Sample viewer

vx.netlux.org/Virus.DOS.Taiwan.677

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:46.567507183Z 25 PC: 12a97 | Get default drive
2018-12-17T23:01:46.569257251Z 71 PC: 12aa6 | Get current directory
2018-12-17T23:01:46.572021796Z 255 PC: 12ab1 | UNKNOWN!
2018-12-17T23:01:46.572798054Z 14 PC: 12ad3 | Set default drive (Drive = 'C')
2018-12-17T23:01:46.574488504Z 59 PC: 12ada | Change current directory
2018-12-17T23:01:46.577823087Z 78 PC: 12ae4 | Find first file
2018-12-17T23:01:46.583083926Z 67 PC: 12b4a | Get or set file attributes
2018-12-17T23:01:47.853403295Z 61 PC: 12b53 | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:01:47.860675521Z 63 PC: 12b5f | Read file or device (Read 677 bytes on handle 5)
2018-12-17T23:01:47.867355321Z 66 PC: 12b69 | Move file pointer
2018-12-17T23:01:47.869027692Z 64 PC: 12b7e | Write file or device (Write 677 bytes on handle 5)
2018-12-17T23:01:47.875639655Z 66 PC: 12b88 | Move file pointer
2018-12-17T23:01:47.877339701Z 64 PC: 12b92 | Write file or device (Write 677 bytes on handle 5)
2018-12-17T23:01:47.887021682Z 87 PC: 12ba3 | Get or set file date and time
2018-12-17T23:01:47.892713438Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T23:01:47.896854733Z 62 PC: 12bb4 | Close file
2018-12-17T23:01:47.90405236Z 79 PC: 12bdf | Find next file
2018-12-17T23:01:47.907249585Z 78 PC: 12bee | Find first file
2018-12-17T23:01:47.912368503Z 59 PC: 12c06 | Change current directory
2018-12-17T23:01:47.918036837Z 78 PC: 12ae4 | Find first file
2018-12-17T23:01:47.927256563Z 79 PC: 12bdf | Find next file
2018-12-17T23:01:47.930217193Z 67 PC: 12b4a | Get or set file attributes
2018-12-17T23:01:47.941006785Z 61 PC: 12b53 | Open file (Filename = 'FORMAT.COM')
2018-12-17T23:01:47.949579738Z 63 PC: 12b5f | Read file or device (Read 677 bytes on handle 5)
2018-12-17T23:01:47.955882027Z 66 PC: 12b69 | Move file pointer
2018-12-17T23:01:47.957602363Z 64 PC: 12b7e | Write file or device (Write 677 bytes on handle 5)
2018-12-17T23:01:48.19105763Z 66 PC: 12b88 | Move file pointer
2018-12-17T23:01:48.192414372Z 64 PC: 12b92 | Write file or device (Write 677 bytes on handle 5)
2018-12-17T23:01:48.296435179Z 87 PC: 12ba3 | Get or set file date and time
2018-12-17T23:01:48.299358955Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T23:01:48.304388344Z 62 PC: 12bb4 | Close file
2018-12-17T23:01:48.31117788Z 79 PC: 12bdf | Find next file
2018-12-17T23:01:48.315563486Z 67 PC: 12b4a | Get or set file attributes
2018-12-17T23:01:48.326713036Z 61 PC: 12b53 | Open file (Filename = 'KEYB.COM')
2018-12-17T23:01:48.333478065Z 63 PC: 12b5f | Read file or device (Read 677 bytes on handle 5)
2018-12-17T23:01:48.340360026Z 66 PC: 12b69 | Move file pointer
2018-12-17T23:01:48.342401961Z 64 PC: 12b7e | Write file or device (Write 677 bytes on handle 5)
2018-12-17T23:01:48.349016399Z 66 PC: 12b88 | Move file pointer
2018-12-17T23:01:48.350811931Z 64 PC: 12b92 | Write file or device (Write 677 bytes on handle 5)
2018-12-17T23:01:48.359367135Z 87 PC: 12ba3 | Get or set file date and time
2018-12-17T23:01:48.360795393Z 67 PC: 12bb0 | Get or set file attributes
2018-12-17T23:01:48.364939753Z 62 PC: 12bb4 | Close file
2018-12-17T23:01:48.373243102Z 42 PC: 12c4c | Get date 0x12c4c: cmp dl, 8
0x12c4f: jne 0x12c73
0x12c51: mov byte ptr [0xf708], 1
0x12c56: nop
0x12c57: mov al, byte ptr [0xf707]
0x12c5a: mov cx, 0x140
0x12c5d: xor dx, dx
0x12c5f: int 0x26
0x12c61: popf
0x12c62: cmp byte ptr [0xf706], 2
0x12c67: jne 0x12c82
0x12c69: mov al, 3
0x12c6b: mov cx, 0x140
0x12c6e: xor dx, dx
0x12c70: int 0x26
0x12c72: popf
0x12c73: mov ah, 0xe
0x12c75: mov dl, byte ptr [0xf709]
0x12c79: int 0x21
0x12c7b: mov ah, 0x3b
2018-12-17T23:01:48.375368215Z 14 PC: 12c7b | Set default drive (Drive = 'A')
2018-12-17T23:01:48.376644885Z 59 PC: 12c82 | Change current directory
2018-12-17T23:01:48.381277863Z 48 PC: 12a4b | Get DOS version
2018-12-17T23:01:48.382405834Z 53 PC: 12b86 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:48.383541906Z 53 PC: 12b93 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:01:48.385675577Z 53 PC: 12ba0 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:01:48.386783853Z 53 PC: 12bad | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:01:48.387898229Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:48.389987976Z 74 PC: 12b18 | Reallocate memory
2018-12-17T23:01:48.39260891Z 9 PC: 12f53 | Display string (String= ' ')
2018-12-17T23:01:48.398096836Z 9 PC: 12f53 | Display string (String= 'PROTECT2 Version 0.00 by Deng Liu ')
2018-12-17T23:01:48.403041055Z 9 PC: 12f53 | Display string (String= 'Press ALT-RIGHT-SHIFT to switch HDD status ')
2018-12-17T23:01:48.408288078Z 9 PC: 12f53 | Display string (String= 'Your HDD is in NORMAL mode now. ')
2018-12-17T23:01:48.413535514Z 53 PC: 132d2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:01:48.415490697Z 53 PC: 132d2 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:01:48.416733178Z 37 PC: 132e8 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:01:48.417868433Z 37 PC: 132e8 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:01:48.419196581Z 37 PC: 12bcd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:01:48.420849342Z 37 PC: 12bd8 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:01:48.421903842Z 37 PC: 12be3 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:01:48.42300509Z 37 PC: 12bee | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:01:48.424891278Z 49 PC: 132fb | Terminate and stay resident (Return code = '0' | Memory size = '200')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13980,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:40.706365345Z 25 PC: 12a97 | Get default drive
2018-12-25T12:39:40.707680564Z 71 PC: 12aa6 | Get current directory
2018-12-25T12:39:40.711249925Z 255 PC: 12ab1 | UNKNOWN!
2018-12-25T12:39:40.712201081Z 14 PC: 12ad3 | Set default drive (Drive = 'C')
2018-12-25T12:39:40.713639143Z 59 PC: 12ada | Change current directory
2018-12-25T12:39:40.718814806Z 78 PC: 12ae4 | Find first file
2018-12-25T12:39:40.724956371Z 67 PC: 12b4a | Get or set file attributes
2018-12-25T12:39:41.066348699Z 61 PC: 12b53 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:39:41.074012259Z 63 PC: 12b5f | Read file or device (Read 677 bytes on handle 5)
2018-12-25T12:39:41.080905404Z 66 PC: 12b69 | Move file pointer
2018-12-25T12:39:41.08249619Z 64 PC: 12b7e | Write file or device (Write 677 bytes on handle 5)
2018-12-25T12:39:41.090094293Z 66 PC: 12b88 | Move file pointer
2018-12-25T12:39:41.091757471Z 64 PC: 12b92 | Write file or device (Write 677 bytes on handle 5)
2018-12-25T12:39:41.102135575Z 87 PC: 12ba3 | Get or set file date and time
2018-12-25T12:39:41.10466804Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T12:39:41.109318936Z 62 PC: 12bb4 | Close file
2018-12-25T12:39:41.117781524Z 79 PC: 12bdf | Find next file
2018-12-25T12:39:41.120984417Z 78 PC: 12bee | Find first file
2018-12-25T12:39:41.126956025Z 59 PC: 12c06 | Change current directory
2018-12-25T12:39:41.13346355Z 78 PC: 12ae4 | Find first file (See above)
2018-12-25T12:39:41.144422241Z 79 PC: 12bdf | Find next file (See above)
2018-12-25T12:39:41.147963784Z 67 PC: 12b4a | Get or set file attributes (See above)
2018-12-25T12:39:41.158208702Z 61 PC: 12b53 | Open file (See above)
2018-12-25T12:39:41.165706474Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:39:41.173492278Z 66 PC: 12b69 | Move file pointer (See above)
2018-12-25T12:39:41.174874694Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:39:41.181559354Z 66 PC: 12b88 | Move file pointer (See above)
2018-12-25T12:39:41.183446022Z 64 PC: 12b92 | Write file or device (See above)
2018-12-25T12:39:41.191608842Z 87 PC: 12ba3 | Get or set file date and time (See above)
2018-12-25T12:39:41.193031189Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T12:39:41.198028962Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:39:41.205118968Z 79 PC: 12bdf | Find next file (See above)
2018-12-25T12:39:41.208647933Z 67 PC: 12b4a | Get or set file attributes (See above)
2018-12-25T12:39:41.219160872Z 61 PC: 12b53 | Open file (See above)
2018-12-25T12:39:41.22694715Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:39:41.234896118Z 66 PC: 12b69 | Move file pointer (See above)
2018-12-25T12:39:41.237532093Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:39:41.244764835Z 66 PC: 12b88 | Move file pointer (See above)
2018-12-25T12:39:41.246345774Z 64 PC: 12b92 | Write file or device (See above)
2018-12-25T12:39:41.256043003Z 87 PC: 12ba3 | Get or set file date and time (See above)
2018-12-25T12:39:41.258076765Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T12:39:41.263064258Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:39:41.270850353Z 42 PC: 12c4c | Get date 0x12c4c: cmp dl, 8
0x12c4f: jne 0x12c73
0x12c51: mov byte ptr [0xf708], 1
0x12c56: nop
0x12c57: mov al, byte ptr [0xf707]
0x12c5a: mov cx, 0x140
0x12c5d: xor dx, dx
0x12c5f: int 0x26
0x12c61: popf
0x12c62: cmp byte ptr [0xf706], 2
0x12c67: jne 0x12c82
0x12c69: mov al, 3
0x12c6b: mov cx, 0x140
0x12c6e: xor dx, dx
0x12c70: int 0x26
0x12c72: popf
0x12c73: mov ah, 0xe
0x12c75: mov dl, byte ptr [0xf709]
0x12c79: int 0x21
0x12c7b: mov ah, 0x3b
2018-12-25T12:39:41.274131795Z 14 PC: 12c7b | Set default drive (Drive = 'A')
2018-12-25T12:39:41.275580195Z 59 PC: 12c82 | Change current directory
2018-12-25T12:39:41.280453568Z 48 PC: 12a4b | Get DOS version
2018-12-25T12:39:41.282325558Z 53 PC: 12b86 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:39:41.283727335Z 53 PC: 12b93 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:39:41.285030854Z 53 PC: 12ba0 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:39:41.286781017Z 53 PC: 12bad | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:39:41.288078843Z 37 PC: 12bc1 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:39:41.289723627Z 74 PC: 12b18 | Reallocate memory
2018-12-25T12:39:41.293673682Z 9 PC: 12f53 | Display string (String= ' ')
2018-12-25T12:39:41.299262177Z 9 PC: 12f53 | Display string (See above)
2018-12-25T12:39:41.30696565Z 9 PC: 12f53 | Display string (See above)
2018-12-25T12:39:41.312507566Z 9 PC: 12f53 | Display string (See above)
2018-12-25T12:39:41.319038713Z 53 PC: 132d2 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:39:41.320314055Z 53 PC: 132d2 | Get interrupt vector (See above)
2018-12-25T12:39:41.321572701Z 37 PC: 132e8 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:39:41.323402195Z 37 PC: 132e8 | Set interrupt vector (See above)
2018-12-25T12:39:41.32596593Z 37 PC: 12bcd | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:39:41.327850065Z 37 PC: 12bd8 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:39:41.332244967Z 37 PC: 12be3 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:39:41.334086556Z 37 PC: 12bee | Set interrupt vector (See above)
2018-12-25T12:39:41.336369672Z 49 PC: 132fb | Terminate and stay resident (Return code = '0' | Memory size = '200')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13980,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:41.186106432Z 25 PC: 12a97 | Get default drive
2018-12-25T12:39:41.188247506Z 71 PC: 12aa6 | Get current directory
2018-12-25T12:39:41.191458229Z 255 PC: 12ab1 | UNKNOWN!
2018-12-25T12:39:41.192686332Z 14 PC: 12ad3 | Set default drive (Drive = 'C')
2018-12-25T12:39:41.194583264Z 59 PC: 12ada | Change current directory
2018-12-25T12:39:41.198802586Z 78 PC: 12ae4 | Find first file
2018-12-25T12:39:41.205461741Z 67 PC: 12b4a | Get or set file attributes
2018-12-25T12:39:41.535807295Z 61 PC: 12b53 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:39:41.542754671Z 63 PC: 12b5f | Read file or device (Read 677 bytes on handle 5)
2018-12-25T12:39:41.549167875Z 66 PC: 12b69 | Move file pointer
2018-12-25T12:39:41.550855321Z 64 PC: 12b7e | Write file or device (Write 677 bytes on handle 5)
2018-12-25T12:39:41.566612509Z 66 PC: 12b88 | Move file pointer
2018-12-25T12:39:41.577935991Z 64 PC: 12b92 | Write file or device (Write 677 bytes on handle 5)
2018-12-25T12:39:41.587400809Z 87 PC: 12ba3 | Get or set file date and time
2018-12-25T12:39:41.589813901Z 67 PC: 12bb0 | Get or set file attributes
2018-12-25T12:39:41.594272317Z 62 PC: 12bb4 | Close file
2018-12-25T12:39:41.601367187Z 79 PC: 12bdf | Find next file
2018-12-25T12:39:41.605060229Z 78 PC: 12bee | Find first file
2018-12-25T12:39:41.610564209Z 59 PC: 12c06 | Change current directory
2018-12-25T12:39:41.616550016Z 78 PC: 12ae4 | Find first file (See above)
2018-12-25T12:39:41.626680676Z 79 PC: 12bdf | Find next file (See above)
2018-12-25T12:39:41.630486Z 67 PC: 12b4a | Get or set file attributes (See above)
2018-12-25T12:39:41.639676451Z 61 PC: 12b53 | Open file (See above)
2018-12-25T12:39:41.646788626Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:39:41.653153715Z 66 PC: 12b69 | Move file pointer (See above)
2018-12-25T12:39:41.654816944Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:39:41.662076262Z 66 PC: 12b88 | Move file pointer (See above)
2018-12-25T12:39:41.663486224Z 64 PC: 12b92 | Write file or device (See above)
2018-12-25T12:39:41.670864727Z 87 PC: 12ba3 | Get or set file date and time (See above)
2018-12-25T12:39:41.673015948Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T12:39:41.677237399Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:39:41.683691373Z 79 PC: 12bdf | Find next file (See above)
2018-12-25T12:39:41.687332662Z 67 PC: 12b4a | Get or set file attributes (See above)
2018-12-25T12:39:41.697304728Z 61 PC: 12b53 | Open file (See above)
2018-12-25T12:39:41.703997417Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:39:41.710433605Z 66 PC: 12b69 | Move file pointer (See above)
2018-12-25T12:39:41.712790291Z 64 PC: 12b7e | Write file or device (See above)
2018-12-25T12:39:41.719364227Z 66 PC: 12b88 | Move file pointer (See above)
2018-12-25T12:39:41.721004377Z 64 PC: 12b92 | Write file or device (See above)
2018-12-25T12:39:41.729933792Z 87 PC: 12ba3 | Get or set file date and time (See above)
2018-12-25T12:39:41.731423814Z 67 PC: 12bb0 | Get or set file attributes (See above)
2018-12-25T12:39:41.73543161Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:39:41.742972849Z 42 PC: 12c4c | Get date 0x12c4c: cmp dl, 8
0x12c4f: jne 0x12c73
0x12c51: mov byte ptr [0xf708], 1
0x12c56: nop
0x12c57: mov al, byte ptr [0xf707]
0x12c5a: mov cx, 0x140
0x12c5d: xor dx, dx
0x12c5f: int 0x26
0x12c61: popf
0x12c62: cmp byte ptr [0xf706], 2
0x12c67: jne 0x12c82
0x12c69: mov al, 3
0x12c6b: mov cx, 0x140
0x12c6e: xor dx, dx
0x12c70: int 0x26
0x12c72: popf
0x12c73: mov ah, 0xe
0x12c75: mov dl, byte ptr [0xf709]
0x12c79: int 0x21
0x12c7b: mov ah, 0x3b
2018-12-25T12:39:41.745703524Z 9 PC: 12caf | Display string (String= 'DOOM I,(c) NCU Taiwan. ')
2018-12-25T12:39:41.749693399Z 7 PC: 12cb3 | Direct console input without echo