How to remove nircmd.exe
nircmd.exe
The module nircmd.exe has been detected as Ransom.Gen
File Details
| Product Name: | NirCmd |
| Company Name: | NirSoft |
| MD5: | 65693293c01489eca0c6964802d31707 |
| Size: | 85 KB |
| First Published: | 2018-12-06 06:10:38 (6 years ago) |
| Latest Published: | 2023-07-19 23:05:21 (2 years ago) |
| Status: | Ransom.Gen (on last analysis) | |
| Analysis Date: | 2023-07-19 23:05:21 (2 years ago) |
Common Places:
| %profile%\downloads\dr.webportable\app\dr.web2018 |
| %profile%\downloads\dr.web 6 portable scanner by ha3apet v15 |
Geography:
| Russia | 100.0% |
OS Version:
| Windows 7 | 50.0% | |
| Windows 10 | 50.0% |
Analysis
| Subsystem: | Windows GUI |
| PE Type: | pe |
| OS Bitness: | 32 |
| Image Base: | 0x00400000 |
| Entry Address: | 0x000106c2 |
PE Sections:
| Name | Size of data | MD5 |
| .text | 64512 | 97bf84826606006aa6452f3ac9cb844e |
| .rdata | 18432 | 10e15f48bf0b9134b4b598691e47e526 |
| .data | 512 | 008ba9a4ec0755f2c37ea3780536e1a5 |
| .rsrc | 3072 | 9085f751f03ef71780fce8661abc17f4 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for nircmd.exe
