home

Cmd.exe

Système d'exploitation Microsoft Windows

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Système d'exploitation Microsoft® Windows®

Description:
Interpréteur de commandes Windows

Version:
5.1.2600.5512 (xpsp.080413-2111)

MD5:
85d5dcf81ae47b68d5dc91255b9ad16f

SHA-1:
bbedcaa3c0bb318999bd2f303a4028ba5389d05e

SHA-256:
88b4c837458940f238c0502372e249fefc9349619d439da927cfbb6cfb5e9437

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 6:36:06 PM UTC  (today)

File size:
392 KB (401,408 bytes)

Product version:
5.1.2600.5512

Copyright:
© Microsoft Corporation. Tous droits réservés.

Original file name:
Cmd.Exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Windows\System32\cmd.exe

File PE Metadata
Compilation timestamp:
4/13/2008 8:14:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
3072:whRx1q315oF8opcnD1hOOrWGzN2lcR2u8JnxIaU+JQ2cwSz1wbT5:GUF5oXpcFb5DRsNxIaUK

Entry address:
0x5046

Entry point:
6A, 28, 68, 68, 51, D0, 4A, E8, C8, C5, FF, FF, 33, FF, 57, FF, 15, 1C, 10, D0, 4A, 66, 81, 38, 4D, 5A, 0F, 85, F3, 00, 00, 00, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 0F, 85, E2, 00, 00, 00, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 0F, 85, B8, 3F, 01, 00, 83, 79, 74, 0E, 0F, 86, C9, 00, 00, 00, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 01, FF, 15, 44, 12, D0, 4A, 59, 83, 0D, 50, FA, D2, 4A, FF, 83, 0D, 4C, FA, D2, 4A, FF, FF, 15, C4, 11, D0, 4A, 8B, 0D, 78, 48, D3, 4A, 89, 08...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
126 KB (129,024 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
AvgUninstallURL

Command:
cmd.exe \c start httC:\www.avg.com\es-es.special-uninstallation-feedback-lsf?lic=tlvirdqtwug5ueuttznqneutuvjerustr0rkwjctvk9yvuw"&"inst=nzctnzmwmduwmta0lvnumtjgt0krms1erfqrmc1fvuxbkzetu1qxmkzbufarmq"


The file Cmd.exe has been seen being distributed by the following 12 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-pnBzFBTYINfp8k5VVRZi72Esbczl6DI-7kuY9tQmZobb3vMNlYav77IXqA82USWMGH4nkLovJSeSm65J69qU1w/messages/@.id==ABVVfbwAABn_WHt1EQZNSIBY4dU/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYJnMHKtLv68f4qvTP3lhbyEKxD-fLYJycNgYRnY-rxpcRMBjQdhsYSHVr2BJkzph9OG87BJ_cnZtxJMFC4LO1L&error=https://mg.mail.yahoo.com/.../iframemsg?id=ec7da057-65ef-dc2d-f233-748181cf920f&ymreqid=e9a11032-f9f7-23cf-015c-010045010000

https://download.wetransfer.com/eu2/.../cmd.exe

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_314235_APcIDNkAADYOVaPLAw5jmP6IOB8&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=45a89d68-dba0-c734-01b1-f40022010000

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_10954225_ALZhUtQAAALLVha9Ww4ZYBKWdb4&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=a5d900ff-9f71-8033-01a9-19002f010000

https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/.../0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&nonce=hhfqjp410nabq&user=00041646373497753833&hash=a65t8jdvm3v2meiglek5sbqqnll9m4dk

https://docs.google.com/nonceSigner?nonce=hhfqjp410nabq&continue=https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/00041646373497753833/0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&hash=rrehcadqi3r3ctdcffm2haj9s2m0vdo7&urp=https://mail.google.com/mail/u/.../?tab=wm&pli=1

https://docs.google.com/nonceSigner?nonce=hhfqjp410nabq&continue=https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/00041646373497753833/0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&hash=rrehcadqi3r3ctdcffm2haj9s2m0vdo7&urp=https://mail.google.com/mail/u/.../?tab=wm&pli=1&auth=DQAAAI8AAAAPckqza3vty1qwZXGvVCh3MmyWx3zHEQoqh-pUvvlcEVy8G5-7YTA3Nt6JAxdLSzzSoLK2BQ3lcDjdDwXM2wmI1JrbKZmNHfeZrTuBR06A_1Dqx2h8pSPrnRuDbs3LPuaFf-9nQh3VrVa4Q1LcKL2v2UoeHSEqbA1wGLVbFoENyGQWwJgjJdmXL9aCfQ6JCPk&authuser=0

https://accounts.google.com/ServiceLogin?service=writely&passive=1209600&continue=https://docs.google.com/nonceSigner?nonce=hhfqjp410nabq&continue=https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/00041646373497753833/0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&hash=rrehcadqi3r3ctdcffm2haj9s2m0vdo7&urp=https://mail.google.com/mail/u/0/?tab=wm&followup=https://docs.google.com/nonceSigner?nonce=hhfqjp410nabq&continue=https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/00041646373497753833/0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&hash=rrehcadqi3r3ctdcffm2haj9s2m0vdo7&urp=https://mail.google.

https://www.google.com/accounts/ServiceLogin?service=writely&passive=1209600&continue=https://docs.google.com/nonceSigner?nonce=hhfqjp410nabq&continue=https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/00041646373497753833/0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&hash=rrehcadqi3r3ctdcffm2haj9s2m0vdo7&urp=https://mail.google.com/mail/u/.../?tab=wm&followup=https://docs.google.com/nonceSigner?nonce=hhfqjp410nabq&continue=https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/00041646373497753833/0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&hash=rrehcadqi3r3ctdcffm2haj9s2m0vdo7&urp=https://mail.google.com/mail/u/.../?tab=wm&ltmpl=homepage&authuser=0

https://docs.google.com/nonceSigner?nonce=hhfqjp410nabq&continue=https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/.../0B_W_bM5diczxMG5SRHd5OFUxNDQ?e=download&h=16653014193614665626&hash=rrehcadqi3r3ctdcffm2haj9s2m0vdo7

https://doc-0g-9c-docs.googleusercontent.com/docs/securesc/7ufr6odm1dfchdlmfdd61scuml3trivc/9ujk4htbh4ha7or2fjp166ln2clnknp6/1387468800000/16914606078684330077/.../0B_W_bM5diczxMG5SRHd5OFUxNDQ?h=16653014193614665626&e=download

http://service.mail.com/callgate-6.73.1.0/rms/6.73.1.0/.../download?folderId=4&messageId=MTImKAa0Wy89KD9ORWFuhdthZrlVWpjR&attachmentId=MTImKAa0Wy89KD9ORWFuhdthYrlVWpjR

Scan Cmd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.