Cmd.exe

Sistema operativo Microsoft Windows

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Sistema operativo Microsoft® Windows®

Description:
Procesador de comandos de Windows

Version:
5.1.2600.5512 (xpsp.080413-2111)

MD5:
21fdb59548c889e78236f8f78ce49b8b

SHA-1:
a0ee0cb06a4301bd5f7bd219177fd052ea34b2f7

SHA-256:
531d1ffd6b6160ec7952e6fb6486bbfe20517a663dc21c080d89d43da5cf377f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 1:07:26 PM UTC  (today)

File size:
394 KB (403,456 bytes)

Product version:
5.1.2600.5512

Copyright:
Copyright (C) Microsoft Corporation. Reservados todos los derechos.

Original file name:
Cmd.Exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Windows\System32\cmd.exe

File PE Metadata
Compilation timestamp:
4/13/2008 2:14:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
3072:ChRx1q315oF8opcnD1hOOrWGzN2lcR2u8JnxIDU+EOQOfQeDjxtMT0NfW:gUF5oXpcFb5DRsNxIDU+TtNA

Entry address:
0x5046

Entry point:
6A, 28, 68, 68, 51, D0, 4A, E8, C8, C5, FF, FF, 33, FF, 57, FF, 15, 1C, 10, D0, 4A, 66, 81, 38, 4D, 5A, 0F, 85, F3, 00, 00, 00, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 0F, 85, E2, 00, 00, 00, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 0F, 85, B8, 3F, 01, 00, 83, 79, 74, 0E, 0F, 86, C9, 00, 00, 00, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 01, FF, 15, 44, 12, D0, 4A, 59, 83, 0D, 50, FA, D2, 4A, FF, 83, 0D, 4C, FA, D2, 4A, FF, FF, 15, C4, 11, D0, 4A, 8B, 0D, 78, 48, D3, 4A, 89, 08...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
126 KB (129,024 bytes)

The file Cmd.exe has been seen being distributed by the following 25 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-hEV02HqhaZQ4FMeeZCJLvtir68RY9ms0WJDE-tYstbr6UhSjh_SaV-MP-gk0UA1fGH4nkLovJSeSm65J69qU1w/messages/@.id==AJUk5C4AAA9OUwfSDvC9wLhBjOk/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=81814918-88ad-7f69-011f-b50063010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYXKaPEWk1PovNumjNqHz5ugLHL1ESKGw1Jt_yjHz40_cJ82EKLfxQbT6HS7KfcrxG2_Bha06JePkNwCbwf4DTF&error=https://es-mg42.mail.yahoo.com/.../iframemsg?id=26fab496-c7e6-7bfc-6072-7d6b92c670cc

https://mail.google.com/mail/u/.../?ui=2&ik=288af94afc&view=att&th=15a284bdce927cf0&attid=0.1&disp=safe&realattid=f_iyzvb6p00&zw

https://docs.google.com/uc?authuser=0&id=0B8zu8GSONkI6OWQxc1pLa2hDVXc&export=download

https://gq1-attach.ymail.com/internal.dl-mail.ymail.com/ws/download/mailboxes/@.id==MjI5NTYxNjA1NSAxNjQwODMgMTY0MCBvc2NhcnJjXzNAeWFob28uY29t/messages/@.id==ABV3w0MAACHKVjf_fQBpeDT6xrE/content/parts/.../raw?appid=YahooMailNeo&token=Jlt9PM6bXcPxZ-H2Jx8O7NR-vZtEwC2R1MZgmY8gfyQ6AW86xFu9EOAsk78q_1KTgxm79KH67a-pY-heJOP42g&ymreqid=5667ad86-580f-ba30-0153-9e0022010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-3UtdJO0TnDtv2oX20ra5vLML2E3Z-q_WCdbtdqMDk0WRx9BDW9wYZVZ-XBf_BH4eGH4nkLovJSeSm65J69qU1w/messages/@.id==AJkJDNkAADNiV_2U1wG9UJP8dBk/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaHFfpESeRbbmI2b6MVFJ95uroTBrtuZXGUQldJjZgId881yiswkQCGJz0iTdILpU62_Bha06JePkNwCbwf4DTF&error=https://es-mg42.mail.yahoo.com/.../iframemsg?id=21c4623b-56d0-b891-5777-8671bc9077fa&ymreqid=5a3c2f7f-b19f-60a1-01e0-bc0043010000

http://virtual.usap.edu/pluginfile.php/309807/assignsubmission_file/submission_files/.../ejercicios .exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-2Jse04pg0YqV3YqMouEsMPJ4AqxtYYWFeQW30ktJuoyr6PdNKQmr0QOSm73M1z16/messages/@.id==AJB2imIAQcFBV9qC-AzBoNiMobM/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=5954700d-bf19-1c5c-015e-040011010000&token=B6gurrMRjzcFru06HuoHkpo9VG8w-ohgSVwr7BQI0c6OQaoTaoyktvlZCI04LTivyBeeEc-tJYFJS0pT0U8SZsXy_sWeZjTSXyrwXtoE3uvbO11cFj6ksWNQQteInk_H&error=https://ar-mg5.mail.yahoo.com/.../iframemsg?id=b5ea4246-cf1e-fb03-a07d-d0daa636d72e

https://onedrive.live.com/download.aspx?cid=ED776487151E9E3A&authKey=!AL4mtGRX1dAAOTo&resid=ED776487151E9E3A!165&ithint=.exe

https://onedrive.live.com/.../qI=6&ithint=.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-puDsP1nC_8C1ZzbLcu6C8xcM3idh3favwoKturTnY1ja3_eICSI9vhiOTUDKLolPwydcIVLxMV_Z415B4lMgQg/messages/@.id==AJjkimIAAfvoV_bzsg69cCOwsLQ/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=a372d9c1-f2b8-f6bc-01ec-ad0015010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYytgQPu4btcRfQLQ8KAX0sEgp7a6JEqQuDA7XNOEE8bllQooNEs4KT-mkCIZ6uDkvK69a4fZH1VOkJejc_9sQn&error=https://mg.mail.yahoo.com/.../iframemsg?id=9f383d9d-7ed2-02c9-7c77-5be0f80c12da

https://docs.google.com/uc?authuser=0&id=0BxFz9dtRke1rSHVhWmNGakItN0E&export=download

Scan Cmd.exe - Powered by Reason Core Security