Cmd.exe

Système d'exploitation Microsoft Windows

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Système d'exploitation Microsoft® Windows®

Description:
Interpréteur de commandes Windows

Version:
5.1.2600.5512 (xpsp.080413-2111)

MD5:
85d5dcf81ae47b68d5dc91255b9ad16f

SHA-1:
bbedcaa3c0bb318999bd2f303a4028ba5389d05e

SHA-256:
88b4c837458940f238c0502372e249fefc9349619d439da927cfbb6cfb5e9437

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 6:36:06 PM UTC  (today)

File size:
392 KB (401,408 bytes)

Product version:
5.1.2600.5512

Copyright:
© Microsoft Corporation. Tous droits réservés.

Original file name:
Cmd.Exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Windows\System32\cmd.exe

File PE Metadata
Compilation timestamp:
4/13/2008 8:14:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
3072:whRx1q315oF8opcnD1hOOrWGzN2lcR2u8JnxIaU+JQ2cwSz1wbT5:GUF5oXpcFb5DRsNxIaUK

Entry address:
0x5046

Entry point:
6A, 28, 68, 68, 51, D0, 4A, E8, C8, C5, FF, FF, 33, FF, 57, FF, 15, 1C, 10, D0, 4A, 66, 81, 38, 4D, 5A, 0F, 85, F3, 00, 00, 00, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 0F, 85, E2, 00, 00, 00, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 0F, 85, B8, 3F, 01, 00, 83, 79, 74, 0E, 0F, 86, C9, 00, 00, 00, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 01, FF, 15, 44, 12, D0, 4A, 59, 83, 0D, 50, FA, D2, 4A, FF, 83, 0D, 4C, FA, D2, 4A, FF, FF, 15, C4, 11, D0, 4A, 8B, 0D, 78, 48, D3, 4A, 89, 08...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
126 KB (129,024 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
AvgUninstallURL

Command:
cmd.exe \c start httC:\www.avg.com\es-es.special-uninstallation-feedback-lsf?lic=tlvirdqtwug5ueuttznqneutuvjerustr0rkwjctvk9yvuw"&"inst=nzctnzmwmduwmta0lvnumtjgt0krms1erfqrmc1fvuxbkzetu1qxmkzbufarmq"


The file Cmd.exe has been seen being distributed by the following 12 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-pnBzFBTYINfp8k5VVRZi72Esbczl6DI-7kuY9tQmZobb3vMNlYav77IXqA82USWMGH4nkLovJSeSm65J69qU1w/messages/@.id==ABVVfbwAABn_WHt1EQZNSIBY4dU/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYJnMHKtLv68f4qvTP3lhbyEKxD-fLYJycNgYRnY-rxpcRMBjQdhsYSHVr2BJkzph9OG87BJ_cnZtxJMFC4LO1L&error=https://mg.mail.yahoo.com/.../iframemsg?id=ec7da057-65ef-dc2d-f233-748181cf920f&ymreqid=e9a11032-f9f7-23cf-015c-010045010000

https://download.wetransfer.com/eu2/.../cmd.exe

Scan Cmd.exe - Powered by Reason Core Security