× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: edd9bf86b11093f4f76bdecaf85ddc6d1c910d198f0dd8d4a7924a418bbddd74
File name: cmd
Detection ratio: 0 / 57
Analysis date: 2015-09-26 00:32:01 UTC ( 1 year, 8 months ago )
Antivirus Result Update
Ad-Aware 20150926
AegisLab 20150925
Yandex 20150925
AhnLab-V3 20150925
Alibaba 20150925
ALYac 20150926
Antiy-AVL 20150925
Arcabit 20150926
Avast 20150925
AVG 20150926
Avira (no cloud) 20150926
AVware 20150925
Baidu-International 20150925
BitDefender 20150926
Bkav 20150925
ByteHero 20150926
CAT-QuickHeal 20150924
ClamAV 20150925
CMC 20150925
Comodo 20150925
Cyren 20150926
DrWeb 20150926
Emsisoft 20150926
ESET-NOD32 20150926
F-Prot 20150926
F-Secure 20150925
Fortinet 20150926
GData 20150926
Ikarus 20150925
Jiangmin 20150925
K7AntiVirus 20150925
K7GW 20150925
Kaspersky 20150926
Kingsoft 20150926
Malwarebytes 20150926
McAfee 20150925
McAfee-GW-Edition 20150925
Microsoft 20150925
eScan 20150926
NANO-Antivirus 20150925
nProtect 20150925
Panda 20150925
Qihoo-360 20150926
Rising 20150925
Sophos 20150926
SUPERAntiSpyware 20150926
Symantec 20150925
Tencent 20150926
TheHacker 20150923
TotalDefense 20150925
TrendMicro 20150926
TrendMicro-HouseCall 20150926
VBA32 20150924
VIPRE 20150926
ViRobot 20150925
Zillya 20150925
Zoner 20150925
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Windows® Operating System
Original name Cmd.Exe
Internal name cmd
File version 10.0.10240.16384 (th1_escrow.150715-0824)
Description Windows Command Processor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-07-15 19:17:35
Entry Point 0x000134B0
Number of sections 6
PE sections
PE imports
ApiSetQueryApiSetPresence
GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
SetConsoleMode
ReadConsoleW
WriteConsoleW
SetConsoleTitleW
FlushConsoleInputBuffer
GetConsoleTitleW
SetConsoleTextAttribute
SetConsoleCursorPosition
ScrollConsoleScreenBufferW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
GetDateFormatW
GetTimeFormatW
DelayLoadFailureHook
ResolveDelayLoadedAPI
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError
GetVolumePathNameW
GetDriveTypeW
RemoveDirectoryW
FlushFileBuffers
GetFileAttributesW
FileTimeToLocalFileTime
CompareFileTime
GetFileSize
GetDiskFreeSpaceExW
SetFileTime
GetVolumeInformationW
SetFilePointerEx
CreateDirectoryW
DeleteFileW
SetFileAttributesW
SetFilePointer
GetFullPathNameW
ReadFile
WriteFile
FindNextFileW
FindFirstFileW
FindFirstFileExW
GetFileAttributesExW
CreateFileW
FindClose
GetFileType
SetEndOfFile
GetFileInformationByHandleEx
CreateSymbolicLinkW
MoveFileExW
MoveFileWithProgressW
CreateHardLinkW
DuplicateHandle
CloseHandle
HeapSetInformation
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
GetProcessHeap
LocalFree
GlobalFree
GlobalAlloc
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleA
SetThreadLocale
FormatMessageW
GetCPInfo
GetThreadLocale
GetACP
GetUserDefaultLCID
GetLocaleInfoW
VirtualFree
VirtualQuery
VirtualAlloc
ReadProcessMemory
ExpandEnvironmentStringsW
GetStdHandle
SearchPathW
GetCurrentDirectoryW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCommandLineW
NeedCurrentDirectoryForExePathW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
OpenThread
GetCurrentProcess
TerminateProcess
ResumeThread
GetCurrentProcessId
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetStartupInfoW
GetCurrentThreadId
CreateProcessAsUserW
QueryPerformanceCounter
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyExW
RegQueryValueExW
WideCharToMultiByte
MultiByteToWideChar
ReleaseSRWLockShared
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
AcquireSRWLockShared
ReleaseSRWLockExclusive
Sleep
TryAcquireSRWLockExclusive
LeaveCriticalSection
GetSystemTime
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
SetLocalTime
GetVersion
GetLocalTime
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
FileTimeToSystemTime
SystemTimeToFileTime
RevertToSelf
GetSecurityDescriptorOwner
GetFileSecurityW
__p__fmode
_ultoa
_wcsupr
rand
ferror
realloc
wcstoul
srand
wcschr
_pipe
_open_osfhandle
_wcsnicmp
_pclose
_wcsicmp
_setmode
_setjmp3
printf
fgets
_getch
fflush
feof
_vsnwprintf
_cexit
?terminate@@YAXXZ
memset
_errno
setlocale
qsort
_dup
memcpy
_get_osfhandle
_wtol
exit
_XcptFilter
memcmp
iswalpha
__setusermatherr
_controlfp
_close
_amsg_exit
_tell
longjmp
_wpopen
_dup2
__p__commode
iswspace
free
iswxdigit
_except_handler4_common
wcsncmp
__getmainargs
calloc
_exit
towupper
_local_unwind4
_wcslwr
wcstol
memmove
wcsspn
towlower
__iob_func
swscanf
wcsrchr
iswdigit
time
wcsstr
fprintf
_initterm
__set_app_type
RtlNtStatusToDosError
NtSetInformationFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtOpenFile
NtSetInformationProcess
RtlReleaseRelativeName
NtQueryVolumeInformationFile
NtOpenProcessToken
NtOpenThreadToken
RtlFindLeastSignificantBit
RtlFreeHeap
NtFsControlFile
NtQueryInformationToken
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
NtCancelSynchronousIoFile
RtlDosPathNameToNtPathName_U
NtQueryInformationProcess
NtClose
Number of PE resources by type
RT_ICON 10
RT_MANIFEST 1
MUI 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 14
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
10.0

LinkerVersion
12.1

ImageVersion
10.0

FileSubtype
0

FileVersionNumber
10.0.10240.16384

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
165888

EntryPoint
0x134b0

OriginalFileName
Cmd.Exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
10.0.10240.16384 (th1_escrow.150715-0824)

TimeStamp
2015:07:15 20:17:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
cmd

ProductVersion
10.0.10240.16384

FileDescription
Windows Command Processor

OSVersion
10.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
147456

ProductName
Microsoft Windows Operating System

ProductVersionNumber
10.0.10240.16384

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 738fe25c806296643b456c17b7d6bfd3
SHA1 bd88e3ee750d7fbb5607279c5dbfc849f96c42dd
SHA256 edd9bf86b11093f4f76bdecaf85ddc6d1c910d198f0dd8d4a7924a418bbddd74
ssdeep
6144:4D72I9/nQg9k79K9uCZ4zVWUd1YSSm1mh:4eIdEwZ6IUd1L51

authentihash 9a7278b9e5475b3e2bd8a404cd5e0819e02e21877c2a2d30ef13de62a62115ff
imphash 7764c33ddf635e8636d8f4b6e7d2c48a
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-29 00:23:47 UTC ( 1 year, 8 months ago )
Last submission 2015-08-29 00:23:47 UTC ( 1 year, 8 months ago )
File names cmd
Cmd.Exe
cmd.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!