rmdir.exe
- File Path:
C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\rmdir.exe
Hashes
| Type | Hash |
|---|---|
| MD5 | D1B33BCB549F7C7CFFB49428CB8F61BC |
| SHA1 | 721B8DA0B8AB42A696C970D1AC1640A59602604B |
| SHA256 | 111507340641E5C3504675928AE1C252B0378C19B9CB406B28852107C37FA49F |
| SHA384 | 983C32995FC84E2D69C90AE132CC3E5337740491FB93A0C9BC2193CF05C89A1051B940D9F6893CAC1E1C3E28271A216E |
| SHA512 | 3871D66B4E32951BCEF7BA8FFF92BC77819FB8C2F9509C81585A3B70FD9F91A41913965074FFD204EE99F73590E50AD9739F5313B47ABA634C5653F58A586442 |
| SSDEEP | 1536:mJnsN8yr7pmmS6+CJmjFc7J3wFhQBNgaQ8EpK2ldAbI9JkwWuFPy2Ufvk:mJsN8qpmmz+yRNgd8EpK2ldAbSO1uFPz |
Runtime Data
Usage (stdout):
Usage: /usr/bin/rmdir [OPTION]... DIRECTORY...
Remove the DIRECTORY(ies), if they are empty.
--ignore-fail-on-non-empty
ignore each failure that is solely because a directory
is non-empty
-p, --parents remove DIRECTORY and its ancestors; e.g., 'rmdir -p a/b/c' is
similar to 'rmdir a/b/c a/b a'
-v, --verbose output a diagnostic for every directory processed
--help display this help and exit
--version output version information and exit
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>
Full documentation <https://www.gnu.org/software/coreutils/rmdir>
or available locally via: info '(coreutils) rmdir invocation'
Usage (stderr):
rmdir: unknown option -- h
Try '/usr/bin/rmdir --help' for more information.
Signature
- Status: Signature verified.
- Serial:
045D8F14A82147641722D4FAFC66BC80 - Thumbprint:
FB713A60A7FA79DFC03CB301CA05D4E8C1BDD431 - Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
- Subject: CN=”GitHub, Inc.”, O=”GitHub, Inc.”, L=San Francisco, S=California, C=US
File Metadata
- Original Filename:
- Product Name:
- Company Name:
- File Version:
- Product Version:
- Language:
- Legal Copyright:
Possible Misuse
The following table contains possible examples of rmdir.exe being misused. While rmdir.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_lnx_clear_logs.yml | - '/rm' # covers /rmdir as well |
DRL 1.0 |
| sigma | proc_creation_lnx_file_deletion.yml | - '/rm' # covers /rmdir as well |
DRL 1.0 |
| sigma | proc_creation_win_apt_revil_kaseya.yml | - 'rmdir /s /q %SystemDrive%\inetpub\logs' |
DRL 1.0 |
| sigma | proc_creation_win_cmd_delete.yml | - rmdir |
DRL 1.0 |
| sigma | proc_creation_win_local_system_owner_account_discovery.yml | - ' rmdir ' # don't match on 'dir' "C:\Windows\System32\cmd.exe" /q /c rmdir /s /q "C:\Users\XX\AppData\Local\Microsoft\OneDrive\19.232.1124.0005" |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_currentversion.yml | Details\|startswith: 'C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\' |
DRL 1.0 |
| atomic-red-team | T1003.003.md | rmdir /q /s #{output_folder} >nul 2>&1 | MIT License. © 2018 Red Canary |
| atomic-red-team | T1027.md | rmdir /S /Q %temp%\temp_T1027.zip >nul 2>nul | MIT License. © 2018 Red Canary |
| atomic-red-team | T1036.005.md | rmdir $HOME/…/ | MIT License. © 2018 Red Canary |
| atomic-red-team | T1070.004.md | rmdir /s /q #{folder_to_delete} | MIT License. © 2018 Red Canary |
| atomic-red-team | T1105.md | rmdir /s/q %temp%\T1105 >nul 2>&1 | MIT License. © 2018 Red Canary |
| atomic-red-team | T1588.002.md | #{local_folder}#{local_executable} “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” /WindowState 0 /CommandLine “rmdir ‘C:\ProgramData\Microsoft\Windows Defender’ -Recurse” /StartDirectory “” /RunAs 8 /Run | MIT License. © 2018 Red Canary |
| signature-base | thor-webshells.yar | $s1 = “if(rmdir($_POST[‘mk_name’]))” | CC BY-NC 4.0 |
| signature-base | thor-webshells.yar | $s0 = “@rmdir($_GET[‘file’]) or die ("[-]Error deleting dir!");” fullword | CC BY-NC 4.0 |
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
rmdir
Deletes a directory.
The rmdir command can also run from the Windows Recovery Console, using different parameters. For more information, see Windows Recovery Environment (WinRE).
[!NOTE] This command is the same as the rd command.
Syntax
rmdir [<drive>:]<path> [/s [/q]]
Parameters
| Parameter | Description |
|---|---|
[<drive>:]<path> |
Specifies the location and the name of the directory that you want to delete. Path is required. If you include a backslash () at the beginning of the specified path, then the path starts at the root directory (regardless of the current directory). |
| /s | Deletes a directory tree (the specified directory and all its subdirectories, including all files). |
| /q | Specifies quiet mode. Does not prompt for confirmation when deleting a directory tree. The /q parameter works only if /s is also specified.<p>CAUTION: When you run in quiet mode, the entire directory tree is deleted without confirmation. Make sure that important files are moved or backed up before using the /q command-line option. |
| /? | Displays help at the command prompt. |
Remarks
-
You can’t delete a directory that contains files, including hidden or system files. If you attempt to do so, the following message appears:
The directory is not emptyUse the dir /a command to list all files (including hidden and system files). Then use the attrib command with -h to remove hidden file attributes, -s to remove system file attributes, or -h -s to remove both hidden and system file attributes. After the hidden and file attributes have been removed, you can delete the files.
-
You can’t use the rmdir command to delete the current directory. If you attempt to delete the current directory, the following error message appears:
The process can't access the file because it is being used by another process.If you receive this error message, you must change to a different directory (not a subdirectory of the current directory), and then try again.
Examples
To change to the parent directory so you can safely remove the desired directory, type:
cd ..
To remove a directory named test (and all its subdirectories and files) from the current directory, type:
rmdir /s test
To run the previous example in quiet mode, type:
rmdir /s /q test
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.