1.2
低危
46 个模型检测该样本为恶意!
重新分析
更多

1c2e394febd2904afd218247491903681086f5f8a4819affbd3e1de5d009e8f6

1c2e394febd2904afd218247491903681086f5f8a4819affbd3e1de5d009e8f6.exe

分析耗时

194s

最近分析

370天前

文件大小

52.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN ULISE
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.70
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Heim 20191016 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20191016 2013.8.14.323
McAfee Packed-FE!C6545AE7949C 20191016 6.0.6.653
Tencent None 20191016 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (3 个事件)
section {'name': '.rdata', 'virtual_address': '0x00008000', 'virtual_size': '0x00002ba8', 'size_of_data': '0x00002c00', 'entropy': 7.036424129302671} entropy 7.036424129302671 description 发现高熵的节
section {'name': '.ndata', 'virtual_address': '0x0000d000', 'virtual_size': '0x000007e1', 'size_of_data': '0x00000800', 'entropy': 7.540630785891322} entropy 7.540630785891322 description 发现高熵的节
entropy 0.2549019607843137 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 46 个反病毒引擎识别为恶意 (46 个事件)
ALYac Gen:Variant.Ulise.71643
APEX Malicious
AVG Win32:Heim
Acronis suspicious
Ad-Aware Gen:Variant.Ulise.71643
AhnLab-V3 Malware/Win32.Generic.C754143
Antiy-AVL Trojan[Banker]/Win32.Tinba
Arcabit Trojan.Ulise.D117DB
Avast Win32:Heim
Avira TR/Crypt.ZPACK.Gen4
BitDefender Gen:Variant.Ulise.71643
Comodo TrojWare.Win32.TrojanDownloader.Dofoil.CYAD@7cy223
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.7949c9
Cylance Unsafe
Cyren W32/Fuerboos.AG.gen!Eldorado
DrWeb Trojan.PWS.Tinba
ESET-NOD32 a variant of Win32/Kryptik.CYCW
Emsisoft Gen:Variant.Ulise.71643 (B)
Endgame malicious (high confidence)
F-Prot W32/Fuerboos.AG.gen!Eldorado
F-Secure Trojan.TR/Crypt.ZPACK.Gen4
FireEye Generic.mg.c6545ae7949c9dcb
Fortinet W32/Kryptik.DFAR!tr
GData Gen:Variant.Ulise.71643
Invincea heuristic
Jiangmin Trojan.Generic.dztvr
K7AntiVirus Trojan ( 00517f131 )
K7GW Trojan ( 00517f131 )
Kaspersky HEUR:Trojan.Win32.Generic
MAX malware (ai score=80)
Malwarebytes Trojan.Tinba
McAfee Packed-FE!C6545AE7949C
McAfee-GW-Edition BehavesLike.Win32.Virut.qh
MicroWorld-eScan Gen:Variant.Ulise.71643
Microsoft Trojan:Win32/Wacatac.B!ml
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM20.1.9697.Malware.Gen
Rising Downloader.Dofoil!8.322 (TFE:1:DUdtdFy1X2U)
SentinelOne DFI - Malicious PE
Sophos Mal/Tinba-AD
Symantec ML.Attribute.HighConfidence
VBA32 TrojanPSW.Tinba
Yandex Trojan.PWS.Tinba!
Zillya Trojan.Tinba.Win32.1101
ZoneAlarm HEUR:Trojan.Win32.Generic
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2015-01-30 22:07:32

PE Imphash

6290f6a612e56ab4efbb3682e24c3f41

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00006250 0x00006400 6.267313171397885
.rdata 0x00008000 0x00002ba8 0x00002c00 7.036424129302671
.data 0x0000b000 0x000007a4 0x00000400 3.5787528392908383
.edata 0x0000c000 0x00000605 0x00000800 6.052896055811544
.ndata 0x0000d000 0x000007e1 0x00000800 7.540630785891322
.adata 0x0000e000 0x000001b2 0x00000200 6.5555840564548635
.rsrc 0x0000f000 0x00003000 0x00002600 3.3807352524913656

Resources

Name Offset Size Language Sub-language File type
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_STRING 0x00010e10 0x00000290 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_VERSION 0x000110b0 0x000003a4 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library KERNEL32.dll:
0x408004 GetTickCount
0x408008 FreeConsole
0x40800c TlsAlloc
0x408014 GetConsoleTitleW
0x408020 CreateNamedPipeA
0x408024 OpenWaitableTimerW
0x408028 CreateMailslotW
0x40802c FindNextVolumeA
0x408030 GetLocaleInfoW
0x408034 GetFullPathNameW
0x408038 FoldStringA
0x408040 GetNumberFormatA
0x408044 GlobalFindAtomW
0x408048 AreFileApisANSI
0x40804c HeapAlloc
0x408054 GetSystemInfo
0x408058 GetProfileSectionA
0x408060 GetCommTimeouts
0x408064 FindFirstVolumeA
0x408068 CreateDirectoryExW
0x408074 DisconnectNamedPipe
0x408078 SetConsoleOutputCP
0x40807c SetCalendarInfoA
0x408080 ReadConsoleOutputW
0x408084 CopyFileA
0x40808c OpenEventA
0x408090 WaitCommEvent
0x408094 SetThreadPriority
0x40809c GetComputerNameW
0x4080a0 GetNamedPipeInfo
Library ole32.dll:
0x40822c CoRegisterPSClsid
0x408230 HMENU_UserSize
0x408234 CoCopyProxy
0x40823c OleRun
Library msvcrt.dll:
0x4081a8 fputc
0x4081ac _wtoi
0x4081b0 atol
0x4081b4 isdigit
0x4081b8 _wexecle
0x4081bc memcpy
0x4081c0 _lrotr
0x4081c4 bsearch
0x4081c8 wcsncmp
0x4081cc _wgetenv
0x4081d0 fputws
0x4081d4 _wspawnlp
0x4081d8 ungetwc
0x4081dc _wexecv
0x4081e0 _tempnam
0x4081e4 fwrite
0x4081e8 isprint
0x4081ec free
0x4081f0 _wspawnve
0x4081f4 wcscoll
0x4081f8 _wspawnlpe
0x4081fc wcsspn
0x408200 _wexeclpe
0x408204 fflush
0x408208 strtok
0x40820c _fgetwchar
0x408210 _wgetdcwd
0x408214 wcscmp
0x408218 _vsnwprintf
0x40821c _wremove
0x408220 _flsbuf
Library WINMM.dll:
0x4080a8 midiOutMessage
0x4080ac midiInGetDevCapsW
0x4080b0 midiInStart
0x4080b4 midiStreamPause
0x4080b8 mciGetErrorStringW
0x4080bc mmioSetBuffer
0x4080c0 waveOutClose
0x4080c4 PlaySoundA
0x4080c8 mixerGetDevCapsW
0x4080d4 mmioDescend
0x4080dc waveInAddBuffer
0x4080e0 mciGetYieldProc
0x4080e4 joyGetThreshold
0x4080ec mixerGetLineInfoA
0x4080f0 auxGetNumDevs
0x4080f4 joySetCapture
0x4080f8 midiStreamProperty
0x408100 mixerGetNumDevs
0x408104 waveInStart
0x408108 midiStreamClose
0x40810c midiInClose
0x408110 joyGetPosEx
0x408114 waveOutGetID
0x40811c waveInGetPosition
0x408120 midiStreamStop
0x408124 auxOutMessage
0x408128 mciGetDeviceIDA
0x40812c mixerGetDevCapsA
0x408130 midiInGetErrorTextA
Library mscms.dll:
0x408140 GetCMMInfo
0x408148 SelectCMM
0x408150 OpenColorProfileW
0x408158 GetColorDirectoryW
0x408160 RegisterCMMA
0x408168 OpenColorProfileA
0x408194 CloseColorProfile
0x40819c TranslateBitmapBits
L!This program cannot be run in DOS mode.
`.rdata
@.data
.edata
.ndata
.adata
]fffff.
USWVLE
EM1MEEE
uf+M)EfME9tIEMU
Ufuff!fu
uuu)Uf}f]f
f]ff)fM
fMEL^_[]ffffff.
USWV,E
fE?fUE
,^_[]f.
USWVXE
MEE7EZ
f]EfEj,E
Ef]MUu}EM
UUfME%
X^_[]f
USWV|E
TfEaME
EEfE=$E
EEfE4fEO>fE$E
MME9E]U|x~"EfEWVfMff1fM
EfMf9fM=t
EfMfwvU
EfMEfMf
f)fEMfE7)0EfMfW\Uu
Ufuff!fu)
ME|^_[]
MM9Eu,
4mf+U@0mfU(EM
Z@0EEEEfMf)fMU
UE,]fffff.
^_[]f.
USWVLE
EM1MfEf
EfEmEMI
UE;J4u(E
L^_[]fffff.
E@0MEA
]fffff.
]fffff.
fE:EUE
}E]fE!ME
fUfQsfufUff1fuMEM
]fuff)Mf}CEfMfUf
f~fMfUu
fEn2EMU
MEEEMfUff&fUu
fUff!fUu
USWV,Ea
fERJEEE
f+E]fEE1
fUff)fuE
Mfuff!fu,^_[]
|$XD$_D$k
D$4D$dD$`
D$0D$`D$t
D$,D$tD$L
D$(fD$rfD$Fq
L$xT$@
|$$fD$"\$!t$
fL$Fff!fL$FD$,D$TfD$D`
D$TL$@
TL$LT$Tt$l
ff|$Df
gf|$DD$LD$Lf$
$L$$9u)
L$|L$l
L$l+D$LD$l
\$xt$_|$L(T$_f|$Df
f|$DL$PO
fD$FC8Q
$WT$F$
D$lL$LT$L1
D$LD$|e^_[]
Et5MEUV
EfUff1fU
EfMfrUfM
UUfMff
USWVPE
]EE;EE
]MUu}u
u9uqEfMfXfM
@<Uu94
M!fUfs
Ufuff)f}*EEE
Ufuff1fuU])
UMf}f!f}
&U*MMfEmt)
P^_[]fff.
+UUflfO
flf+^f^
'fL}ff)
)+EL9E
^fMff!f^
EfMff)
UfufDfu(?fMff!fME
LfUff1fufF*fufU
*O@fufwUfu?(
hfUfb*fU1hEE
^_[]fff.
USWV0fEZE
uME9A<U~
ESfE#EM9
Uu]f}f)0]fUfUff1fU
ufEffE
0^_[]ffff.
USWV@E
M;EsSEM
E@^_[]fUSWV<
fEEfEN
$fffM|p
|f+UfU
Pf}ff1f}
E$9|t-
}f]fMftf]M)
E|fEM9t8
|+ppE)M
>!f>Uff1f>M
EEE+|EfE
MMtplhdWE}
E*MMEE
E@4M+A4E
EEUB E@$
EdP,f+}Ehp0Ef}
Uff}!ff}9
USWV\E
uEqE6M
u]+E{]vTE
`$`fET|E
f>f[jf>
f>f%Of.M
Tfn+HUH
6ff1fuE
X}f+Uf]
f.ffffff!f.ff1f]
fnff!SfnSMwE@
()(EMfNfn
HUff!fN
fffff.
UM+XXEfufc7fu
*MMfEx
uf0wfU
,46 !+EE$9tuE
f1fEEEM
] ]ElD
fuff!fu
UbEvU!
P;XfMf
xM!MsEh)
8d@0(d@$pE`d@4\d@8XTPTH
dI(\dE
I4xt<dI8
fuff!fu
TdI4MdU
Eff5!f
Effdfw0T
Ef)pf9
LM@UDMHMPM
J,`d00)
ILXdIPdITMdID0M
dIHU41UM
,eX]`m]USWV0
,BZD$t
M"fD$BHD$LlBZ
D$4+D$|a
)D$?D$PD$da
L$0\$,|$(T$$t$
L$HfD$@JH$
u%D$@L$HT$(
\$o0\$oL$HD$?f
f+L$B$
T$ T$\ft$@f$
ff)fL$@
L$?T$t\$o
L$t0\$?)
L$\D$tD$$9sy$
L$\fT$@ff
fT$@D$H
fT$Bf;
T$\t$0
T$\\$of|$Bf
f|$B \$oO$
fT$BD$
fT$Be^_[]f.
`ffff!ff9
Ef!fUM
UM1ME8f
f+Uu)fU88
UVErM9t
'IQb0Pi]RbQOzA@K]xFUX=KzM"MX9BI}GA<Kg M'F6@G\
^vVi|[GYg[>
<qrg2C
9%J>*>:hwU\VQwm
oeT/'ezd:3A
K2mr2+%9ADNUJ
%V)&VZ\
OL*y{n
-7THUdg}:hh
Y`1HDZ}`SQA
tiX*a2
'~xyN|
r60N/rm>v5
LPbldlG
7i?TAf
,m_js"5
)MTd /RaJk40qlFDNz]
Y0QE/1
,DcAmorzRup-
<Na*np>-G|r#
O:Pf50t>NmJvr
?:qF?P^
R{gfk=haS#5
UB1ft|
Xkzr1uH@5VwH9IWEdOPo>;P=L
bUI4H_#h
p*Sd>Xz1 DdK%hj
!ms9@VN
]{J5ctS]I5
%|-KUUX
Yxz0Gh
_Q/%ans
!1lt3ncf8@#oF0GW(
6yDR^OJ.
tem|i9
`@]{I\7<
]8uAf^c/
tHjnf]V)
|2f}t8;
:U7b@Lq7
_'G4soM]pch
A~P8vB
vyq}DM`S
-66ez6k_Lo}
x[3igKPNt9BlI
DFNRfi
w|0g<vKRq~
L^vkVF
7>l1.e3kak
F\WQk64\
CYenH]uY50>4Ke
(yYwfb
{Y#u_e
xEerY_3
leHfVe0L
Y~]5Ce?:
en"P-qSYB
weKkxO
Y&8fGe<:
xexM)}Y!q,WXe
JYePc8&(e
/e{Z6e[YL
aepHYz
ep}YK}ue
'}eBeY
enZ%};3Y
kYUlme:pY
Yj}e;XYR
6%e&~YO~
eObX~YNV=iel|Y,
fhI;~x
sHH|I%fs)xIu~xsus/RPI
s.IqG}s>iuRID
s=lsIGHhs{CI
RGux~jF^wsdeZ:PgIYKeo}XEg;
H|jkFs2Dw[N
tG*7g@i]v
@Lw9z-/_
AmwwVKh:9s-
Sl[~`9b?z.ye=hH
z0x!c}b
H#a8af&' p=,/
!In(_R1SFu2I
r)@z[19
'?vjSaK]6Qb("i
WLhcRRux{KS
>tV}ZX^
Ng>UpES|E2
:VM_`}
dG[lP`
"tyvF1SqY0VP
5urt]Z`M>
yfFyo=
f'zcf
7$bN`fo
vMOZtD
_8F9jK78
aJ2m>?0
@h4q$A2rq
|y_hNeU~
?Tcf5ygrj
<go{Gu
Vz8.r,=sZ*xYZO
w[<yn
QJP9xS
`Et*hJ4g
duSpQ8haJ:D9Spm
Gm2kq>u
`v8vcKX2i%
fS;(<I
*X#l:Mm|b
QI>|kfAhNZ
vyAQZ[
K_,JT5Q5sR
zC|hSMn"h
SwvDRz^YNy
&"8h\
<ugYhzwYoN}tK`!..iaU
i&PQKy_~SRvyn`B6cNL<|yTx\T@FSljRHGh
=0mPGjSExH==lhG
jurI_uV7_
StvcQ&
.u8td_3oFJzeM_ewlh^|meeMz|
^zzMP5[)%_IoStSSkjyuwiZto
KL'fZ^i
$[0%oXZ'Y4
+:dU6CvoQDX3
,y*RxM3NcJZ8
6WF8U.
G}Hy-JLA
aoq|>'Pv
lpwQ]^
`xwamSJzp]U
q\ `rwPh
6F/rjP
A=Kb}Ea7
d~Z*~p
^g\$js@cY]#tzuo^
D~qhNnh
sNS4KEBLgy^TJ
S-UGAzXq
!XY(~iSc{M{cRli
qjK$&2f%`wcK
m&*s+LyZ
X}KSQ'XIQ;VASa_{
0F|Tqqy
>5sU8VY
#:roN#h
hd[dvA\
yCOY2_<
?7;wD|
Lgw]`Rx]@tP:S'QHg
[1WdWqsnMLh4]TxCon`:m
UNT]X$R1HD[
|?|(!J
V,9OyW6ls"#
DKBt.(
HePcKE)Tl
u9jYf>HxYOOc]G=
5poqm{\
DQaq'zi
CdI{T]<_bM*t8
Ih)"Gs3[L
(Q:k}Bd
jC\fCN\Ty?nA}aj#
BpUM,3
9eU;=3
>h&82@
QYi~GW9h
A/69R5;
>O.j]|_rj
3#}mW_K;%
t~}\j@z0
Sa`}r`"l
'Zi]GD!
X>WM9>_]SEX
l:[d}T3v
HYlO_wTgWP'
OF``(`Z
agERE4
9ly&;k6n
71G[EgIWetf`0Y
D|5iu:n
fd,KoO^fs
X5t&{^g
:`_vX}v
sV]huH_c$C
t83;ZR
U-dhIe
.\-'7qAz
Bcf/8Z}U\Vt4xOV~
_+jIR%b
(5R^o+zU7
Q0B\pD5\LF%
P>xD5vj+
ySOLxF
^b98]ao{qK@q}WKh`AZ9CYh}.^mps^
SM`9hYJN-
m?RWL}m`8H
*D9|(uL
]_utlE
rmhWTbw:
S'@FqHa:
[o)+wAw
;H!l'p
j|l[<D~
Wp|6vd
@z)YDQsh
,.~AJqm
,EW}Ow:|p?fxnC
HThvG[q
dYe:H1+U<
E|A_qS
fc6K/BI/:.If&z*
uqRUpf
Q"be_CS
<PSvDQ~
[Wl{$\qt
b*wrn=<-
tzMV,
e(;.z_>cMHIuY~KFo^XsEe;:fP
7juc'N
ND5pN{B\yo6I&
c>y';X
RPnn)W(lcY(i_qp:m
fThJ:l
1 '^:r[
_Q+5dkXBPe{_w_
,whrK@@G
[%h9XXcyW
SetProcessAffinityMask
GetTickCount
FreeConsole
TlsAlloc
CancelDeviceWakeupRequest
GetConsoleTitleW
SetCurrentDirectoryW
GetEnvironmentStrings
CreateNamedPipeA
OpenWaitableTimerW
CreateMailslotW
FindNextVolumeA
GetLocaleInfoW
GetFullPathNameW
FoldStringA
SetProcessAffinityMask
GetNumberFormatA
GlobalFindAtomW
AreFileApisANSI
HeapAlloc
LeaveCriticalSection
GetSystemInfo
GetProfileSectionA
RegisterWaitForSingleObjectEx
GetCommTimeouts
FindFirstVolumeA
CreateDirectoryExW
WritePrivateProfileSectionA
WriteConsoleOutputAttribute
DisconnectNamedPipe
SetConsoleOutputCP
SetCalendarInfoA
ReadConsoleOutputW
CopyFileA
SetConsoleScreenBufferSize
OpenEventA
WaitCommEvent
SetThreadPriority
AssignProcessToJobObject
GetComputerNameW
GetNamedPipeInfo
KERNEL32.dll
StgIsStorageILockBytes
CreateILockBytesOnHGlobal
OleRun
OleTranslateAccelerator
CoCopyProxy
HMENU_UserSize
CoRegisterPSClsid
CreateStreamOnHGlobal
ole32.dll
_wremove
_vsnwprintf
wcscmp
_wgetdcwd
_fgetwchar
strtok
fflush
_wexeclpe
wcsspn
_wspawnlpe
wcscoll
_wspawnve
isprint
fwrite
_tempnam
_wexecv
ungetwc
_wspawnlp
fputws
_wgetenv
wcsncmp
_flsbuf
bsearch
_lrotr
memcpy
_wexecle
isdigit
msvcrt.dll
mixerGetNumDevs
waveOutGetErrorTextW
midiStreamProperty
joySetCapture
auxGetNumDevs
mixerGetLineInfoA
waveInUnprepareHeader
joyGetThreshold
mciGetYieldProc
waveInAddBuffer
mciGetDeviceIDFromElementIDA
waveOutGetErrorTextA
midiOutGetErrorTextW
mixerGetDevCapsW
PlaySoundA
waveOutClose
mmioSetBuffer
mciGetErrorStringW
midiStreamPause
midiInStart
midiInGetDevCapsW
midiOutMessage
mmioDescend
waveInStart
midiStreamClose
midiInClose
joyGetPosEx
midiStreamStop
midiInGetErrorTextA
mixerGetDevCapsA
mciGetDeviceIDA
auxOutMessage
waveInGetPosition
waveOutPrepareHeader
waveOutGetID
WINMM.dll
CreateMultiProfileTransform
ConvertIndexToColorName
GetCMMInfo
DisassociateColorProfileFromDeviceW
SelectCMM
DisassociateColorProfileFromDeviceA
OpenColorProfileW
CreateProfileFromLogColorSpaceW
GetColorDirectoryW
CreateProfileFromLogColorSpaceA
RegisterCMMA
AssociateColorProfileWithDeviceA
OpenColorProfileA
GetColorProfileElement
InstallColorProfileW
SetColorProfileElementSize
GetPS2ColorRenderingDictionary
GetStandardColorSpaceProfileW
SetColorProfileElementReference
GetColorProfileFromHandle
GetStandardColorSpaceProfileA
UninstallColorProfileW
GetCountColorProfileElements
SetColorProfileHeader
CloseColorProfile
GetColorProfileHeader
TranslateBitmapBits
mscms.dll
~IC-[lp!
v;;v(BJ
n}vhofyHr
68&7([
e+RxM!k{gQ
y_%QfLRG
e+Ri>KkaB
b dj":t~
[wIMk}On
L~NFo^\sEe:9fP
HIuY~KF^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KF^XsSHf
Ro_:fPMHIuKF_Ys{fPMHIuY~+F~_ctF;nfPMHIuY~KFonXsEu;:fPMHIu~KVo^XuEe<:fPMHIu^~KFo^XsE;:fRMHZ~MFo^XEe;JfPMHJuY~KFo^XsUe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fP{~KFoXsEu;:fMHIwY~KFo^XsEe;:fPmHIY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^XsEe;:fPMHIuY~KFo^
oK\^sE;:
PHHEE{}os-g;:fO4E'
&"`@Ee;\
OAKFon
<zQ$5IuY$
FsEe&b
8{Mg:fPHuYUkcy]h]
'[3d:9w
5/HtX=
!@ThQU]*e0(^
'nISIth!
r^f"}p
T8jJ&XQ
b1|!!*-
6#XU3*
Iq%zB3_
o8_k[UOhAb
9>|W|'
}1Y^?r{
y2UP*9cO
IZ]EZg
{ut^ayp
%"LL F
-|HHDN_n
JoDV|>dYB
3|DcCD
}~NHk-I
[lK.T_rw9+aZb
TB9FO:
5NZ@<z
nH@!Bp=&O
0]O.v\F^_%
nufb%tbe
E'W}9QXgO1?.^"`
DL9h6y
ZRW{ZK%A[Hz
I]G2wHi
MyAdN{
Ifh,In
=AVA#xK
oZ+F}
W,Gmy\Jr
o/Q:!Qb$)
W:RX]f
5^uscgm"J-C
5R>#}d+
d3Z9pdg
\YV`zb?
zP`,~'C+:
ael9nOF!
e^"kM^9
(s|sHQj-4gE
[3:^By
4^B=nkK
]wDZrX
dv~JQk
VWgF*#
UP8(]HzA
WLPxshR5h8^^3grST
aOdWGmv
e>0Q/<Z
Ra=7$pyj/w
TUUeMdi
K`t4nUmdr?
Qst<*J
L#pN8*Vd4q
bgcYAVs9SW
^cRSRF0
Pp)qV^
H%AgsJ>InS
UrpvI6ilKd
lI!fKF#wKtT0A
=zgMUk;~nvu
Host Name
Connection Name
Network Adapter
Physical Address
Transport Name
GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V]
Description:
B This tool enables an administrator to display the MAC address
& for network adapters on a system.
Parameter List:
I /S system Specifies the remote system to connect to.
? /U [domain\]user Specifies the user context under
@ which the command should execute.
B /P [password] Specifies the password for the given
J user context. Prompts for input if omitted.
F /FO format Specifies the format in which the output
1 is to be displayed.
D Valid values: "TABLE", "LIST", "CSV".
G /NH Specifies that the "Column Header" should
= not be displayed in the output.
D Valid only for TABLE and CSV formats.
J /V Specifies that verbose output is displayed.
: /? Displays this help message.
Examples:
GETMAC /?
GETMAC /FO csv
GETMAC /S system /NH /V
GETMAC /S system /U user
< GETMAC /S system /U domain\user /P password /FO list /V
> GETMAC /S system /U domain\user /P password /FO table /NH
N/AbERROR: Invalid syntax. /U can be specified only when /S is specified.
Type "GETMAC /?" for usage.
bERROR: Invalid syntax. /P can be specified only when /U is specified.
Type "GETMAC /?" for usage.
ERROR:
CSV|TABLE|LIST
2ERROR: Invalid syntax. User name cannot be empty.
iERROR: Invalid syntax. /NH option is allowed only for TABLE and CSV formats.
Type "GETMAC /?" for usage.
Disconnected
Connecting...
Disconnecting
Hardware not present
Hardware disabled
Hardware malfunction
Media disconnected
Authentication
Authentication succeeded
Authentication failedCERROR: Could not retrieve information due to WMI version mismatch.
Disabled!INFO: No network adapters found.
@WARNING: User credentials cannot be used for local connections.
WARNING: /ERROR: The machine failed to respond properly.
1ERROR: The machine was not found on the network.
2ERROR: Machine name was not a valid machine name.
CERROR: Workstation services are not running on the target machine.
4ERROR: Invalid syntax. System name cannot be empty.
Type "GETMAC /?" for usage.
:"INFO: No network protocols found.
ERROR:
WARNING:
SUCCESS:
Type the password for %s:2Passing the user credential for local connection.
7The target system must be running Windows XP or above.
9The remote system must be running Windows 2000 or above.
>Invalid syntax. '%s' value is not allowed for '%s' option.
9Invalid syntax. Specify valid numeric value for '%s'.
AInvalid syntax. Specifiy valid floating point value for '%s'.
5Invalid syntax. Mandatory option '%s' is missing.
FInvalid syntax. '%s' option is not allowed more than '%d' time(s).
#Invalid argument/option - '%s'.
0Invalid syntax. Default argument is missing.
FLength of the command line argument should not exceed 255 characters.
IInvalid syntax. Default option is not allowed more than '%d' time(s).
,Invalid syntax. Value expected for '%s'.
BInvalid syntax. '%s' value is not allowed as default argument.
Type "%s /?" for usage.*Value for '%s' option cannot be empty.
-Value for default option cannot be empty.
<Invalid syntax. Specify valid numeric value for default.
DInvalid syntax. Specifiy valid floating point value for default.
>Value for default option cannot be more than %d character(s).
?Invalid syntax. Value cannot be specified with '%s' option.
;Value for '%s' option cannot be more than %d character(s).
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Displays NIC MAC information
FileVersion
5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
InternalName
GetMac.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
GetMac.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
5.2.3790.1830
VarFileInfo
Translation

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.