Sample viewer

vx.netlux.org/Virus.DOS.FileHider.1057

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:29.398893533Z 161 PC: 12c31 | UNKNOWN!
2018-12-17T23:01:29.400111472Z 74 PC: 12c3d | Reallocate memory
2018-12-17T23:01:29.410045709Z 72 PC: 12c62 | Allocate memory
2018-12-17T23:01:29.412249861Z 53 PC: 229bd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:29.414037279Z 37 PC: 22a02 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:29.417387014Z 82 PC: 22a06 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:01:29.425376977Z 81 PC: 12b87 | Get current PSP
2018-12-17T23:01:29.427010406Z 73 PC: 12b93 | Release memory
2018-12-17T23:01:29.430453115Z 53 PC: 12b99 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:01:29.433243538Z 37 PC: 12ba9 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:01:29.435835709Z 44 PC: 12bad | Get time 0x12bad: mov byte ptr [0x108], ch
0x12bb1: mov byte ptr [0x10a], cl
0x12bb5: mov byte ptr [0x10c], dh
0x12bb9: mov al, byte ptr [0x108]
0x12bbc: xor ah, ah
0x12bbe: mov cl, 0xa
0x12bc0: div cl
0x12bc2: mov byte ptr [0x109], ah
0x12bc6: mov byte ptr [0x108], al
0x12bc9: mov al, byte ptr [0x10a]
0x12bcc: xor ah, ah
0x12bce: div cl
0x12bd0: mov byte ptr [0x10b], ah
0x12bd4: mov byte ptr [0x10a], al
0x12bd7: mov al, byte ptr [0x10c]
0x12bda: xor ah, ah
0x12bdc: div cl
0x12bde: mov byte ptr [0x10d], ah
0x12be2: mov byte ptr [0x10c], al
0x12be5: mov dx, 0x115
2018-12-17T23:01:29.442219013Z 9 PC: 12bec | Display string (String= '�4')
2018-12-17T23:01:29.448098511Z 49 PC: 12bf4 | Terminate and stay resident (Return code = '0' | Memory size = '35')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13899,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:21.624520408Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:39:21.647494091Z 41 PC: 94fae | Parse filename
2018-12-25T12:39:21.654762295Z 41 PC: 9502f | Parse filename
2018-12-25T12:39:21.659196828Z 41 PC: 9504c | Parse filename
2018-12-25T12:39:21.665961673Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T12:39:21.670756343Z 71 PC: 986f3 | Get current directory
2018-12-25T12:39:21.678932953Z 78 PC: 986fe | Find first file
2018-12-25T12:39:21.69847207Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:39:21.70323846Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:39:21.715781668Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T12:39:21.723143228Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:39:21.73124339Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:39:21.732621101Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:21.734057173Z 62 PC: 122ab | Close file
2018-12-25T12:39:21.752142388Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.756811276Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.762788829Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.765367877Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.768556507Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.770986752Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.773453307Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.777466403Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.780735469Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.783000656Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.786246444Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.800787359Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.802919339Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.805538347Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:39:21.80839602Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T12:39:21.812619912Z 56 PC: 94df9 | Get or set country info
2018-12-25T12:39:21.820353023Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:39:21.825734273Z 25 PC: 94e62 | Get default drive
2018-12-25T12:39:21.827526508Z 71 PC: 970dd | Get current directory
2018-12-25T12:39:21.831927011Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:39:21.836476638Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T12:39:21.838960464Z 93 PC: 94f20 | File sharing functions
2018-12-25T12:39:21.840874314Z 93 PC: 94f27 | File sharing functions
2018-12-25T12:39:21.843845202Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T12:39:36.665645784Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:39:38.020846634Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:39:38.123156614Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T12:39:38.129661566Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T12:39:38.133187321Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T12:39:38.134886264Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T12:39:38.13935174Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T12:39:38.142708866Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T12:39:38.151515532Z 78 PC: 986fe | Find first file (See above)
2018-12-25T12:39:38.161016714Z 71 PC: 9856c | Get current directory
2018-12-25T12:39:38.164895116Z 73 PC: 97c09 | Release memory
2018-12-25T12:39:38.166930774Z 75 PC: 11821 | Execute program
2018-12-25T12:39:38.182862283Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T12:39:38.188955114Z 76 PC: 12a4b | Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":23,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13899,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:21.698936818Z 161 PC: 12c31 | UNKNOWN!
2018-12-25T12:39:21.700665914Z 74 PC: 12c3d | Reallocate memory
2018-12-25T12:39:21.70360861Z 72 PC: 12c62 | Allocate memory
2018-12-25T12:39:21.70577971Z 53 PC: 229bd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:21.707547074Z 37 PC: 22a02 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:39:21.711051379Z 82 PC: 22a06 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:39:21.712629422Z 81 PC: 12b87 | Get current PSP
2018-12-25T12:39:21.713660096Z 73 PC: 12b93 | Release memory
2018-12-25T12:39:21.715790382Z 53 PC: 12b99 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:39:21.717560688Z 37 PC: 12ba9 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:39:21.71931594Z 44 PC: 12bad | Get time 0x12bad: mov byte ptr [0x108], ch
0x12bb1: mov byte ptr [0x10a], cl
0x12bb5: mov byte ptr [0x10c], dh
0x12bb9: mov al, byte ptr [0x108]
0x12bbc: xor ah, ah
0x12bbe: mov cl, 0xa
0x12bc0: div cl
0x12bc2: mov byte ptr [0x109], ah
0x12bc6: mov byte ptr [0x108], al
0x12bc9: mov al, byte ptr [0x10a]
0x12bcc: xor ah, ah
0x12bce: div cl
0x12bd0: mov byte ptr [0x10b], ah
0x12bd4: mov byte ptr [0x10a], al
0x12bd7: mov al, byte ptr [0x10c]
0x12bda: xor ah, ah
0x12bdc: div cl
0x12bde: mov byte ptr [0x10d], ah
0x12be2: mov byte ptr [0x10c], al
0x12be5: mov dx, 0x115
2018-12-25T12:39:21.722572052Z 9 PC: 12bec | Display string (String= '�4')
2018-12-25T12:39:21.728862994Z 49 PC: 12bf4 | Terminate and stay resident (Return code = '0' | Memory size = '35')