Attempting to connect to remote host...
Initialising rctrlx server component...
Executing remote application: filescan.exe let.exe
Stdout:

 Volume in drive C has no label.
 Volume Serial Number is 6C3D-BD57

 Directory of c:\

02/04/2009  11:26 AM                 0 let.exe
               1 File(s)              0 bytes

 Directory of c:\WINDOWS

02/04/2009  11:31 AM                 0 let.exe
               1 File(s)              0 bytes

 Directory of c:\WINDOWS\system32

02/04/2009  11:31 AM                 0 let.exe
               1 File(s)              0 bytes

     Total Files Listed:
               3 File(s)              0 bytes
               0 Dir(s)  27,333,230,592 bytes free

Remote application exited with code: 0

##</code><code>##

my $workdir = "c:\\MalwareScanner\\lclscn";

if (! $ARGV[0]){
	print "FATAL Didnt get an IP address\n";
	$target = <>;
} else {
	$target = $ARGV[0];	
}

$badfiles = "$workdir\\BADFILES.csv";
$fsout = "$workdir\\FSOUT.txt";
open (BADIN,$badfiles);
open (FSOUT,">$fsout");
print HOSTINFO "File,MD5,Ticket,Size,Path\n";
while (<BADIN>){
        chomp();
        $badline = $_;

        if ($badline =~ /(.+?),(.+?),.+?,.+?,(.+)/){
                $file = $1;
                $hash = $2;
		$tckt = $3;
        }
	
	$filescan = `rctrlx.exe $target /u "domain\\username" /p "password" /c filescan.exe /app filescan.exe $file`;
	print FSOUT $filescan;

	if ($filescan =~ /(error.*)/i){
		$scanerror1 = $1;
		print ERROR "$logdate,$logtime,$target,$host,Could not run filescan.exe remotely on target host,$scanerror1\n";
	}
	if ($filescan =~ /(.*\d{10})/){
		$scanerror2 = $1;
		print ERROR "$logdate,$logtime,$target,$host,Could not run filescan.exe remotely on target host,$scanerror2\n";
	}

	close FSOUT;
	$fsin = "$workdir\\FSOUT.txt";
	open (FSIN,$fsin);
	while (<FSIN>){
		chomp();
		$fsline = $_;
		
		if ($fsline =~ /(.:\\.*)/){
			$dir = $1;
			print "XXXX$dir\n";
		}
		if ($fsline =~ /1\sFile\(s\)\s+(.*)/){
			$size = $1;
			$size =~ s/[\s]//g;

			$scanned = "$logdir\\SCANNED.csv";	
			open (SCANNED,">>$scanned");	
			print SCANNED "$logdate,$logtime,$target,$host\n";
		}		
	
		print "$dir\n";
		
		$badhost = "$logdir\\BADHOST.csv";
		open (BADHOST,">>$badhost");
		$dest = "$dir\\$file";
		$dest =~ s/[\s]//g;
		$md5sumtmp = `rctrlx.exe $target /u "domain\\username" /p "password" /c md5sum.exe /app md5sum.exe $dest`;

		if ($md5sumtmp =~ /([a-z0-9]{32})/){
		        $md5sum = $1;
		}
	        if ($md5sum eq $hash){
        		print HOSTINFO "$file,$md5sum,$tckt,$size,$dir\n";
			print BADHOST "$logdate,$logtime,$target,$host,$file,$md5sum,$tckt,$size,$dir\n";
		}
	}
}	

##</code><code>##

[print "XXXX$dir\n";]
[print "$dir\n";]

##</code><code>##

\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
XXXXc:\
c:\
c:\
c:\
c:\
c:\
XXXXc:\WINDOWS
c:\WINDOWS
c:\WINDOWS
c:\WINDOWS
c:\WINDOWS
c:\WINDOWS
XXXXc:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32
c:\WINDOWS\system32