Cmd.exe

Windows Command Processor

Microsoft Corporation

Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Command Processor

Version:
5.1.2600.5512 (xpsp.080413-2111)

MD5:
6d778e0f95447e6546553eeea709d03c

SHA-1:
811a005cf787c6ccbe0d9f1c36c1d49a9cb71fd1

SHA-256:
62abed7d45040381bbced97ea7b6c697b418448fd3322fd4bfb2bbfdb6155eb4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 6:07:52 PM UTC  (today)

File size:
380 KB (389,120 bytes)

Product version:
5.1.2600.5512

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
Cmd.Exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\cmd.exe

File PE Metadata
Compilation timestamp:
4/13/2008 10:14:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
3072:PhRx1q315oF8opcnD1hOOrWGzN2lcR2u8JnxIJU+e3sFFCcll3H3rH3XD7Inm+Fj:VUF5oXpcFb5DRsNxIJU

Entry address:
0x5046

Entry point:
6A, 28, 68, 68, 51, D0, 4A, E8, C8, C5, FF, FF, 33, FF, 57, FF, 15, 1C, 10, D0, 4A, 66, 81, 38, 4D, 5A, 0F, 85, F3, 00, 00, 00, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 0F, 85, E2, 00, 00, 00, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 0F, 85, B8, 3F, 01, 00, 83, 79, 74, 0E, 0F, 86, C9, 00, 00, 00, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 01, FF, 15, 44, 12, D0, 4A, 59, 83, 0D, 50, FA, D2, 4A, FF, 83, 0D, 4C, FA, D2, 4A, FF, FF, 15, C4, 11, D0, 4A, 8B, 0D, 78, 48, D3, 4A, 89, 08...
 
[+]

Entropy:
4.3475

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
126 KB (129,024 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
NXCleanLsa32

Command:
cmd.exe \c "del \f \q "C:\Windows\System32\nxlsa.dll""


The file Cmd.exe has been seen being distributed by the following 39 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-iDUxMFYCKKL5gx7VMDs_g6YZLYc6k7GQhmWVDUwpJrlFv9No8-QdAXBXl2PC0pGt/messages/@.id==AFavCmoAABegWIVtAwFMCK-EIJw/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbSaAcqb2_N_y3wczWc7p4vQi2rlk3q6uDD3X7LTUJt1wHv0HmF7PIt2K4rqg94iDmldJA8i3vzfiNePJFcLA02&error=https://mg.mail.yahoo.com/.../iframemsg?id=78191130-41e7-f9b0-88d4-d93e20baa32e&ymreqid=835643e8-f245-e410-0163-810016010000

https://docs.google.com/uc?authuser=0&id=0B86wDUzXgso8X3ZJRWpfSkQ3SzQ&export=download

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_3451702_AKFUfbwAABAvU9PyigAAAAqyrdo&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=736bef5a-a197-48ce-0170-a50082010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-ChvIVCBJVcmjiHtnr1ZDWabizGglAXw_9-AiPjeDHsbWh59Sqvr3G42fkWhRKzUN/messages/@.id==AFHuw0MAAC8HVvoLmwGaKGlHTLk/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=4d6cf6c3-8394-a169-01ff-4b0010010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYwqG6vzwIAz38AhAvKCcbK6F676llwJijNHGM9Rx73ng&error=https://mg.mail.yahoo.com/.../iframemsg?id=70b1a0cf-2bb3-cdee-6aaf-f5d3285b876e

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTteBrGiM_2ZNtatmTWtTTe_SaIDvc1a8YzbgRSU6jfiSGbE13f_A

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-dH0n0wXnmqoI6817W0M_NrVubjxR0Jmty_l8MHJJKFFXMMfy7JTOBFJopz9Og0zcavjXUx2Qwqyd6EIXsJW-WA/messages/@.id==ADfuw0MAACdHVhTcAAlSuG4WTeY/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYJovsRyn7UNtrDRVAlal6uP7jR3BawdEjR3bXt0ZwUBw&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=b18a279d-bd04-4fcf-2410-7f1702ef305c&ymreqid=def1d97a-42a1-51d8-012e-cb002d010000

https://mailbox.student.umt.edu.my/service/home/.../?auth=co&loc=en_US&id=1564&part=2&disp=a

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-DTVWWR7Txpjc1_y6x5SoqRVDgN2ORqyvNvG_yghgwsOTfhVoRvGj01gIMTBqV-wf-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==ANJVfbwAAB0KWFGA7wrVcDhGtqw/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=c1ae0205-b116-a1b2-014d-940022010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaT-B1wjvidozZC1GlGAwE7KGe_xDUOS-lPiq_y5ogg4g16jTsPBzOImCqm9n8uDiw6y0cZDZK87O4GU8LnZAz6&error=https://mg.mail.yahoo.com/.../iframemsg?id=7d1328ae-0529-7d8a-672a-d3630d02974d

https://mg.mail.yahoo.com/ya/.../Y&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=85c57f7e-9dd3-e13a-0177-48012a010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-5ME9xQ_vBSmqcddZVB6MjiM-k6LWVcAmlE5mq9tRw16l14jF150aEI9pThr9KxVk/messages/@.id==AMySCmoAABBQUoihhwAAAFBMHy0/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=9804ed3a-86fb-38a9-0171-120026010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbyUOUmJinVY2hf-GOqUU9sAGDExJnZK10shejEETptxe1h4CP_hjz-YYLqZfQBrqWldJA8i3vzfiNePJFcLA02&error=https://mg.mail.yahoo.com/.../iframemsg?id=b8809408-8a7e-d167-d2b7-15c2307ae0b6

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_14870_AFzmjkQAAGtrVk4SQAb5KO3yWxU&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-TWcw8XSYrZ_ehpt0-XGGujgDDmVztW2HnwrGApMkW-Y58kjt1Joxly7IRTzx-z9LzPRXZkKy58xUrDbqkPgDWg/messages/@.id==AEmvCmoAAAAVV8jf1AymSGDkM8g/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=32b534c1-c68b-b7e4-01f7-200067010000&token=6TkcbF1nsVgClpQ-PU-706FFtjO06SnqmPsjqS_1ctlDtKPXP372u2I_hy9WYr_j4ZaKsgpUmQ96t1NsWiXMFcbl5XFEOuGvbH63agKFO1cERiQ0gk5DTVqgS6j4R6e8&error=https://mg.mail.yahoo.com/.../iframemsg?id=21a487e9-5d9e-06e3-263f-1fbf4b18e953

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-QN8pm0prrJkY6AW_C5FZo5M5MFqh-4O8L3etHCvZqMAnZ0MI3q4vbgC8G0lcwWyX/messages/@.id==AMR2imIABPwqV5jHnwYWmBed3c0/content/parts/@.id==3/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYK50X0Dcqx3WHjLBmqfODx4QS589m2ULn4HOf3kMCF_g&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=2cc6717a-2abd-2a6e-5b06-cc405c8ab77d&ymreqid=15c4d523-8dbc-1243-0185-a500b0010000

http://downloads.sourceforge.net/project/artha/artha/.../artha_1.0.2.0.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_2_1834765_ACKvCmoAABFMVH1mzganIA9lJPA&fid=Sent&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-zF1ygKoM7vopzYrDmcqnguTE0TxAVHf-0ToPV8n476lnMlkog05Jhu9a2ES0tgw9-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==AHnsw0MAABFQVHxsvAd2KA4rNo8/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=3ed5d600-114a-be86-0160-df0033010000&token=x1a1OVnYSmDADbRFUma2qAuJH_1KV_Iyc93s4gpuXwhHrnJItvRxriNYzEm8vSz7cU3umGrHV5M8txVsxR-vdQ&error=https://us-mg6.mail.yahoo.com/.../iframemsg?id=43d3a246-7d71-c61a-ef1f-51f06ebecf74

https://mg.mail.yahoo.com/ya/.../s2RAAAABtPz7Q&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo

Latest 30 of 39 download URLs

Scan Cmd.exe - Powered by Reason Core Security