cmd.exe

The application cmd.exe has been detected as a potentially unwanted program by 14 anti-malware scanners.
Version:
1, 0, 0, 4

MD5:
049874107ec9fc9934f0d88b76d80000

SHA-1:
8c8c3bc2f545f709e5e9e81275fe012950de210d

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:27:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.154396
827

avast!
Win32:Dropper-gen [Drp]
2014.9-141030

AVG
Generic_r
2016.0.3239

Baidu Antivirus
Adware.Win32.SquareNet
4.0.3.141030

Bitdefender
Gen:Variant.Graftor.154396
1.0.20.1515

Emsisoft Anti-Malware
Gen:Variant.Graftor.154396
8.14.10.30.11

ESET NOD32
Win32/SquareNet (variant)
8.10646

F-Secure
Gen:Variant.Graftor.154396
11.2014-30-10_5

G Data
Gen:Variant.Graftor.154396
14.10.24

IKARUS anti.virus
PUA.SquareNet
t3scan.1.8.3.0

MicroWorld eScan
Gen:Variant.Graftor.154396
15.0.0.909

Panda Antivirus
Trj/Genetic.gen
15.01.04.09

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.4.21

File size:
350.5 KB (358,912 bytes)

Product version:
1, 0, 0, 5

Copyright:
Copyright 2003

Original file name:
taskhost.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\networkhosttask\cmd.exe

File PE Metadata
Compilation timestamp:
10/30/2014 7:11:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:MEOEA0aFYSzDIpvM9bfGBaCa4TBTX09qvzKZbLOycuRhx/VL:lOEA0dSzS09bfsRJ09qvQaycSZL

Entry address:
0x304F9

Entry point:
E8, 98, B2, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, 2C, CC, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 02, 24, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 73, D0, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, CB, 23, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 3C, D0, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8...
 
[+]

Entropy:
6.4714

Code size:
277 KB (283,648 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to r-199-59-148-11.twttr.com  (199.59.148.11:443)

TCP (HTTP):
Connects to ec2-54-84-148-104.compute-1.amazonaws.com  (54.84.148.104:80)

TCP (HTTP):
Connects to ec2-54-235-174-252.compute-1.amazonaws.com  (54.235.174.252:80)

TCP (HTTP):
Connects to yyz08s14-in-f8.1e100.net  (74.125.226.136:80)

TCP (HTTP):
Connects to yyz08s14-in-f30.1e100.net  (74.125.226.158:80)

TCP (HTTP):
Connects to yyz08s14-in-f15.1e100.net  (74.125.226.143:80)

TCP (HTTP):
Connects to yyz08s14-in-f13.1e100.net  (74.125.226.141:80)

TCP (HTTP):
Connects to yyz08s14-in-f1.1e100.net  (74.125.226.129:80)

TCP (HTTP SSL):
Connects to yyz08s14-in-f0.1e100.net  (74.125.226.128:443)

TCP (HTTP):
Connects to yyz08s13-in-f31.1e100.net  (74.125.226.127:80)

TCP (HTTP):
Connects to yyz08s13-in-f27.1e100.net  (74.125.226.123:80)

TCP (HTTP):
Connects to yyz08s13-in-f25.1e100.net  (74.125.226.121:80)

TCP (HTTP):
Connects to yyz08s10-in-f1.1e100.net  (173.194.43.97:80)

TCP (HTTP):
Connects to yyz08s09-in-f7.1e100.net  (173.194.43.71:80)

TCP (HTTP):
Connects to yyz08s09-in-f27.1e100.net  (173.194.43.91:80)

TCP (HTTP):
Connects to yyz08s09-in-f25.1e100.net  (173.194.43.89:80)

TCP (HTTP):
Connects to yyz08s09-in-f23.1e100.net  (173.194.43.87:80)

TCP (HTTP):
Connects to yyz08s09-in-f14.1e100.net  (173.194.43.78:80)

TCP (HTTP):
Connects to web1.tailorstore.se  (91.123.196.133:80)

TCP (HTTP):
Connects to unknown.scnet.net  (204.93.213.45:80)

Remove cmd.exe - Powered by Reason Core Security