Sample viewer

vx.netlux.org/Virus.DOS.Grog.304

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:43.175529786Z 53 PC: 18b0f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:43.177006967Z 37 PC: 18b1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:43.177982774Z 61 PC: 18b24 | Open file (Filename = 'A:\COMMAND.COM')
2018-12-17T23:08:43.184033786Z 37 PC: 18b5d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:43.185580239Z 53 PC: 18b0f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:43.186582417Z 37 PC: 18b1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:43.187606699Z 61 PC: 18b24 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T23:08:43.195191154Z 63 PC: 18b35 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:08:43.197648219Z 66 PC: 18b45 | Move file pointer
2018-12-17T23:08:43.198869802Z 66 PC: 18b69 | Move file pointer
2018-12-17T23:08:43.200631544Z 66 PC: 18b7c | Move file pointer
2018-12-17T23:08:43.201842996Z 64 PC: 18b88 | Write file or device (Write 304 bytes on handle 5)
2018-12-17T23:08:43.204747437Z 66 PC: 18b91 | Move file pointer
2018-12-17T23:08:43.206290963Z 64 PC: 18ba4 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:08:43.208853476Z 62 PC: 18b56 | Close file
2018-12-17T23:08:43.551386054Z 37 PC: 18b5d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:43.553632691Z 42 PC: 18adf | Get date 0x18adf: cmp dh, 2
0x18ae2: ja 0x18aef
0x18ae4: and dl, 1
0x18ae7: cmp dl, 1
0x18aea: jne 0x18aef
0x18aec: call 0x18ba8
0x18aef: mov ax, 0x100
0x18af2: mov ds, ax
0x18af4: pop bp
0x18af5: pop di
0x18af6: pop si
0x18af7: pop dx
0x18af8: pop cx
0x18af9: pop bx
0x18afa: pop ax
0x18afb: push ds
0x18afc: push cs
0x18afd: pop ds
0x18afe: ret
0x18aff: jmp 0x1a06f

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16291,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:30.144008391Z 53 PC: 18b0f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.145574191Z 37 PC: 18b1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.146557656Z 61 PC: 18b24 | Open file (Filename = 'A:\COMMAND.COM')
2018-12-25T12:52:30.152496411Z 37 PC: 18b5d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.153611982Z 53 PC: 18b0f | Get interrupt vector (See above)
2018-12-25T12:52:30.15440788Z 37 PC: 18b1d | Set interrupt vector (See above)
2018-12-25T12:52:30.155135279Z 61 PC: 18b24 | Open file (See above)
2018-12-25T12:52:30.159413163Z 63 PC: 18b35 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:52:30.16189081Z 66 PC: 18b45 | Move file pointer
2018-12-25T12:52:30.163133678Z 66 PC: 18b69 | Move file pointer
2018-12-25T12:52:30.164623821Z 66 PC: 18b7c | Move file pointer
2018-12-25T12:52:30.165773744Z 64 PC: 18b88 | Write file or device (Write 304 bytes on handle 5)
2018-12-25T12:52:30.168630299Z 66 PC: 18b91 | Move file pointer
2018-12-25T12:52:30.170181083Z 64 PC: 18ba4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:52:30.172719831Z 62 PC: 18b56 | Close file
2018-12-25T12:52:30.283686005Z 37 PC: 18b5d | Set interrupt vector (See above)
2018-12-25T12:52:30.287734246Z 42 PC: 18adf | Get date 0x18adf: cmp dh, 2
0x18ae2: ja 0x18aef
0x18ae4: and dl, 1
0x18ae7: cmp dl, 1
0x18aea: jne 0x18aef
0x18aec: call 0x18ba8
0x18aef: mov ax, 0x100
0x18af2: mov ds, ax
0x18af4: pop bp
0x18af5: pop di
0x18af6: pop si
0x18af7: pop dx
0x18af8: pop cx
0x18af9: pop bx
0x18afa: pop ax
0x18afb: push ds
0x18afc: push cs
0x18afd: pop ds
0x18afe: ret
0x18aff: jmp 0x1a06f
2018-12-25T12:52:30.289113509Z 9 PC: 18bd4 | Display string (String= ' DELIRIOUS (C) '93 by GROG - Italy')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16291,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:30.093106375Z 53 PC: 18b0f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.103569866Z 37 PC: 18b1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.105397564Z 61 PC: 18b24 | Open file (Filename = 'A:\COMMAND.COM')
2018-12-25T12:52:30.112407672Z 37 PC: 18b5d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.115226293Z 53 PC: 18b0f | Get interrupt vector (See above)
2018-12-25T12:52:30.116923479Z 37 PC: 18b1d | Set interrupt vector (See above)
2018-12-25T12:52:30.118509277Z 61 PC: 18b24 | Open file (See above)
2018-12-25T12:52:30.126939983Z 63 PC: 18b35 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:52:30.130059108Z 66 PC: 18b45 | Move file pointer
2018-12-25T12:52:30.131722016Z 66 PC: 18b69 | Move file pointer
2018-12-25T12:52:30.134568983Z 66 PC: 18b7c | Move file pointer
2018-12-25T12:52:30.137105444Z 64 PC: 18b88 | Write file or device (Write 304 bytes on handle 5)
2018-12-25T12:52:30.140861302Z 66 PC: 18b91 | Move file pointer
2018-12-25T12:52:30.143021139Z 64 PC: 18ba4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:52:30.149196451Z 62 PC: 18b56 | Close file
2018-12-25T12:52:30.593863933Z 37 PC: 18b5d | Set interrupt vector (See above)
2018-12-25T12:52:30.595593673Z 42 PC: 18adf | Get date 0x18adf: cmp dh, 2
0x18ae2: ja 0x18aef
0x18ae4: and dl, 1
0x18ae7: cmp dl, 1
0x18aea: jne 0x18aef
0x18aec: call 0x18ba8
0x18aef: mov ax, 0x100
0x18af2: mov ds, ax
0x18af4: pop bp
0x18af5: pop di
0x18af6: pop si
0x18af7: pop dx
0x18af8: pop cx
0x18af9: pop bx
0x18afa: pop ax
0x18afb: push ds
0x18afc: push cs
0x18afd: pop ds
0x18afe: ret
0x18aff: jmp 0x1a06f

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16291,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:30.311127547Z 53 PC: 18b0f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.312491511Z 37 PC: 18b1d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.31322921Z 61 PC: 18b24 | Open file (Filename = 'A:\COMMAND.COM')
2018-12-25T12:52:30.316932088Z 37 PC: 18b5d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:30.318114515Z 53 PC: 18b0f | Get interrupt vector (See above)
2018-12-25T12:52:30.318837901Z 37 PC: 18b1d | Set interrupt vector (See above)
2018-12-25T12:52:30.319515622Z 61 PC: 18b24 | Open file (See above)
2018-12-25T12:52:30.323535418Z 63 PC: 18b35 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:52:30.325116199Z 66 PC: 18b45 | Move file pointer
2018-12-25T12:52:30.326016227Z 66 PC: 18b69 | Move file pointer
2018-12-25T12:52:30.327254979Z 66 PC: 18b7c | Move file pointer
2018-12-25T12:52:30.328187435Z 64 PC: 18b88 | Write file or device (Write 304 bytes on handle 5)
2018-12-25T12:52:30.330147548Z 66 PC: 18b91 | Move file pointer
2018-12-25T12:52:30.331361784Z 64 PC: 18ba4 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:52:30.333233497Z 62 PC: 18b56 | Close file
2018-12-25T12:52:30.352665406Z 37 PC: 18b5d | Set interrupt vector (See above)
2018-12-25T12:52:30.353994514Z 42 PC: 18adf | Get date 0x18adf: cmp dh, 2
0x18ae2: ja 0x18aef
0x18ae4: and dl, 1
0x18ae7: cmp dl, 1
0x18aea: jne 0x18aef
0x18aec: call 0x18ba8
0x18aef: mov ax, 0x100
0x18af2: mov ds, ax
0x18af4: pop bp
0x18af5: pop di
0x18af6: pop si
0x18af7: pop dx
0x18af8: pop cx
0x18af9: pop bx
0x18afa: pop ax
0x18afb: push ds
0x18afc: push cs
0x18afd: pop ds
0x18afe: ret
0x18aff: jmp 0x1a06f