af365dd5&ymreqid=f6d8ddc9-7b0c-f52f-011d-cf0113010000

Latest 30 of 44 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.