× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 31b3b228382dc359f22ae97b2602eee81dc743fb21196061eacc6619533881f5
File name: nircmd.exe
Detection ratio: 5 / 67
Analysis date: 2018-01-16 12:07:43 UTC ( 5 days, 14 hours ago )
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9850 20180116
Cylance Unsafe 20180116
Sophos AV NirCmd (PUA) 20180116
TheHacker Posible_Worm32 20180115
ViRobot Trojan.Win32.S.Agent.44544.XB 20180116
Ad-Aware 20180116
AegisLab 20180116
AhnLab-V3 20180116
Alibaba 20180116
ALYac 20180116
Antiy-AVL 20180116
Arcabit 20180116
Avast 20180116
Avast-Mobile 20180116
AVG 20180116
Avira (no cloud) 20180116
AVware 20180103
BitDefender 20180116
Bkav 20180116
CAT-QuickHeal 20180116
ClamAV 20180116
CMC 20180116
Comodo 20180116
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20180116
DrWeb 20180116
eGambit 20180116
Emsisoft 20180116
Endgame 20171130
ESET-NOD32 20180116
F-Prot 20180116
F-Secure 20180116
Fortinet 20180116
GData 20180116
Ikarus 20180116
Sophos ML 20170914
Jiangmin 20180116
K7AntiVirus 20180116
K7GW 20180116
Kaspersky 20180116
Kingsoft 20180116
Malwarebytes 20180116
MAX 20180116
McAfee 20180116
McAfee-GW-Edition 20180116
Microsoft 20180116
eScan 20180116
NANO-Antivirus 20180116
nProtect 20180116
Palo Alto Networks (Known Signatures) 20180116
Panda 20180115
Qihoo-360 20180116
Rising 20180116
SentinelOne (Static ML) 20180115
SUPERAntiSpyware 20180116
Symantec 20180116
Symantec Mobile Insight 20180116
Tencent 20180116
TrendMicro 20180116
TrendMicro-HouseCall 20180116
Trustlook 20180116
VBA32 20180115
VIPRE 20180116
Webroot 20180116
WhiteArmor 20180110
Yandex 20180112
Zillya 20180115
ZoneAlarm by Check Point 20180116
Zoner 20180116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2003 - 2016 Nir Sofer

Product NirCmd
Original name NirCmd.exe
Internal name NirCmd
File version 2.81
Description NirCmd
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-05-23 06:44:37
Entry Point 0x00019D40
Number of sections 3
PE sections
PE imports
RegCloseKey
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
mixerOpen
CoInitialize
Number of PE resources by type
RT_DIALOG 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
HEBREW DEFAULT 3
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
4096

ImageVersion
0.0

ProductName
NirCmd

FileVersionNumber
2.8.1.226

UninitializedDataSize
61440

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
exe

OriginalFileName
NirCmd.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.81

TimeStamp
2016:05:23 07:44:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
NirCmd

ProductVersion
2.81

FileDescription
NirCmd

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2003 - 2016 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
40960

FileSubtype
0

ProductVersionNumber
2.8.1.226

EntryPoint
0x19d40

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 84d499f558570c32f4cb100a9124890b
SHA1 9adfc7ab66348d84ebdd9c1e8093cad4cc8485ef
SHA256 31b3b228382dc359f22ae97b2602eee81dc743fb21196061eacc6619533881f5
ssdeep
768:e4OBw5XDtS0d0xr6xczY6jU19q2T5D8EZdZzaJqn:+wtDtS0yV6B6A19FTiEZXaJqn

authentihash 4e6d4310b81b957367040af8d7ae4b36573570e9f63457abd2fa1ceace1b5c6c
imphash 2f9a0154d6a293d856bfb68d9a5042ea
File size 43.5 KB ( 44544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2016-05-23 12:07:18 UTC ( 1 year, 8 months ago )
Last submission 2018-01-16 12:07:43 UTC ( 5 days, 14 hours ago )
File names lobaby.pif
kqovtjoa.uts
file_E6F63A5B087A4401BE4E6828D0FABE45
file_E3567EBFB8694913B19739C6E423ED79
nircmd.dll
info.exe
iygtw20x.4kv
file_285E4D291EAD4040A33677AC8253706E
screenshot.exe
zaqx5z1y.r5i
file_F30D1C50FD264CD79051F2F9D6CE0FFF
nrxk2suh.nyb
NirCmd.exe
temp.tmp
E105.TMP.EXE
z00j33u1.f3a
ideografu0.exe
txnszqtq.k3f
svn.fdbc9660-5c01-0010-ab94-19931a3690e7.tmp
file_E2537A881CA34F228E2907661A207B89
1yd0bi1y.hfg
yjwlboeo.00q
31b3b228382dc359_l78g4rusv07ffqbcg
31b3b228382dc359_qcbhnd9lrlu7os4
file_0F48DC31ADEE404388EACA8E79D9EBA7
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications