Sample viewer

vx.netlux.org/Virus.DOS.IVP.Qumal.892

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:21.064427067Z	26	PC: 12ca2 \| Set disk transfer address
2018-12-17T23:02:21.066966709Z	53	PC: 12a82 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:21.068476015Z	37	PC: 12a97 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:21.069774565Z	78	PC: 12af8 \| Find first file
2018-12-17T23:02:21.071724509Z	42	PC: 12c2a \| Get date 0x12c2a: jmp 0x12c2c 0x12c2c: cmp cx, 0x7d0 0x12c30: jne 0x12c94 0x12c32: cmp dh, 1 0x12c35: jne 0x12c94 0x12c37: cmp dl, 1 0x12c3a: jne 0x12c94 0x12c3c: mov ah, 9 0x12c3e: lea dx, word ptr [bp + 0x39f] 0x12c42: int 0x21 0x12c44: jmp 0x12c46 0x12c46: cmp dh, 0xc 0x12c49: jne 0x12c94 0x12c4b: cmp dl, 0x19 0x12c4e: jne 0x12c94 0x12c50: mov ah, 9 0x12c52: lea dx, word ptr [bp + 0x3c5] 0x12c56: int 0x21 0x12c58: jmp 0x12c5a 0x12c5a: cmp dh, 5
2018-12-17T23:02:21.074891599Z	37	PC: 12aae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:02:21.076596563Z	26	PC: 12ca2 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14171,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:59.243879643Z	26	PC: 12ca2 \| Set disk transfer address
2018-12-25T12:39:59.246564215Z	53	PC: 12a82 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:59.248041415Z	37	PC: 12a97 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:59.24971841Z	78	PC: 12af8 \| Find first file
2018-12-25T12:39:59.252270302Z	42	PC: 12c2a \| Get date 0x12c2a: jmp 0x12c2c 0x12c2c: cmp cx, 0x7d0 0x12c30: jne 0x12c94 0x12c32: cmp dh, 1 0x12c35: jne 0x12c94 0x12c37: cmp dl, 1 0x12c3a: jne 0x12c94 0x12c3c: mov ah, 9 0x12c3e: lea dx, word ptr [bp + 0x39f] 0x12c42: int 0x21 0x12c44: jmp 0x12c46 0x12c46: cmp dh, 0xc 0x12c49: jne 0x12c94 0x12c4b: cmp dl, 0x19 0x12c4e: jne 0x12c94 0x12c50: mov ah, 9 0x12c52: lea dx, word ptr [bp + 0x3c5] 0x12c56: int 0x21 0x12c58: jmp 0x12c5a 0x12c5a: cmp dh, 5
2018-12-25T12:39:59.255700274Z	37	PC: 12aae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:59.257395017Z	26	PC: 12ca2 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14171,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:01.627571845Z	26	PC: 12ca2 \| Set disk transfer address
2018-12-25T12:40:01.629452205Z	53	PC: 12a82 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:01.632895834Z	37	PC: 12a97 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:01.634297194Z	78	PC: 12af8 \| Find first file
2018-12-25T12:40:01.636853493Z	42	PC: 12c2a \| Get date 0x12c2a: jmp 0x12c2c 0x12c2c: cmp cx, 0x7d0 0x12c30: jne 0x12c94 0x12c32: cmp dh, 1 0x12c35: jne 0x12c94 0x12c37: cmp dl, 1 0x12c3a: jne 0x12c94 0x12c3c: mov ah, 9 0x12c3e: lea dx, word ptr [bp + 0x39f] 0x12c42: int 0x21 0x12c44: jmp 0x12c46 0x12c46: cmp dh, 0xc 0x12c49: jne 0x12c94 0x12c4b: cmp dl, 0x19 0x12c4e: jne 0x12c94 0x12c50: mov ah, 9 0x12c52: lea dx, word ptr [bp + 0x3c5] 0x12c56: int 0x21 0x12c58: jmp 0x12c5a 0x12c5a: cmp dh, 5
2018-12-25T12:40:01.639636492Z	9	PC: 12c44 \| Display string (String= '�o!�q!��L!_^��Ë׿��&��«�ë��ÿ��C�/<�u �C�/�0�2�/DEV/CON\COMMAND.COMC:\AUTOEXEC.BAT C:\KAUTOEXE.BAT �Wc3PATH=C:\MSDOSC:\DOSPROMPT=')
2018-12-25T12:40:01.645799953Z	37	PC: 12aae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:01.647745341Z	26	PC: 12ca2 \| Set disk transfer address (See above)
2018-12-25T12:40:04.167746662Z	64	PC: 162cd \| Write file or device (Write 2 bytes on handle 389)
2018-12-25T12:40:04.169052148Z	62	PC: 162b1 \| Close file

{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14171,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:01.958735111Z	26	PC: 12ca2 \| Set disk transfer address
2018-12-25T12:40:01.960656724Z	53	PC: 12a82 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:01.962396558Z	37	PC: 12a97 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:01.963708729Z	78	PC: 12af8 \| Find first file
2018-12-25T12:40:01.966656313Z	42	PC: 12c2a \| Get date 0x12c2a: jmp 0x12c2c 0x12c2c: cmp cx, 0x7d0 0x12c30: jne 0x12c94 0x12c32: cmp dh, 1 0x12c35: jne 0x12c94 0x12c37: cmp dl, 1 0x12c3a: jne 0x12c94 0x12c3c: mov ah, 9 0x12c3e: lea dx, word ptr [bp + 0x39f] 0x12c42: int 0x21 0x12c44: jmp 0x12c46 0x12c46: cmp dh, 0xc 0x12c49: jne 0x12c94 0x12c4b: cmp dl, 0x19 0x12c4e: jne 0x12c94 0x12c50: mov ah, 9 0x12c52: lea dx, word ptr [bp + 0x3c5] 0x12c56: int 0x21 0x12c58: jmp 0x12c5a 0x12c5a: cmp dh, 5
2018-12-25T12:40:01.969808351Z	37	PC: 12aae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:01.971281458Z	26	PC: 12ca2 \| Set disk transfer address (See above)
2018-12-25T12:40:04.472695851Z	64	PC: 162cd \| Write file or device (Write 2 bytes on handle 389)
2018-12-25T12:40:04.473773719Z	62	PC: 162b1 \| Close file

{"DateBased":true,"Day":1,"Month":2,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14171,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:03.950637763Z	26	PC: 12ca2 \| Set disk transfer address
2018-12-25T12:40:03.952518012Z	53	PC: 12a82 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:03.954022213Z	37	PC: 12a97 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:03.955403781Z	78	PC: 12af8 \| Find first file
2018-12-25T12:40:03.957454259Z	42	PC: 12c2a \| Get date 0x12c2a: jmp 0x12c2c 0x12c2c: cmp cx, 0x7d0 0x12c30: jne 0x12c94 0x12c32: cmp dh, 1 0x12c35: jne 0x12c94 0x12c37: cmp dl, 1 0x12c3a: jne 0x12c94 0x12c3c: mov ah, 9 0x12c3e: lea dx, word ptr [bp + 0x39f] 0x12c42: int 0x21 0x12c44: jmp 0x12c46 0x12c46: cmp dh, 0xc 0x12c49: jne 0x12c94 0x12c4b: cmp dl, 0x19 0x12c4e: jne 0x12c94 0x12c50: mov ah, 9 0x12c52: lea dx, word ptr [bp + 0x3c5] 0x12c56: int 0x21 0x12c58: jmp 0x12c5a 0x12c5a: cmp dh, 5
2018-12-25T12:40:03.961216034Z	37	PC: 12aae \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:40:03.962595134Z	26	PC: 12ca2 \| Set disk transfer address (See above)
2018-12-25T12:40:06.474145824Z	64	PC: 162cd \| Write file or device (Write 2 bytes on handle 389)
2018-12-25T12:40:06.476293247Z	62	PC: 162b1 \| Close file