Sample viewer

vx.netlux.org/Trojan.DOS.EraseHDD.k

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:57.650514458Z	26	PC: 12a59 \| Set disk transfer address
2018-12-17T22:35:57.652778129Z	25	PC: 12a5d \| Get default drive
2018-12-17T22:35:57.653987449Z	71	PC: 12a68 \| Get current directory
2018-12-17T22:35:57.65681485Z	59	PC: 12a6f \| Change current directory
2018-12-17T22:35:57.662208273Z	78	PC: 12a79 \| Find first file
2018-12-17T22:35:57.670291486Z	87	PC: 12b5c \| Get or set file date and time
2018-12-17T22:35:57.672188837Z	67	PC: 12b68 \| Get or set file attributes
2018-12-17T22:35:57.67466072Z	59	PC: 12b6f \| Change current directory
2018-12-17T22:35:57.679492077Z	59	PC: 12b76 \| Change current directory
2018-12-17T22:35:57.681594996Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-17T22:35:57.684275037Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6491,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:37.232055519Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T11:59:37.233841163Z	25	PC: 12a5d \| Get default drive
2018-12-25T11:59:37.235401279Z	71	PC: 12a68 \| Get current directory
2018-12-25T11:59:37.238563576Z	59	PC: 12a6f \| Change current directory
2018-12-25T11:59:37.24314237Z	78	PC: 12a79 \| Find first file
2018-12-25T11:59:37.256987142Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T11:59:37.258632118Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T11:59:37.260813717Z	59	PC: 12b6f \| Change current directory
2018-12-25T11:59:37.265852305Z	59	PC: 12b76 \| Change current directory
2018-12-25T11:59:37.268112943Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T11:59:37.270786998Z	26	PC: 12b96 \| Set disk transfer address
2018-12-25T11:59:37.272972649Z	78	PC: 12ba8 \| Find first file
2018-12-25T11:59:37.283373729Z	67	PC: 12bb1 \| Get or set file attributes
2018-12-25T11:59:37.292419204Z	60	PC: 12bb8 \| Create or truncate file
2018-12-25T11:59:37.315971919Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.318424101Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.327867476Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.339740813Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.348899179Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.358228549Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.371424227Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.374733003Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.384235427Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.396044004Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.399034435Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.408795871Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.421178545Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.424695375Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.43480552Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.446869118Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.450451646Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.460688139Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.4723271Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.475778273Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.485384506Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.497704681Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.500800051Z	67	PC: 12bb1 \| Get or set file attributes (See above)
2018-12-25T11:59:37.510198857Z	60	PC: 12bb8 \| Create or truncate file (See above)
2018-12-25T11:59:37.521901366Z	79	PC: 12ba8 \| Find next file (See above)
2018-12-25T11:59:37.525220648Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6491,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:38.585654434Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T11:59:38.59364848Z	25	PC: 12a5d \| Get default drive
2018-12-25T11:59:38.594678799Z	71	PC: 12a68 \| Get current directory
2018-12-25T11:59:38.59735189Z	59	PC: 12a6f \| Change current directory
2018-12-25T11:59:38.601959984Z	78	PC: 12a79 \| Find first file
2018-12-25T11:59:38.608053601Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T11:59:38.609513096Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T11:59:38.611611456Z	59	PC: 12b6f \| Change current directory
2018-12-25T11:59:38.619397852Z	59	PC: 12b76 \| Change current directory
2018-12-25T11:59:38.621249004Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T11:59:38.623529885Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6491,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:38.753960997Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T11:59:38.755832998Z	25	PC: 12a5d \| Get default drive
2018-12-25T11:59:38.75727777Z	71	PC: 12a68 \| Get current directory
2018-12-25T11:59:38.760584576Z	59	PC: 12a6f \| Change current directory
2018-12-25T11:59:38.765557797Z	78	PC: 12a79 \| Find first file
2018-12-25T11:59:38.772314492Z	87	PC: 12b5c \| Get or set file date and time
2018-12-25T11:59:38.77426185Z	67	PC: 12b68 \| Get or set file attributes
2018-12-25T11:59:38.776489807Z	59	PC: 12b6f \| Change current directory
2018-12-25T11:59:38.78181911Z	59	PC: 12b76 \| Change current directory
2018-12-25T11:59:38.783662811Z	42	PC: 12b7a \| Get date 0x12b7a: cmp cx, 0x7ce 0x12b7e: jb 0x12ba0 0x12b80: cmp dl, 0xf 0x12b83: jne 0x12ba3 0x12b85: cmp dl, 0x13 0x12b88: je 0x12be0 0x12b8a: cmp dl, 0x1d 0x12b8d: je 0x12bbe 0x12b8f: mov dx, 0x359 0x12b92: mov ah, 0x1a 0x12b94: int 0x21 0x12b96: mov ah, 0x4e 0x12b98: mov cx, 7 0x12b9b: mov dx, 0x313 0x12b9e: jmp 0x12ba6 0x12ba0: call 0x12c2e 0x12ba3: call 0x12c2e 0x12ba6: int 0x21 0x12ba8: jb 0x12ba3 0x12baa: mov ax, 0x4301
2018-12-25T11:59:38.7859677Z	76	PC: 12c33 \| Terminate with return code (Return code = '0')