» wincmd.exe
Overview
Analysis
File Details
Behaviors (1)

wincmd.exe

wincmd

MM Studio

File name:

wincmd.exe

Publisher:

MM Studio (signed and verified)

Product:

wincmd

Version:

1.32

MD5:

3b266507e37a9e38c2125dd149314e8a

SHA-1:

f84a020fb839bf9f80d6584be460df90461b293d

SHA-256:

0f245fa4f9c76a5665bcc19be4dd88ebc997d82c96f8bb5edfc909981b16b7ce

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/23/2024 7:13:34 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

probably BACKDOOR.Trojan

9.0.1.05190

F-Prot

W32/VB-Backdoor-PEK-based!Maxim

4.6.5.141

File size:

517.5 KB (529,880 bytes)

Product version:

1.32

MM Studio

Trademarks:

MM Studio

Original file name:

wincmd.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\wincmd\wincmd.exe

Digital Signature

Signed by:

MM Studio

Authority:

Unizeto Technologies S.A.

Valid from:

10/5/2011 1:45:44 PM

Valid to:

8/7/2012 1:45:44 PM

Subject:

C=PL, O=MM Studio, OU=Swidnik, CN=MM Studio Maciej Piwko, E=biuro@mmstudio.pl

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

4BEC754AF8C012D0095DF2DBF10E930B

File PE Metadata

Compilation timestamp:

5/9/2012 11:25:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:4OL5VGI/qpHlHNHRxAMO0MtDZvGCMq9DAV/SK345sGyahiyRxZeA/Edu:bVcPFHOkoZGSk0Oah9RxZeAMu

Entry address:

0x51B8

Entry point:

68, 90, 55, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 8F, B9, DC, 80, E7, B3, C2, 4A, 8F, 07, 31, C3, DC, A2, 1F, 2A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 69, 6E, 63, 6D, 64, 6E, 6E, 74, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, 01, 00, 17, 00, 30, 92, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, D4, 96, 40, 00, D8, E1, 47, 00, 00, 00, 00, 00, 28, 68, 1F, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

500 KB (512,000 bytes)

Windows Firewall Allowed Program

Name:

C:\WINDOWS\wincmd\wincmd.exe

Scan wincmd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.