home

cmd.exe

Windows Command Processor

Microsoft Corporation

This is a setup program which is used to install the application. It is included with Windows the Vista OS. The file has been seen being downloaded from dc345.4shared.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Command Processor

 
Part of the Windows Vista Operating System

Version:
6.0.6000.16386 (vista_rtm.061101-2205)

MD5:
349cd4318e6e351c9bb72ee13b7ca807

SHA-1:
abc46ecb05534d731519a9d03c310fc92a76d92e

SHA-256:
26b4d515f33e4fea1d6fb96f795a211029be99ebd22f30c33982ed65c24e84cd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/19/2024 9:30:32 AM UTC  (today)

File size:
312.5 KB (320,000 bytes)

Product version:
6.0.6000.16386

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
Cmd.Exe.MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\cmd.exe

File PE Metadata
Compilation timestamp:
11/2/2006 4:36:45 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
3072:9bkBUee9TIqKOeOcPmJOeu1MAMkSTEiVc1VLVWJku72ySJ/3yGO/s:9bkO0OaIuGBkSTEIcPck8vS9Cw

Entry address:
0xC63F

Entry point:
E8, 05, FA, FF, FF, 6A, 10, 68, 30, C7, D0, 4A, E8, 71, 57, FF, FF, 33, DB, 89, 5D, FC, 64, A1, 18, 00, 00, 00, 8B, 70, 04, 89, 5D, E4, BF, D8, 41, D2, 4A, 53, 56, 57, FF, 15, 60, 12, D0, 4A, 3B, C3, 0F, 85, D5, 00, 00, 00, 33, F6, 46, A1, D4, 41, D2, 4A, 3B, C6, 0F, 84, E4, 00, 00, 00, A1, D4, 41, D2, 4A, 85, C0, 75, 78, 89, 35, D4, 41, D2, 4A, 68, 28, C7, D0, 4A, 68, 1C, C7, D0, 4A, E8, 71, FF, FF, FF, 59, 59, 85, C0, 0F, 85, C9, 00, 00, 00, A1, D4, 41, D2, 4A, 3B, C6, 75, 1B, 68, 18, C7, D0, 4A, 68, 10...
 
[+]

Code size:
138 KB (141,312 bytes)

The file cmd.exe has been seen being distributed by the following 5 URLs.

https://dc345.4shared.com/download/.../cmd.exe

https://www.dropbox.com/scl/.../66hv8cww2m9uuwt5y92iy?oref=wn&r=AAM1cx1qbxb5YWdj7TCv9jH6Q_JgYL-RrfVFt-ccCIeTqXQhHNPE1IA6MDTI7zjU9nF9Znc_oT6ROUZ46haK7JIPOBi8CyrzkEoP4CK_cmCIuvl4Wmrdaxgz3sSMf5C19oST-dV6zlJMWi607Wx2B_hv2uBQ9k2xjnjhdypmjTlPpw&sm=1&dl=1&_download_id=0209118752057109177704142373113572495590656807745719716805518138192&_notify_domain=www.dropbox.com

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-wXStynkx3PadmEBuqanXbFpoQ8KC5gbRoUImRRoJHcEKAGCTHtwrSNdLS2C40s2S/messages/@.id==ABuC8QoAAZXBVwaw-QdW6OOK3wk/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbRD1ynHetzGPkxaM-OqEYXOstHGQ2SvOzuBlPC52QM-g&error=https://mg.mail.yahoo.com/.../iframemsg?id=94c04e5d-53a0-be1e-1a0c-e9e79acfc493&ymreqid=34fbc1e5-6e13-729d-0156-110015010000

https://ir2-attach.ymail.com/xe.f1720.mail.yahoo.com/.../securedownload?mid=2_0_0_1_100466_AJ4o5C4AAAd3UqyfmAAAANWV MI&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&cred=a4xtEvmDKM2PNma1JcfKjDqSJ3RlPRffjuS5g1DlIxtmtDeDdc6AzyvR4w--&ts=1387044789&partner=ymail&sig=9sGPCgyP9DaRffsHp9Lpqg--

https://xe-mg42.mail.yahoo.com/.../download?mid=2_0_0_1_100466_AJ4o5C4AAAd3UqyfmAAAANWV MI&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.