Sample viewer

vx.netlux.org/Virus.DOS.Quest.471

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:05:56.03938349Z 53 PC: 12a55 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:56.041538856Z 37 PC: 12a6e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:56.043330717Z 71 PC: 12a8b | Get current directory
2018-12-17T23:05:56.045445717Z 78 PC: 12ad5 | Find first file
2018-12-17T23:05:56.049441641Z 78 PC: 12ad5 | Find first file
2018-12-17T23:05:56.062534138Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.065448874Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.068341413Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.074275255Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.077003704Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.079682134Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.08321171Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.08624447Z 79 PC: 12ad5 | Find next file
2018-12-17T23:05:56.088960755Z 59 PC: 12a9e | Change current directory
2018-12-17T23:05:56.093824828Z 42 PC: 12b33 | Get date 0x12b33: jmp 0x12b35
0x12b35: cmp cx, 0x7ce
0x12b39: jb 0x12b42
0x12b3b: mov ah, 9
0x12b3d: mov dx, 0x233
0x12b40: int 0x21
0x12b42: ret
0x12b43: mov ah, 0x3d
0x12b45: mov dx, 0x9e
0x12b48: int 0x21
0x12b4a: xchg ax, bx
0x12b4b: ret
0x12b4c: mov ax, 0x4301
0x12b4f: mov dx, 0x9e
0x12b52: int 0x21
0x12b54: ret
0x12b55: mov al, 3
0x12b57: iret
0x12b58: push si
0x12b59: inc sp
2018-12-17T23:05:56.096392383Z 9 PC: 12b42 | Display string (String= 'Your Windows facing error! Please reinstall your Windowsor contact Microsoft help desk.*.com*.exe..�������������S����[�@����!S����[�.�&����.0')
2018-12-17T23:05:56.103015222Z 37 PC: 12aab | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:05:56.104185503Z 59 PC: 12aca | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15357,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:14.682057544Z 53 PC: 12a55 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:14.684053931Z 37 PC: 12a6e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:14.686437248Z 71 PC: 12a8b | Get current directory
2018-12-25T12:43:14.690401806Z 78 PC: 12ad5 | Find first file
2018-12-25T12:43:14.697738797Z 78 PC: 12ad5 | Find first file (See above)
2018-12-25T12:43:14.705515293Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.708723958Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.712020115Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.716188072Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.725446108Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.728757724Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.73266886Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.73566249Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.744555718Z 59 PC: 12a9e | Change current directory
2018-12-25T12:43:14.753021328Z 42 PC: 12b33 | Get date 0x12b33: jmp 0x12b35
0x12b35: cmp cx, 0x7ce
0x12b39: jb 0x12b42
0x12b3b: mov ah, 9
0x12b3d: mov dx, 0x233
0x12b40: int 0x21
0x12b42: ret
0x12b43: mov ah, 0x3d
0x12b45: mov dx, 0x9e
0x12b48: int 0x21
0x12b4a: xchg ax, bx
0x12b4b: ret
0x12b4c: mov ax, 0x4301
0x12b4f: mov dx, 0x9e
0x12b52: int 0x21
0x12b54: ret
0x12b55: mov al, 3
0x12b57: iret
0x12b58: push si
0x12b59: inc sp
2018-12-25T12:43:14.755691235Z 37 PC: 12aab | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:14.757236425Z 59 PC: 12aca | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15357,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:14.87691771Z 53 PC: 12a55 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:14.878258997Z 37 PC: 12a6e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:14.880463012Z 71 PC: 12a8b | Get current directory
2018-12-25T12:43:14.88896684Z 78 PC: 12ad5 | Find first file
2018-12-25T12:43:14.895937148Z 78 PC: 12ad5 | Find first file (See above)
2018-12-25T12:43:14.903562965Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.906536274Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.909302312Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.912785158Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.916652936Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.928112434Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.93158089Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.934496963Z 79 PC: 12ad5 | Find next file (See above)
2018-12-25T12:43:14.9377898Z 59 PC: 12a9e | Change current directory
2018-12-25T12:43:14.947983835Z 42 PC: 12b33 | Get date 0x12b33: jmp 0x12b35
0x12b35: cmp cx, 0x7ce
0x12b39: jb 0x12b42
0x12b3b: mov ah, 9
0x12b3d: mov dx, 0x233
0x12b40: int 0x21
0x12b42: ret
0x12b43: mov ah, 0x3d
0x12b45: mov dx, 0x9e
0x12b48: int 0x21
0x12b4a: xchg ax, bx
0x12b4b: ret
0x12b4c: mov ax, 0x4301
0x12b4f: mov dx, 0x9e
0x12b52: int 0x21
0x12b54: ret
0x12b55: mov al, 3
0x12b57: iret
0x12b58: push si
0x12b59: inc sp
2018-12-25T12:43:14.952629155Z 9 PC: 12b42 | Display string (String= 'Your Windows facing error! Please reinstall your Windowsor contact Microsoft help desk.*.com*.exe..�������������S����[�@����!S����[�.�&����.0')
2018-12-25T12:43:14.960722972Z 37 PC: 12aab | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:14.962152344Z 59 PC: 12aca | Change current directory