wincmd.exe

wincmd

MM Studio

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘wincmd’.
Publisher:
MM Studio  (signed and verified)

Product:
wincmd

Version:
1.27

MD5:
c1f7501d06689cb45665060a0d37fe5c

SHA-1:
85f7ff9336778aa7f0a9f41ce25d0158a97c479b

SHA-256:
d96a7c464214679fda0cdbd9100be63739a78385fb6a1b71ef7f791171dbf238

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 5:38:02 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
probably BACKDOOR.Trojan
9.0.1.05190

F-Prot
W32/VB-Backdoor-PEK-based!Maxim
4.6.5.141

File size:
461.5 KB (472,536 bytes)

Product version:
1.27

Copyright:
MM Studio

Trademarks:
MM Studio

Original file name:
wincmd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\wincmd\wincmd.exe

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
10/5/2011 1:45:44 PM

Valid to:
8/7/2012 1:45:44 PM

Subject:
C=PL, O=MM Studio, OU=Swidnik, CN=MM Studio Maciej Piwko, E=biuro@mmstudio.pl

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
4BEC754AF8C012D0095DF2DBF10E930B

File PE Metadata
Compilation timestamp:
12/21/2011 12:39:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:NOOlZB0uWaI/qpHlHXh7Uw6T9xMlyL6yGyEkM+dvsO6koRuzjpf3WYutKS/:NOOOubPFHX5wxoCt6kauzjpf3WYq/

Entry address:
0x4860

Entry point:
68, 38, 4C, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D8, 92, F4, CD, D1, 71, 61, 42, 82, 0D, AA, C8, A0, A1, 4C, 56, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 49, 00, 02, 50, 83, 01, 69, 6E, 63, 6D, 64, 6E, 6E, 74, 00, 00, 00, 00, 4C, 4C, 06, 01, 00, 00, 00, 00, 01, 00, 17, 00, 9C, 87, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 40, 8C, 40, 00, D8, 01, 47, 00, 00, 00, 00, 00, 08, CB, 1D, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
444 KB (454,656 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
wincmd

Command:
C:\windows\wincmd\wincmd.exe


Scan wincmd.exe - Powered by Reason Core Security