Sample viewer

vx.netlux.org/Virus.DOS.Rogue.1206

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:56.561200892Z 254 PC: 15e60 | UNKNOWN!
2018-12-17T22:50:56.563206773Z 74 PC: 15ea3 | Reallocate memory
2018-12-17T22:50:56.564786586Z 74 PC: 15eab | Reallocate memory
2018-12-17T22:50:56.566165291Z 72 PC: 15eb2 | Allocate memory
2018-12-17T22:50:56.568399007Z 53 PC: 15ec5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:56.56968363Z 37 PC: 15ee3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:56.57126524Z 42 PC: 15ee7 | Get date 0x15ee7: cmp dh, 3
0x15eea: jne 0x15f11
0x15eec: cmp dl, 0x14
0x15eef: jne 0x15f11
0x15ef1: mov ax, 0x3508
0x15ef4: int 0x21
0x15ef6: mov word ptr [0x483], 0x7e90
0x15efc: mov word ptr [0x107], bx
0x15f00: mov word ptr [0x109], es
0x15f04: mov ax, 0x2508
0x15f07: mov dx, 0x1e2
0x15f0a: int 0x21
0x15f0c: mov byte ptr [0x132], 1
0x15f11: pop ax
0x15f12: mov es, ax
0x15f14: mov byte ptr es:[0], 0x5a
0x15f1a: inc ax
0x15f1b: mov es, ax
0x15f1d: mov bx, 0x54a
0x15f20: jmp 0x15e65
2018-12-17T22:50:56.574704251Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:50:56.57638548Z 53 PC: 12b7c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:56.577936007Z 53 PC: 12b89 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:56.579895464Z 53 PC: 12b96 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:50:56.581339559Z 53 PC: 12ba3 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:50:56.582620115Z 37 PC: 12bb7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:56.58697474Z 74 PC: 12acf | Reallocate memory
2018-12-17T22:50:56.589445676Z 68 PC: 14057 | I/O control for devices (Set for = '�')
2018-12-17T22:50:56.592205209Z 74 PC: 1444d | Reallocate memory
2018-12-17T22:50:56.594934844Z 74 PC: 1444d | Reallocate memory
2018-12-17T22:50:56.597426186Z 68 PC: 14057 | I/O control for devices (Set for = 'Turbo C++ - Copyright 1990 Borland Intl.')
2018-12-17T22:50:56.601426505Z 61 PC: 14341 | Open file (Filename = '!�E�!�E�!�>�!���')
2018-12-17T22:50:56.609569196Z 64 PC: 14a1b | Write file or device (Write 22 bytes on handle 1)
2018-12-17T22:50:56.616927786Z 74 PC: 1444d | Reallocate memory
2018-12-17T22:50:56.619013305Z 62 PC: 13da9 | Close file
2018-12-17T22:50:56.621430162Z 62 PC: 13da9 | Close file
2018-12-17T22:50:56.62496813Z 62 PC: 13da9 | Close file
2018-12-17T22:50:56.627069926Z 62 PC: 13da9 | Close file
2018-12-17T22:50:56.629238829Z 62 PC: 13da9 | Close file
2018-12-17T22:50:56.632933086Z 37 PC: 12bc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:50:56.634299788Z 37 PC: 12bce | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:50:56.635608375Z 37 PC: 12bd9 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:50:56.637845596Z 37 PC: 12be4 | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:50:56.639048645Z 76 PC: 12b6d | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10379,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:52.297353574Z 254 PC: 15e60 | UNKNOWN!
2018-12-25T12:27:52.298786529Z 74 PC: 15ea3 | Reallocate memory
2018-12-25T12:27:52.300318331Z 74 PC: 15eab | Reallocate memory
2018-12-25T12:27:52.30161133Z 72 PC: 15eb2 | Allocate memory
2018-12-25T12:27:52.303512292Z 53 PC: 15ec5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.305100702Z 37 PC: 15ee3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.306184744Z 42 PC: 15ee7 | Get date 0x15ee7: cmp dh, 3
0x15eea: jne 0x15f11
0x15eec: cmp dl, 0x14
0x15eef: jne 0x15f11
0x15ef1: mov ax, 0x3508
0x15ef4: int 0x21
0x15ef6: mov word ptr [0x483], 0x7e90
0x15efc: mov word ptr [0x107], bx
0x15f00: mov word ptr [0x109], es
0x15f04: mov ax, 0x2508
0x15f07: mov dx, 0x1e2
0x15f0a: int 0x21
0x15f0c: mov byte ptr [0x132], 1
0x15f11: pop ax
0x15f12: mov es, ax
0x15f14: mov byte ptr es:[0], 0x5a
0x15f1a: inc ax
0x15f1b: mov es, ax
0x15f1d: mov bx, 0x54a
0x15f20: jmp 0x15e65
2018-12-25T12:27:52.308054771Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:27:52.309669173Z 53 PC: 12b7c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:52.310757713Z 53 PC: 12b89 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:52.311876355Z 53 PC: 12b96 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:52.314069511Z 53 PC: 12ba3 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:52.316123997Z 37 PC: 12bb7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:52.317250726Z 74 PC: 12acf | Reallocate memory
2018-12-25T12:27:52.31952131Z 68 PC: 14057 | I/O control for devices (Set for = '�')
2018-12-25T12:27:52.321371005Z 74 PC: 1444d | Reallocate memory
2018-12-25T12:27:52.322869382Z 74 PC: 1444d | Reallocate memory (See above)
2018-12-25T12:27:52.325175988Z 68 PC: 14057 | I/O control for devices (See above)
2018-12-25T12:27:52.327744372Z 61 PC: 14341 | Open file (Filename = '!�E�!�E�!�>�!���')
2018-12-25T12:27:52.336524402Z 64 PC: 14a1b | Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:27:52.348809243Z 74 PC: 1444d | Reallocate memory (See above)
2018-12-25T12:27:52.351096674Z 62 PC: 13da9 | Close file
2018-12-25T12:27:52.353495328Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.357004228Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.359435157Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.362602696Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.364716918Z 37 PC: 12bc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:52.366234292Z 37 PC: 12bce | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:52.367388828Z 37 PC: 12bd9 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:52.368614375Z 37 PC: 12be4 | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:52.370600705Z 76 PC: 12b6d | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10379,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:52.361467499Z 254 PC: 15e60 | UNKNOWN!
2018-12-25T12:27:52.362258666Z 74 PC: 15ea3 | Reallocate memory
2018-12-25T12:27:52.36379021Z 74 PC: 15eab | Reallocate memory
2018-12-25T12:27:52.365316396Z 72 PC: 15eb2 | Allocate memory
2018-12-25T12:27:52.36674065Z 53 PC: 15ec5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.367652895Z 37 PC: 15ee3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.369311696Z 42 PC: 15ee7 | Get date 0x15ee7: cmp dh, 3
0x15eea: jne 0x15f11
0x15eec: cmp dl, 0x14
0x15eef: jne 0x15f11
0x15ef1: mov ax, 0x3508
0x15ef4: int 0x21
0x15ef6: mov word ptr [0x483], 0x7e90
0x15efc: mov word ptr [0x107], bx
0x15f00: mov word ptr [0x109], es
0x15f04: mov ax, 0x2508
0x15f07: mov dx, 0x1e2
0x15f0a: int 0x21
0x15f0c: mov byte ptr [0x132], 1
0x15f11: pop ax
0x15f12: mov es, ax
0x15f14: mov byte ptr es:[0], 0x5a
0x15f1a: inc ax
0x15f1b: mov es, ax
0x15f1d: mov bx, 0x54a
0x15f20: jmp 0x15e65
2018-12-25T12:27:52.371513096Z 48 PC: 12a4c | Get DOS version
2018-12-25T12:27:52.372822766Z 53 PC: 12b7c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:52.375035407Z 53 PC: 12b89 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:52.376097842Z 53 PC: 12b96 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:52.377138377Z 53 PC: 12ba3 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:52.379276843Z 37 PC: 12bb7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:52.38120426Z 74 PC: 12acf | Reallocate memory
2018-12-25T12:27:52.383828612Z 68 PC: 14057 | I/O control for devices (Set for = '�')
2018-12-25T12:27:52.38622477Z 74 PC: 1444d | Reallocate memory
2018-12-25T12:27:52.388661102Z 74 PC: 1444d | Reallocate memory (See above)
2018-12-25T12:27:52.390963735Z 68 PC: 14057 | I/O control for devices (See above)
2018-12-25T12:27:52.394516131Z 61 PC: 14341 | Open file (Filename = '!�E�!�E�!�>�!���')
2018-12-25T12:27:52.402995464Z 64 PC: 14a1b | Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:27:52.409610235Z 74 PC: 1444d | Reallocate memory (See above)
2018-12-25T12:27:52.411549293Z 62 PC: 13da9 | Close file
2018-12-25T12:27:52.414024311Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.416067887Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.418008598Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.420955905Z 62 PC: 13da9 | Close file (See above)
2018-12-25T12:27:52.423032836Z 37 PC: 12bc3 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:27:52.424413025Z 37 PC: 12bce | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:27:52.427568805Z 37 PC: 12bd9 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:27:52.429319785Z 37 PC: 12be4 | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:27:52.430484683Z 76 PC: 12b6d | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":20,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10379,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:14.115065685Z 254 PC: 15e60 | UNKNOWN!
2018-12-25T13:07:14.117574756Z 74 PC: 15ea3 | Reallocate memory
2018-12-25T13:07:14.119314417Z 74 PC: 15eab | Reallocate memory
2018-12-25T13:07:14.123271897Z 72 PC: 15eb2 | Allocate memory
2018-12-25T13:07:14.125820677Z 53 PC: 15ec5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:14.12826692Z 37 PC: 15ee3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:14.130339554Z 42 PC: 15ee7 | Get date 0x15ee7: cmp dh, 3
0x15eea: jne 0x15f11
0x15eec: cmp dl, 0x14
0x15eef: jne 0x15f11
0x15ef1: mov ax, 0x3508
0x15ef4: int 0x21
0x15ef6: mov word ptr [0x483], 0x7e90
0x15efc: mov word ptr [0x107], bx
0x15f00: mov word ptr [0x109], es
0x15f04: mov ax, 0x2508
0x15f07: mov dx, 0x1e2
0x15f0a: int 0x21
0x15f0c: mov byte ptr [0x132], 1
0x15f11: pop ax
0x15f12: mov es, ax
0x15f14: mov byte ptr es:[0], 0x5a
0x15f1a: inc ax
0x15f1b: mov es, ax
0x15f1d: mov bx, 0x54a
0x15f20: jmp 0x15e65
2018-12-25T13:07:14.133312727Z 53 PC: 15ef6 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:07:14.135464875Z 37 PC: 15f0c | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:07:14.136985855Z 48 PC: 12a4c | Get DOS version
2018-12-25T13:07:14.138347678Z 53 PC: 12b7c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T13:07:14.140707689Z 53 PC: 12b89 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T13:07:14.142102276Z 53 PC: 12b96 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T13:07:14.143536812Z 53 PC: 12ba3 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T13:07:14.14563394Z 37 PC: 12bb7 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T13:07:14.147084545Z 74 PC: 12acf | Reallocate memory
2018-12-25T13:07:14.14944698Z 68 PC: 14057 | I/O control for devices (Set for = '�')
2018-12-25T13:07:14.152398004Z 74 PC: 1444d | Reallocate memory
2018-12-25T13:07:14.154536597Z 74 PC: 1444d | Reallocate memory (See above)
2018-12-25T13:07:14.157163902Z 68 PC: 14057 | I/O control for devices (See above)
2018-12-25T13:07:14.161308377Z 61 PC: 14341 | Open file (Filename = '!�E�!�E�!�>�!���')
2018-12-25T13:07:14.16902567Z 64 PC: 14a1b | Write file or device (Write 22 bytes on handle 1)