Sample viewer

vx.netlux.org/Virus.DOS.Tkiller.675

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:49.708639941Z	250	PC: 12a6e \| UNKNOWN!
2018-12-17T23:10:49.710821341Z	42	PC: 12a96 \| Get date 0x12a96: cmp dh, 7 0x12a99: jne 0x12aae 0x12a9b: cmp dl, 0xf 0x12a9e: jne 0x12aae 0x12aa0: mov ax, 0x900 0x12aa3: lea dx, word ptr [bp + 0x31a] 0x12aa7: int 0x21 0x12aa9: mov ax, 0x4c00 0x12aac: int 0x21 0x12aae: cld 0x12aaf: mov cx, 7 0x12ab2: mov di, 0x100 0x12ab5: lea si, word ptr [bp + 0x30d] 0x12ab9: rep movsb byte ptr es:[di], byte ptr [si] 0x12abb: mov ax, 0x4e00 0x12abe: mov cx, 0 0x12ac1: lea dx, word ptr [bp + 0x300] 0x12ac5: int 0x21 0x12ac7: jb 0x12acc 0x12ac9: jmp 0x12ade
2018-12-17T23:10:49.713027642Z	78	PC: 12ac7 \| Find first file
2018-12-17T23:10:49.718995284Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.721697278Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.724487004Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.726970677Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.729458407Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.732181922Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.734606821Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.737064873Z	79	PC: 12ac7 \| Find next file
2018-12-17T23:10:49.740347057Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16989,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:33.267604929Z	250	PC: 12a6e \| UNKNOWN!
2018-12-25T12:54:33.268842574Z	42	PC: 12a96 \| Get date 0x12a96: cmp dh, 7 0x12a99: jne 0x12aae 0x12a9b: cmp dl, 0xf 0x12a9e: jne 0x12aae 0x12aa0: mov ax, 0x900 0x12aa3: lea dx, word ptr [bp + 0x31a] 0x12aa7: int 0x21 0x12aa9: mov ax, 0x4c00 0x12aac: int 0x21 0x12aae: cld 0x12aaf: mov cx, 7 0x12ab2: mov di, 0x100 0x12ab5: lea si, word ptr [bp + 0x30d] 0x12ab9: rep movsb byte ptr es:[di], byte ptr [si] 0x12abb: mov ax, 0x4e00 0x12abe: mov cx, 0 0x12ac1: lea dx, word ptr [bp + 0x300] 0x12ac5: int 0x21 0x12ac7: jb 0x12acc 0x12ac9: jmp 0x12ade
2018-12-25T12:54:33.270801964Z	78	PC: 12ac7 \| Find first file
2018-12-25T12:54:33.275769116Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.277549529Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.279470588Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.281190018Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.282864125Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.285065979Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.286858413Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.288763058Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.291340169Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16989,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:33.553324986Z	250	PC: 12a6e \| UNKNOWN!
2018-12-25T12:54:33.554545375Z	42	PC: 12a96 \| Get date 0x12a96: cmp dh, 7 0x12a99: jne 0x12aae 0x12a9b: cmp dl, 0xf 0x12a9e: jne 0x12aae 0x12aa0: mov ax, 0x900 0x12aa3: lea dx, word ptr [bp + 0x31a] 0x12aa7: int 0x21 0x12aa9: mov ax, 0x4c00 0x12aac: int 0x21 0x12aae: cld 0x12aaf: mov cx, 7 0x12ab2: mov di, 0x100 0x12ab5: lea si, word ptr [bp + 0x30d] 0x12ab9: rep movsb byte ptr es:[di], byte ptr [si] 0x12abb: mov ax, 0x4e00 0x12abe: mov cx, 0 0x12ac1: lea dx, word ptr [bp + 0x300] 0x12ac5: int 0x21 0x12ac7: jb 0x12acc 0x12ac9: jmp 0x12ade
2018-12-25T12:54:33.557243296Z	78	PC: 12ac7 \| Find first file
2018-12-25T12:54:33.564543981Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.567591549Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.570905354Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.5737751Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.57659957Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.58972017Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.596953496Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.600024141Z	79	PC: 12ac7 \| Find next file (See above)
2018-12-25T12:54:33.60491492Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16989,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:33.571273557Z	250	PC: 12a6e \| UNKNOWN!
2018-12-25T12:54:33.572353249Z	42	PC: 12a96 \| Get date 0x12a96: cmp dh, 7 0x12a99: jne 0x12aae 0x12a9b: cmp dl, 0xf 0x12a9e: jne 0x12aae 0x12aa0: mov ax, 0x900 0x12aa3: lea dx, word ptr [bp + 0x31a] 0x12aa7: int 0x21 0x12aa9: mov ax, 0x4c00 0x12aac: int 0x21 0x12aae: cld 0x12aaf: mov cx, 7 0x12ab2: mov di, 0x100 0x12ab5: lea si, word ptr [bp + 0x30d] 0x12ab9: rep movsb byte ptr es:[di], byte ptr [si] 0x12abb: mov ax, 0x4e00 0x12abe: mov cx, 0 0x12ac1: lea dx, word ptr [bp + 0x300] 0x12ac5: int 0x21 0x12ac7: jb 0x12acc 0x12ac9: jmp 0x12ade
2018-12-25T12:54:33.577649393Z	9	PC: 12aa9 \| Display string (String= 'The KILLER is now here... in your machine...jejeje! Programed by D�')
2018-12-25T12:54:33.581185499Z	76	PC: 12aae \| Terminate with return code (Return code = '0')