Sample viewer

vx.netlux.org/Trojan.DOS.KillCMOS.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:48.139179787Z 48 PC: 1313b | Get DOS version
2018-12-17T22:48:48.144213838Z 48 PC: 12b9f | Get DOS version
2018-12-17T22:48:48.149522256Z 9 PC: 12a56 | Display string (String= 'KiLLCMOS v1.0 DeathBoy KoASP[NuKE/GenX] 1996 KoASP Products Unlimited [email protected] Continuous Beeping typically means Successful CMOS KiLL You must Reboot Your computer for the effect ')
2018-12-17T22:48:50.303798281Z 72 PC: 8f1b9 | Allocate memory
2018-12-17T22:48:50.306066451Z 72 PC: 8f1bd | Allocate memory
2018-12-17T22:48:50.308493174Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-17T22:48:50.311299314Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-17T22:48:50.322940945Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:48:50.325573538Z 62 PC: 91fc1 | Close file
2018-12-17T22:48:50.327834603Z 75 PC: 91fe0 | Execute program
2018-12-17T22:48:50.34364605Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:48:50.346043779Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-17T22:48:50.35053262Z 48 PC: c609 | Get DOS version
2018-12-17T22:48:50.354043428Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-17T22:48:50.357909473Z 2 PC: c38c | Character output (Char = '32')
2018-12-17T22:48:50.360586716Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-17T22:48:50.364355952Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-17T22:48:50.369001075Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-17T22:48:50.374176847Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE')
2018-12-17T22:48:50.38523973Z 66 PC: 91f95 | Move file pointer
2018-12-17T22:48:50.387107004Z 62 PC: 91fc1 | Close file
2018-12-17T22:48:50.390305746Z 75 PC: 91fe0 | Execute program
2018-12-17T22:48:50.410399432Z 98 PC: 916f1 | Get current PSP
2018-12-17T22:48:50.413989229Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:48:50.416489508Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:48:50.417609569Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:48:50.418633647Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:48:50.421006243Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:48:50.422048254Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-17T22:48:50.429516873Z 62 PC: 8f8eb | Close file
2018-12-17T22:48:50.432253973Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.434507309Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.435991211Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.438430324Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.440555601Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.454126109Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.45632076Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.46190518Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.46364567Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.466481971Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.468325584Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.469868719Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.471742364Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.473140521Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.474579825Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.476206138Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.477704659Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.479252467Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.481028672Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.48232435Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.483577197Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.485000667Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.486567256Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.4878286Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.489260033Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.49090638Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.49208339Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.49348557Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.495079524Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.496252315Z 62 PC: 8f8f2 | Close file
2018-12-17T22:48:50.497790057Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-17T22:48:50.502939527Z 62 PC: 8f90e | Close file
2018-12-17T22:48:50.505092119Z 69 PC: 8f915 | Duplicate handle
2018-12-17T22:48:50.511282189Z 69 PC: 8f919 | Duplicate handle
2018-12-17T22:48:50.513005502Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:48:50.5175403Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:48:50.519099947Z 61 PC: 9387b | Open file (Filename = '')
2018-12-17T22:48:50.522386471Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-17T22:48:50.523618702Z 74 PC: 8f9c4 | Reallocate memory
2018-12-17T22:48:50.52495656Z 72 PC: 8f9e0 | Allocate memory
2018-12-17T22:48:50.526548608Z 72 PC: 8f9e4 | Allocate memory
2018-12-17T22:48:50.527962833Z 74 PC: 8f9fb | Reallocate memory
2018-12-17T22:48:50.529329913Z 72 PC: 8fa02 | Allocate memory
2018-12-17T22:48:50.530696405Z 72 PC: 8fa06 | Allocate memory
2018-12-17T22:48:50.531755236Z 73 PC: 8fa11 | Release memory
2018-12-17T22:48:50.533056603Z 73 PC: 8efea | Release memory
2018-12-17T22:48:50.534470532Z 74 PC: 8f003 | Reallocate memory
2018-12-17T22:48:50.535533736Z 72 PC: 8f054 | Allocate memory
2018-12-17T22:48:50.536894385Z 72 PC: 8f058 | Allocate memory
2018-12-17T22:48:50.53836213Z 73 PC: 8f060 | Release memory
2018-12-17T22:48:50.53935911Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-17T22:48:50.545383508Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:48:50.548883081Z 66 PC: 8f0ad | Move file pointer
2018-12-17T22:48:50.549817554Z 62 PC: 8f0d1 | Close file
2018-12-17T22:48:50.55208973Z 75 PC: 8f0f2 | Execute program
2018-12-17T22:48:50.564837291Z 80 PC: 12be9 | Set current PSP
2018-12-17T22:48:50.567240328Z 48 PC: 12bee | Get DOS version
2018-12-17T22:48:50.570163413Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-17T22:48:50.572736518Z 101 PC: 12c74 | Get extended country info
2018-12-17T22:48:50.57392209Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-17T22:48:50.575307834Z 74 PC: 12cdc | Reallocate memory
2018-12-17T22:48:50.577513459Z 72 PC: 1355d | Allocate memory
2018-12-17T22:48:50.57926866Z 25 PC: 13596 | Get default drive
2018-12-17T22:48:50.580814793Z 71 PC: 135ad | Get current directory
2018-12-17T22:48:50.58326004Z 59 PC: 135ba | Change current directory
2018-12-17T22:48:50.588715347Z 59 PC: 135c8 | Change current directory
2018-12-17T22:48:50.594570107Z 59 PC: 135d3 | Change current directory
2018-12-17T22:48:50.598280655Z 25 PC: 12d13 | Get default drive
2018-12-17T22:48:50.599339731Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:50.600638135Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:50.602327178Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:50.604350215Z 80 PC: 1301d | Set current PSP
2018-12-17T22:48:50.605800086Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-17T22:48:50.60732374Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:48:50.608339686Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:48:50.609293303Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-17T22:48:50.611044713Z 72 PC: 130ec | Allocate memory
2018-12-17T22:48:50.612440652Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-17T22:48:50.616668013Z 62 PC: 131ba | Close file
2018-12-17T22:48:50.618494686Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-17T22:48:50.619179553Z 74 PC: 1197c | Reallocate memory
2018-12-17T22:48:50.620060071Z 72 PC: 11991 | Allocate memory
2018-12-17T22:48:50.621849098Z 73 PC: 119b2 | Release memory
2018-12-17T22:48:50.623108248Z 72 PC: 119bd | Allocate memory
2018-12-17T22:48:50.624574448Z 73 PC: 119df | Release memory
2018-12-17T22:48:50.626168353Z 72 PC: 119f5 | Allocate memory
2018-12-17T22:48:50.627693328Z 72 PC: 119fd | Allocate memory