Sample viewer

vx.netlux.org/Virus.DOS.Qumak.1161

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:14.60259202Z	48	PC: 12c6e \| Get DOS version
2018-12-17T22:58:14.60440531Z	47	PC: 12c85 \| Get disk transfer address
2018-12-17T22:58:14.605963047Z	26	PC: 12c94 \| Set disk transfer address
2018-12-17T22:58:14.607503858Z	78	PC: 12d31 \| Find first file
2018-12-17T22:58:14.614050391Z	61	PC: 12d97 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:14.620866404Z	63	PC: 12daa \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:58:14.627179563Z	62	PC: 12dae \| Close file
2018-12-17T22:58:14.629070193Z	67	PC: 12df1 \| Get or set file attributes
2018-12-17T22:58:14.63922337Z	67	PC: 12e01 \| Get or set file attributes
2018-12-17T22:58:14.655172438Z	61	PC: 12e0b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:14.661535673Z	87	PC: 12e17 \| Get or set file date and time
2018-12-17T22:58:14.66360458Z	44	PC: 12e21 \| Get time 0x12e21: and dh, 7 0x12e24: je 0x12e29 0x12e26: jmp 0x12eb2 0x12e29: push bx 0x12e2a: push si 0x12e2b: mov ah, 8 0x12e2d: mov dl, 0x80 0x12e2f: int 0x13 0x12e31: cmp dl, 0 0x12e34: je 0x12ea2 0x12e36: mov al, cl 0x12e38: and al, 0x3f 0x12e3a: mov byte ptr [si + 0xf4], al 0x12e3e: mov al, ch 0x12e40: mov ah, cl 0x12e42: and ah, 0xc0 0x12e45: mov cl, 6 0x12e47: shr ah, cl 0x12e49: mov word ptr [si + 0xf1], ax 0x12e4d: mov byte ptr [si + 0xf3], dh
2018-12-17T22:58:14.665828724Z	63	PC: 12ebe \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:58:14.668431875Z	66	PC: 12ed6 \| Move file pointer
2018-12-17T22:58:14.670495199Z	44	PC: 12f02 \| Get time 0x12f02: mov dl, cl 0x12f04: add dl, dh 0x12f06: add dl, 0x82 0x12f09: mov byte ptr [si - 1], dl 0x12f0c: mov bx, si 0x12f0e: mov cx, 0xf9 0x12f11: mov al, byte ptr [bx] 0x12f13: xor al, dl 0x12f15: mov byte ptr [bx], al 0x12f17: inc bx 0x12f18: loop 0x12f11 0x12f1a: pop ax 0x12f1b: pop bx 0x12f1c: pop cx 0x12f1d: pop dx 0x12f1e: int 0x21 0x12f20: push dx 0x12f21: push cx 0x12f22: push bx 0x12f23: push ax
2018-12-17T22:58:14.672833922Z	64	PC: 12f20 \| Write file or device (Write 1161 bytes on handle 5)
2018-12-17T22:58:14.681487713Z	66	PC: 12f4d \| Move file pointer
2018-12-17T22:58:14.692176628Z	64	PC: 12f5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:14.698503615Z	64	PC: 12f68 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:58:14.700810268Z	87	PC: 12f74 \| Get or set file date and time
2018-12-17T22:58:14.712278022Z	62	PC: 12f78 \| Close file
2018-12-17T22:58:14.721040244Z	67	PC: 12f87 \| Get or set file attributes
2018-12-17T22:58:14.731270058Z	26	PC: 12f91 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12806,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:16.54427387Z	48	PC: 12c6e \| Get DOS version
2018-12-25T12:36:16.545596118Z	47	PC: 12c85 \| Get disk transfer address
2018-12-25T12:36:16.548829599Z	26	PC: 12c94 \| Set disk transfer address
2018-12-25T12:36:16.550163964Z	78	PC: 12d31 \| Find first file
2018-12-25T12:36:16.55685569Z	61	PC: 12d97 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:16.564783758Z	63	PC: 12daa \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:36:16.572091637Z	62	PC: 12dae \| Close file
2018-12-25T12:36:16.574958517Z	67	PC: 12df1 \| Get or set file attributes
2018-12-25T12:36:16.581939797Z	67	PC: 12e01 \| Get or set file attributes
2018-12-25T12:36:16.599948356Z	61	PC: 12e0b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:16.607880718Z	87	PC: 12e17 \| Get or set file date and time
2018-12-25T12:36:16.609925346Z	44	PC: 12e21 \| Get time 0x12e21: and dh, 7 0x12e24: je 0x12e29 0x12e26: jmp 0x12eb2 0x12e29: push bx 0x12e2a: push si 0x12e2b: mov ah, 8 0x12e2d: mov dl, 0x80 0x12e2f: int 0x13 0x12e31: cmp dl, 0 0x12e34: je 0x12ea2 0x12e36: mov al, cl 0x12e38: and al, 0x3f 0x12e3a: mov byte ptr [si + 0xf4], al 0x12e3e: mov al, ch 0x12e40: mov ah, cl 0x12e42: and ah, 0xc0 0x12e45: mov cl, 6 0x12e47: shr ah, cl 0x12e49: mov word ptr [si + 0xf1], ax 0x12e4d: mov byte ptr [si + 0xf3], dh
2018-12-25T12:36:16.612264371Z	63	PC: 12ebe \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:36:16.615164396Z	66	PC: 12ed6 \| Move file pointer
2018-12-25T12:36:16.623321315Z	44	PC: 12f02 \| Get time 0x12f02: mov dl, cl 0x12f04: add dl, dh 0x12f06: add dl, 0x82 0x12f09: mov byte ptr [si - 1], dl 0x12f0c: mov bx, si 0x12f0e: mov cx, 0xf9 0x12f11: mov al, byte ptr [bx] 0x12f13: xor al, dl 0x12f15: mov byte ptr [bx], al 0x12f17: inc bx 0x12f18: loop 0x12f11 0x12f1a: pop ax 0x12f1b: pop bx 0x12f1c: pop cx 0x12f1d: pop dx 0x12f1e: int 0x21 0x12f20: push dx 0x12f21: push cx 0x12f22: push bx 0x12f23: push ax
2018-12-25T12:36:16.626313314Z	64	PC: 12f20 \| Write file or device (Write 1161 bytes on handle 5)
2018-12-25T12:36:16.638957884Z	66	PC: 12f4d \| Move file pointer
2018-12-25T12:36:16.641098718Z	64	PC: 12f5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:16.648647724Z	64	PC: 12f68 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:16.651507594Z	87	PC: 12f74 \| Get or set file date and time
2018-12-25T12:36:16.653627898Z	62	PC: 12f78 \| Close file
2018-12-25T12:36:16.663995904Z	67	PC: 12f87 \| Get or set file attributes
2018-12-25T12:36:16.682694928Z	26	PC: 12f91 \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":12806,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:16.784780038Z	48	PC: 12c6e \| Get DOS version
2018-12-25T12:36:16.786706748Z	47	PC: 12c85 \| Get disk transfer address
2018-12-25T12:36:16.788329054Z	26	PC: 12c94 \| Set disk transfer address
2018-12-25T12:36:16.789734608Z	78	PC: 12d31 \| Find first file
2018-12-25T12:36:16.79655817Z	61	PC: 12d97 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:16.803661347Z	63	PC: 12daa \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:36:16.810354715Z	62	PC: 12dae \| Close file
2018-12-25T12:36:16.812138809Z	67	PC: 12df1 \| Get or set file attributes
2018-12-25T12:36:16.824696343Z	67	PC: 12e01 \| Get or set file attributes
2018-12-25T12:36:16.842337365Z	61	PC: 12e0b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:16.849654283Z	87	PC: 12e17 \| Get or set file date and time
2018-12-25T12:36:16.8591643Z	44	PC: 12e21 \| Get time 0x12e21: and dh, 7 0x12e24: je 0x12e29 0x12e26: jmp 0x12eb2 0x12e29: push bx 0x12e2a: push si 0x12e2b: mov ah, 8 0x12e2d: mov dl, 0x80 0x12e2f: int 0x13 0x12e31: cmp dl, 0 0x12e34: je 0x12ea2 0x12e36: mov al, cl 0x12e38: and al, 0x3f 0x12e3a: mov byte ptr [si + 0xf4], al 0x12e3e: mov al, ch 0x12e40: mov ah, cl 0x12e42: and ah, 0xc0 0x12e45: mov cl, 6 0x12e47: shr ah, cl 0x12e49: mov word ptr [si + 0xf1], ax 0x12e4d: mov byte ptr [si + 0xf3], dh
2018-12-25T12:36:16.861715174Z	63	PC: 12ebe \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:36:16.868834221Z	66	PC: 12ed6 \| Move file pointer
2018-12-25T12:36:16.871073198Z	44	PC: 12f02 \| Get time 0x12f02: mov dl, cl 0x12f04: add dl, dh 0x12f06: add dl, 0x82 0x12f09: mov byte ptr [si - 1], dl 0x12f0c: mov bx, si 0x12f0e: mov cx, 0xf9 0x12f11: mov al, byte ptr [bx] 0x12f13: xor al, dl 0x12f15: mov byte ptr [bx], al 0x12f17: inc bx 0x12f18: loop 0x12f11 0x12f1a: pop ax 0x12f1b: pop bx 0x12f1c: pop cx 0x12f1d: pop dx 0x12f1e: int 0x21 0x12f20: push dx 0x12f21: push cx 0x12f22: push bx 0x12f23: push ax
2018-12-25T12:36:16.873547904Z	64	PC: 12f20 \| Write file or device (Write 1161 bytes on handle 5)
2018-12-25T12:36:16.883044452Z	66	PC: 12f4d \| Move file pointer
2018-12-25T12:36:16.885559544Z	64	PC: 12f5b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:16.892951537Z	64	PC: 12f68 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:16.896797736Z	87	PC: 12f74 \| Get or set file date and time
2018-12-25T12:36:16.899119888Z	62	PC: 12f78 \| Close file
2018-12-25T12:36:16.90804814Z	67	PC: 12f87 \| Get or set file attributes
2018-12-25T12:36:16.919273885Z	26	PC: 12f91 \| Set disk transfer address