Sample viewer

vx.netlux.org/Virus.DOS.TraceBack.3029

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:31.556579794Z 25 PC: 14c51 | Get default drive
2018-12-17T23:00:31.558054893Z 42 PC: 14c92 | Get date 0x14c92: cmp cx, 0x7c4
0x14c96: jge 0x14c9e
0x14c98: jmp 0x14cc1
0x14c9a: push 0xa429
0x14c9d: adc bh, byte ptr [bx + 0xf]
0x14ca0: cmp dh, 0xc
0x14ca3: jl 0x14cc1
0x14ca5: cmp dl, 5
0x14ca8: jl 0x14cc1
0x14caa: cmp dl, 0x1c
0x14cad: jl 0x14cba
0x14caf: mov word ptr [si + 0x852], 0xffdc
0x14cb5: mov byte ptr [si + 0x84d], 0x88
0x14cba: cmp byte ptr [si + 4], 0xf8
0x14cbf: jae 0x14cd6
0x14cc1: mov byte ptr cs:[si + 0xee], 0
0x14cc7: jmp 0x14e47
0x14cca: cmp byte ptr [si + 4], 0xf8
0x14ccf: jae 0x14cd6
0x14cd1: or byte ptr [si + 0x84d], 4
2018-12-17T23:00:31.560078233Z 67 PC: 14e1f | Get or set file attributes
2018-12-17T23:00:31.565614637Z 71 PC: 14d48 | Get current directory
2018-12-17T23:00:31.568784411Z 59 PC: 14e1f | Change current directory
2018-12-17T23:00:31.57246074Z 26 PC: 14d62 | Set disk transfer address
2018-12-17T23:00:31.57347974Z 78 PC: 14e1f | Find first file
2018-12-17T23:00:31.579514602Z 25 PC: 14f21 | Get default drive
2018-12-17T23:00:31.580433903Z 71 PC: 14f3b | Get current directory
2018-12-17T23:00:31.587685861Z 67 PC: 14e1f | Get or set file attributes
2018-12-17T23:00:31.598089324Z 67 PC: 14e1f | Get or set file attributes
2018-12-17T23:00:31.616138468Z 61 PC: 14e1f | Open file (Filename = '��� �(null)')
2018-12-17T23:00:31.628743939Z 87 PC: 14fa9 | Get or set file date and time
2018-12-17T23:00:31.632789821Z 63 PC: 14fc1 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:00:31.6390525Z 66 PC: 15148 | Move file pointer
2018-12-17T23:00:31.640585296Z 66 PC: 15148 | Move file pointer
2018-12-17T23:00:31.642719801Z 64 PC: 1500a | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:31.645290317Z 64 PC: 15016 | Write file or device (Write 3024 bytes on handle 5)
2018-12-17T23:00:31.653566065Z 66 PC: 1501f | Move file pointer
2018-12-17T23:00:31.655011276Z 64 PC: 15032 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:00:31.661383508Z 87 PC: 14f9e | Get or set file date and time
2018-12-17T23:00:31.662737859Z 62 PC: 14fa2 | Close file
2018-12-17T23:00:31.670451252Z 59 PC: 14e1f | Change current directory
2018-12-17T23:00:31.674561262Z 59 PC: 14e47 | Change current directory
2018-12-17T23:00:31.676260689Z 14 PC: 14e80 | Set default drive (Drive = 'A')
2018-12-17T23:00:31.677695014Z 48 PC: 1351c | Get DOS version
2018-12-17T23:00:31.682423957Z 74 PC: 1355e | Reallocate memory
2018-12-17T23:00:31.683739363Z 53 PC: 1356e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:31.684841226Z 37 PC: 13582 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:31.686582016Z 68 PC: 135c9 | I/O control for devices (Set for = 'M .�Y ')
2018-12-17T23:00:31.687902508Z 68 PC: 135c9 | I/O control for devices (Set for = '')
2018-12-17T23:00:31.6893576Z 68 PC: 135c9 | I/O control for devices
2018-12-17T23:00:31.691298445Z 68 PC: 135c9 | I/O control for devices
2018-12-17T23:00:31.692590973Z 68 PC: 135c9 | I/O control for devices
2018-12-17T23:00:31.695023189Z 48 PC: 136b7 | Get DOS version
2018-12-17T23:00:31.698862263Z 64 PC: 146ab | Write file or device (Write 21 bytes on handle 1)
2018-12-17T23:00:31.701572508Z 64 PC: 146c4 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:00:31.706204199Z 37 PC: 138ac | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:00:31.709208356Z 76 PC: 138c1 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13569,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:30.117076394Z 25 PC: 14c51 | Get default drive
2018-12-25T12:38:30.11895296Z 42 PC: 14c92 | Get date 0x14c92: cmp cx, 0x7c4
0x14c96: jge 0x14c9e
0x14c98: jmp 0x14cc1
0x14c9a: push 0xa429
0x14c9d: adc bh, byte ptr [bx + 0xf]
0x14ca0: cmp dh, 0xc
0x14ca3: jl 0x14cc1
0x14ca5: cmp dl, 5
0x14ca8: jl 0x14cc1
0x14caa: cmp dl, 0x1c
0x14cad: jl 0x14cba
0x14caf: mov word ptr [si + 0x852], 0xffdc
0x14cb5: mov byte ptr [si + 0x84d], 0x88
0x14cba: cmp byte ptr [si + 4], 0xf8
0x14cbf: jae 0x14cd6
0x14cc1: mov byte ptr cs:[si + 0xee], 0
0x14cc7: jmp 0x14e47
0x14cca: cmp byte ptr [si + 4], 0xf8
0x14ccf: jae 0x14cd6
0x14cd1: or byte ptr [si + 0x84d], 4
2018-12-25T12:38:30.121187275Z 14 PC: 14e80 | Set default drive (Drive = 'A')
2018-12-25T12:38:30.122717036Z 48 PC: 1351c | Get DOS version
2018-12-25T12:38:30.12529905Z 74 PC: 1355e | Reallocate memory
2018-12-25T12:38:30.126657989Z 53 PC: 1356e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:38:30.127818449Z 37 PC: 13582 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:38:30.129454108Z 68 PC: 135c9 | I/O control for devices (Set for = 'M .�Y ')
2018-12-25T12:38:30.13093388Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.132158702Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.133799443Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.136102814Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.138556127Z 48 PC: 136b7 | Get DOS version
2018-12-25T12:38:30.141450862Z 64 PC: 146ab | Write file or device (Write 21 bytes on handle 1)
2018-12-25T12:38:30.144965576Z 64 PC: 146c4 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:38:30.149462714Z 37 PC: 138ac | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:38:30.150504423Z 76 PC: 138c1 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13569,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:30.935149722Z 25 PC: 14c51 | Get default drive
2018-12-25T12:38:30.937450069Z 42 PC: 14c92 | Get date 0x14c92: cmp cx, 0x7c4
0x14c96: jge 0x14c9e
0x14c98: jmp 0x14cc1
0x14c9a: push 0xa429
0x14c9d: adc bh, byte ptr [bx + 0xf]
0x14ca0: cmp dh, 0xc
0x14ca3: jl 0x14cc1
0x14ca5: cmp dl, 5
0x14ca8: jl 0x14cc1
0x14caa: cmp dl, 0x1c
0x14cad: jl 0x14cba
0x14caf: mov word ptr [si + 0x852], 0xffdc
0x14cb5: mov byte ptr [si + 0x84d], 0x88
0x14cba: cmp byte ptr [si + 4], 0xf8
0x14cbf: jae 0x14cd6
0x14cc1: mov byte ptr cs:[si + 0xee], 0
0x14cc7: jmp 0x14e47
0x14cca: cmp byte ptr [si + 4], 0xf8
0x14ccf: jae 0x14cd6
0x14cd1: or byte ptr [si + 0x84d], 4
2018-12-25T12:38:30.939446883Z 14 PC: 14e80 | Set default drive (Drive = 'A')
2018-12-25T12:38:30.940649098Z 48 PC: 1351c | Get DOS version
2018-12-25T12:38:30.942442554Z 74 PC: 1355e | Reallocate memory
2018-12-25T12:38:30.943820514Z 53 PC: 1356e | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:38:30.945194015Z 37 PC: 13582 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:38:30.948860159Z 68 PC: 135c9 | I/O control for devices (Set for = 'M .�Y ')
2018-12-25T12:38:30.950135919Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.951455086Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.966508004Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.967823169Z 68 PC: 135c9 | I/O control for devices (See above)
2018-12-25T12:38:30.969975268Z 48 PC: 136b7 | Get DOS version
2018-12-25T12:38:30.973379879Z 64 PC: 146ab | Write file or device (Write 21 bytes on handle 1)
2018-12-25T12:38:30.993288167Z 64 PC: 146c4 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:38:30.998102166Z 37 PC: 138ac | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:38:31.012230815Z 76 PC: 138c1 | Terminate with return code (Return code = '1')