Sample viewer

vx.netlux.org/Virus.DOS.Brackets.1367

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:20.91925122Z 238 PC: 1758d | UNKNOWN!
2018-12-17T22:58:20.920584168Z 53 PC: 175ef | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:20.923388117Z 53 PC: 175fc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:20.925043617Z 53 PC: 17609 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:58:20.926550665Z 37 PC: 1762d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:20.928772833Z 42 PC: 17631 | Get date 0x17631: cmp al, 6
0x17633: jne 0x1763d
0x17635: mov ax, 0x251c
0x17638: mov dx, 0x3e0
0x1763b: int 0x21
0x1763d: pop ax
0x1763e: mov es, ax
0x17640: mov ds, ax
0x17642: cmp byte ptr cs:[bx + 0x1e], 1
0x17647: jne 0x1765f
0x17649: pop cx
0x1764a: add ax, 0x10
0x1764d: add word ptr cs:[bx + 0x31], ax
0x17651: add ax, word ptr cs:[bx + 0x35]
0x17655: mov ss, ax
0x17657: mov sp, word ptr cs:[bx + 0x33]
0x1765b: ljmp ptr cs:[bx + 0x2f]
0x1765f: mov di, 0x100
0x17662: mov si, bx
0x17664: add si, 0x37
2018-12-17T22:58:20.932174439Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-17T22:58:20.934031173Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-17T22:58:20.936865889Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-17T22:58:20.939179059Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-17T22:58:20.941358014Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:58:20.945522159Z 48 PC: 13763 | Get DOS version
2018-12-17T22:58:20.948175228Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-17T22:58:20.956180811Z 64 PC: 139e5 | Write file or device (Write 9 bytes on handle 1)
2018-12-17T22:58:20.961315513Z 64 PC: 139e5 | Write file or device (Write 17 bytes on handle 1)
2018-12-17T22:58:20.968381041Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12851,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:39.392742524Z 238 PC: 1758d | UNKNOWN!
2018-12-25T12:36:39.39499427Z 53 PC: 175ef | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:39.3965678Z 53 PC: 175fc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:39.399658454Z 53 PC: 17609 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:36:39.406025429Z 37 PC: 1762d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:39.407970537Z 42 PC: 17631 | Get date 0x17631: cmp al, 6
0x17633: jne 0x1763d
0x17635: mov ax, 0x251c
0x17638: mov dx, 0x3e0
0x1763b: int 0x21
0x1763d: pop ax
0x1763e: mov es, ax
0x17640: mov ds, ax
0x17642: cmp byte ptr cs:[bx + 0x1e], 1
0x17647: jne 0x1765f
0x17649: pop cx
0x1764a: add ax, 0x10
0x1764d: add word ptr cs:[bx + 0x31], ax
0x17651: add ax, word ptr cs:[bx + 0x35]
0x17655: mov ss, ax
0x17657: mov sp, word ptr cs:[bx + 0x33]
0x1765b: ljmp ptr cs:[bx + 0x2f]
0x1765f: mov di, 0x100
0x17662: mov si, bx
0x17664: add si, 0x37
2018-12-25T12:36:39.41140441Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T12:36:39.413258867Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T12:36:39.416074879Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T12:36:39.418315624Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T12:36:39.420363722Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:36:39.428482608Z 48 PC: 13763 | Get DOS version
2018-12-25T12:36:39.432006528Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T12:36:39.438727236Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:36:39.444155945Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:36:39.449624082Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12851,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:39.520347491Z 238 PC: 1758d | UNKNOWN!
2018-12-25T12:36:39.52142964Z 53 PC: 175ef | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:39.522323313Z 53 PC: 175fc | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:39.523167162Z 53 PC: 17609 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:36:39.524459842Z 37 PC: 1762d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:39.525372144Z 42 PC: 17631 | Get date 0x17631: cmp al, 6
0x17633: jne 0x1763d
0x17635: mov ax, 0x251c
0x17638: mov dx, 0x3e0
0x1763b: int 0x21
0x1763d: pop ax
0x1763e: mov es, ax
0x17640: mov ds, ax
0x17642: cmp byte ptr cs:[bx + 0x1e], 1
0x17647: jne 0x1765f
0x17649: pop cx
0x1764a: add ax, 0x10
0x1764d: add word ptr cs:[bx + 0x31], ax
0x17651: add ax, word ptr cs:[bx + 0x35]
0x17655: mov ss, ax
0x17657: mov sp, word ptr cs:[bx + 0x33]
0x1765b: ljmp ptr cs:[bx + 0x2f]
0x1765f: mov di, 0x100
0x17662: mov si, bx
0x17664: add si, 0x37
2018-12-25T12:36:39.526722384Z 37 PC: 1763d | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:36:39.528220455Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T12:36:39.529355286Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T12:36:39.530518281Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T12:36:39.53262906Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T12:36:39.533892272Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:36:39.535385611Z 48 PC: 13763 | Get DOS version
2018-12-25T12:36:39.537558745Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T12:36:39.54326307Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:36:39.547565016Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:36:39.556485542Z 76 PC: 147f8 | Terminate with return code (Return code = '4')