Sample viewer

vx.netlux.org/Virus.DOS.Gratug.482

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:59.548910607Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10
2018-12-17T22:51:59.551826148Z	127	PC: 12ead \| UNKNOWN!
2018-12-17T22:51:59.552545873Z	53	PC: 12eb7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:59.553536466Z	42	PC: 12c92 \| Get date 0x12c92: cmp dh, dl 0x12c94: jne 0x12cc7 0x12c96: mov ax, 0x600 0x12c99: mov bh, 0xf 0x12c9b: mov cx, 0 0x12c9e: mov dx, 0x1950 0x12ca1: int 0x10 0x12ca3: mov ah, 2 0x12ca5: xor bx, bx 0x12ca7: mov dx, 0xc05 0x12caa: int 0x10 0x12cac: mov di, 0x19a 0x12caf: add si, di 0x12cb1: lodsb al, byte ptr [si] 0x12cb2: or al, al 0x12cb4: je 0x12cc0 0x12cb6: shr al, 1 0x12cb8: mov ah, 0xe 0x12cba: mov bl, 7 0x12cbc: int 0x10
2018-12-17T22:51:59.555439405Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp dh, dl 0x12ab2: jne 0x12ae5 0x12ab4: mov ax, 0x600 0x12ab7: mov bh, 0xf 0x12ab9: mov cx, 0 0x12abc: mov dx, 0x1950 0x12abf: int 0x10 0x12ac1: mov ah, 2 0x12ac3: xor bx, bx 0x12ac5: mov dx, 0xc05 0x12ac8: int 0x10 0x12aca: mov di, 0x19a 0x12acd: add si, di 0x12acf: lodsb al, byte ptr [si] 0x12ad0: or al, al 0x12ad2: je 0x12ade 0x12ad4: shr al, 1 0x12ad6: mov ah, 0xe 0x12ad8: mov bl, 7 0x12ada: int 0x10

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:55.880513275Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:55.850085793Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10
2018-12-25T12:28:55.852502114Z	127	PC: 12ead \| UNKNOWN!
2018-12-25T12:28:55.853905961Z	53	PC: 12eb7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:55.855464207Z	42	PC: 12c92 \| Get date 0x12c92: cmp dh, dl 0x12c94: jne 0x12cc7 0x12c96: mov ax, 0x600 0x12c99: mov bh, 0xf 0x12c9b: mov cx, 0 0x12c9e: mov dx, 0x1950 0x12ca1: int 0x10 0x12ca3: mov ah, 2 0x12ca5: xor bx, bx 0x12ca7: mov dx, 0xc05 0x12caa: int 0x10 0x12cac: mov di, 0x19a 0x12caf: add si, di 0x12cb1: lodsb al, byte ptr [si] 0x12cb2: or al, al 0x12cb4: je 0x12cc0 0x12cb6: shr al, 1 0x12cb8: mov ah, 0xe 0x12cba: mov bl, 7 0x12cbc: int 0x10
2018-12-25T12:28:55.85811552Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp dh, dl 0x12ab2: jne 0x12ae5 0x12ab4: mov ax, 0x600 0x12ab7: mov bh, 0xf 0x12ab9: mov cx, 0 0x12abc: mov dx, 0x1950 0x12abf: int 0x10 0x12ac1: mov ah, 2 0x12ac3: xor bx, bx 0x12ac5: mov dx, 0xc05 0x12ac8: int 0x10 0x12aca: mov di, 0x19a 0x12acd: add si, di 0x12acf: lodsb al, byte ptr [si] 0x12ad0: or al, al 0x12ad2: je 0x12ade 0x12ad4: shr al, 1 0x12ad6: mov ah, 0xe 0x12ad8: mov bl, 7 0x12ada: int 0x10

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:55.961670123Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:56.392975264Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10
2018-12-25T12:28:56.407310942Z	127	PC: 12ead \| UNKNOWN!
2018-12-25T12:28:56.407962523Z	53	PC: 12eb7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:56.409128752Z	42	PC: 12c92 \| Get date 0x12c92: cmp dh, dl 0x12c94: jne 0x12cc7 0x12c96: mov ax, 0x600 0x12c99: mov bh, 0xf 0x12c9b: mov cx, 0 0x12c9e: mov dx, 0x1950 0x12ca1: int 0x10 0x12ca3: mov ah, 2 0x12ca5: xor bx, bx 0x12ca7: mov dx, 0xc05 0x12caa: int 0x10 0x12cac: mov di, 0x19a 0x12caf: add si, di 0x12cb1: lodsb al, byte ptr [si] 0x12cb2: or al, al 0x12cb4: je 0x12cc0 0x12cb6: shr al, 1 0x12cb8: mov ah, 0xe 0x12cba: mov bl, 7 0x12cbc: int 0x10
2018-12-25T12:28:56.4116921Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp dh, dl 0x12ab2: jne 0x12ae5 0x12ab4: mov ax, 0x600 0x12ab7: mov bh, 0xf 0x12ab9: mov cx, 0 0x12abc: mov dx, 0x1950 0x12abf: int 0x10 0x12ac1: mov ah, 2 0x12ac3: xor bx, bx 0x12ac5: mov dx, 0xc05 0x12ac8: int 0x10 0x12aca: mov di, 0x19a 0x12acd: add si, di 0x12acf: lodsb al, byte ptr [si] 0x12ad0: or al, al 0x12ad2: je 0x12ade 0x12ad4: shr al, 1 0x12ad6: mov ah, 0xe 0x12ad8: mov bl, 7 0x12ada: int 0x10

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:58.075896421Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:58.143427036Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10
2018-12-25T12:28:58.145859507Z	127	PC: 12ead \| UNKNOWN!
2018-12-25T12:28:58.168566029Z	53	PC: 12eb7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:58.170039216Z	42	PC: 12c92 \| Get date 0x12c92: cmp dh, dl 0x12c94: jne 0x12cc7 0x12c96: mov ax, 0x600 0x12c99: mov bh, 0xf 0x12c9b: mov cx, 0 0x12c9e: mov dx, 0x1950 0x12ca1: int 0x10 0x12ca3: mov ah, 2 0x12ca5: xor bx, bx 0x12ca7: mov dx, 0xc05 0x12caa: int 0x10 0x12cac: mov di, 0x19a 0x12caf: add si, di 0x12cb1: lodsb al, byte ptr [si] 0x12cb2: or al, al 0x12cb4: je 0x12cc0 0x12cb6: shr al, 1 0x12cb8: mov ah, 0xe 0x12cba: mov bl, 7 0x12cbc: int 0x10
2018-12-25T12:28:58.17317918Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp dh, dl 0x12ab2: jne 0x12ae5 0x12ab4: mov ax, 0x600 0x12ab7: mov bh, 0xf 0x12ab9: mov cx, 0 0x12abc: mov dx, 0x1950 0x12abf: int 0x10 0x12ac1: mov ah, 2 0x12ac3: xor bx, bx 0x12ac5: mov dx, 0xc05 0x12ac8: int 0x10 0x12aca: mov di, 0x19a 0x12acd: add si, di 0x12acf: lodsb al, byte ptr [si] 0x12ad0: or al, al 0x12ad2: je 0x12ade 0x12ad4: shr al, 1 0x12ad6: mov ah, 0xe 0x12ad8: mov bl, 7 0x12ada: int 0x10

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:58.198732594Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10732,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:58.415185489Z	42	PC: 12e74 \| Get date 0x12e74: cmp dh, dl 0x12e76: jne 0x12ea9 0x12e78: mov ax, 0x600 0x12e7b: mov bh, 0xf 0x12e7d: mov cx, 0 0x12e80: mov dx, 0x1950 0x12e83: int 0x10 0x12e85: mov ah, 2 0x12e87: xor bx, bx 0x12e89: mov dx, 0xc05 0x12e8c: int 0x10 0x12e8e: mov di, 0x19a 0x12e91: add si, di 0x12e93: lodsb al, byte ptr [si] 0x12e94: or al, al 0x12e96: je 0x12ea2 0x12e98: shr al, 1 0x12e9a: mov ah, 0xe 0x12e9c: mov bl, 7 0x12e9e: int 0x10
2018-12-25T12:28:58.426986071Z	127	PC: 12ead \| UNKNOWN!
2018-12-25T12:28:58.427656874Z	53	PC: 12eb7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:58.428871381Z	42	PC: 12c92 \| Get date 0x12c92: cmp dh, dl 0x12c94: jne 0x12cc7 0x12c96: mov ax, 0x600 0x12c99: mov bh, 0xf 0x12c9b: mov cx, 0 0x12c9e: mov dx, 0x1950 0x12ca1: int 0x10 0x12ca3: mov ah, 2 0x12ca5: xor bx, bx 0x12ca7: mov dx, 0xc05 0x12caa: int 0x10 0x12cac: mov di, 0x19a 0x12caf: add si, di 0x12cb1: lodsb al, byte ptr [si] 0x12cb2: or al, al 0x12cb4: je 0x12cc0 0x12cb6: shr al, 1 0x12cb8: mov ah, 0xe 0x12cba: mov bl, 7 0x12cbc: int 0x10
2018-12-25T12:28:58.431561056Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp dh, dl 0x12ab2: jne 0x12ae5 0x12ab4: mov ax, 0x600 0x12ab7: mov bh, 0xf 0x12ab9: mov cx, 0 0x12abc: mov dx, 0x1950 0x12abf: int 0x10 0x12ac1: mov ah, 2 0x12ac3: xor bx, bx 0x12ac5: mov dx, 0xc05 0x12ac8: int 0x10 0x12aca: mov di, 0x19a 0x12acd: add si, di 0x12acf: lodsb al, byte ptr [si] 0x12ad0: or al, al 0x12ad2: je 0x12ade 0x12ad4: shr al, 1 0x12ad6: mov ah, 0xe 0x12ad8: mov bl, 7 0x12ada: int 0x10