Sample viewer

vx.netlux.org/Virus.DOS.Nokeyb.565

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:53.096521632Z 71 PC: 12a7a | Get current directory
2018-12-17T23:06:53.099659837Z 59 PC: 12a82 | Change current directory
2018-12-17T23:06:53.104350317Z 26 PC: 12acc | Set disk transfer address
2018-12-17T23:06:53.105453138Z 78 PC: 12b30 | Find first file
2018-12-17T23:06:53.117464028Z 67 PC: 12b5d | Get or set file attributes
2018-12-17T23:06:53.171273146Z 61 PC: 12b64 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:53.180240967Z 63 PC: 12b72 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:53.18817751Z 66 PC: 12b8b | Move file pointer
2018-12-17T23:06:53.19096923Z 64 PC: 12b96 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:53.193860848Z 66 PC: 12ba1 | Move file pointer
2018-12-17T23:06:53.195515498Z 63 PC: 12bac | Read file or device (Read 7 bytes on handle 5)
2018-12-17T23:06:53.198817556Z 64 PC: 12bbd | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:53.202864471Z 64 PC: 12c10 | Write file or device (Write 554 bytes on handle 5)
2018-12-17T23:06:53.211794217Z 64 PC: 12c1a | Write file or device (Write 7 bytes on handle 5)
2018-12-17T23:06:53.214872997Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:53.2167392Z 67 PC: 12c32 | Get or set file attributes
2018-12-17T23:06:53.221961286Z 62 PC: 12c36 | Close file
2018-12-17T23:06:53.231208794Z 79 PC: 12b3b | Find next file
2018-12-17T23:06:53.234904789Z 67 PC: 12b5d | Get or set file attributes
2018-12-17T23:06:53.245701463Z 61 PC: 12b64 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:53.2530091Z 63 PC: 12b72 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:53.260505324Z 66 PC: 12b8b | Move file pointer
2018-12-17T23:06:53.261949051Z 64 PC: 12b96 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:53.264566824Z 66 PC: 12ba1 | Move file pointer
2018-12-17T23:06:53.266927124Z 63 PC: 12bac | Read file or device (Read 7 bytes on handle 5)
2018-12-17T23:06:53.269756732Z 64 PC: 12bbd | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:53.273943323Z 64 PC: 12c10 | Write file or device (Write 554 bytes on handle 5)
2018-12-17T23:06:53.297654065Z 64 PC: 12c1a | Write file or device (Write 7 bytes on handle 5)
2018-12-17T23:06:53.301178644Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:53.303023785Z 67 PC: 12c32 | Get or set file attributes
2018-12-17T23:06:53.309998601Z 62 PC: 12c36 | Close file
2018-12-17T23:06:53.31568743Z 79 PC: 12b3b | Find next file
2018-12-17T23:06:53.317596858Z 67 PC: 12b5d | Get or set file attributes
2018-12-17T23:06:53.324500665Z 61 PC: 12b64 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:53.333325235Z 63 PC: 12b72 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:06:53.340625207Z 66 PC: 12b8b | Move file pointer
2018-12-17T23:06:53.342578066Z 64 PC: 12b96 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:53.34614575Z 66 PC: 12ba1 | Move file pointer
2018-12-17T23:06:53.349035075Z 63 PC: 12bac | Read file or device (Read 7 bytes on handle 5)
2018-12-17T23:06:53.35186732Z 64 PC: 12bbd | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:06:53.355917289Z 64 PC: 12c10 | Write file or device (Write 554 bytes on handle 5)
2018-12-17T23:06:53.365029182Z 64 PC: 12c1a | Write file or device (Write 7 bytes on handle 5)
2018-12-17T23:06:53.368189444Z 87 PC: 12c25 | Get or set file date and time
2018-12-17T23:06:53.370429921Z 67 PC: 12c32 | Get or set file attributes
2018-12-17T23:06:53.376241998Z 62 PC: 12c36 | Close file
2018-12-17T23:06:53.385329583Z 42 PC: 12a8d | Get date 0x12a8d: cmp dl, 0xd
0x12a90: jne 0x12aa7
0x12a92: nop
0x12a93: nop
0x12a94: mov ah, 9
0x12a96: lea dx, word ptr [bp + 0x30d]
0x12a9a: int 0x21
0x12a9c: in al, 0x21
0x12a9e: or al, 2
0x12aa0: out 0x21, al
0x12aa2: mov ax, 0x4c00
0x12aa5: int 0x21
0x12aa7: mov ah, 0x1a
0x12aa9: mov dx, 0x80
0x12aac: int 0x21
0x12aae: mov ah, 0x3b
0x12ab0: lea dx, word ptr [bp + 0x364]
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: lea si, word ptr [bp + 0xfc]
2018-12-17T23:06:53.388443033Z 26 PC: 12aae | Set disk transfer address
2018-12-17T23:06:53.389629841Z 59 PC: 12ab6 | Change current directory
2018-12-17T23:06:53.391883206Z 71 PC: 12a7a | Get current directory
2018-12-17T23:06:53.395809614Z 59 PC: 12a82 | Change current directory
2018-12-17T23:06:53.4002707Z 26 PC: 12acc | Set disk transfer address
2018-12-17T23:06:53.401447187Z 42 PC: 12a8d | Get date 0x12a8d: cmp dl, 0xd
0x12a90: jne 0x12aa7
0x12a92: nop
0x12a93: nop
0x12a94: mov ah, 9
0x12a96: lea dx, word ptr [bp + 0x30d]
0x12a9a: int 0x21
0x12a9c: in al, 0x21
0x12a9e: or al, 2
0x12aa0: out 0x21, al
0x12aa2: mov ax, 0x4c00
0x12aa5: int 0x21
0x12aa7: mov ah, 0x1a
0x12aa9: mov dx, 0x80
0x12aac: int 0x21
0x12aae: mov ah, 0x3b
0x12ab0: lea dx, word ptr [bp + 0x364]
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: lea si, word ptr [bp + 0xfc]
2018-12-17T23:06:53.404361128Z 26 PC: 12aae | Set disk transfer address
2018-12-17T23:06:53.405618113Z 59 PC: 12ab6 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15670,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:09.079540422Z 71 PC: 12a7a | Get current directory
2018-12-25T12:44:09.083244313Z 59 PC: 12a82 | Change current directory
2018-12-25T12:44:09.087106686Z 26 PC: 12acc | Set disk transfer address
2018-12-25T12:44:09.088091709Z 78 PC: 12b30 | Find first file
2018-12-25T12:44:09.094567172Z 67 PC: 12b5d | Get or set file attributes
2018-12-25T12:44:09.110664556Z 61 PC: 12b64 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:09.121736736Z 63 PC: 12b72 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:09.128082058Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:44:09.129501146Z 64 PC: 12b96 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:44:09.13190743Z 66 PC: 12ba1 | Move file pointer
2018-12-25T12:44:09.133297914Z 63 PC: 12bac | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:44:09.136450454Z 64 PC: 12bbd | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:44:09.139367726Z 64 PC: 12c10 | Write file or device (Write 554 bytes on handle 5)
2018-12-25T12:44:09.145444411Z 64 PC: 12c1a | Write file or device (Write 7 bytes on handle 5)
2018-12-25T12:44:09.147349542Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:44:09.148355779Z 67 PC: 12c32 | Get or set file attributes
2018-12-25T12:44:09.151191313Z 62 PC: 12c36 | Close file
2018-12-25T12:44:09.1564393Z 79 PC: 12b3b | Find next file
2018-12-25T12:44:09.159038798Z 67 PC: 12b5d | Get or set file attributes (See above)
2018-12-25T12:44:09.168311637Z 61 PC: 12b64 | Open file (See above)
2018-12-25T12:44:09.174314802Z 63 PC: 12b72 | Read file or device (See above)
2018-12-25T12:44:09.180667158Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:44:09.181991889Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:44:09.185057091Z 66 PC: 12ba1 | Move file pointer (See above)
2018-12-25T12:44:09.186502242Z 63 PC: 12bac | Read file or device (See above)
2018-12-25T12:44:09.188906885Z 64 PC: 12bbd | Write file or device (See above)
2018-12-25T12:44:09.192743007Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T12:44:09.20051728Z 64 PC: 12c1a | Write file or device (See above)
2018-12-25T12:44:09.203871479Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:44:09.206029386Z 67 PC: 12c32 | Get or set file attributes (See above)
2018-12-25T12:44:09.210776758Z 62 PC: 12c36 | Close file (See above)
2018-12-25T12:44:09.218851256Z 79 PC: 12b3b | Find next file (See above)
2018-12-25T12:44:09.221999469Z 67 PC: 12b5d | Get or set file attributes (See above)
2018-12-25T12:44:09.231458664Z 61 PC: 12b64 | Open file (See above)
2018-12-25T12:44:09.237830924Z 63 PC: 12b72 | Read file or device (See above)
2018-12-25T12:44:09.244751963Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:44:09.245995366Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:44:09.248407378Z 66 PC: 12ba1 | Move file pointer (See above)
2018-12-25T12:44:09.25014304Z 63 PC: 12bac | Read file or device (See above)
2018-12-25T12:44:09.252472536Z 64 PC: 12bbd | Write file or device (See above)
2018-12-25T12:44:09.255352617Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T12:44:09.263493162Z 64 PC: 12c1a | Write file or device (See above)
2018-12-25T12:44:09.265907638Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:44:09.267199808Z 67 PC: 12c32 | Get or set file attributes (See above)
2018-12-25T12:44:09.272690476Z 62 PC: 12c36 | Close file (See above)
2018-12-25T12:44:09.280586844Z 42 PC: 12a8d | Get date 0x12a8d: cmp dl, 0xd
0x12a90: jne 0x12aa7
0x12a92: nop
0x12a93: nop
0x12a94: mov ah, 9
0x12a96: lea dx, word ptr [bp + 0x30d]
0x12a9a: int 0x21
0x12a9c: in al, 0x21
0x12a9e: or al, 2
0x12aa0: out 0x21, al
0x12aa2: mov ax, 0x4c00
0x12aa5: int 0x21
0x12aa7: mov ah, 0x1a
0x12aa9: mov dx, 0x80
0x12aac: int 0x21
0x12aae: mov ah, 0x3b
0x12ab0: lea dx, word ptr [bp + 0x364]
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: lea si, word ptr [bp + 0xfc]
2018-12-25T12:44:09.282982776Z 26 PC: 12aae | Set disk transfer address
2018-12-25T12:44:09.284872399Z 59 PC: 12ab6 | Change current directory
2018-12-25T12:44:09.286814897Z 71 PC: 12a7a | Get current directory (See above)
2018-12-25T12:44:09.289874457Z 59 PC: 12a82 | Change current directory (See above)
2018-12-25T12:44:09.294749879Z 26 PC: 12acc | Set disk transfer address (See above)

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15670,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:09.808159322Z 71 PC: 12a7a | Get current directory
2018-12-25T12:44:09.811743559Z 59 PC: 12a82 | Change current directory
2018-12-25T12:44:09.816085168Z 26 PC: 12acc | Set disk transfer address
2018-12-25T12:44:09.838867088Z 78 PC: 12b30 | Find first file
2018-12-25T12:44:09.846776102Z 67 PC: 12b5d | Get or set file attributes
2018-12-25T12:44:09.864686438Z 61 PC: 12b64 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:09.872125925Z 63 PC: 12b72 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:44:09.879571925Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:44:09.881609534Z 64 PC: 12b96 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:44:09.884461601Z 66 PC: 12ba1 | Move file pointer
2018-12-25T12:44:09.886081715Z 63 PC: 12bac | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:44:09.888985959Z 64 PC: 12bbd | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:44:09.892667232Z 64 PC: 12c10 | Write file or device (Write 554 bytes on handle 5)
2018-12-25T12:44:09.901552127Z 64 PC: 12c1a | Write file or device (Write 7 bytes on handle 5)
2018-12-25T12:44:09.905076327Z 87 PC: 12c25 | Get or set file date and time
2018-12-25T12:44:09.907099702Z 67 PC: 12c32 | Get or set file attributes
2018-12-25T12:44:09.91345313Z 62 PC: 12c36 | Close file
2018-12-25T12:44:09.923128538Z 79 PC: 12b3b | Find next file
2018-12-25T12:44:09.926047164Z 67 PC: 12b5d | Get or set file attributes (See above)
2018-12-25T12:44:09.936786647Z 61 PC: 12b64 | Open file (See above)
2018-12-25T12:44:09.944225152Z 63 PC: 12b72 | Read file or device (See above)
2018-12-25T12:44:09.951537229Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:44:09.952788179Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:44:09.955782517Z 66 PC: 12ba1 | Move file pointer (See above)
2018-12-25T12:44:09.957652047Z 63 PC: 12bac | Read file or device (See above)
2018-12-25T12:44:09.960235412Z 64 PC: 12bbd | Write file or device (See above)
2018-12-25T12:44:09.96351989Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T12:44:09.972412028Z 64 PC: 12c1a | Write file or device (See above)
2018-12-25T12:44:09.975223806Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:44:09.977514575Z 67 PC: 12c32 | Get or set file attributes (See above)
2018-12-25T12:44:09.983337503Z 62 PC: 12c36 | Close file (See above)
2018-12-25T12:44:09.992166902Z 79 PC: 12b3b | Find next file (See above)
2018-12-25T12:44:09.995144024Z 67 PC: 12b5d | Get or set file attributes (See above)
2018-12-25T12:44:10.006648032Z 61 PC: 12b64 | Open file (See above)
2018-12-25T12:44:10.013979134Z 63 PC: 12b72 | Read file or device (See above)
2018-12-25T12:44:10.020990056Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:44:10.022839775Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:44:10.025618229Z 66 PC: 12ba1 | Move file pointer (See above)
2018-12-25T12:44:10.026990748Z 63 PC: 12bac | Read file or device (See above)
2018-12-25T12:44:10.030181608Z 64 PC: 12bbd | Write file or device (See above)
2018-12-25T12:44:10.033586232Z 64 PC: 12c10 | Write file or device (See above)
2018-12-25T12:44:10.042652768Z 64 PC: 12c1a | Write file or device (See above)
2018-12-25T12:44:10.04585912Z 87 PC: 12c25 | Get or set file date and time (See above)
2018-12-25T12:44:10.048009055Z 67 PC: 12c32 | Get or set file attributes (See above)
2018-12-25T12:44:10.05306528Z 62 PC: 12c36 | Close file (See above)
2018-12-25T12:44:10.061645707Z 42 PC: 12a8d | Get date 0x12a8d: cmp dl, 0xd
0x12a90: jne 0x12aa7
0x12a92: nop
0x12a93: nop
0x12a94: mov ah, 9
0x12a96: lea dx, word ptr [bp + 0x30d]
0x12a9a: int 0x21
0x12a9c: in al, 0x21
0x12a9e: or al, 2
0x12aa0: out 0x21, al
0x12aa2: mov ax, 0x4c00
0x12aa5: int 0x21
0x12aa7: mov ah, 0x1a
0x12aa9: mov dx, 0x80
0x12aac: int 0x21
0x12aae: mov ah, 0x3b
0x12ab0: lea dx, word ptr [bp + 0x364]
0x12ab4: int 0x21
0x12ab6: mov di, 0x100
0x12ab9: lea si, word ptr [bp + 0xfc]
2018-12-25T12:44:10.064182958Z 9 PC: 12a9c | Display string (String= 'No keyboard found! ')
2018-12-25T12:44:10.068384713Z 76 PC: 12aa7 | Terminate with return code (Return code = '0')