1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.69
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190920 | 2013.8.14.323 |
| McAfee | Packed-FE!E138660AB8AE | 20190920 | 6.0.6.653 |
| Tencent | None | 20190920 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | .ndata |
| section | .adata |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.rdata', 'virtual_address': '0x00007000', 'virtual_size': '0x00002788', 'size_of_data': '0x00002800', 'entropy': 7.025248333132617} | entropy | 7.025248333132617 | description | 发现高熵的节 | |||||||||
| entropy | 0.20202020202020202 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 50 个反病毒引擎识别为恶意
(50 个事件)
| ALYac | Gen:Variant.Razy.157525 |
| APEX | Malicious |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Razy.157525 |
| AhnLab-V3 | Malware/Win32.Generic.C757027 |
| Antiy-AVL | Trojan[Banker]/Win32.Tinba |
| Arcabit | Trojan.Razy.D26755 |
| BitDefender | Gen:Variant.Razy.157525 |
| Bkav | W32.HfsAutoB. |
| CAT-QuickHeal | Trojan.Dynamer.S76145 |
| ClamAV | Win.Malware.Tinba-6804155-0 |
| Comodo | TrojWare.Win32.Tinba.GM@71dh9s |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.ab8aee |
| Cyren | W32/Trojan.DUJJ-5083 |
| DrWeb | Trojan.PWS.Tinba |
| ESET-NOD32 | Win32/Tinba.BB |
| Emsisoft | Gen:Variant.Razy.157525 (B) |
| Endgame | malicious (high confidence) |
| FireEye | Generic.mg.e138660ab8aee1d7 |
| Fortinet | W32/Kryptik.DFAR!tr |
| GData | Gen:Variant.Razy.157525 |
| Ikarus | Trojan.Win32.Tinba |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.dtbyx |
| K7AntiVirus | Trojan ( 004b8c3b1 ) |
| K7GW | Trojan ( 004b8c3b1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=86) |
| Malwarebytes | Trojan.Tinba |
| McAfee | Packed-FE!E138660AB8AE |
| McAfee-GW-Edition | BehavesLike.Win32.Virut.qh |
| MicroWorld-eScan | Gen:Variant.Razy.157525 |
| Microsoft | Trojan:Win32/Wacatac.B!ml |
| NANO-Antivirus | Trojan.Win32.Tinba.erandk |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.0459.Malware.Gen |
| Rising | Downloader.Dofoil!8.322 (TFE:1:DUdtdFy1X2U) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Tinba-FC |
| Symantec | ML.Attribute.HighConfidence |
| Trapmine | malicious.high.ml.score |
| TrendMicro | HT_TINBA_GC030061.UVPM |
| TrendMicro-HouseCall | HT_TINBA_GC030061.UVPM |
| VBA32 | TrojanPSW.Tinba |
| VIPRE | Trojan.Win32.Generic!BT |
| Yandex | Trojan.PWS.Tinba! |
| Zillya | Trojan.Tinba.Win32.651 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
| eGambit | Unsafe.AI_Score_80% |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2015-01-09 09:03:40
PE Imphash
e0f61286c6396ccf28fed994d6a49819
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00005e9e | 0x00006000 | 6.269056422799328 |
| .rdata | 0x00007000 | 0x00002788 | 0x00002800 | 7.025248333132617 |
| .data | 0x0000a000 | 0x00000744 | 0x00000400 | 3.443052244564432 |
| .edata | 0x0000b000 | 0x000006ab | 0x00000800 | 6.033978762296725 |
| .ndata | 0x0000c000 | 0x00000879 | 0x00000a00 | 6.53015490901879 |
| .adata | 0x0000d000 | 0x0000019b | 0x00000200 | 6.593646494669555 |
| .rsrc | 0x0000e000 | 0x00003000 | 0x00002600 | 3.3778739675592373 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000fe10 | 0x00000290 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_VERSION | 0x000100b0 | 0x000003a4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x407000 GetTickCount
• 0x407004 FreeConsole
• 0x407008 TlsAlloc
• 0x40700c TlsAlloc
Library USER32.dll:
• 0x407034 CheckDlgButton
• 0x407038 DestroyMenu
• 0x40703c GetAncestor
• 0x407040 SetParent
• 0x407044 GetCursorInfo
• 0x407048 GetPropA
• 0x40704c SetUserObjectInformationW
• 0x407050 GetDC
• 0x407054 AppendMenuW
• 0x407058 SetWindowLongW
• 0x40705c AppendMenuA
• 0x407060 ChangeDisplaySettingsA
• 0x407064 UnionRect
• 0x407068 DrawTextExA
• 0x40706c GetUpdateRect
• 0x407070 CreateDialogIndirectParamW
• 0x407074 GetWindowLongW
• 0x407078 ExcludeUpdateRgn
• 0x40707c CallMsgFilterA
• 0x407080 GetDlgItem
• 0x407084 CascadeWindows
• 0x407088 GetSubMenu
• 0x40708c GetClassWord
• 0x407090 GetUserObjectSecurity
• 0x407094 GetParent
• 0x407098 DlgDirListW
• 0x40709c PeekMessageA
• 0x4070a0 SetWindowTextW
• 0x4070a4 CreateMDIWindowA
• 0x4070a8 RemoveMenu
• 0x4070ac LoadKeyboardLayoutW
• 0x4070b0 GetLastActivePopup
• 0x4070b4 AttachThreadInput
• 0x4070b8 LoadKeyboardLayoutA
• 0x4070bc EnumDisplaySettingsExW
Library WS2_32.dll:
• 0x4070c4 accept
• 0x4070c8 WSAWaitForMultipleEvents
• 0x4070cc WSACancelBlockingCall
• 0x4070d0 inet_ntoa
• 0x4070d4 WSAInstallServiceClassA
• 0x4070d8 setsockopt
• 0x4070dc WSAEnumProtocolsW
• 0x4070e0 WSAHtons
• 0x4070e4 WSASendTo
• 0x4070e8 WSAEnumProtocolsA
• 0x4070ec WSAEnumNameSpaceProvidersW
• 0x4070f0 WSAEnumNameSpaceProvidersA
• 0x4070f4 WSARecvDisconnect
• 0x4070f8 getprotobyname
• 0x4070fc getprotobynumber
• 0x407100 getservbyname
• 0x407104 WSAGetServiceClassNameByClassIdA
• 0x407108 gethostbyaddr
• 0x40710c gethostbyname
• 0x407110 WSAGetQOSByName
• 0x407114 gethostname
• 0x407118 WSAGetServiceClassInfoA
• 0x40711c WSASocketW
• 0x407120 WSAUnhookBlockingHook
• 0x407124 getpeername
• 0x407128 WSAHtonl
• 0x40712c WSAEventSelect
• 0x407130 WSAGetLastError
• 0x407134 WSASetServiceW
Library rtm.dll:
• 0x40713c RtmUpdateAndUnlockRoute
• 0x407140 RtmRegisterForChangeNotification
• 0x407144 RtmCreateDestEnum
• 0x407148 RtmGetNextHopInfo
• 0x40714c RtmLockRoute
• 0x407150 RtmCreateRouteList
• 0x407154 RtmReleaseChangedDests
• 0x407158 RtmGetChangedDests
• 0x40715c RtmGetExactMatchDestination
• 0x407160 RtmReleaseEntities
• 0x407164 RtmGetEntityInfo
• 0x407168 RtmReleaseNextHopInfo
• 0x40716c RtmReleaseRoutes
• 0x407170 RtmGetRouteInfo
• 0x407174 RtmIgnoreChangedDests
• 0x407178 RtmReleaseRouteInfo
• 0x40717c RtmGetRoutePointer
• 0x407180 RtmCreateNextHopEnum
• 0x407184 RtmLockDestination
• 0x407188 RtmGetEnumRoutes
• 0x40718c RtmGetEntityMethods
• 0x407190 RtmFindNextHop
• 0x407194 RtmInvokeMethod
• 0x407198 RtmDeleteEnumHandle
• 0x40719c RtmIsBestRoute
Library Secur32.dll:
• 0x407014 EnumerateSecurityPackagesW
• 0x407018 AcquireCredentialsHandleW
• 0x40701c FreeCredentialsHandle
• 0x407020 EnumerateSecurityPackagesA
• 0x407024 RevertSecurityContext
• 0x407028 ApplyControlToken
• 0x40702c ImpersonateSecurityContext
L!This program cannot be run in DOS mode.
`.rdata
@.data
.edata
.ndata
.adata
]ffffff.
USWVHE
f+EMfUfkfU
MfUfufE
fyfuff
wE9Et9f
EfMEfUff
fUfw\fM
MEfE}I
H^_[]fffff.
M8^[]fUSWVHE
Ef]MUu}E
i]fuf9
M1MEEf
MfUff1fU
+MM+EEE
EEO'EM
MH^_[]f
USWVtE
nE9E]Uu}~ f6MMUUf+EfE
t^_[]f
EEfE:d
]ffff.
fE|9Eu f.E
@0f+MfME9Ef
U@0EfMfMfEf
E,[]fffff.
]}+EE;
$M0MW0M
USWVHE
M9u'EME
Uuf+MfM]
MUfuff
UfE[f+MfufMff)fM
BfUEM)
$REE@4E
E@0MA
]fffff.
fEt}E]fE^oE\MEE
lhd`ttE
A`EE@dEhE
MMU+ER
}EuUJE
}Mf]f!f]
fEf5CfEE
UMfuff!fu
fE#@EE
+MfH<fuMU
t$HD$L
D$<D$`D$_
fD$j]D$l
D$8D$lD$t
D$4D$tfD$p
FD$sD$x
T$|L$<L$d
T$,9T$d|$(fD$&\$%t$ v($
%D$G5f$
L$0L$Xf
L$XT$dft$p\$s
Oft$pf+$
9sqD$XL$|
D$XL$8
D$XfT$pD$x
fgfT$pU$
*T$sT$sf$
L$(9u L$T
D$P*T$_
t$ 9t$$
L$Te^_[]
$5MfUf
ufUEEM
USWVLE
]MUu}u.E
M9uMEf
Uf+MfMR<u}
EEfMfyfMUu)fMff1fME!
ZEfMff)E
L^_[]f.
~}|tE$MfTff
B@f}f+w @
vDUfVff1f
APEDVMUf
](fu},fuff!fV
+M*77M
MfUff!fU
Uf+MP1
PfMf~fW
T5(79u
HLEMf>ff!f>9u>>M
UV4EOE'E
MMI<uE
uM9A<U~)
M$EMUUU!
EE4^]fffff.
E9uUtFE
UE40EE
E4^[]f
USWV<E
U9sQEM
ME<^_[]f
fEA8EE
4EE><0EE4
$fEfEQ%E
+UtU)Mu
EfMff!fMD9E
EMUfuff1fuJ(M
U+MMEtUx
tf}ff)f]tM
Ef}fEf}
*MM])t
f+MUfME
)UMEEfMUf
UUfEkE
pEElEE
d`\XT EEfEtE
|u+E|Q
E@4M+A4E
EEUB E`P$E]PuvTx,EXP0E]
fUSWVhE
fExfElE
EAMEEEE
MU]2+E
EMUu}f]f^f]!
fEOkESEM
,EEfMUf
Vm2/E%
EfEXEE
x+PP(9u
ppP09u9E
UfV+Mhff1fVM
MMEE49H
hMfUff)
VfMff!fME
dfVf|5
EdE*M1M
u)UfVfVf1fVfy
ffffff.
EfE:tE
ESL8ME
$3HfMfr"fM\@
fFf}fF=
Tfuf1rfu%
M*EE 9Q
E$E_}]]
,d+EEEE]
cLEMU0UU
f+FUfF
fUfzfUMEE
PDETU0U
])PPTT
dx@0tx
ELx@4Hx@8D
xI4`(x
;ffqf]0;
fxMM@4Ex@ U
u)tfMf)f9tifzM
MM1MjEfE#
8(,0044,U
E5MUxv4
J,\\|xILMxIPxIT
|m]USWV(
fD$RdD$4D$@
D$KfD$j
fD$^nfD$0D$4D$xD$<
D$lP{L$,L$0
\$(|$$T$ t$
?7D$TL$t$
fL$jfs9fL$jfL$jf
L$RT$^ft$^f
f+D$j $
fD$jf)L$
f|$^f\$jfu3f\$jff
f|$^ff)f$
D$ 9sf
T$d*D$K$
T$|fL$
Ef3f+rM
Mf+Ffz
Ef+UfU
tfrfgu
f)fzEMf
MlMfZl
lfuefZrlfUff1fUfU
4$EMUDM9t
MMf+EfE
f+MfMfMf|fUff1fU
fE$1p@
>glVUIT
y>~92)JlL3Fvz
AX/i69j
tVR.i4pINO%
4V5M7%xsM
e^fYj!1Ph
wa@]%W
w|Vk8*pR([
b?&TV0h0
/|daD[btb5\3g
@A0pe3
|#NqrV
w|%C[K_
-7PFGsc
}X2NL:
f`:~Q
[.U6P>
N'/ :|_EYS[~
U1WoXph
{HTBY;~f2jo
A5zZdyA
5y[(N=jjE
Y:oW[`6m0XYL
^d`< sF
8}1P5&
%}2}SSLdf02!hi/
.&];OvC
-0qc~~'3c~
O??GgL
S-n-^;}~+L?E
<m4ohAI&u2X
y9c$T~
>?t-_`-H
pC 3v~,P
8Bs}{
- H$w~.%0
Yhc%AZ_-/go
WfsD<7C
RZy]UET0rr
RZ}}Jgm3<vP.15*
[SQyHa
,[|fni*^+
d]LmdbL
<9(etJ|yP|\
|pH*m/
)6+# ,B.Cg#_
[K..>ey
8\Ffb/`X
[tjlH'{*Kj$%4:r~rW)
O RTtbuM"v(AR=tLHM
fM0@C:R
M>zN$RL}
9MLMR#
TM0%16R{f"
M7OVjRnF
^@MT"R
Rzwp#-
pZ=#Rk
KyR55w r{M3
OR1SptM
mRatVM
DR>zGF
Rh&MvRbj,MkR
R|vx'M5
`Rb|jM
RTziM,
sRqqlvMsRzR
M! DR
XMG~bRFh
0MhR~TpEkM@
R0^~Mk
Rm{CMA
upxMgy
{lRyB_M[u
1ZMD%Rm lgNMRR)M~
R_YM}NlR
;MzYNR
tjuMzR
>x\@M_RpWUM
R%pPIc_lM/_n
Pje^avE6MV=MqyRF}B&Ubl7?~
dO^=yzm:^@3*6
odL/ewiuI
nOyI`:
tb!"uMxFb
,O4c5=fi^3_
f2 gn|
IirJDVh?YE
>,da_Num?tb
BdE~yl
w3?[}:k
j[#j~Z
; r05R3
C</wNImS
fWjgXiK!
CBy++_U
T3^~k=2
boSRkv\1z
ZRD\j?8he
.3hvC)
A0pv{p
g4z"jp-G9
9Uk(ZmK(6EhyBha>;
b(^0qQF>CI
tC=1ng#('cBIM
KKLUD"f
8B`.J@
bT~HzE\h
g% PM3`f"j7pNA1=
+wCb=r+dHq
j|Q s)Mtl
F7( Bitfx%
`ncW?3
%na]/e
9Q/dc+ZiTTyk
i$a5^p@@\yETopIHU
8BF^/",
h[&znDyKz
4gr`1:b
~*xms^rP;
O2b`v%C
y/8fS7E_jMqB[@u)imFV}{}o>EfW:D;uy~KI".;o\
noslIdF4[it[
'Skb`L
9TLVI3
\uVrWv=R
kW^pR{qsvXinuRv=)
]=jeza_c\Sd]rLh
Nlgh+
0iF.{n4T
e+rcjdW
snt{bFm7
qioT7{3NcX5^e4
[5j;'fzsx`"n
ir4Y4#
fhceqTmZVrbtB[
1|*{}i
z32-Uix
Oj9WSoX
b:N}Zd
}k6i7"
~$X3PvF;rut}\
fz!YoN
73G }e^
826[>W
J~p^lj|o/;2%tB453J
JfEvLK`\vzPYs
0Y]Pdti
=h{_i$gi`icW~K0mpg
AZQmSMpjbRCfr[7 SG
0=s~DD
xmaE1ffG
15]kzg{3
fdk1gRm
^u95jp`1
{soOs?eQI2RD[IN
DXXIQb:{t,O}e7aba)
wPM,;<
T thoi
qUZJwo
h[nD#E^Q
6mCQTvC<o#66
.%[JSei[wP%Wn
WM v&yF~[U4*
{"d{amevhq
zjO&nVv;vd
d^l!b]
?bRYx{
\JIvk%99
raXkBw
eV-<f^dxSrZTFW,[56S
]loCU|u
(Cp6Kt[%
9.I#V?p$
@1eluf
xJSLP\
T<>F]<p^;x/U1M'(b0
c{_k`{TG
X?}4hWLD6Clh
Gf=d% F
:SGEy5|
,UG}3f
}T;M=W}n2~A
XXqkFo}
{`>RhQ/st T2kbQxBL#
ap8cLB\]
rOK5lGf+9ac
~F?-ZX
EbF'K`
!~f@>QUFhaq[i+w7uO
g{.zbUpJg?hT
@x M|`
w`(5dWa
%oAss7K[sBvq0
f7x|g>on
VSHe_ }}c`5.
+"?6gQH
2W&D&VN
,L_>_c
S{hAqEtLy
\'T>[3ARM;Y
OIk N] Xh`
Fe{=zSP
w*Z{dK|
>;/1`wcI
LJr[Rh
#Zrkxf]
f_hT6d]+W&eeh*ZjZh
:qn03WuPXWv_{`
AJq$dC?&lV{Z
~f:x::hX\"w}
->;UCQ
EFWbEm6
EaR#{`Pb%
tO|Mma\
ZFMlAh
7=8)"g
8"'R_3O
:l>5nW
^~<wcj@
47Q"DP]NByT
fW{pl(
@8}kj>p\O
a1a/Q_ @"
v'QQzE&D:lj
pxv@lc,=
yFO*3p
@Km[lH%o
u;wjbNv&6bM7=~MRyilRjF^B
@1n[AV:^
q|GZ6^N;hoz:e]p
{qd[Xc ^7
]HQOd[|DAU
r}`)|Pq
.Q#ya~qPh
Sr!#"wJ"|BY
m*dt-9
>K9QLEPJ
TlsAlloc
GetTickCount
FreeConsole
TlsAlloc
KERNEL32.dll
LoadKeyboardLayoutA
AttachThreadInput
LoadKeyboardLayoutW
RemoveMenu
CreateMDIWindowA
SetWindowTextW
GetLastActivePopup
EnumDisplaySettingsExW
CheckDlgButton
DestroyMenu
GetAncestor
SetParent
GetCursorInfo
GetPropA
SetUserObjectInformationW
AppendMenuW
SetWindowLongW
AppendMenuA
ChangeDisplaySettingsA
UnionRect
DrawTextExA
GetUpdateRect
CreateDialogIndirectParamW
GetWindowLongW
ExcludeUpdateRgn
CallMsgFilterA
GetDlgItem
CascadeWindows
GetSubMenu
GetClassWord
GetUserObjectSecurity
GetParent
DlgDirListW
PeekMessageA
USER32.dll
WSAEventSelect
WSAHtonl
WSASocketW
WSAGetServiceClassInfoA
WSAWaitForMultipleEvents
WSASetServiceW
WSAInstallServiceClassA
WSAEnumProtocolsW
WSAHtons
WSASendTo
WSAEnumProtocolsA
WSAEnumNameSpaceProvidersW
WSAEnumNameSpaceProvidersA
WSARecvDisconnect
WSAGetServiceClassNameByClassIdA
WSAGetQOSByName
WS2_32.dll
RtmDeleteEnumHandle
RtmInvokeMethod
RtmFindNextHop
RtmGetEntityMethods
RtmGetEnumRoutes
RtmLockDestination
RtmCreateNextHopEnum
RtmIsBestRoute
RtmUpdateAndUnlockRoute
RtmRegisterForChangeNotification
RtmCreateDestEnum
RtmGetNextHopInfo
RtmLockRoute
RtmCreateRouteList
RtmReleaseChangedDests
RtmGetChangedDests
RtmGetExactMatchDestination
RtmReleaseEntities
RtmGetEntityInfo
RtmReleaseNextHopInfo
RtmReleaseRoutes
RtmGetRouteInfo
RtmIgnoreChangedDests
RtmReleaseRouteInfo
RtmGetRoutePointer
rtm.dll
ImpersonateSecurityContext
ApplyControlToken
RevertSecurityContext
EnumerateSecurityPackagesA
FreeCredentialsHandle
AcquireCredentialsHandleW
EnumerateSecurityPackagesW
Secur32.dll
'k=`5e
bJ2Eh+TZz
pjbjsQ/>2
7LzmO2
ue7@~MR}ilRiE^B.&6bM7=~RyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~Ryizq$T^
~FzWvy\F^Bv&6b|=~Szih
^Bv&6bM7
~\Sjmjz^Bv&6bM7=~MbyilbjF^Bv&6b7=MRyklRkF^Bv&6bR7=~MRyiljF^Dv&N7?~MRyylRjV^Bv&7bM7=~MRyi|RjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^B7=~MyilbjF^vv&6dM7=~MRyilRjF^B&6M7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MRyilRjF^Bv&6bM7=~MR
v~7muRF4
v&)~P=RiljFB&52
[ciTTjF^A]2
TalRjTs?
alRjxgr5=~Mb9c
^s6bM`
]:ilRUn
:F^B&bMGIWoJ`J
QZQiEo
aJUIGf
s>Av{4NR|s
m;g bWY!4087~
E k{|#
2J@G!SY )V
1DuslS}
eAw%LU~Bw
H_P&|[R~"h
Vs@5U_B"
B3#RPG\
~E?T4\L(M,
zLMBC!3
V9o=R1
=Q,+ma
vv=>My
=iToegRTfh
v.@.JDD]@
Vg{mCiEvXz84 P[5
ruwcV'
)>@84]p0
T2Jbus^
vr")"`<'TRmK1
QSZq1lTCue]
k={P5jC
6 |-n%s1f<yCVEfUh2
:uNqDz
H5n>K1Tkx,
p}q\Kw?mc
fm)u=(
nohQZm
dL^6w8FJ<C
F:8LT= t$'[
1bLhRjtwp
T1RO0z
3qR5M=(k(ndL
M$b){'{
DF{6Q Qtsl
7"jmATZ
@+(@>u~VP
FbXlmO
^pn{nU|W
bp<Hl}:
RXt0Ex<CatKE
teq>W!@&x}f
^Os];*5.
s+,'KW
R~u|baz
/(S1 Rd
z\>xX4e\
Kw%Wi@dg
tXByfrq
Iqet0"\_
RTZsjE}v~
#Rm(CX
p2~ ?Uo
l&HK|,q?BVQ
*ByB_]}Eu$
Nseb/_:G/g-.vK@
6^iv.\?
uo]zqpO?
@[YF(MHd
$Ns785
_}[ zSr
8<+)%i
|~hh'#e
JlZhgo
dbF8cl#Hn77
h*I!`j
ChU{*3+Ibm`cb
p6H&>C
H�o�s�t� �N�a�m�e�
C�o�n�n�e�c�t�i�o�n� �N�a�m�e�
N�e�t�w�o�r�k� �A�d�a�p�t�e�r�
P�h�y�s�i�c�a�l� �A�d�d�r�e�s�s�
T�r�a�n�s�p�o�r�t� �N�a�m�e�
G�E�T�M�A�C� �[�/�S� �s�y�s�t�e�m� �[�/�U� �u�s�e�r�n�a�m�e� �[�/�P� �[�p�a�s�s�w�o�r�d�]�]�]�]� �[�/�F�O� �f�o�r�m�a�t�]� �[�/�N�H�]� �[�/�V�]�
D�e�s�c�r�i�p�t�i�o�n�:�
B� � � � �T�h�i�s� �t�o�o�l� �e�n�a�b�l�e�s� �a�n� �a�d�m�i�n�i�s�t�r�a�t�o�r� �t�o� �d�i�s�p�l�a�y� �t�h�e� �M�A�C� �a�d�d�r�e�s�s�
&� � � � �f�o�r� �n�e�t�w�o�r�k� �a�d�a�p�t�e�r�s� �o�n� �a� �s�y�s�t�e�m�.�
P�a�r�a�m�e�t�e�r� �L�i�s�t�:� �
I� � � � �/�S� � � � � �s�y�s�t�e�m� � � � � � � � � � � � �S�p�e�c�i�f�i�e�s� �t�h�e� �r�e�m�o�t�e� �s�y�s�t�e�m� �t�o� �c�o�n�n�e�c�t� �t�o�.�
?� � � � �/�U� � � � � �[�d�o�m�a�i�n�\�]�u�s�e�r� � � � � �S�p�e�c�i�f�i�e�s� �t�h�e� �u�s�e�r� �c�o�n�t�e�x�t� �u�n�d�e�r� �
@� � � � � � � � � � � � � � � � � � � � � � � � � � � � � �w�h�i�c�h� �t�h�e� �c�o�m�m�a�n�d� �s�h�o�u�l�d� �e�x�e�c�u�t�e�.�
B� � � � �/�P� � � � � �[�p�a�s�s�w�o�r�d�]� � � � � � � � �S�p�e�c�i�f�i�e�s� �t�h�e� �p�a�s�s�w�o�r�d� �f�o�r� �t�h�e� �g�i�v�e�n�
J� � � � � � � � � � � � � � � � � � � � � � � � � � � � � �u�s�e�r� �c�o�n�t�e�x�t�.� �P�r�o�m�p�t�s� �f�o�r� �i�n�p�u�t� �i�f� �o�m�i�t�t�e�d�.�
F� � � � �/�F�O� � � � �f�o�r�m�a�t� � � � � � � � � � � � �S�p�e�c�i�f�i�e�s� �t�h�e� �f�o�r�m�a�t� �i�n� �w�h�i�c�h� �t�h�e� �o�u�t�p�u�t�
1� � � � � � � � � � � � � � � � � � � � � � � � � � � � � �i�s� �t�o� �b�e� �d�i�s�p�l�a�y�e�d�.�
D� � � � � � � � � � � � � � � � � � � � � � � � � � � � � �V�a�l�i�d� �v�a�l�u�e�s�:� �"�T�A�B�L�E�"�,� �"�L�I�S�T�"�,� �"�C�S�V�"�.�
G� � � � �/�N�H� � � � � � � � � � � � � � � � � � � � � � �S�p�e�c�i�f�i�e�s� �t�h�a�t� �t�h�e� �"�C�o�l�u�m�n� �H�e�a�d�e�r�"� �s�h�o�u�l�d�
=� � � � � � � � � � � � � � � � � � � � � � � � � � � � � �n�o�t� �b�e� �d�i�s�p�l�a�y�e�d� �i�n� �t�h�e� �o�u�t�p�u�t�.�
D� � � � � � � � � � � � � � � � � � � � � � � � � � � � � �V�a�l�i�d� �o�n�l�y� �f�o�r� �T�A�B�L�E� �a�n�d� �C�S�V� �f�o�r�m�a�t�s�.�
J� � � � �/�V� � � � � � � � � � � � � � � � � � � � � � � �S�p�e�c�i�f�i�e�s� �t�h�a�t� �v�e�r�b�o�s�e� �o�u�t�p�u�t� �i�s� �d�i�s�p�l�a�y�e�d�.�
:� � � � �/�?� � � � � � � � � � � � � � � � � � � � � � � �D�i�s�p�l�a�y�s� �t�h�i�s� �h�e�l�p� �m�e�s�s�a�g�e�.�
E�x�a�m�p�l�e�s�:� �
� � � �G�E�T�M�A�C� �/�?� �
� � � �G�E�T�M�A�C� �/�F�O� �c�s�v� �
� � � �G�E�T�M�A�C� �/�S� �s�y�s�t�e�m� �/�N�H� �/�V�
� � � �G�E�T�M�A�C� �/�S� �s�y�s�t�e�m� �/�U� �u�s�e�r�
<� � � � �G�E�T�M�A�C� �/�S� �s�y�s�t�e�m� �/�U� �d�o�m�a�i�n�\�u�s�e�r� �/�P� �p�a�s�s�w�o�r�d� �/�F�O� �l�i�s�t� �/�V�
>� � � � �G�E�T�M�A�C� �/�S� �s�y�s�t�e�m� �/�U� �d�o�m�a�i�n�\�u�s�e�r� �/�P� �p�a�s�s�w�o�r�d� �/�F�O� �t�a�b�l�e� �/�N�H�
N�/�A�b�E�R�R�O�R�:� �I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �/�U� �c�a�n� �b�e� �s�p�e�c�i�f�i�e�d� �o�n�l�y� �w�h�e�n� �/�S� �i�s� �s�p�e�c�i�f�i�e�d�.�
T�y�p�e� �"�G�E�T�M�A�C� �/�?�"� �f�o�r� �u�s�a�g�e�.�
b�E�R�R�O�R�:� �I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �/�P� �c�a�n� �b�e� �s�p�e�c�i�f�i�e�d� �o�n�l�y� �w�h�e�n� �/�U� �i�s� �s�p�e�c�i�f�i�e�d�.�
T�y�p�e� �"�G�E�T�M�A�C� �/�?�"� �f�o�r� �u�s�a�g�e�.�
E�R�R�O�R�:� �
C�S�V�|�T�A�B�L�E�|�L�I�S�T�
2�E�R�R�O�R�:� �I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �U�s�e�r� �n�a�m�e� �c�a�n�n�o�t� �b�e� �e�m�p�t�y�.�
i�E�R�R�O�R�:� �I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �/�N�H� �o�p�t�i�o�n� �i�s� �a�l�l�o�w�e�d� �o�n�l�y� �f�o�r� �T�A�B�L�E� �a�n�d� �C�S�V� �f�o�r�m�a�t�s�.�
T�y�p�e� �"�G�E�T�M�A�C� �/�?�"� �f�o�r� �u�s�a�g�e�.�
D�i�s�c�o�n�n�e�c�t�e�d�
C�o�n�n�e�c�t�i�n�g�.�.�.�
D�i�s�c�o�n�n�e�c�t�i�n�g�
H�a�r�d�w�a�r�e� �n�o�t� �p�r�e�s�e�n�t�
H�a�r�d�w�a�r�e� �d�i�s�a�b�l�e�d�
H�a�r�d�w�a�r�e� �m�a�l�f�u�n�c�t�i�o�n�
M�e�d�i�a� �d�i�s�c�o�n�n�e�c�t�e�d�
A�u�t�h�e�n�t�i�c�a�t�i�o�n�
A�u�t�h�e�n�t�i�c�a�t�i�o�n� �s�u�c�c�e�e�d�e�d�
A�u�t�h�e�n�t�i�c�a�t�i�o�n� �f�a�i�l�e�d�C�E�R�R�O�R�:� �C�o�u�l�d� �n�o�t� �r�e�t�r�i�e�v�e� �i�n�f�o�r�m�a�t�i�o�n� �d�u�e� �t�o� �W�M�I� �v�e�r�s�i�o�n� �m�i�s�m�a�t�c�h�.�
D�i�s�a�b�l�e�d�!�I�N�F�O�:� �N�o� �n�e�t�w�o�r�k� �a�d�a�p�t�e�r�s� �f�o�u�n�d�.�
@�W�A�R�N�I�N�G�:� �U�s�e�r� �c�r�e�d�e�n�t�i�a�l�s� �c�a�n�n�o�t� �b�e� �u�s�e�d� �f�o�r� �l�o�c�a�l� �c�o�n�n�e�c�t�i�o�n�s�.�
W�A�R�N�I�N�G�:� �/�E�R�R�O�R�:� �T�h�e� �m�a�c�h�i�n�e� �f�a�i�l�e�d� �t�o� �r�e�s�p�o�n�d� �p�r�o�p�e�r�l�y�.�
1�E�R�R�O�R�:� �T�h�e� �m�a�c�h�i�n�e� �w�a�s� �n�o�t� �f�o�u�n�d� �o�n� �t�h�e� �n�e�t�w�o�r�k�.�
2�E�R�R�O�R�:� �M�a�c�h�i�n�e� �n�a�m�e� �w�a�s� �n�o�t� �a� �v�a�l�i�d� �m�a�c�h�i�n�e� �n�a�m�e�.�
C�E�R�R�O�R�:� �W�o�r�k�s�t�a�t�i�o�n� �s�e�r�v�i�c�e�s� �a�r�e� �n�o�t� �r�u�n�n�i�n�g� �o�n� �t�h�e� �t�a�r�g�e�t� �m�a�c�h�i�n�e�.�
4�E�R�R�O�R�:� �I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �S�y�s�t�e�m� �n�a�m�e� �c�a�n�n�o�t� �b�e� �e�m�p�t�y�.�
T�y�p�e� �"�G�E�T�M�A�C� �/�?�"� �f�o�r� �u�s�a�g�e�.�
:�"�I�N�F�O�:� �N�o� �n�e�t�w�o�r�k� �p�r�o�t�o�c�o�l�s� �f�o�u�n�d�.�
E�R�R�O�R�:�
W�A�R�N�I�N�G�:�
S�U�C�C�E�S�S�:�
T�y�p�e� �t�h�e� �p�a�s�s�w�o�r�d� �f�o�r� �%�s�:�2�P�a�s�s�i�n�g� �t�h�e� �u�s�e�r� �c�r�e�d�e�n�t�i�a�l� �f�o�r� �l�o�c�a�l� �c�o�n�n�e�c�t�i�o�n�.�
7�T�h�e� �t�a�r�g�e�t� �s�y�s�t�e�m� �m�u�s�t� �b�e� �r�u�n�n�i�n�g� �W�i�n�d�o�w�s� �X�P� �o�r� �a�b�o�v�e�.�
9�T�h�e� �r�e�m�o�t�e� �s�y�s�t�e�m� �m�u�s�t� �b�e� �r�u�n�n�i�n�g� �W�i�n�d�o�w�s� �2�0�0�0� �o�r� �a�b�o�v�e�.�
>�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �'�%�s�'� �v�a�l�u�e� �i�s� �n�o�t� �a�l�l�o�w�e�d� �f�o�r� �'�%�s�'� �o�p�t�i�o�n�.�
9�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �S�p�e�c�i�f�y� �v�a�l�i�d� �n�u�m�e�r�i�c� �v�a�l�u�e� �f�o�r� �'�%�s�'�.�
A�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �S�p�e�c�i�f�i�y� �v�a�l�i�d� �f�l�o�a�t�i�n�g� �p�o�i�n�t� �v�a�l�u�e� �f�o�r� �'�%�s�'�.�
5�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �M�a�n�d�a�t�o�r�y� �o�p�t�i�o�n� �'�%�s�'� �i�s� �m�i�s�s�i�n�g�.�
F�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �'�%�s�'� �o�p�t�i�o�n� �i�s� �n�o�t� �a�l�l�o�w�e�d� �m�o�r�e� �t�h�a�n� �'�%�d�'� �t�i�m�e�(�s�)�.�
#�I�n�v�a�l�i�d� �a�r�g�u�m�e�n�t�/�o�p�t�i�o�n� �-� �'�%�s�'�.�
0�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �D�e�f�a�u�l�t� �a�r�g�u�m�e�n�t� �i�s� �m�i�s�s�i�n�g�.�
F�L�e�n�g�t�h� �o�f� �t�h�e� �c�o�m�m�a�n�d� �l�i�n�e� �a�r�g�u�m�e�n�t� �s�h�o�u�l�d� �n�o�t� �e�x�c�e�e�d� �2�5�5� �c�h�a�r�a�c�t�e�r�s�.�
I�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �D�e�f�a�u�l�t� �o�p�t�i�o�n� �i�s� �n�o�t� �a�l�l�o�w�e�d� �m�o�r�e� �t�h�a�n� �'�%�d�'� �t�i�m�e�(�s�)�.�
,�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �V�a�l�u�e� �e�x�p�e�c�t�e�d� �f�o�r� �'�%�s�'�.�
B�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �'�%�s�'� �v�a�l�u�e� �i�s� �n�o�t� �a�l�l�o�w�e�d� �a�s� �d�e�f�a�u�l�t� �a�r�g�u�m�e�n�t�.�
T�y�p�e� �"�%�s� �/�?�"� �f�o�r� �u�s�a�g�e�.�*�V�a�l�u�e� �f�o�r� �'�%�s�'� �o�p�t�i�o�n� �c�a�n�n�o�t� �b�e� �e�m�p�t�y�.�
-�V�a�l�u�e� �f�o�r� �d�e�f�a�u�l�t� �o�p�t�i�o�n� �c�a�n�n�o�t� �b�e� �e�m�p�t�y�.�
<�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �S�p�e�c�i�f�y� �v�a�l�i�d� �n�u�m�e�r�i�c� �v�a�l�u�e� �f�o�r� �d�e�f�a�u�l�t�.�
D�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �S�p�e�c�i�f�i�y� �v�a�l�i�d� �f�l�o�a�t�i�n�g� �p�o�i�n�t� �v�a�l�u�e� �f�o�r� �d�e�f�a�u�l�t�.�
>�V�a�l�u�e� �f�o�r� �d�e�f�a�u�l�t� �o�p�t�i�o�n� �c�a�n�n�o�t� �b�e� �m�o�r�e� �t�h�a�n� �%�d� �c�h�a�r�a�c�t�e�r�(�s�)�.�
?�I�n�v�a�l�i�d� �s�y�n�t�a�x�.� �V�a�l�u�e� �c�a�n�n�o�t� �b�e� �s�p�e�c�i�f�i�e�d� �w�i�t�h� �'�%�s�'� �o�p�t�i�o�n�.�
;�V�a�l�u�e� �f�o�r� �'�%�s�'� �o�p�t�i�o�n� �c�a�n�n�o�t� �b�e� �m�o�r�e� �t�h�a�n� �%�d� �c�h�a�r�a�c�t�e�r�(�s�)�.�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�p�a�n�y�N�a�m�e�
M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
D�i�s�p�l�a�y�s� �N�I�C� �M�A�C� �i�n�f�o�r�m�a�t�i�o�n�
F�i�l�e�V�e�r�s�i�o�n�
5�.�2�.�3�7�9�0�.�1�8�3�0� �(�s�r�v�0�3�_�s�p�1�_�r�t�m�.�0�5�0�3�2�4�-�1�4�4�7�)�
I�n�t�e�r�n�a�l�N�a�m�e�
G�e�t�M�a�c�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�.� �A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
G�e�t�M�a�c�.�e�x�e�
P�r�o�d�u�c�t�N�a�m�e�
M�i�c�r�o�s�o�f�t�
�W�i�n�d�o�w�s�
�O�p�e�r�a�t�i�n�g� �S�y�s�t�e�m�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
5�.�2�.�3�7�9�0�.�1�8�3�0�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.