× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 31b3b228382dc359f22ae97b2602eee81dc743fb21196061eacc6619533881f5
File name: NirCmd
Detection ratio: 8 / 68
Analysis date: 2018-11-13 19:35:47 UTC ( 24 minutes ago )
Antivirus Result Update
Cylance Unsafe 20181113
DrWeb Tool.NirCmd.2 20181113
Sophos ML heuristic 20181108
Sophos AV NirCmd (PUA) 20181113
TheHacker Posible_Worm32 20181108
TrendMicro HKTL_NIRCMD.GA 20181113
TrendMicro-HouseCall HKTL_NIRCMD.GA 20181113
ViRobot Trojan.Win32.S.Agent.44544.XB 20181113
Ad-Aware 20181112
AegisLab 20181113
AhnLab-V3 20181113
Alibaba 20180921
ALYac 20181113
Antiy-AVL 20181113
Arcabit 20181113
Avast 20181113
Avast-Mobile 20181113
AVG 20181113
Avira (no cloud) 20181113
Babable 20180918
Baidu 20181112
BitDefender 20181113
Bkav 20181113
CAT-QuickHeal 20181113
ClamAV 20181113
CMC 20181113
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20181113
eGambit 20181113
Emsisoft 20181113
Endgame 20181108
ESET-NOD32 20181113
F-Prot 20181113
F-Secure 20181113
Fortinet 20181113
GData 20181113
Ikarus 20181113
Jiangmin 20181113
K7AntiVirus 20181113
K7GW 20181113
Kaspersky 20181113
Kingsoft 20181113
Malwarebytes 20181113
MAX 20181113
McAfee 20181113
McAfee-GW-Edition 20181113
Microsoft 20181113
eScan 20181113
NANO-Antivirus 20181113
Palo Alto Networks (Known Signatures) 20181113
Panda 20181113
Qihoo-360 20181113
Rising 20181113
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181107
Symantec 20181113
Symantec Mobile Insight 20181108
TACHYON 20181113
Tencent 20181113
TotalDefense 20181113
Trustlook 20181113
VBA32 20181113
VIPRE 20181113
Webroot 20181113
Yandex 20181113
Zillya 20181113
ZoneAlarm by Check Point 20181113
Zoner 20181113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003 - 2016 Nir Sofer

Product NirCmd
Original name NirCmd.exe
Internal name NirCmd
File version 2.81
Description NirCmd
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-23 06:44:37
Entry Point 0x00019D40
Number of sections 3
PE sections
PE imports
RegCloseKey
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
mixerOpen
CoInitialize
Number of PE resources by type
RT_DIALOG 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
HEBREW DEFAULT 3
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
61440

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.8.1.226

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
NirCmd

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
4096

EntryPoint
0x19d40

OriginalFileName
NirCmd.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2003 - 2016 Nir Sofer

FileVersion
2.81

TimeStamp
2016:05:23 07:44:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NirCmd

ProductVersion
2.81

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
40960

ProductName
NirCmd

ProductVersionNumber
2.8.1.226

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 84d499f558570c32f4cb100a9124890b
SHA1 9adfc7ab66348d84ebdd9c1e8093cad4cc8485ef
SHA256 31b3b228382dc359f22ae97b2602eee81dc743fb21196061eacc6619533881f5
ssdeep
768:e4OBw5XDtS0d0xr6xczY6jU19q2T5D8EZdZzaJqn:+wtDtS0yV6B6A19FTiEZXaJqn

authentihash 4e6d4310b81b957367040af8d7ae4b36573570e9f63457abd2fa1ceace1b5c6c
imphash 2f9a0154d6a293d856bfb68d9a5042ea
File size 43.5 KB ( 44544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-05-23 12:07:18 UTC ( 2 years, 5 months ago )
Last submission 2018-11-10 14:28:28 UTC ( 3 days, 5 hours ago )
File names lobaby.pif
uzptz0vumhzittd
kqovtjoa.uts
file_E6F63A5B087A4401BE4E6828D0FABE45
nircmd.dll
info.exe
iygtw20x.4kv
screenshot.exe
zaqx5z1y.r5i
wzuvs0fg.r5s
NirCmd.exe
output.114353459.txt
temp.tmp
E105.TMP.EXE
z00j33u1.f3a
ideografu0.exe
file_A0A3853A6DA440348D574C290AB6AFC2
txnszqtq.k3f
svn.fdbc9660-5c01-0010-ab94-19931a3690e7.tmp
file_E2537A881CA34F228E2907661A207B89
1yd0bi1y.hfg
31b3b228382dc359_l78g4rusv07ffqbcg
31b3b228382dc359_qcbhnd9lrlu7os4
file_0F48DC31ADEE404388EACA8E79D9EBA7
file_070C38F7420540EAAB63DE642631447B
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications