Sample viewer

vx.netlux.org/Virus.DOS.FileHider.789

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:59:31.365461226Z	48	PC: 12a63 \| Get DOS version
2018-12-17T21:59:31.367945928Z	161	PC: 12a71 \| UNKNOWN!
2018-12-17T21:59:31.369426049Z	74	PC: 12a7d \| Reallocate memory
2018-12-17T21:59:31.371203684Z	72	PC: 12a9f \| Allocate memory
2018-12-17T21:59:31.373309194Z	53	PC: 229c7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:31.374677061Z	37	PC: 22a0c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:31.375972372Z	82	PC: 22a10 \| Get DOS internal pointers (SYSVARS)
2018-12-17T21:59:31.377873878Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1055,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:28.237917688Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:42:28.239311833Z	161	PC: 12a71 \| UNKNOWN!
2018-12-25T11:42:28.24091399Z	74	PC: 12a7d \| Reallocate memory
2018-12-25T11:42:28.242419486Z	72	PC: 12a9f \| Allocate memory
2018-12-25T11:42:28.244035581Z	53	PC: 229c7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.250180675Z	37	PC: 22a0c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.25190297Z	82	PC: 22a10 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:42:28.253614548Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1055,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:28.24855967Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:42:28.251985779Z	161	PC: 12a71 \| UNKNOWN!
2018-12-25T11:42:28.253597524Z	74	PC: 12a7d \| Reallocate memory
2018-12-25T11:42:28.25526544Z	72	PC: 12a9f \| Allocate memory
2018-12-25T11:42:28.256675359Z	53	PC: 229c7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.258546492Z	37	PC: 22a0c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.259789201Z	82	PC: 22a10 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:42:28.261101778Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1055,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:28.291828698Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:42:28.294551781Z	161	PC: 12a71 \| UNKNOWN!
2018-12-25T11:42:28.295864194Z	74	PC: 12a7d \| Reallocate memory
2018-12-25T11:42:28.297830724Z	72	PC: 12a9f \| Allocate memory
2018-12-25T11:42:28.300016911Z	53	PC: 229c7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.302287065Z	37	PC: 22a0c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:28.304009215Z	82	PC: 22a10 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:42:28.305678139Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')