How to remove nircmd.exe
nircmd.exe
The module nircmd.exe has been detected as Trojan.Agent
File Details
Product Name: | NirCmd |
Company Name: | NirSoft |
MD5: | a1cd6a64e8f8ad5d4b6c07dc4113c7ec |
Size: | 44 KB |
First Published: | 2020-01-02 00:11:12 (4 years ago) |
Latest Published: | 2024-05-20 23:01:43 (3 days ago) |
Status: | Trojan.Agent (on last analysis) | |
Analysis Date: | 2024-05-20 23:01:43 (3 days ago) |
Common Places:
%appdata% |
%desktop%\nirsoft_package_enc_1.23.3 |
%desktop%\hb-ttg10.5\data\libs |
%sysdrive%\scrapbook\20200301173440 |
%sysdrive%\scrapbook plus 1.10.25.42 56.0b9\core\scrapbook plus 1.10.25.42 56.0b9\scrapbook\data\20200301173440 |
%sysdrive%\scrapbook 2\20200301173440 |
%sysdrive%\download\nirsoft_package_enc_1.23.15 |
%desktop%\win.iso\projects\include\x86\additionalfiles\windows |
%profile%\downloads\programs |
%profile%\downloads\programs |
Geography:
11.2% | ||
8.2% | ||
7.5% | ||
6.7% | ||
5.2% | ||
5.2% | ||
5.2% | ||
5.2% | ||
5.2% | ||
5.2% | ||
3.7% | ||
3.7% | ||
3.0% | ||
2.2% | ||
2.2% | ||
1.5% | ||
1.5% | ||
1.5% | ||
1.5% | ||
1.5% | ||
1.5% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% | ||
0.7% |
OS Version:
Windows 10 | 79.1% | |
Windows 7 | 17.2% | |
Windows 8.1 | 2.2% | |
Windows Server 2016 | 1.5% |
Analysis
Subsystem: | Windows GUI |
PE Type: | pe |
OS Bitness: | 32 |
Image Base: | 0x00400000 |
Entry Address: | 0x00019ef0 |
PE Sections:
Name | Size of data | MD5 |
UPX0 | 0 | 00000000000000000000000000000000 |
UPX1 | 41472 | f6762d6e7218ba6a7208bc7e3a005b6a |
.rsrc | 3072 | 524b3e8eab715b7df24c43adb2da2f22 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for nircmd.exe