Sample viewer

vx.netlux.org/Virus.DOS.Trivial.QTI.211

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:35.321717505Z 42 PC: 12a6f | Get date 0x12a6f: cmp dl, 0x13
0x12a72: jne 0x12aae
0x12a74: int 0x11
0x12a76: and ax, 0x30
0x12a79: cmp ax, 0x30
0x12a7c: jne 0x12a84
0x12a7e: mov ax, 0xb000
0x12a81: jmp 0x12a87
0x12a83: nop
0x12a84: mov ax, 0xb800
0x12a87: mov es, ax
0x12a89: xor di, di
0x12a8b: mov cx, 0x7d0
0x12a8e: push cx
0x12a8f: mov al, byte ptr es:[di]
0x12a92: cmp al, 0x20
0x12a94: je 0x12a9d
0x12a96: inc al
0x12a98: mov ah, 0xf
0x12a9a: mov word ptr es:[di], ax
2018-12-17T23:05:35.324140561Z 78 PC: 12ab7 | Find first file
2018-12-17T23:05:35.331663046Z 47 PC: 12abb | Get disk transfer address
2018-12-17T23:05:35.332987987Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:05:35.33989268Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-17T23:05:35.348202656Z 62 PC: 12ad9 | Close file
2018-12-17T23:05:35.36289888Z 79 PC: 12add | Find next file
2018-12-17T23:05:35.366447243Z 47 PC: 12abb | Get disk transfer address
2018-12-17T23:05:35.369159152Z 61 PC: 12ac7 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:05:35.377077762Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-17T23:05:35.385198411Z 62 PC: 12ad9 | Close file
2018-12-17T23:05:35.395229864Z 79 PC: 12add | Find next file
2018-12-17T23:05:35.399132232Z 47 PC: 12abb | Get disk transfer address
2018-12-17T23:05:35.400638935Z 61 PC: 12ac7 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:05:35.407930696Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-17T23:05:35.417839568Z 62 PC: 12ad9 | Close file
2018-12-17T23:05:35.427711721Z 79 PC: 12add | Find next file
2018-12-17T23:05:35.431123006Z 47 PC: 12abb | Get disk transfer address
2018-12-17T23:05:35.434526165Z 61 PC: 12ac7 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:05:35.442354114Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-17T23:05:35.450216288Z 62 PC: 12ad9 | Close file
2018-12-17T23:05:35.460480498Z 79 PC: 12add | Find next file
2018-12-17T23:05:35.464114211Z 47 PC: 12abb | Get disk transfer address
2018-12-17T23:05:35.465401532Z 61 PC: 12ac7 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:05:35.472685037Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-17T23:05:35.481065936Z 62 PC: 12ad9 | Close file
2018-12-17T23:05:35.489585476Z 79 PC: 12add | Find next file
2018-12-17T23:05:35.493221753Z 47 PC: 12abb | Get disk transfer address
2018-12-17T23:05:35.495563026Z 61 PC: 12ac7 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:05:35.503731976Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-17T23:05:35.511452063Z 62 PC: 12ad9 | Close file
2018-12-17T23:05:35.521100065Z 79 PC: 12add | Find next file
2018-12-17T23:05:35.524487925Z 47 PC: 12abb | Get disk transfer address
2018-12-17T23:05:35.526093043Z 61 PC: 12ac7 | Open file (Filename = 'PAH.COM')
2018-12-17T23:05:35.535284236Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-17T23:05:35.543773368Z 62 PC: 12ad9 | Close file
2018-12-17T23:05:35.55234705Z 79 PC: 12add | Find next file
2018-12-17T23:05:35.555585439Z 9 PC: 12ae6 | Display string (String= 'Not enough memory. ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15257,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:00.691195426Z 42 PC: 12a6f | Get date 0x12a6f: cmp dl, 0x13
0x12a72: jne 0x12aae
0x12a74: int 0x11
0x12a76: and ax, 0x30
0x12a79: cmp ax, 0x30
0x12a7c: jne 0x12a84
0x12a7e: mov ax, 0xb000
0x12a81: jmp 0x12a87
0x12a83: nop
0x12a84: mov ax, 0xb800
0x12a87: mov es, ax
0x12a89: xor di, di
0x12a8b: mov cx, 0x7d0
0x12a8e: push cx
0x12a8f: mov al, byte ptr es:[di]
0x12a92: cmp al, 0x20
0x12a94: je 0x12a9d
0x12a96: inc al
0x12a98: mov ah, 0xf
0x12a9a: mov word ptr es:[di], ax
2018-12-25T12:43:00.6937841Z 78 PC: 12ab7 | Find first file
2018-12-25T12:43:00.699639835Z 47 PC: 12abb | Get disk transfer address
2018-12-25T12:43:00.700742225Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:00.712722794Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-25T12:43:00.719047951Z 62 PC: 12ad9 | Close file
2018-12-25T12:43:00.732257053Z 79 PC: 12add | Find next file
2018-12-25T12:43:00.737985259Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:00.739908537Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:00.74648638Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:00.754468492Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:00.766142779Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:00.768701431Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:00.770032744Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:00.790365397Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:00.80869421Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:00.816828599Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:00.820960362Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:00.822373787Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:00.829694127Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:00.837461194Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:00.842420592Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:00.844176999Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:00.845730775Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:00.849866924Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:00.854026146Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:00.85941935Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:00.861297284Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:00.862258372Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:00.867322615Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:00.87214339Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:00.877165899Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:00.879799952Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:00.881227062Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:00.888348526Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:00.893329042Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:00.90133017Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:00.903695939Z 9 PC: 12ae6 | Display string (String= 'Not enough memory. ')

{"DateBased":true,"Day":19,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15257,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:01.16300439Z 42 PC: 12a6f | Get date 0x12a6f: cmp dl, 0x13
0x12a72: jne 0x12aae
0x12a74: int 0x11
0x12a76: and ax, 0x30
0x12a79: cmp ax, 0x30
0x12a7c: jne 0x12a84
0x12a7e: mov ax, 0xb000
0x12a81: jmp 0x12a87
0x12a83: nop
0x12a84: mov ax, 0xb800
0x12a87: mov es, ax
0x12a89: xor di, di
0x12a8b: mov cx, 0x7d0
0x12a8e: push cx
0x12a8f: mov al, byte ptr es:[di]
0x12a92: cmp al, 0x20
0x12a94: je 0x12a9d
0x12a96: inc al
0x12a98: mov ah, 0xf
0x12a9a: mov word ptr es:[di], ax
2018-12-25T12:43:01.206634809Z 9 PC: 12aae | Display string (Could not find end pointer)
2018-12-25T12:43:01.209919542Z 78 PC: 12ab7 | Find first file
2018-12-25T12:43:01.217788525Z 47 PC: 12abb | Get disk transfer address
2018-12-25T12:43:01.218920744Z 61 PC: 12ac7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:01.226555354Z 64 PC: 12ad5 | Write file or device (Write 211 bytes on handle 5)
2018-12-25T12:43:01.233888569Z 62 PC: 12ad9 | Close file
2018-12-25T12:43:01.85948443Z 79 PC: 12add | Find next file
2018-12-25T12:43:01.863477038Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:01.864931503Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:01.872298054Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:01.879642119Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:01.8893177Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:01.892119379Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:01.893095515Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:01.901412767Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:01.908790261Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:01.917072903Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:01.920341771Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:01.92194677Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:01.929356314Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:01.937749795Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:01.947018588Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:01.949902129Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:01.95169375Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:01.959729628Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:01.967024671Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:01.976112213Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:01.979455061Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:01.981182324Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:01.989474177Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:01.996921574Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:02.006233118Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:02.009440959Z 47 PC: 12abb | Get disk transfer address (See above)
2018-12-25T12:43:02.011440561Z 61 PC: 12ac7 | Open file (See above)
2018-12-25T12:43:02.019185537Z 64 PC: 12ad5 | Write file or device (See above)
2018-12-25T12:43:02.02717289Z 62 PC: 12ad9 | Close file (See above)
2018-12-25T12:43:02.037158949Z 79 PC: 12add | Find next file (See above)
2018-12-25T12:43:02.040539457Z 9 PC: 12ae6 | Display string (String= 'Not enough memory. ')