Analysis

Category Started Completed Duration Log
FILE 2023-11-15 11:36:47 2023-11-15 11:36:47 0 seconds Show Log

    

MalScore

0.0

Benign

File Details

File Name cmdkey.exe
File Size 45056 bytes
File Type PE32+ executable (console) x86-64, for MS Windows
MD5 9f7d571f0a641aab8871c3f4afeb2731
SHA1 88fcbd42f8e56c5518e4e2c0c97380c51298f575
SHA256 85bfc4848711618d0636bc03ac0bab9de7a5f01e5bc402c3c3e7bc3dd5924e8b
SHA512 d57dd0698b6854265eba4a9c80cffafbd67428f38e8ed0513bcddd532468e6290b1f38655d44c375568eab9699f6e815f061921c98b231d370861c4f59c82154
CRC32 7D8A8FDD
Ssdeep 384:DkvKugGGgU4sFq5a2odLAqb/vBYQ/OP1lDprjmxE7G49WHwW:D0PU4qd5n4lDNL7G4i
ClamAV None matched
Yara None matched

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x140000000
Entry Point 0x140001320
Reported Checksum 0x00019a9a
Actual Checksum 0x00019a9a
Minimum OS Version 10.0
PDB Path cmdkey.pdb
Compile Time 2067-10-05 20:01:51

Version Infos

LegalCopyright \xa9 Microsoft Corporation. All rights reserved.
InternalName cmdkey.exe
FileVersion 10.0.22621.1 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft\xae Windows\xae Operating System
ProductVersion 10.0.22621.1
FileDescription Credential Manager Command Line Utility
OriginalFilename cmdkey.exe
Translation 0x0409 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x00002360 0x00003000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.09
.rdata 0x00004000 0x00001792 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.40
.data 0x00006000 0x00001100 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.12
.pdata 0x00008000 0x000001c8 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.64
.didat 0x00009000 0x00000010 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.01
.rsrc 0x0000a000 0x00000830 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.61
.reloc 0x0000b000 0x00000040 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.14

Resources

Name Offset Size Language Sub-language Entropy File type
MUI 0x0000a768 0x000000c8 LANG_ENGLISH SUBLANG_ENGLISH_US 2.72 data
RT_VERSION 0x0000a3a8 0x000003bc LANG_ENGLISH SUBLANG_ENGLISH_US 3.45 data
RT_MANIFEST 0x0000a0f0 0x000002b7 LANG_ENGLISH SUBLANG_ENGLISH_US 4.90 XML document text

Imports

Library msvcrt.dll:
0x140004350 __C_specific_handler
0x140004358 _resetstkoflw
0x140004360 malloc
0x140004368 ?terminate@@YAXXZ
0x140004370 _commode
0x140004378 _fmode
0x140004380 free
0x140004388 _wcsicmp
0x140004390 _initterm
0x140004398 __setusermatherr
0x1400043a0 _cexit
0x1400043a8 _exit
0x1400043b0 exit
0x1400043b8 __set_app_type
0x1400043c0 __getmainargs
0x1400043c8 _amsg_exit
0x1400043d0 _XcptFilter
0x1400043d8 memset
Library api-ms-win-core-registry-l1-1-0.dll:
0x140004290 RegQueryValueExW
0x140004298 RegOpenKeyExW
0x1400042a0 RegCloseKey
Library api-ms-win-core-errorhandling-l1-1-0.dll:
0x1400041b8 SetLastError
0x1400041c0 GetLastError
0x1400041d0 UnhandledExceptionFilter
Library api-ms-win-security-credentials-l1-1-0.dll:
0x140004310 CredWriteW
0x140004318 CredFree
0x140004320 CredGetSessionTypes
0x140004330 CredEnumerateW
0x140004338 CredUnmarshalCredentialW
0x140004340 CredDeleteW
Library api-ms-win-core-localization-l1-2-0.dll:
0x140004228 FormatMessageW
0x140004230 SetThreadUILanguage
Library api-ms-win-core-sysinfo-l1-1-0.dll:
0x1400042f0 GetVersionExW
0x1400042f8 GetSystemTimeAsFileTime
0x140004300 GetTickCount
Library api-ms-win-core-heap-l1-1-0.dll:
0x1400041f8 HeapSetInformation
Library api-ms-win-core-heap-l2-1-0.dll:
0x140004208 LocalFree
Library api-ms-win-core-processenvironment-l1-1-0.dll:
0x140004240 GetCommandLineW
0x140004248 GetStdHandle
Library api-ms-win-core-console-l1-1-0.dll:
0x140004180 GetConsoleOutputCP
0x140004188 WriteConsoleW
Library api-ms-win-core-file-l1-1-0.dll:
0x1400041e0 WriteFile
0x1400041e8 GetFileType
Library api-ms-win-core-libraryloader-l1-2-0.dll:
0x140004218 GetModuleHandleW
Library api-ms-win-core-string-l1-1-0.dll:
0x1400042d0 WideCharToMultiByte
Library api-ms-win-core-synch-l1-2-0.dll:
0x1400042e0 Sleep
Library api-ms-win-core-rtlsupport-l1-1-0.dll:
0x1400042b0 RtlCaptureContext
0x1400042b8 RtlLookupFunctionEntry
0x1400042c0 RtlVirtualUnwind
Library api-ms-win-core-processthreads-l1-1-0.dll:
0x140004258 GetCurrentProcess
0x140004260 GetCurrentThreadId
0x140004268 GetCurrentProcessId
0x140004270 TerminateProcess
Library api-ms-win-core-profile-l1-1-0.dll:
0x140004280 QueryPerformanceCounter
Library api-ms-win-core-delayload-l1-1-1.dll:
0x1400041a8 ResolveDelayLoadedAPI
Library api-ms-win-core-delayload-l1-1-0.dll:
0x140004198 DelayLoadFailureHook
Library api-ms-win-core-apiquery-l1-1-0.dll:

.text
`.rdata
@.data
.pdata
@.didat
.rsrc
@.reloc
ext-ms-win-security-credui-l1-1-0.dll
cmdkey.pdb
.text$mn
.text$mn$00
.text$x
.rdata$brc
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gehcont
.gfids
.giats
.rdata
.rdata$voltmd
.rdata$zzzdbg
.xdata
.didat$2
.didat$3
.didat$4
.didat$6
.didat$7
.idata$2
.idata$3
.idata$4
.idata$6
.data
.pdata
.didat$5
.rsrc$01
.rsrc$02
CredUICmdLinePromptForCredentialsW
_wcsicmp
malloc
__C_specific_handler
_resetstkoflw
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
_fmode
_commode
msvcrt.dll
?terminate@@YAXXZ
RegQueryValueExW
SetLastError
CredDeleteW
SetThreadUILanguage
RegOpenKeyExW
GetVersionExW
FormatMessageW
CredGetSessionTypes
GetLastError
CredFree
HeapSetInformation
CredEnumerateW
LocalFree
RegCloseKey
CredWriteW
GetCommandLineW
GetConsoleOutputCP
GetStdHandle
WriteFile
WriteConsoleW
GetModuleHandleW
WideCharToMultiByte
GetFileType
CredUnmarshalCredentialW
CredIsMarshaledCredentialW
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-registry-l1-1-0.dll
api-ms-win-core-errorhandling-l1-1-0.dll
api-ms-win-security-credentials-l1-1-0.dll
api-ms-win-core-localization-l1-2-0.dll
api-ms-win-core-sysinfo-l1-1-0.dll
api-ms-win-core-heap-l1-1-0.dll
api-ms-win-core-heap-l2-1-0.dll
api-ms-win-core-processenvironment-l1-1-0.dll
api-ms-win-core-console-l1-1-0.dll
api-ms-win-core-file-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
api-ms-win-core-string-l1-1-0.dll
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-rtlsupport-l1-1-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-profile-l1-1-0.dll
ResolveDelayLoadedAPI
DelayLoadFailureHook
api-ms-win-core-delayload-l1-1-1.dll
api-ms-win-core-delayload-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-apiquery-l1-1-0.dll
memset
ext-ms-win-security-credui-l1-1-0
ext-ms-win-security-credui-l1-1-1
SYSTEM\CurrentControlSet\Control\SafeBoot\Option
OptionValue
agld?rups
*Session
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Credential Manager Command Line Utility
FileVersion
10.0.22621.1 (WinBuild.160101.0800)
InternalName
cmdkey.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
cmdkey.exe
ProductName
Operating System
ProductVersion
10.0.22621.1
VarFileInfo
Translation
en-US
No antivirus signatures available.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.
Sorry! No dropped files.
JSON Report Download

Comments



No comments posted

Processing ( 0.681 seconds )

  • 0.322 VirusTotal
  • 0.19 Static
  • 0.157 peid
  • 0.007 AnalysisInfo
  • 0.002 Strings
  • 0.002 TargetInfo
  • 0.001 Debug

Signatures ( 0.024 seconds )

  • 0.005 antiav_detectreg
  • 0.002 persistence_autorun
  • 0.002 antiav_detectfile
  • 0.002 infostealer_ftp
  • 0.002 ransomware_files
  • 0.001 tinba_behavior
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 ransomware_extensions

Reporting ( 0.005 seconds )

  • 0.005 JsonDump
Task ID 2436
Mongo ID 655501b12694ed5bda0b5ea1
Cuckoo release 1.3-NG