home

Cmd.exe

Sistema operativo Microsoft Windows

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Sistema operativo Microsoft® Windows®

Description:
Procesador de comandos de Windows

Version:
5.1.2600.5512 (xpsp.080413-2111)

MD5:
21fdb59548c889e78236f8f78ce49b8b

SHA-1:
a0ee0cb06a4301bd5f7bd219177fd052ea34b2f7

SHA-256:
531d1ffd6b6160ec7952e6fb6486bbfe20517a663dc21c080d89d43da5cf377f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 3:33:03 AM UTC  (today)

File size:
394 KB (403,456 bytes)

Product version:
5.1.2600.5512

Copyright:
Copyright (C) Microsoft Corporation. Reservados todos los derechos.

Original file name:
Cmd.Exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Windows\System32\cmd.exe

File PE Metadata
Compilation timestamp:
4/13/2008 2:14:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
3072:ChRx1q315oF8opcnD1hOOrWGzN2lcR2u8JnxIDU+EOQOfQeDjxtMT0NfW:gUF5oXpcFb5DRsNxIDU+TtNA

Entry address:
0x5046

Entry point:
6A, 28, 68, 68, 51, D0, 4A, E8, C8, C5, FF, FF, 33, FF, 57, FF, 15, 1C, 10, D0, 4A, 66, 81, 38, 4D, 5A, 0F, 85, F3, 00, 00, 00, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 0F, 85, E2, 00, 00, 00, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 0F, 85, B8, 3F, 01, 00, 83, 79, 74, 0E, 0F, 86, C9, 00, 00, 00, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 01, FF, 15, 44, 12, D0, 4A, 59, 83, 0D, 50, FA, D2, 4A, FF, 83, 0D, 4C, FA, D2, 4A, FF, FF, 15, C4, 11, D0, 4A, 8B, 0D, 78, 48, D3, 4A, 89, 08...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
126 KB (129,024 bytes)

The file Cmd.exe has been seen being distributed by the following 25 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-hEV02HqhaZQ4FMeeZCJLvtir68RY9ms0WJDE-tYstbr6UhSjh_SaV-MP-gk0UA1fGH4nkLovJSeSm65J69qU1w/messages/@.id==AJUk5C4AAA9OUwfSDvC9wLhBjOk/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=81814918-88ad-7f69-011f-b50063010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYXKaPEWk1PovNumjNqHz5ugLHL1ESKGw1Jt_yjHz40_cJ82EKLfxQbT6HS7KfcrxG2_Bha06JePkNwCbwf4DTF&error=https://es-mg42.mail.yahoo.com/.../iframemsg?id=26fab496-c7e6-7bfc-6072-7d6b92c670cc

https://mail.google.com/mail/u/.../?ui=2&ik=288af94afc&view=att&th=15a284bdce927cf0&attid=0.1&disp=safe&realattid=f_iyzvb6p00&zw

https://docs.google.com/uc?authuser=0&id=0B8zu8GSONkI6OWQxc1pLa2hDVXc&export=download

https://gq1-attach.ymail.com/internal.dl-mail.ymail.com/ws/download/mailboxes/@.id==MjI5NTYxNjA1NSAxNjQwODMgMTY0MCBvc2NhcnJjXzNAeWFob28uY29t/messages/@.id==ABV3w0MAACHKVjf_fQBpeDT6xrE/content/parts/.../raw?appid=YahooMailNeo&token=Jlt9PM6bXcPxZ-H2Jx8O7NR-vZtEwC2R1MZgmY8gfyQ6AW86xFu9EOAsk78q_1KTgxm79KH67a-pY-heJOP42g&ymreqid=5667ad86-580f-ba30-0153-9e0022010000

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-3UtdJO0TnDtv2oX20ra5vLML2E3Z-q_WCdbtdqMDk0WRx9BDW9wYZVZ-XBf_BH4eGH4nkLovJSeSm65J69qU1w/messages/@.id==AJkJDNkAADNiV_2U1wG9UJP8dBk/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBaHFfpESeRbbmI2b6MVFJ95uroTBrtuZXGUQldJjZgId881yiswkQCGJz0iTdILpU62_Bha06JePkNwCbwf4DTF&error=https://es-mg42.mail.yahoo.com/.../iframemsg?id=21c4623b-56d0-b891-5777-8671bc9077fa&ymreqid=5a3c2f7f-b19f-60a1-01e0-bc0043010000

http://virtual.usap.edu/pluginfile.php/309807/assignsubmission_file/submission_files/.../ejercicios .exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-2Jse04pg0YqV3YqMouEsMPJ4AqxtYYWFeQW30ktJuoyr6PdNKQmr0QOSm73M1z16/messages/@.id==AJB2imIAQcFBV9qC-AzBoNiMobM/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=5954700d-bf19-1c5c-015e-040011010000&token=B6gurrMRjzcFru06HuoHkpo9VG8w-ohgSVwr7BQI0c6OQaoTaoyktvlZCI04LTivyBeeEc-tJYFJS0pT0U8SZsXy_sWeZjTSXyrwXtoE3uvbO11cFj6ksWNQQteInk_H&error=https://ar-mg5.mail.yahoo.com/.../iframemsg?id=b5ea4246-cf1e-fb03-a07d-d0daa636d72e

https://onedrive.live.com/download.aspx?cid=ED776487151E9E3A&authKey=!AL4mtGRX1dAAOTo&resid=ED776487151E9E3A!165&ithint=.exe

https://onedrive.live.com/.../qI=6&ithint=.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-puDsP1nC_8C1ZzbLcu6C8xcM3idh3favwoKturTnY1ja3_eICSI9vhiOTUDKLolPwydcIVLxMV_Z415B4lMgQg/messages/@.id==AJjkimIAAfvoV_bzsg69cCOwsLQ/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=a372d9c1-f2b8-f6bc-01ec-ad0015010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYytgQPu4btcRfQLQ8KAX0sEgp7a6JEqQuDA7XNOEE8bllQooNEs4KT-mkCIZ6uDkvK69a4fZH1VOkJejc_9sQn&error=https://mg.mail.yahoo.com/.../iframemsg?id=9f383d9d-7ed2-02c9-7c77-5be0f80c12da

https://docs.google.com/uc?authuser=0&id=0BxFz9dtRke1rSHVhWmNGakItN0E&export=download

http://evirtual-sl.upnfm.edu.hn/moodle/pluginfile.php/185697/assignsubmission_file/submission_files/240945/.../ruth.exe

https://mail.inclusion.gob.ec/service/home/.../cmd.exe

http://campus.humgp.unlpam.edu.ar/pluginfile.php/22956/mod_folder/content/.../Rama, Ángel.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-rb5DtzKascv1X-jC0B_EtgUUfieX_RKHBoHpjVFNusWw-GU8Z9DtuhmneTZfregfGH4nkLovJSeSm65J69qU1w/messages/@.id==AEm-imIAAECzVuHwhwfT6N1WuOQ/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZSTCCrhiyoNoeDR2UgLlg9_tmbZU_QP6bd5QzJLzvu9w&error=https://e1-mg5.mail.yahoo.com/.../iframemsg?id=5271f7e3-836a-9d55-13df-e0b63215a338&ymreqid=492bff28-8098-ad04-01ca-2c002b010000

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_3_194909_AHDsw0MAAANnVo53fwq AJTJucA&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-vEHmFI0xHwyJo0ikRHTYa-YFo1_E-ub7ApapRoAR5BAAJpHjOzby26EHAVCXni1r2ztdXBY-pLFjUELXiJ5Pxw/messages/@.id==AE6_imIAABEMVw-fpQDW2Bs9ONI/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBY9SGZwTHu1wc7azQ34qaP7u7QEJ4XE4ROxoD8xqTaFcQ&error=https://ar-mg5.mail.yahoo.com/.../iframemsg?id=e7161759-c154-e799-833d-e3c304a22170&ymreqid=ad5804c1-bdc7-7d4b-010c-b30087010000

https://www.cibercolegios.com/pls/.../attach_utl.descarga_web

https://api.edmodo.com/files/.../download?f=6zkx0oep5bpmg5ga931rriof6

https://mg.mail.yahoo.com/ya/.../QWwQAAAF9HdBc&fid=Draft&pid=2&clean=0&appid=YahooMailNeo

http://ead.uny.edu.ve/moodle/pluginfile.php/293245/assignsubmission_file/submission_files/.../tesis .exe

https://campus.santotomas.cl/moodle/pluginfile.php/7033958/mod_folder/content/.../cmd.exe

https://mail.google.com/mail/u/.../?ui=2&ik=ef2d0c0322&view=att&th=1475c2d9803c1582&attid=0.1&disp=safe&realattid=f_hmnprj320&zw

https://www.edmodo.com/file?id=9959fb612c4f56ed74d75f4e0ff57404

http://www.seadea.ejercitoargentino.mil.ar/correoSeadea/.../downloadexe.asp?id=107913

Scan Cmd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.