Sample viewer

vx.netlux.org/Virus.DOS.Qumak.1079

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:55.166225534Z	37	PC: 9f76a \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-17T23:08:55.168503771Z	53	PC: 9f77b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:55.169870856Z	37	PC: 9f792 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:55.171224695Z	53	PC: 9f798 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:08:55.17278607Z	37	PC: 9f7af \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T23:08:55.174112966Z	42	PC: 9f7b5 \| Get date 0x9f7b5: cmp dh, 4 0x9f7b8: jb 0x9f7c9 0x9f7ba: cmp dl, 0xa 0x9f7bd: jb 0x9f7c9 0x9f7bf: cmp al, 0 0x9f7c1: jne 0x9f7c9 0x9f7c3: mov si, 0x98 0x9f7c6: inc byte ptr cs:[si] 0x9f7c9: nop 0x9f7ca: push cs 0x9f7cb: pop ds 0x9f7cc: mov si, 0x99 0x9f7cf: mov di, 0x100 0x9f7d2: pop ax 0x9f7d3: mov es, ax 0x9f7d5: pop ax 0x9f7d6: mov cx, 7 0x9f7d9: rep movsb byte ptr es:[di], byte ptr [si] 0x9f7db: push es 0x9f7dc: push es
2018-12-17T23:08:55.176361384Z	9	PC: 13dc6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16353,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:32.805114549Z	37	PC: 9f76a \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-25T12:52:32.810119423Z	53	PC: 9f77b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:32.811580601Z	37	PC: 9f792 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:32.813032883Z	53	PC: 9f798 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:32.814337173Z	37	PC: 9f7af \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:32.816099164Z	42	PC: 9f7b5 \| Get date 0x9f7b5: cmp dh, 4 0x9f7b8: jb 0x9f7c9 0x9f7ba: cmp dl, 0xa 0x9f7bd: jb 0x9f7c9 0x9f7bf: cmp al, 0 0x9f7c1: jne 0x9f7c9 0x9f7c3: mov si, 0x98 0x9f7c6: inc byte ptr cs:[si] 0x9f7c9: nop 0x9f7ca: push cs 0x9f7cb: pop ds 0x9f7cc: mov si, 0x99 0x9f7cf: mov di, 0x100 0x9f7d2: pop ax 0x9f7d3: mov es, ax 0x9f7d5: pop ax 0x9f7d6: mov cx, 7 0x9f7d9: rep movsb byte ptr es:[di], byte ptr [si] 0x9f7db: push es 0x9f7dc: push es
2018-12-25T12:52:32.817626904Z	9	PC: 13dc6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16353,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:32.844626287Z	37	PC: 9f76a \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-25T12:52:32.846071811Z	53	PC: 9f77b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:32.847099391Z	37	PC: 9f792 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:32.848028066Z	53	PC: 9f798 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:32.849514299Z	37	PC: 9f7af \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:32.850417219Z	42	PC: 9f7b5 \| Get date 0x9f7b5: cmp dh, 4 0x9f7b8: jb 0x9f7c9 0x9f7ba: cmp dl, 0xa 0x9f7bd: jb 0x9f7c9 0x9f7bf: cmp al, 0 0x9f7c1: jne 0x9f7c9 0x9f7c3: mov si, 0x98 0x9f7c6: inc byte ptr cs:[si] 0x9f7c9: nop 0x9f7ca: push cs 0x9f7cb: pop ds 0x9f7cc: mov si, 0x99 0x9f7cf: mov di, 0x100 0x9f7d2: pop ax 0x9f7d3: mov es, ax 0x9f7d5: pop ax 0x9f7d6: mov cx, 7 0x9f7d9: rep movsb byte ptr es:[di], byte ptr [si] 0x9f7db: push es 0x9f7dc: push es
2018-12-25T12:52:32.852445313Z	9	PC: 13dc6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":10,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16353,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:32.946568561Z	37	PC: 9f76a \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-25T12:52:32.948504458Z	53	PC: 9f77b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:32.950807149Z	37	PC: 9f792 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:32.952490549Z	53	PC: 9f798 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:32.954237351Z	37	PC: 9f7af \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:32.956834161Z	42	PC: 9f7b5 \| Get date 0x9f7b5: cmp dh, 4 0x9f7b8: jb 0x9f7c9 0x9f7ba: cmp dl, 0xa 0x9f7bd: jb 0x9f7c9 0x9f7bf: cmp al, 0 0x9f7c1: jne 0x9f7c9 0x9f7c3: mov si, 0x98 0x9f7c6: inc byte ptr cs:[si] 0x9f7c9: nop 0x9f7ca: push cs 0x9f7cb: pop ds 0x9f7cc: mov si, 0x99 0x9f7cf: mov di, 0x100 0x9f7d2: pop ax 0x9f7d3: mov es, ax 0x9f7d5: pop ax 0x9f7d6: mov cx, 7 0x9f7d9: rep movsb byte ptr es:[di], byte ptr [si] 0x9f7db: push es 0x9f7dc: push es
2018-12-25T12:52:32.95977771Z	9	PC: 13dc6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":13,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16353,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:33.09400206Z	37	PC: 9f76a \| Set interrupt vector (Interrupt = '18' AKA 'Find next file')
2018-12-25T12:52:33.095295218Z	53	PC: 9f77b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:33.096555236Z	37	PC: 9f792 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:33.098046949Z	53	PC: 9f798 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:33.100804661Z	37	PC: 9f7af \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:52:33.10195931Z	42	PC: 9f7b5 \| Get date 0x9f7b5: cmp dh, 4 0x9f7b8: jb 0x9f7c9 0x9f7ba: cmp dl, 0xa 0x9f7bd: jb 0x9f7c9 0x9f7bf: cmp al, 0 0x9f7c1: jne 0x9f7c9 0x9f7c3: mov si, 0x98 0x9f7c6: inc byte ptr cs:[si] 0x9f7c9: nop 0x9f7ca: push cs 0x9f7cb: pop ds 0x9f7cc: mov si, 0x99 0x9f7cf: mov di, 0x100 0x9f7d2: pop ax 0x9f7d3: mov es, ax 0x9f7d5: pop ax 0x9f7d6: mov cx, 7 0x9f7d9: rep movsb byte ptr es:[di], byte ptr [si] 0x9f7db: push es 0x9f7dc: push es
2018-12-25T12:52:33.103990927Z	9	PC: 13dc6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')