Sample viewer

vx.netlux.org/Virus.DOS.Quest.495

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:00:50.862970839Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:50.865013161Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:50.866170134Z	71	PC: 12a69 \| Get current directory
2018-12-17T22:00:50.868862783Z	78	PC: 12a9b \| Find first file
2018-12-17T22:00:50.891506204Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.893856736Z	78	PC: 12a9b \| Find first file
2018-12-17T22:00:50.899576842Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.905378512Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.908033774Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.92040641Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.923100638Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.926146878Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.92992744Z	79	PC: 12a9b \| Find next file
2018-12-17T22:00:50.932622292Z	59	PC: 12a7c \| Change current directory
2018-12-17T22:00:50.937766659Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp dh, 0xa 0x12ae5: jne 0x12b02 0x12ae7: cmp dl, 4 0x12aea: jne 0x12b02 0x12aec: mov ah, 9 0x12aee: mov dx, 0x1f5 0x12af1: int 0x21 0x12af3: mov dx, 0x200 0x12af6: push es 0x12af7: mov ax, 0x40 0x12afa: mov es, ax 0x12afc: mov word ptr es:[0x13], dx 0x12b01: pop es 0x12b02: ret 0x12b03: mov ah, 0x3d 0x12b05: mov dx, 0x9e 0x12b08: int 0x21 0x12b0a: xchg ax, bx 0x12b0b: ret 0x12b0c: mov ax, 0x4301
2018-12-17T22:00:50.9400696Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:00:50.941778177Z	59	PC: 12a92 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1210,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:00.246828078Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:00.24857026Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:00.249619951Z	71	PC: 12a69 \| Get current directory
2018-12-25T11:43:00.252409941Z	78	PC: 12a9b \| Find first file
2018-12-25T11:43:00.25877805Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.26093194Z	78	PC: 12a9b \| Find first file (See above)
2018-12-25T11:43:00.266597004Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.269186235Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.272208723Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.274621185Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.277120282Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.279794803Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.282219395Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.284456695Z	59	PC: 12a7c \| Change current directory
2018-12-25T11:43:00.288534488Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp dh, 0xa 0x12ae5: jne 0x12b02 0x12ae7: cmp dl, 4 0x12aea: jne 0x12b02 0x12aec: mov ah, 9 0x12aee: mov dx, 0x1f5 0x12af1: int 0x21 0x12af3: mov dx, 0x200 0x12af6: push es 0x12af7: mov ax, 0x40 0x12afa: mov es, ax 0x12afc: mov word ptr es:[0x13], dx 0x12b01: pop es 0x12b02: ret 0x12b03: mov ah, 0x3d 0x12b05: mov dx, 0x9e 0x12b08: int 0x21 0x12b0a: xchg ax, bx 0x12b0b: ret 0x12b0c: mov ax, 0x4301
2018-12-25T11:43:00.29052458Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:00.291601925Z	59	PC: 12a92 \| Change current directory

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1210,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:00.959191969Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:00.962085562Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:00.963242099Z	71	PC: 12a69 \| Get current directory
2018-12-25T11:43:00.966084744Z	78	PC: 12a9b \| Find first file
2018-12-25T11:43:00.972160994Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.974506083Z	78	PC: 12a9b \| Find first file (See above)
2018-12-25T11:43:00.980166642Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.98254223Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.991550235Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.994216424Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.996876285Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:00.999885631Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.002763812Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.005142929Z	59	PC: 12a7c \| Change current directory
2018-12-25T11:43:01.010013652Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp dh, 0xa 0x12ae5: jne 0x12b02 0x12ae7: cmp dl, 4 0x12aea: jne 0x12b02 0x12aec: mov ah, 9 0x12aee: mov dx, 0x1f5 0x12af1: int 0x21 0x12af3: mov dx, 0x200 0x12af6: push es 0x12af7: mov ax, 0x40 0x12afa: mov es, ax 0x12afc: mov word ptr es:[0x13], dx 0x12b01: pop es 0x12b02: ret 0x12b03: mov ah, 0x3d 0x12b05: mov dx, 0x9e 0x12b08: int 0x21 0x12b0a: xchg ax, bx 0x12b0b: ret 0x12b0c: mov ax, 0x4301
2018-12-25T11:43:01.012407524Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:01.013812032Z	59	PC: 12a92 \| Change current directory

{"DateBased":true,"Day":4,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1210,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:01.952301053Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:01.95384702Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:01.954834487Z	71	PC: 12a69 \| Get current directory
2018-12-25T11:43:01.95669608Z	78	PC: 12a9b \| Find first file
2018-12-25T11:43:01.960503004Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.962360429Z	78	PC: 12a9b \| Find first file (See above)
2018-12-25T11:43:01.982681137Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.986393986Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.98958255Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.992153094Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.994959183Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:01.998958342Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:02.00169423Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T11:43:02.00432316Z	59	PC: 12a7c \| Change current directory
2018-12-25T11:43:02.010437657Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp dh, 0xa 0x12ae5: jne 0x12b02 0x12ae7: cmp dl, 4 0x12aea: jne 0x12b02 0x12aec: mov ah, 9 0x12aee: mov dx, 0x1f5 0x12af1: int 0x21 0x12af3: mov dx, 0x200 0x12af6: push es 0x12af7: mov ax, 0x40 0x12afa: mov es, ax 0x12afc: mov word ptr es:[0x13], dx 0x12b01: pop es 0x12b02: ret 0x12b03: mov ah, 0x3d 0x12b05: mov dx, 0x9e 0x12b08: int 0x21 0x12b0a: xchg ax, bx 0x12b0b: ret 0x12b0c: mov ax, 0x4301
2018-12-25T11:43:02.012832703Z	9	PC: 12af3 \| Display string (Could not find end pointer)
2018-12-25T11:43:02.077060452Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:02.079609201Z	59	PC: 12a92 \| Change current directory