wincmd.exe

wincmd

MM Studio

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘wincmd’.
Publisher:
MM Studio  (signed and verified)

Product:
wincmd

Version:
1.30

MD5:
ca6898b73255e45f5b56a59b42b95763

SHA-1:
a83584f39898af269a7d3a1510701f30b8a98879

SHA-256:
a8ac6bffc25e9b11bab7fb2362bda6e115696617386c97de8b300ff4b5e25005

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 5:17:07 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/VB-Backdoor-PEK-based!Maxim
4.6.5.141

File size:
501.5 KB (513,496 bytes)

Product version:
1.30

Copyright:
MM Studio

Trademarks:
MM Studio

Original file name:
wincmd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\wincmd\wincmd.exe

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
10/5/2011 1:45:44 PM

Valid to:
8/7/2012 1:45:44 PM

Subject:
C=PL, O=MM Studio, OU=Swidnik, CN=MM Studio Maciej Piwko, E=biuro@mmstudio.pl

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
4BEC754AF8C012D0095DF2DBF10E930B

File PE Metadata
Compilation timestamp:
3/19/2012 6:20:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:/eB+zN5LI/qpHlHEZzrU0zbwPB5SKNFVaYfM+0Z/dvFRQ2qYDQewsqw:pFPFHgr3E51gZFRjqYDQeww

Entry address:
0x4F40

Entry point:
68, 18, 53, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, A3, 3B, 71, 89, 78, 93, FC, 4F, 8B, F3, C4, 65, 83, 79, 76, 7B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 30, 23, 30, 3B, 20, 4D, 69, 6E, 63, 6D, 64, 6E, 6E, 74, 00, 63, 78, 0D, 0A, 4F, 62, 6A, 00, 00, 00, 00, 01, 00, 17, 00, 8C, 8E, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 30, 93, 40, 00, D8, A1, 47, 00, 00, 00, 00, 00, A8, 7E, 36, 03, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
484 KB (495,616 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
wincmd

Command:
C:\windows\wincmd\wincmd.exe


Scan wincmd.exe - Powered by Reason Core Security