How to remove ctcmdset.exe
- File Details
- Overview
- Analysis
ctcmdset.exe
The module ctcmdset.exe has been detected as Ransom.Exp
File Details
Product Name: |
|
Company Name: |
|
MD5: |
bf4487cc2d617401b38f116e830aad86 |
Size: |
1 MB |
First Published: |
2021-01-05 10:39:28 (4 years ago) |
Latest Published: |
2021-01-10 00:33:52 (4 years ago) |
Status: |
Ransom.Exp (on last analysis) |
|
Analysis Date: |
2021-01-10 00:33:52 (4 years ago) |
%desktop%\dbfilesfromrecyc\schuyler\faircom\win32\tools\cmdline\admin |
%sysdrive%\schuyler\faircom\win32\tools\cmdline\admin |
%desktop%\dbfilesfromrecyc\schuyler\faircom\win32\tools\cmdline\admin |
%sysdrive%\schuyler\faircom\win32\tools\cmdline\admin |
%desktop%\dbfilesfromrecyc\schuyler\faircom\win32\tools\cmdline\admin |
%sysdrive%\schuyler\faircom\win32\tools\cmdline\admin |
Windows Server 2016 |
100.0% |
|
Analysis
Subsystem: |
Windows CUI |
PE Type: |
pe |
OS Bitness: |
32 |
Image Base: |
0x00400000 |
Entry Address: |
0x000bed78 |
Name |
Size of data |
MD5 |
.text |
1177600 |
081429cf793c7b44c6c41f8265289d8e |
.rdata |
79360 |
a55c29548a6242864934a14aeb69208c |
.data |
96768 |
36be1c24c773fea48e22f9a971d93cde |
.idata |
4608 |
703f9e848a764d6c871a3201641da38c |
.rsrc |
2048 |
eee461c126a26f949684d0eb520a1b35 |
.reloc |
30720 |
d7a4b583e17188a87ca91e4bd9e497e6 |