Sample viewer

vx.netlux.org/Trojan.DOS.QKey

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:03.601424159Z	9	PC: 12bbf \| Display string (String= 'ﾚﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄｿｳ QKEY 1.0 ｳｳ Copyright (c) 1986-1994 ｳｳ Quarterdeck Office Systems, Inc. ｳﾀﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾙ ')
2018-12-17T22:55:03.613268961Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp cx, 0x7ca 0x12bc7: jne 0x12bd3 0x12bc9: cmp dh, 0xc 0x12bcc: jb 0x12be1 0x12bce: cmp dl, 0x18 0x12bd1: jb 0x12be1 0x12bd3: mov ax, 0x301 0x12bd6: mov bx, 0x2bb 0x12bd9: mov cx, 1 0x12bdc: mov dx, 0x80 0x12bdf: int 0x13 0x12be1: mov ax, 0x3509 0x12be4: int 0x21 0x12be6: mov word ptr [0x23a], bx 0x12bea: mov word ptr [0x23c], es 0x12bee: mov ax, 0x2509 0x12bf1: mov dx, 0x1cb 0x12bf4: int 0x21 0x12bf6: mov dx, 0x271 0x12bf9: int 0x27
2018-12-17T22:55:03.945085804Z	53	PC: 12be6 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:55:03.946612943Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:55:03.949071645Z	49	PC: 12bfb \| Terminate and stay resident (Return code = '0' \| Memory size = '40')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11765,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:19.4121184Z	9	PC: 12bbf \| Display string (String= 'ﾚﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄｿｳ QKEY 1.0 ｳｳ Copyright (c) 1986-1994 ｳｳ Quarterdeck Office Systems, Inc. ｳﾀﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾙ ')
2018-12-25T12:31:19.425168194Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp cx, 0x7ca 0x12bc7: jne 0x12bd3 0x12bc9: cmp dh, 0xc 0x12bcc: jb 0x12be1 0x12bce: cmp dl, 0x18 0x12bd1: jb 0x12be1 0x12bd3: mov ax, 0x301 0x12bd6: mov bx, 0x2bb 0x12bd9: mov cx, 1 0x12bdc: mov dx, 0x80 0x12bdf: int 0x13 0x12be1: mov ax, 0x3509 0x12be4: int 0x21 0x12be6: mov word ptr [0x23a], bx 0x12bea: mov word ptr [0x23c], es 0x12bee: mov ax, 0x2509 0x12bf1: mov dx, 0x1cb 0x12bf4: int 0x21 0x12bf6: mov dx, 0x271 0x12bf9: int 0x27
2018-12-25T12:31:19.787285391Z	53	PC: 12be6 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:19.789128857Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:19.791091329Z	49	PC: 12bfb \| Terminate and stay resident (Return code = '0' \| Memory size = '40')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11765,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:19.645398357Z	9	PC: 12bbf \| Display string (String= 'ﾚﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄｿｳ QKEY 1.0 ｳｳ Copyright (c) 1986-1994 ｳｳ Quarterdeck Office Systems, Inc. ｳﾀﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾙ ')
2018-12-25T12:31:19.658415435Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp cx, 0x7ca 0x12bc7: jne 0x12bd3 0x12bc9: cmp dh, 0xc 0x12bcc: jb 0x12be1 0x12bce: cmp dl, 0x18 0x12bd1: jb 0x12be1 0x12bd3: mov ax, 0x301 0x12bd6: mov bx, 0x2bb 0x12bd9: mov cx, 1 0x12bdc: mov dx, 0x80 0x12bdf: int 0x13 0x12be1: mov ax, 0x3509 0x12be4: int 0x21 0x12be6: mov word ptr [0x23a], bx 0x12bea: mov word ptr [0x23c], es 0x12bee: mov ax, 0x2509 0x12bf1: mov dx, 0x1cb 0x12bf4: int 0x21 0x12bf6: mov dx, 0x271 0x12bf9: int 0x27
2018-12-25T12:31:19.661032788Z	53	PC: 12be6 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:19.662142403Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:19.663291525Z	49	PC: 12bfb \| Terminate and stay resident (Return code = '0' \| Memory size = '40')

{"DateBased":true,"Day":1,"Month":12,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11765,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:20.293561931Z	9	PC: 12bbf \| Display string (String= 'ﾚﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄｿｳ QKEY 1.0 ｳｳ Copyright (c) 1986-1994 ｳｳ Quarterdeck Office Systems, Inc. ｳﾀﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾙ ')
2018-12-25T12:31:20.318163297Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp cx, 0x7ca 0x12bc7: jne 0x12bd3 0x12bc9: cmp dh, 0xc 0x12bcc: jb 0x12be1 0x12bce: cmp dl, 0x18 0x12bd1: jb 0x12be1 0x12bd3: mov ax, 0x301 0x12bd6: mov bx, 0x2bb 0x12bd9: mov cx, 1 0x12bdc: mov dx, 0x80 0x12bdf: int 0x13 0x12be1: mov ax, 0x3509 0x12be4: int 0x21 0x12be6: mov word ptr [0x23a], bx 0x12bea: mov word ptr [0x23c], es 0x12bee: mov ax, 0x2509 0x12bf1: mov dx, 0x1cb 0x12bf4: int 0x21 0x12bf6: mov dx, 0x271 0x12bf9: int 0x27
2018-12-25T12:31:20.324469552Z	53	PC: 12be6 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:20.325868494Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:20.327743688Z	49	PC: 12bfb \| Terminate and stay resident (Return code = '0' \| Memory size = '40')

{"DateBased":true,"Day":24,"Month":12,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11765,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:20.448972387Z	9	PC: 12bbf \| Display string (String= 'ﾚﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄｿｳ QKEY 1.0 ｳｳ Copyright (c) 1986-1994 ｳｳ Quarterdeck Office Systems, Inc. ｳﾀﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾙ ')
2018-12-25T12:31:20.464119499Z	42	PC: 12bc3 \| Get date 0x12bc3: cmp cx, 0x7ca 0x12bc7: jne 0x12bd3 0x12bc9: cmp dh, 0xc 0x12bcc: jb 0x12be1 0x12bce: cmp dl, 0x18 0x12bd1: jb 0x12be1 0x12bd3: mov ax, 0x301 0x12bd6: mov bx, 0x2bb 0x12bd9: mov cx, 1 0x12bdc: mov dx, 0x80 0x12bdf: int 0x13 0x12be1: mov ax, 0x3509 0x12be4: int 0x21 0x12be6: mov word ptr [0x23a], bx 0x12bea: mov word ptr [0x23c], es 0x12bee: mov ax, 0x2509 0x12bf1: mov dx, 0x1cb 0x12bf4: int 0x21 0x12bf6: mov dx, 0x271 0x12bf9: int 0x27
2018-12-25T12:31:20.790445285Z	53	PC: 12be6 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:20.792556878Z	37	PC: 12bf6 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:20.795169514Z	49	PC: 12bfb \| Terminate and stay resident (Return code = '0' \| Memory size = '40')