Sample viewer

vx.netlux.org/Virus.DOS.VotaDC.591

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:40.390028018Z	254	PC: 12e39 \| UNKNOWN!
2018-12-17T23:05:40.392675611Z	47	PC: 9fb6a \| Get disk transfer address
2018-12-17T23:05:40.394654379Z	61	PC: 9fb7d \| Open file (Filename = 'đ±WJWUWW')
2018-12-17T23:05:40.401355573Z	254	PC: 12e87 \| UNKNOWN!
2018-12-17T23:05:40.404998367Z	77	PC: 11fe0 \| Get program return code
2018-12-17T23:05:40.407213564Z	72	PC: 12174 \| Allocate memory
2018-12-17T23:05:40.40919434Z	72	PC: 1218d \| Allocate memory
2018-12-17T23:05:40.411513549Z	42	PC: 9fae2 \| Get date 0x9fae2: jl 0x9fb41 0x9fae4: cmp dh, 4 0x9fae7: jne 0x9fb41 0x9fae9: mov byte ptr cs:[0x1c9], 0 0x9faef: jmp 0x9fb17 0x9faf1: jmp 0x9fb44 0x9faf3: retf 0x9faf4: mov word ptr [0xe4a3], ax 0x9faf7: mov ch, 0xda 0x9faf9: mov ax, word ptr [0xafc8] 0x9fafc: into 0x9fafd: out 0xc6, al 0x9faff: mov ah, 0xf9 0x9fb01: stosw word ptr es:[di], ax
2018-12-17T23:05:40.423492539Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:05:40.424978782Z	42	PC: 9fae2 \| Get date 0x9fae2: jl 0x9fb41 0x9fae4: cmp dh, 4 0x9fae7: jne 0x9fb41 0x9fae9: mov byte ptr cs:[0x1c9], 0 0x9faef: jmp 0x9fb17 0x9faf1: jmp 0x9fb44 0x9faf3: retf 0x9faf4: mov word ptr [0xe4a3], ax 0x9faf7: mov ch, 0xda 0x9faf9: mov ax, word ptr [0xafc8] 0x9fafc: into 0x9fafd: out 0xc6, al 0x9faff: mov ah, 0xf9 0x9fb01: stosw word ptr es:[di], ax
2018-12-17T23:05:40.427367573Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:05:40.429850652Z	42	PC: 9fae2 \| Get date 0x9fae2: jl 0x9fb41 0x9fae4: cmp dh, 4 0x9fae7: jne 0x9fb41 0x9fae9: mov byte ptr cs:[0x1c9], 0 0x9faef: jmp 0x9fb17 0x9faf1: jmp 0x9fb44 0x9faf3: retf 0x9faf4: mov word ptr [0xe4a3], ax 0x9faf7: mov ch, 0xda 0x9faf9: mov ax, word ptr [0xafc8] 0x9fafc: into 0x9fafd: out 0xc6, al 0x9faff: mov ah, 0xf9 0x9fb01: stosw word ptr es:[di], ax
2018-12-17T23:05:40.432261419Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:40.433780123Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.436613767Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.438503344Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.440379511Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.442263772Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.444425501Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.445892554Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.447366393Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.450135284Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.451907709Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.453697317Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.456456111Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.458259732Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.460023342Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.462397926Z	62	PC: 122ab \| Close file
2018-12-17T23:05:40.466666847Z	99	PC: 9a287 \| Get DBCS lead byte table pointer
2018-12-17T23:05:40.468285198Z	56	PC: 94aa9 \| Get or set country info
2018-12-17T23:05:40.470954437Z	64	PC: 9a4f8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-17T23:05:40.475300901Z	42	PC: 9fae2 \| Get date 0x9fae2: jl 0x9fb41 0x9fae4: cmp dh, 4 0x9fae7: jne 0x9fb41 0x9fae9: mov byte ptr cs:[0x1c9], 0 0x9faef: jmp 0x9fb17 0x9faf1: jmp 0x9fb44 0x9faf3: retf 0x9faf4: mov word ptr [0xe4a3], ax 0x9faf7: mov ch, 0xda 0x9faf9: mov ax, word ptr [0xafc8] 0x9fafc: into 0x9fafd: out 0xc6, al 0x9faff: mov ah, 0xf9 0x9fb01: stosw word ptr es:[di], ax
2018-12-17T23:05:40.477441139Z	25	PC: 94b12 \| Get default drive
2018-12-17T23:05:40.482458058Z	71	PC: 96d8d \| Get current directory
2018-12-17T23:05:40.486747002Z	64	PC: 9a4f8 \| Write file or device (Write 3 bytes on handle 1)
2018-12-17T23:05:40.489962536Z	2	PC: 96d62 \| Character output (Char = '3e')
2018-12-17T23:05:40.493115846Z	93	PC: 94bd0 \| File sharing functions
2018-12-17T23:05:40.495023136Z	93	PC: 94bd7 \| File sharing functions
2018-12-17T23:05:40.497047889Z	42	PC: 9fae2 \| Get date 0x9fae2: jl 0x9fb41 0x9fae4: cmp dh, 4 0x9fae7: jne 0x9fb41 0x9fae9: mov byte ptr cs:[0x1c9], 0 0x9faef: jmp 0x9fb17 0x9faf1: jmp 0x9fb44 0x9faf3: retf 0x9faf4: mov word ptr [0xe4a3], ax 0x9faf7: mov ch, 0xda 0x9faf9: mov ax, word ptr [0xafc8] 0x9fafc: into 0x9fafd: out 0xc6, al 0x9faff: mov ah, 0xf9 0x9fb01: stosw word ptr es:[di], ax
2018-12-17T23:05:40.499519951Z	10	PC: 94be9 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15290,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:10.566099072Z	254	PC: 12e39 \| UNKNOWN!
2018-12-25T12:43:10.567234289Z	47	PC: 9fb6a \| Get disk transfer address
2018-12-25T12:43:10.569377681Z	61	PC: 9fb7d \| Open file (Filename = 'đ±WJWUWW')
2018-12-25T12:43:10.576357778Z	254	PC: 12e87 \| UNKNOWN!
2018-12-25T12:43:10.579796809Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:43:10.582260531Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:43:10.584709217Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:43:10.58769906Z	42	PC: 9fae2 \| Get date 0x9fae2: jl 0x9fb41 0x9fae4: cmp dh, 4 0x9fae7: jne 0x9fb41 0x9fae9: mov byte ptr cs:[0x1c9], 0 0x9faef: jmp 0x9fb17 0x9faf1: jmp 0x9fb44 0x9faf3: retf 0x9faf4: mov word ptr [0xe4a3], ax 0x9faf7: mov ch, 0xda 0x9faf9: mov ax, word ptr [0xafc8] 0x9fafc: into 0x9fafd: out 0xc6, al 0x9faff: mov ah, 0xf9 0x9fb01: stosw word ptr es:[di], ax
2018-12-25T12:43:10.590748469Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:43:10.592024243Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.594299709Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:43:10.596222591Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.601417309Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:10.603253132Z	62	PC: 122ab \| Close file
2018-12-25T12:43:10.605449867Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.607724165Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.609482637Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.611618095Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.614494452Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.617100633Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.618748906Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.621390319Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.623065237Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.624636937Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.6267213Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.629568465Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.631603576Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.634386492Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.638351078Z	99	PC: 9a287 \| Get DBCS lead byte table pointer
2018-12-25T12:43:10.640391661Z	56	PC: 94aa9 \| Get or set country info
2018-12-25T12:43:10.643785588Z	64	PC: 9a4f8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:43:10.649561902Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.652461576Z	25	PC: 94b12 \| Get default drive
2018-12-25T12:43:10.654816553Z	71	PC: 96d8d \| Get current directory
2018-12-25T12:43:10.660315445Z	64	PC: 9a4f8 \| Write file or device (See above)
2018-12-25T12:43:10.66515015Z	2	PC: 96d62 \| Character output (Char = '3e')
2018-12-25T12:43:10.667879151Z	93	PC: 94bd0 \| File sharing functions
2018-12-25T12:43:10.672418764Z	93	PC: 94bd7 \| File sharing functions
2018-12-25T12:43:10.674648189Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.677176629Z	10	PC: 94be9 \| Buffered keyboard input

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15290,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:10.670073116Z	254	PC: 12e39 \| UNKNOWN!
2018-12-25T12:43:10.671451782Z	47	PC: 9fb6a \| Get disk transfer address
2018-12-25T12:43:10.67294629Z	61	PC: 9fb7d \| Open file (Filename = 'đ±WJWUWW')
2018-12-25T12:43:10.683564402Z	254	PC: 12e87 \| UNKNOWN!
2018-12-25T12:43:10.688819537Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:43:10.691795521Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:43:10.695595678Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:43:10.70183825Z	42	PC: 9fae2 \| Get date 0x9fae2: jl 0x9fb41 0x9fae4: cmp dh, 4 0x9fae7: jne 0x9fb41 0x9fae9: mov byte ptr cs:[0x1c9], 0 0x9faef: jmp 0x9fb17 0x9faf1: jmp 0x9fb44 0x9faf3: retf 0x9faf4: mov word ptr [0xe4a3], ax 0x9faf7: mov ch, 0xda 0x9faf9: mov ax, word ptr [0xafc8] 0x9fafc: into 0x9fafd: out 0xc6, al 0x9faff: mov ah, 0xf9 0x9fb01: stosw word ptr es:[di], ax
2018-12-25T12:43:10.713342375Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:43:10.715580794Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.726819621Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:43:10.729265295Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.735701932Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:10.737255143Z	62	PC: 122ab \| Close file
2018-12-25T12:43:10.73972265Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.741552865Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.743236809Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.745763254Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.747840288Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.75032561Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.752843378Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.754350864Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.755807016Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.758049812Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.759711372Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.761143783Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.762723445Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.771831154Z	62	PC: 122ab \| Close file (See above)
2018-12-25T12:43:10.773713425Z	99	PC: 9a287 \| Get DBCS lead byte table pointer
2018-12-25T12:43:10.774798928Z	56	PC: 94aa9 \| Get or set country info
2018-12-25T12:43:10.782915198Z	64	PC: 9a4f8 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:43:10.798329618Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.804655956Z	25	PC: 94b12 \| Get default drive
2018-12-25T12:43:10.807157668Z	71	PC: 96d8d \| Get current directory
2018-12-25T12:43:10.810991508Z	64	PC: 9a4f8 \| Write file or device (See above)
2018-12-25T12:43:10.814094746Z	2	PC: 96d62 \| Character output (Char = '3e')
2018-12-25T12:43:10.819451248Z	93	PC: 94bd0 \| File sharing functions
2018-12-25T12:43:10.821367569Z	93	PC: 94bd7 \| File sharing functions
2018-12-25T12:43:10.823365886Z	42	PC: 9fae2 \| Get date (See above)
2018-12-25T12:43:10.830532753Z	10	PC: 94be9 \| Buffered keyboard input