× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386
File name: cmd.exe
Detection ratio: 0 / 66
Analysis date: 2018-11-15 01:13:16 UTC ( 5 hours, 45 minutes ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20181114
AVG 20181114
Ad-Aware 20181114
AegisLab 20181114
AhnLab-V3 20181114
Alibaba 20180921
Antiy-AVL 20181114
Arcabit 20181114
Avast 20181114
Avast-Mobile 20181114
Avira (no cloud) 20181115
Babable 20180918
Baidu 20181114
BitDefender 20181115
Bkav 20181114
CAT-QuickHeal 20181114
CMC 20181114
ClamAV 20181115
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181115
Cyren 20181115
DrWeb 20181114
ESET-NOD32 20181115
Emsisoft 20181114
Endgame 20181108
F-Prot 20181115
F-Secure 20181114
Fortinet 20181114
GData 20181114
Ikarus 20181114
Sophos ML 20181108
Jiangmin 20181114
K7AntiVirus 20181113
K7GW 20181114
Kaspersky 20181115
Kingsoft 20181115
MAX 20181115
Malwarebytes 20181114
McAfee 20181115
McAfee-GW-Edition 20181115
eScan 20181115
Microsoft 20181114
NANO-Antivirus 20181114
Palo Alto Networks (Known Signatures) 20181115
Panda 20181114
Qihoo-360 20181115
Rising 20181115
SUPERAntiSpyware 20181114
SentinelOne (Static ML) 20181011
Sophos AV 20181114
Symantec 20181114
TACHYON 20181115
Tencent 20181115
TheHacker 20181113
TrendMicro 20181114
TrendMicro-HouseCall 20181114
Trustlook 20181115
VBA32 20181114
ViRobot 20181114
Webroot 20181115
Yandex 20181113
Zillya 20181114
ZoneAlarm by Check Point 20181114
Zoner 20181115
eGambit 20181115
Symantec Mobile Insight 20181108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name Cmd.Exe
Internal name cmd
File version 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Description Windows Command Processor
Signature verification Signed file, verified signature
Signing date 8:37 PM 11/20/2010
Signers
[+] Microsoft Windows
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Windows Verification PCA
Valid from 10:57 PM 12/7/2009
Valid to 10:57 PM 3/7/2011
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 02ECEEA9D5E0A9F3E39B6F4EC3F7131ED4E352C4
Serial number 61 15 23 0F 00 00 00 00 00 0A
[+] Microsoft Windows Verification PCA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Root Certificate Authority
Valid from 10:55 PM 9/15/2005
Valid to 11:05 PM 3/15/2016
Valid usage Code Signing, NT5 Crypto
Algorithm sha1RSA
Thumbprint 5DF0D7571B0780783960C68B78571FFD7EDAF021
Serial number 61 07 02 DC 00 00 00 00 00 0B
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 8:12 PM 7/25/2008
Valid to 8:22 PM 7/25/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 56E832A33DDC8CF2C916DA7CBB1175CBACABAE2C
Serial number 61 03 DC F6 00 00 00 00 00 0C
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 1:53 PM 4/3/2007
Valid to 2:03 PM 4/3/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 12:19 AM 5/10/2001
Valid to 12:28 AM 5/10/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine x64
Compilation timestamp 2010-11-20 09:46:13
Entry Point 0x000090B4
Number of sections 6
PE sections
PE imports
SetThreadLocale
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
FindNextStreamW
GetConsoleTitleW
SetConsoleCursorPosition
ScrollConsoleScreenBufferW
GetFileAttributesW
QueryFullProcessImageNameW
GetLocalTime
GetCurrentProcess
GetConsoleMode
GetThreadGroupAffinity
GetVolumeInformationW
RegOpenKeyExW
SetErrorMode
FreeEnvironmentStringsW
GetLocaleInfoW
GetCPInfo
GetNumaNodeProcessorMaskEx
GetSystemTimeAsFileTime
HeapReAlloc
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
FindClose
MoveFileW
SetFileAttributesW
CancelSynchronousIo
GetEnvironmentVariableW
SetLastError
RegCreateKeyExW
GetSystemTime
DeviceIoControl
CopyFileW
RemoveDirectoryW
HeapAlloc
FillConsoleOutputCharacterW
HeapSetInformation
LoadLibraryExA
SetConsoleCtrlHandler
DelayLoadFailureHook
UnhandledExceptionFilter
InitializeProcThreadAttributeList
MultiByteToWideChar
SetFilePointerEx
SetProcessAffinityMask
GetFullPathNameW
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
RegDeleteValueW
TerminateProcess
RegSetValueExW
SetCurrentDirectoryW
VirtualQuery
RegDeleteKeyExW
GetDiskFreeSpaceExW
GetVDMCurrentDirectories
SetEndOfFile
GetVersion
lstrcmpW
WriteConsoleW
HeapFree
EnterCriticalSection
LoadLibraryW
OpenThread
FreeLibrary
QueryPerformanceCounter
GetTickCount
SetConsoleTextAttribute
FlushFileBuffers
lstrcmpiW
SetEnvironmentStringsW
SetLocalTime
SystemTimeToFileTime
GetWindowsDirectoryW
GetFileSize
RegQueryValueExW
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetProcessHeap
GetTimeFormatW
GetBinaryTypeW
GetModuleFileNameW
ExpandEnvironmentStringsW
FindNextFileW
NeedCurrentDirectoryForExePathW
CreateHardLinkW
FindFirstFileW
DuplicateHandle
FindFirstFileExW
GetUserDefaultLCID
CmdBatNotification
SearchPathW
CreateFileW
GetConsoleWindow
UpdateProcThreadAttribute
GetNumaHighestNodeNumber
GetFileType
GetCurrentThreadId
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
GlobalFree
GetThreadLocale
GetEnvironmentStringsW
GlobalAlloc
CreateProcessW
FileTimeToLocalFileTime
CompareFileTime
GetCurrentProcessId
SetFileTime
GetCommandLineW
FindFirstStreamW
HeapSize
SetConsoleTitleW
ReadConsoleW
SetFilePointer
CreateSymbolicLinkW
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetFileAttributesExW
DeleteProcThreadAttributeList
RegCloseKey
WideCharToMultiByte
GetCurrentDirectoryW
SetConsoleMode
WriteFile
VirtualFree
Sleep
VirtualAlloc
BrandingFormatString
rand
_ultoa
_wcsupr
setlocale
realloc
wcstoul
memset
wcschr
_local_unwind
_pipe
_open_osfhandle
_wcslwr
_pclose
_wcsicmp
_setmode
printf
fgets
_getch
fflush
_fmode
_vsnwprintf
_amsg_exit
?terminate@@YAXXZ
_wcsnicmp
__C_specific_handler
_errno
feof
qsort
_dup
memcpy
_get_osfhandle
_wtol
exit
_XcptFilter
_commode
iswalpha
__setusermatherr
iswspace
_setjmp
_close
_cexit
srand
_tell
_dup2
ferror
memcmp
free
iswxdigit
wcsncmp
__getmainargs
calloc
_initterm
towupper
_wpopen
wcstol
memmove
wcsspn
towlower
longjmp
swscanf
wcsrchr
iswdigit
time
wcsstr
fprintf
_exit
_iob
__set_app_type
NtOpenThreadToken
NtSetInformationProcess
RtlFindLeastSignificantBit
NtOpenProcessToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
NtFsControlFile
NtQueryInformationToken
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
NtQueryInformationProcess
NtClose
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 1
MUI 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
6.1

FileSubtype
0

FileVersionNumber
6.1.7601.17514

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Windows Command Processor

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

InitializedDataSize
183808

EntryPoint
0x90b4

OriginalFileName
Cmd.Exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7601.17514 (win7sp1_rtm.101119-1850)

TimeStamp
2010:11:20 10:46:13+01:00

FileType
Win64 EXE

PEType
PE32+

InternalName
cmd

ProductVersion
6.1.7601.17514

SubsystemVersion
6.1

OSVersion
6.1

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
AMD AMD64

CompanyName
Microsoft Corporation

CodeSize
160256

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7601.17514

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 5746bd7e255dd6a8afa06f7c42c1ba41
SHA1 0f3c4ff28f354aede202d54e9d1c5529a3bf87d8
SHA256 db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386
ssdeep
6144:NVl7yDR2iaGcsVXFBM6IT77aVebJWC1jIdDWCoCX9Sm:jdyDRwpmFq6ITSebJWwjIdDbNS

authentihash 5f98965ff2650b89586176b38f007ca13a9e525e877ddccbcdce0a90408672d5
imphash d0058544e4588b1b2290b7f4d830eb0a
File size 337.0 KB ( 345088 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (82.0%)
OS/2 Executable (generic) (6.0%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
Tags
peexe assembly signed attachment via-tor 64bits trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with cmd.exe as its name.
VirusTotal metadata
First submission 2011-01-27 08:10:19 UTC ( 7 years, 9 months ago )
Last submission 2018-11-15 01:13:16 UTC ( 5 hours, 45 minutes ago )
File names cmd.exe
135
5746bd7e255dd6a8afa06f7c42c1ba41.exe
cmd (2).exe
cmd.mui
[21]cmd.exe
Utilman.exe
cexw.exe
RLHackers
[12]cmd.exe
cmd.exe
myfile.exe
cmd.exe
cmd
f8454fa16fb033e4500e95836049a7e7c8b57ea7.exe
y.exe
pe-Windows-x64-cmd
mmc32.exe
[65]cmd.exe
sethc.exe_
week.exe
[60]cmd.exe
cmd.exe
[56]cmd.exe
557184
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!