Sample viewer

vx.netlux.org/Virus.DOS.Gly.1182

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:59:56.450284069Z 42 PC: 1c0ee | Get date 0x1c0ee: cmp dh, 5
0x1c0f1: jne 0x1c104
0x1c0f3: cmp dl, 0x19
0x1c0f6: jne 0x1c104
0x1c0f8: mov ah, 0x2c
0x1c0fa: int 0x21
0x1c0fc: cmp ch, 0xd
0x1c0ff: jne 0x1c104
0x1c101: call 0x1c369
0x1c104: mov bp, si
0x1c106: add bp, 0x39
0x1c10a: mov di, bp
0x1c10c: mov cx, 0x44
0x1c10f: mov al, 0xf3
0x1c111: out 0x60, al
0x1c113: mov al, 0x78
0x1c115: out 0x60, al
0x1c117: mov al, byte ptr cs:[di]
0x1c11a: xor al, 0x9a
0x1c11c: mov byte ptr cs:[di], al
2018-12-17T21:59:56.453924579Z 170 PC: 1c136 | UNKNOWN!
2018-12-17T21:59:56.454841081Z 61 PC: 1c208 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T21:59:56.461068066Z 87 PC: 1c211 | Get or set file date and time
2018-12-17T21:59:56.463204911Z 62 PC: 1c215 | Close file
2018-12-17T21:59:56.465224778Z 53 PC: 1c1c5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:56.466737305Z 37 PC: 1c1d9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:56.468676481Z 67 PC: 1c1e2 | Get or set file attributes
2018-12-17T21:59:56.473617388Z 67 PC: 1c1ee | Get or set file attributes
2018-12-17T21:59:56.812108099Z 61 PC: 1c22b | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T21:59:56.822033651Z 87 PC: 1c237 | Get or set file date and time
2018-12-17T21:59:56.824387588Z 63 PC: 1c249 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:59:56.827302936Z 66 PC: 1c252 | Move file pointer
2018-12-17T21:59:56.82982269Z 64 PC: 1c26f | Write file or device (Write 1182 bytes on handle 5)
2018-12-17T21:59:56.840436849Z 66 PC: 1c27d | Move file pointer
2018-12-17T21:59:56.841907988Z 64 PC: 1c287 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:59:56.84533993Z 87 PC: 1c29a | Get or set file date and time
2018-12-17T21:59:56.847501019Z 62 PC: 1c29e | Close file
2018-12-17T21:59:56.854563987Z 67 PC: 1c2aa | Get or set file attributes
2018-12-17T21:59:56.864635319Z 37 PC: 1c1fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:56.866100395Z 53 PC: 1c1a5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:56.867546126Z 37 PC: 1c1b5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:56.869943269Z 98 PC: 16d10 | Get current PSP
2018-12-17T21:59:56.872336899Z 99 PC: 148e4 | Get DBCS lead byte table pointer
2018-12-17T21:59:56.873968757Z 68 PC: 148fe | I/O control for devices (Set for = '')
2018-12-17T21:59:56.875836838Z 68 PC: 14909 | I/O control for devices (Set for = '')
2018-12-17T21:59:56.878311914Z 68 PC: 14914 | I/O control for devices (Set for = '')
2018-12-17T21:59:56.880112607Z 68 PC: 1491c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T21:59:56.881799962Z 48 PC: 14921 | Get DOS version
2018-12-17T21:59:56.883894367Z 108 PC: 1275d | Extended open/create file
2018-12-17T21:59:56.890093434Z 66 PC: 12770 | Move file pointer
2018-12-17T21:59:56.891515339Z 63 PC: 1277c | Read file or device (Read 64 bytes on handle 5)
2018-12-17T21:59:56.898906111Z 66 PC: 12770 | Move file pointer
2018-12-17T21:59:56.900320552Z 63 PC: 1277c | Read file or device (Read 64 bytes on handle 5)
2018-12-17T21:59:56.906782802Z 62 PC: 12791 | Close file
2018-12-17T21:59:56.910567076Z 64 PC: 14a56 | Write file or device (Write 26 bytes on handle 2)
2018-12-17T21:59:56.914094058Z 64 PC: 14a56 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T21:59:56.917423849Z 64 PC: 14a26 | Write file or device (Write 1 bytes on handle 2)
2018-12-17T21:59:56.921414969Z 64 PC: 14a56 | Write file or device (Write 2 bytes on handle 2)
2018-12-17T21:59:56.926139534Z 76 PC: 16d40 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1105,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:52.670088726Z 42 PC: 1c0ee | Get date 0x1c0ee: cmp dh, 5
0x1c0f1: jne 0x1c104
0x1c0f3: cmp dl, 0x19
0x1c0f6: jne 0x1c104
0x1c0f8: mov ah, 0x2c
0x1c0fa: int 0x21
0x1c0fc: cmp ch, 0xd
0x1c0ff: jne 0x1c104
0x1c101: call 0x1c369
0x1c104: mov bp, si
0x1c106: add bp, 0x39
0x1c10a: mov di, bp
0x1c10c: mov cx, 0x44
0x1c10f: mov al, 0xf3
0x1c111: out 0x60, al
0x1c113: mov al, 0x78
0x1c115: out 0x60, al
0x1c117: mov al, byte ptr cs:[di]
0x1c11a: xor al, 0x9a
0x1c11c: mov byte ptr cs:[di], al
2018-12-25T11:42:52.674917856Z 170 PC: 1c136 | UNKNOWN!
2018-12-25T11:42:52.676127784Z 61 PC: 1c208 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:42:52.682455883Z 87 PC: 1c211 | Get or set file date and time
2018-12-25T11:42:52.684931578Z 62 PC: 1c215 | Close file
2018-12-25T11:42:52.687105688Z 53 PC: 1c1c5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:52.688583201Z 37 PC: 1c1d9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:52.691316736Z 67 PC: 1c1e2 | Get or set file attributes
2018-12-25T11:42:52.696357562Z 67 PC: 1c1ee | Get or set file attributes
2018-12-25T11:42:54.112316332Z 61 PC: 1c22b | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:42:54.120178865Z 87 PC: 1c237 | Get or set file date and time
2018-12-25T11:42:54.121942376Z 63 PC: 1c249 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:54.124854862Z 66 PC: 1c252 | Move file pointer
2018-12-25T11:42:54.127659253Z 64 PC: 1c26f | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:42:54.137770155Z 66 PC: 1c27d | Move file pointer
2018-12-25T11:42:54.139628487Z 64 PC: 1c287 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:54.14398362Z 87 PC: 1c29a | Get or set file date and time
2018-12-25T11:42:54.145945521Z 62 PC: 1c29e | Close file
2018-12-25T11:42:54.157312045Z 67 PC: 1c2aa | Get or set file attributes
2018-12-25T11:42:54.168825806Z 37 PC: 1c1fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:54.170122105Z 53 PC: 1c1a5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:54.171448314Z 37 PC: 1c1b5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:54.17477553Z 98 PC: 16d10 | Get current PSP
2018-12-25T11:42:54.175986603Z 99 PC: 148e4 | Get DBCS lead byte table pointer
2018-12-25T11:42:54.177129302Z 68 PC: 148fe | I/O control for devices (Set for = '')
2018-12-25T11:42:54.178743147Z 68 PC: 14909 | I/O control for devices (Set for = '')
2018-12-25T11:42:54.180415836Z 68 PC: 14914 | I/O control for devices (Set for = '')
2018-12-25T11:42:54.181688603Z 68 PC: 1491c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:42:54.183575538Z 48 PC: 14921 | Get DOS version
2018-12-25T11:42:54.190703755Z 108 PC: 1275d | Extended open/create file
2018-12-25T11:42:54.1970973Z 66 PC: 12770 | Move file pointer
2018-12-25T11:42:54.199466834Z 63 PC: 1277c | Read file or device (Read 64 bytes on handle 5)
2018-12-25T11:42:54.205488418Z 66 PC: 12770 | Move file pointer (See above)
2018-12-25T11:42:54.206886544Z 63 PC: 1277c | Read file or device (See above)
2018-12-25T11:42:54.212337882Z 62 PC: 12791 | Close file
2018-12-25T11:42:54.214862351Z 64 PC: 14a56 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:42:54.217876064Z 64 PC: 14a56 | Write file or device (See above)
2018-12-25T11:42:54.220904703Z 64 PC: 14a26 | Write file or device (Write 1 bytes on handle 2)
2018-12-25T11:42:54.224058092Z 64 PC: 14a56 | Write file or device (See above)
2018-12-25T11:42:54.228311203Z 76 PC: 16d40 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1105,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:52.705636285Z 42 PC: 1c0ee | Get date 0x1c0ee: cmp dh, 5
0x1c0f1: jne 0x1c104
0x1c0f3: cmp dl, 0x19
0x1c0f6: jne 0x1c104
0x1c0f8: mov ah, 0x2c
0x1c0fa: int 0x21
0x1c0fc: cmp ch, 0xd
0x1c0ff: jne 0x1c104
0x1c101: call 0x1c369
0x1c104: mov bp, si
0x1c106: add bp, 0x39
0x1c10a: mov di, bp
0x1c10c: mov cx, 0x44
0x1c10f: mov al, 0xf3
0x1c111: out 0x60, al
0x1c113: mov al, 0x78
0x1c115: out 0x60, al
0x1c117: mov al, byte ptr cs:[di]
0x1c11a: xor al, 0x9a
0x1c11c: mov byte ptr cs:[di], al
2018-12-25T11:42:52.709580198Z 170 PC: 1c136 | UNKNOWN!
2018-12-25T11:42:52.71046019Z 61 PC: 1c208 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:42:52.717220551Z 87 PC: 1c211 | Get or set file date and time
2018-12-25T11:42:52.719210242Z 62 PC: 1c215 | Close file
2018-12-25T11:42:52.721125707Z 53 PC: 1c1c5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:52.722181977Z 37 PC: 1c1d9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:52.723877167Z 67 PC: 1c1e2 | Get or set file attributes
2018-12-25T11:42:52.729544362Z 67 PC: 1c1ee | Get or set file attributes
2018-12-25T11:42:54.579025543Z 61 PC: 1c22b | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:42:54.588903777Z 87 PC: 1c237 | Get or set file date and time
2018-12-25T11:42:54.59094385Z 63 PC: 1c249 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:54.5943453Z 66 PC: 1c252 | Move file pointer
2018-12-25T11:42:54.596695036Z 64 PC: 1c26f | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:42:54.612754289Z 66 PC: 1c27d | Move file pointer
2018-12-25T11:42:54.614354825Z 64 PC: 1c287 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:54.617719915Z 87 PC: 1c29a | Get or set file date and time
2018-12-25T11:42:54.619933879Z 62 PC: 1c29e | Close file
2018-12-25T11:42:54.627453798Z 67 PC: 1c2aa | Get or set file attributes
2018-12-25T11:42:54.63721278Z 37 PC: 1c1fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:54.640184814Z 53 PC: 1c1a5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:54.641835548Z 37 PC: 1c1b5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:54.644208099Z 98 PC: 16d10 | Get current PSP
2018-12-25T11:42:54.646835696Z 99 PC: 148e4 | Get DBCS lead byte table pointer
2018-12-25T11:42:54.648579995Z 68 PC: 148fe | I/O control for devices (Set for = '')
2018-12-25T11:42:54.650410647Z 68 PC: 14909 | I/O control for devices (Set for = '')
2018-12-25T11:42:54.653743254Z 68 PC: 14914 | I/O control for devices (Set for = '')
2018-12-25T11:42:54.655606732Z 68 PC: 1491c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:42:54.657712284Z 48 PC: 14921 | Get DOS version
2018-12-25T11:42:54.660864053Z 108 PC: 1275d | Extended open/create file
2018-12-25T11:42:54.668001437Z 66 PC: 12770 | Move file pointer
2018-12-25T11:42:54.669888555Z 63 PC: 1277c | Read file or device (Read 64 bytes on handle 5)
2018-12-25T11:42:54.677321066Z 66 PC: 12770 | Move file pointer (See above)
2018-12-25T11:42:54.679637841Z 63 PC: 1277c | Read file or device (See above)
2018-12-25T11:42:54.686718697Z 62 PC: 12791 | Close file
2018-12-25T11:42:54.689715012Z 64 PC: 14a56 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:42:54.69419065Z 64 PC: 14a56 | Write file or device (See above)
2018-12-25T11:42:54.697750344Z 64 PC: 14a26 | Write file or device (Write 1 bytes on handle 2)
2018-12-25T11:42:54.701534932Z 64 PC: 14a56 | Write file or device (See above)
2018-12-25T11:42:54.707296203Z 76 PC: 16d40 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":25,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1105,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:52.977873539Z 42 PC: 1c0ee | Get date 0x1c0ee: cmp dh, 5
0x1c0f1: jne 0x1c104
0x1c0f3: cmp dl, 0x19
0x1c0f6: jne 0x1c104
0x1c0f8: mov ah, 0x2c
0x1c0fa: int 0x21
0x1c0fc: cmp ch, 0xd
0x1c0ff: jne 0x1c104
0x1c101: call 0x1c369
0x1c104: mov bp, si
0x1c106: add bp, 0x39
0x1c10a: mov di, bp
0x1c10c: mov cx, 0x44
0x1c10f: mov al, 0xf3
0x1c111: out 0x60, al
0x1c113: mov al, 0x78
0x1c115: out 0x60, al
0x1c117: mov al, byte ptr cs:[di]
0x1c11a: xor al, 0x9a
0x1c11c: mov byte ptr cs:[di], al
2018-12-25T11:42:52.985793543Z 44 PC: 1c0fc | Get time 0x1c0fc: cmp ch, 0xd
0x1c0ff: jne 0x1c104
0x1c101: call 0x1c369
0x1c104: mov bp, si
0x1c106: add bp, 0x39
0x1c10a: mov di, bp
0x1c10c: mov cx, 0x44
0x1c10f: mov al, 0xf3
0x1c111: out 0x60, al
0x1c113: mov al, 0x78
0x1c115: out 0x60, al
0x1c117: mov al, byte ptr cs:[di]
0x1c11a: xor al, 0x9a
0x1c11c: mov byte ptr cs:[di], al
0x1c11f: inc di
0x1c120: loop 0x1c117
0x1c122: sbb word ptr [si - 0x64], si
0x1c125: int3
0x1c126: adc word ptr [bp - 0x65c7], bx
0x1c12a: wait
2018-12-25T11:42:52.989125961Z 170 PC: 1c136 | UNKNOWN!
2018-12-25T11:42:52.989968536Z 61 PC: 1c208 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:42:52.998183003Z 87 PC: 1c211 | Get or set file date and time
2018-12-25T11:42:52.999251154Z 62 PC: 1c215 | Close file
2018-12-25T11:42:53.000605084Z 53 PC: 1c1c5 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:53.002069407Z 37 PC: 1c1d9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:53.002990325Z 67 PC: 1c1e2 | Get or set file attributes
2018-12-25T11:42:53.00651092Z 67 PC: 1c1ee | Get or set file attributes
2018-12-25T11:42:54.586677509Z 61 PC: 1c22b | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:42:54.594040502Z 87 PC: 1c237 | Get or set file date and time
2018-12-25T11:42:54.596037864Z 63 PC: 1c249 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:42:54.601261108Z 66 PC: 1c252 | Move file pointer
2018-12-25T11:42:54.6027875Z 64 PC: 1c26f | Write file or device (Write 1182 bytes on handle 5)
2018-12-25T11:42:54.613626176Z 66 PC: 1c27d | Move file pointer
2018-12-25T11:42:54.615857832Z 64 PC: 1c287 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:42:54.619908279Z 87 PC: 1c29a | Get or set file date and time
2018-12-25T11:42:54.621996396Z 62 PC: 1c29e | Close file
2018-12-25T11:42:54.630959201Z 67 PC: 1c2aa | Get or set file attributes
2018-12-25T11:42:54.642087785Z 37 PC: 1c1fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:54.643027675Z 53 PC: 1c1a5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:54.644247547Z 37 PC: 1c1b5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:54.646566659Z 98 PC: 16d10 | Get current PSP
2018-12-25T11:42:54.64822428Z 99 PC: 148e4 | Get DBCS lead byte table pointer
2018-12-25T11:42:54.649825695Z 68 PC: 148fe | I/O control for devices (Set for = '')
2018-12-25T11:42:54.651918504Z 68 PC: 14909 | I/O control for devices (Set for = '')
2018-12-25T11:42:54.654034534Z 68 PC: 14914 | I/O control for devices (Set for = '')
2018-12-25T11:42:54.655489465Z 68 PC: 1491c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:42:54.65716759Z 48 PC: 14921 | Get DOS version
2018-12-25T11:42:54.659082854Z 108 PC: 1275d | Extended open/create file
2018-12-25T11:42:54.666705114Z 66 PC: 12770 | Move file pointer
2018-12-25T11:42:54.668496593Z 63 PC: 1277c | Read file or device (Read 64 bytes on handle 5)
2018-12-25T11:42:54.675013502Z 66 PC: 12770 | Move file pointer (See above)
2018-12-25T11:42:54.677750327Z 63 PC: 1277c | Read file or device (See above)
2018-12-25T11:42:54.684255477Z 62 PC: 12791 | Close file
2018-12-25T11:42:54.687166099Z 64 PC: 14a56 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:42:54.692239844Z 64 PC: 14a56 | Write file or device (See above)
2018-12-25T11:42:54.696003652Z 64 PC: 14a26 | Write file or device (Write 1 bytes on handle 2)
2018-12-25T11:42:54.699969901Z 64 PC: 14a56 | Write file or device (See above)
2018-12-25T11:42:54.705736788Z 76 PC: 16d40 | Terminate with return code (Return code = '0')