home

cmdline.exe

MD5:
2d75635f4fab479e3385dc0a1ee51f36

SHA-1:
fab9488fcf1ca875c6b33499a572a3a58f9a4825

SHA-256:
0732c33cedb13dc854984ff87cc3821e99a3f00e7f9465ff31a13679cf936ae9

Scanner detections:
9 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/27/2024 1:03:39 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/Pec1
7.1.1

Avira AntiVirus
APPL/Tool.ProcGuard
7.11.165.44

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.141024

Bkav FE
HW32.CDB
1.3.0.4959

Norman
Suspicious_Gen2.DVSUH
11.20141024

Panda Antivirus
HackTool/ReadMem.A
14.10.24.01

Rising Antivirus
PE:Trojan.Win32.Generic.123FBD1D!306167069
23.00.65.141022

Trend Micro House Call
TROJ_GEN.F47V0404
7.2.297

Trend Micro
PAK_Generic.001
10.465.24

File size:
14 KB (14,336 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.52

CTPH (ssdeep):
384:KHXG+NIosUNQbZD1fpraRkBsHthHj5+m7Hn+i8b:K3Zst5ARkWj5+cHy

Entry address:
0x7000

Entry point:
EB, 06, 68, 40, 1E, 00, 00, C3, 9C, 60, E8, 02, 00, 00, 00, 33, C0, 8B, C4, 83, C0, 04, 93, 8B, E3, 8B, 5B, FC, 81, EB, 3F, 90, 40, 00, 87, DD, 8B, 85, E6, 90, 40, 00, 01, 85, 33, 90, 40, 00, 66, C7, 85, 30, 90, 40, 00, 90, 90, 01, 85, DA, 90, 40, 00, 01, 85, DE, 90, 40, 00, 01, 85, E2, 90, 40, 00, BB, 7B, 11, 00, 00, 03, 9D, EA, 90, 40, 00, 03, 9D, E6, 90, 40, 00, 53, 8B, C3, 8B, FB, 2D, AC, 90, 40, 00, 89, 85, AD, 90, 40, 00, 8D, B5, AC, 90, 40, 00, B9, 40, 04, 00, 00, F3, A5, 8B, FB, C3, BD, 00, 00, 00...
 
[+]

Entropy:
7.3250

Packer / compiler:
PECompact v1.4x+

Code size:
14.7 KB (15,069 bytes)

Scan cmdline.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.