Sample viewer

vx.netlux.org/Virus.DOS.Taiwan.708

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:05.160156586Z 25 PC: 12b0a | Get default drive
2018-12-17T23:09:05.162790807Z 71 PC: 12b19 | Get current directory
2018-12-17T23:09:05.171070999Z 14 PC: 12b33 | Set default drive (Drive = 'C')
2018-12-17T23:09:05.172451644Z 59 PC: 12b3a | Change current directory
2018-12-17T23:09:05.176275992Z 78 PC: 12b44 | Find first file
2018-12-17T23:09:05.182989781Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:09:05.531200785Z 61 PC: 12b76 | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:09:05.539074834Z 63 PC: 12b82 | Read file or device (Read 708 bytes on handle 5)
2018-12-17T23:09:05.546914429Z 66 PC: 12b8c | Move file pointer
2018-12-17T23:09:05.548754487Z 64 PC: 12b96 | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.556046251Z 66 PC: 12ba0 | Move file pointer
2018-12-17T23:09:05.559032263Z 64 PC: 12baa | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.577936854Z 87 PC: 12bbb | Get or set file date and time
2018-12-17T23:09:05.579756003Z 67 PC: 12bc8 | Get or set file attributes
2018-12-17T23:09:05.585928034Z 62 PC: 12bcc | Close file
2018-12-17T23:09:05.596584793Z 79 PC: 12bee | Find next file
2018-12-17T23:09:05.600179289Z 78 PC: 12bfd | Find first file
2018-12-17T23:09:05.6071555Z 59 PC: 12c15 | Change current directory
2018-12-17T23:09:05.61428485Z 78 PC: 12b44 | Find first file
2018-12-17T23:09:05.624145562Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:09:05.635174681Z 61 PC: 12b76 | Open file (Filename = 'EDIT.COM')
2018-12-17T23:09:05.644304481Z 63 PC: 12b82 | Read file or device (Read 708 bytes on handle 5)
2018-12-17T23:09:05.650403213Z 66 PC: 12b8c | Move file pointer
2018-12-17T23:09:05.651994835Z 64 PC: 12b96 | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.660888941Z 66 PC: 12ba0 | Move file pointer
2018-12-17T23:09:05.662843334Z 64 PC: 12baa | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.671411809Z 87 PC: 12bbb | Get or set file date and time
2018-12-17T23:09:05.674665023Z 67 PC: 12bc8 | Get or set file attributes
2018-12-17T23:09:05.679661474Z 62 PC: 12bcc | Close file
2018-12-17T23:09:05.687302755Z 79 PC: 12bee | Find next file
2018-12-17T23:09:05.692174561Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:09:05.70312375Z 61 PC: 12b76 | Open file (Filename = 'FORMAT.COM')
2018-12-17T23:09:05.710863587Z 63 PC: 12b82 | Read file or device (Read 708 bytes on handle 5)
2018-12-17T23:09:05.719091521Z 66 PC: 12b8c | Move file pointer
2018-12-17T23:09:05.721645091Z 64 PC: 12b96 | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.728761105Z 66 PC: 12ba0 | Move file pointer
2018-12-17T23:09:05.730697915Z 64 PC: 12baa | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.748545199Z 87 PC: 12bbb | Get or set file date and time
2018-12-17T23:09:05.750737069Z 67 PC: 12bc8 | Get or set file attributes
2018-12-17T23:09:05.755819651Z 62 PC: 12bcc | Close file
2018-12-17T23:09:05.764042956Z 79 PC: 12bee | Find next file
2018-12-17T23:09:05.771924419Z 67 PC: 12b6d | Get or set file attributes
2018-12-17T23:09:05.782532337Z 61 PC: 12b76 | Open file (Filename = 'KEYB.COM')
2018-12-17T23:09:05.79085009Z 63 PC: 12b82 | Read file or device (Read 708 bytes on handle 5)
2018-12-17T23:09:05.798008484Z 66 PC: 12b8c | Move file pointer
2018-12-17T23:09:05.799927681Z 64 PC: 12b96 | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.809326686Z 66 PC: 12ba0 | Move file pointer
2018-12-17T23:09:05.811253758Z 64 PC: 12baa | Write file or device (Write 708 bytes on handle 5)
2018-12-17T23:09:05.820179844Z 87 PC: 12bbb | Get or set file date and time
2018-12-17T23:09:05.821883326Z 67 PC: 12bc8 | Get or set file attributes
2018-12-17T23:09:05.82705181Z 62 PC: 12bcc | Close file
2018-12-17T23:09:05.835113592Z 42 PC: 12c5b | Get date 0x12c5b: cmp dl, 8
0x12c5e: jne 0x12c87
0x12c60: mov byte ptr [0x150], 1
0x12c65: mov al, byte ptr [0x14b]
0x12c68: mov cx, 0x140
0x12c6b: xor dx, dx
0x12c6d: xor bx, bx
0x12c6f: int 0x26
0x12c71: popf
0x12c72: cmp byte ptr [0x14a], 2
0x12c77: jne 0x12c96
0x12c79: mov al, 3
0x12c7b: mov cx, 0x140
0x12c7e: xor dx, dx
0x12c80: xor bx, bx
0x12c82: int 0x26
0x12c84: popf
0x12c85: jmp 0x12c96
0x12c87: mov ah, 0xe
0x12c89: mov dl, byte ptr [0x15e]
2018-12-17T23:09:05.837840828Z 14 PC: 12c8f | Set default drive (Drive = 'A')
2018-12-17T23:09:05.840682188Z 59 PC: 12c96 | Change current directory
2018-12-17T23:09:05.845691623Z 48 PC: 133d3 | Get DOS version
2018-12-17T23:09:05.847248609Z 9 PC: 133df | Display string (String= ' Incorrect DOS version ')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:55.596110195Z 25 PC: 12b0a | Get default drive
2018-12-25T12:52:55.598524051Z 71 PC: 12b19 | Get current directory
2018-12-25T12:52:55.602095845Z 14 PC: 12b33 | Set default drive (Drive = 'C')
2018-12-25T12:52:55.603626037Z 59 PC: 12b3a | Change current directory
2018-12-25T12:52:55.607663394Z 78 PC: 12b44 | Find first file
2018-12-25T12:52:55.614663229Z 67 PC: 12b6d | Get or set file attributes
2018-12-25T12:52:55.957362509Z 61 PC: 12b76 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:52:55.964292462Z 63 PC: 12b82 | Read file or device (Read 708 bytes on handle 5)
2018-12-25T12:52:55.972573506Z 66 PC: 12b8c | Move file pointer
2018-12-25T12:52:55.974144067Z 64 PC: 12b96 | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:52:55.981368449Z 66 PC: 12ba0 | Move file pointer
2018-12-25T12:52:55.984475865Z 64 PC: 12baa | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:52:55.996230765Z 87 PC: 12bbb | Get or set file date and time
2018-12-25T12:52:55.997799822Z 67 PC: 12bc8 | Get or set file attributes
2018-12-25T12:52:56.003194395Z 62 PC: 12bcc | Close file
2018-12-25T12:52:56.011416358Z 79 PC: 12bee | Find next file
2018-12-25T12:52:56.014778035Z 78 PC: 12bfd | Find first file
2018-12-25T12:52:56.021110337Z 59 PC: 12c15 | Change current directory
2018-12-25T12:52:56.027641411Z 78 PC: 12b44 | Find first file (See above)
2018-12-25T12:52:56.037040146Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:52:56.325703839Z 61 PC: 12b76 | Open file (See above)
2018-12-25T12:52:56.333564292Z 63 PC: 12b82 | Read file or device (See above)
2018-12-25T12:52:56.340357512Z 66 PC: 12b8c | Move file pointer (See above)
2018-12-25T12:52:56.341876296Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:52:56.368859957Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:52:56.370831063Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T12:52:56.378362611Z 87 PC: 12bbb | Get or set file date and time (See above)
2018-12-25T12:52:56.381109157Z 67 PC: 12bc8 | Get or set file attributes (See above)
2018-12-25T12:52:56.385856713Z 62 PC: 12bcc | Close file (See above)
2018-12-25T12:52:56.39272568Z 79 PC: 12bee | Find next file (See above)
2018-12-25T12:52:56.396840885Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:52:56.407548991Z 61 PC: 12b76 | Open file (See above)
2018-12-25T12:52:56.415627252Z 63 PC: 12b82 | Read file or device (See above)
2018-12-25T12:52:56.423191934Z 66 PC: 12b8c | Move file pointer (See above)
2018-12-25T12:52:56.42477868Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:52:56.431820499Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:52:56.433693353Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T12:52:56.442212329Z 87 PC: 12bbb | Get or set file date and time (See above)
2018-12-25T12:52:56.445377108Z 67 PC: 12bc8 | Get or set file attributes (See above)
2018-12-25T12:52:56.450098513Z 62 PC: 12bcc | Close file (See above)
2018-12-25T12:52:56.457737403Z 79 PC: 12bee | Find next file (See above)
2018-12-25T12:52:56.461348828Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:52:56.471458276Z 61 PC: 12b76 | Open file (See above)
2018-12-25T12:52:56.480151962Z 63 PC: 12b82 | Read file or device (See above)
2018-12-25T12:52:56.486959993Z 66 PC: 12b8c | Move file pointer (See above)
2018-12-25T12:52:56.488378981Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:52:56.496504356Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:52:56.498404192Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T12:52:56.508128134Z 87 PC: 12bbb | Get or set file date and time (See above)
2018-12-25T12:52:56.51093916Z 67 PC: 12bc8 | Get or set file attributes (See above)
2018-12-25T12:52:56.516077375Z 62 PC: 12bcc | Close file (See above)
2018-12-25T12:52:56.52399805Z 42 PC: 12c5b | Get date 0x12c5b: cmp dl, 8
0x12c5e: jne 0x12c87
0x12c60: mov byte ptr [0x150], 1
0x12c65: mov al, byte ptr [0x14b]
0x12c68: mov cx, 0x140
0x12c6b: xor dx, dx
0x12c6d: xor bx, bx
0x12c6f: int 0x26
0x12c71: popf
0x12c72: cmp byte ptr [0x14a], 2
0x12c77: jne 0x12c96
0x12c79: mov al, 3
0x12c7b: mov cx, 0x140
0x12c7e: xor dx, dx
0x12c80: xor bx, bx
0x12c82: int 0x26
0x12c84: popf
0x12c85: jmp 0x12c96
0x12c87: mov ah, 0xe
0x12c89: mov dl, byte ptr [0x15e]
2018-12-25T12:52:56.527191485Z 9 PC: 12cce | Display string (String= 'Greetings from National Central University !Is today sunny ? ')
2018-12-25T12:52:56.531306549Z 7 PC: 12cd2 | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:55.998075598Z 25 PC: 12b0a | Get default drive
2018-12-25T12:52:55.999215696Z 71 PC: 12b19 | Get current directory
2018-12-25T12:52:56.002612526Z 14 PC: 12b33 | Set default drive (Drive = 'C')
2018-12-25T12:52:56.003892057Z 59 PC: 12b3a | Change current directory
2018-12-25T12:52:56.00765415Z 78 PC: 12b44 | Find first file
2018-12-25T12:52:56.01489386Z 67 PC: 12b6d | Get or set file attributes
2018-12-25T12:52:56.365218503Z 61 PC: 12b76 | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:52:56.369689965Z 63 PC: 12b82 | Read file or device (Read 708 bytes on handle 5)
2018-12-25T12:52:56.380207009Z 66 PC: 12b8c | Move file pointer
2018-12-25T12:52:56.381632509Z 64 PC: 12b96 | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:52:56.388693724Z 66 PC: 12ba0 | Move file pointer
2018-12-25T12:52:56.390457789Z 64 PC: 12baa | Write file or device (Write 708 bytes on handle 5)
2018-12-25T12:52:56.407937078Z 87 PC: 12bbb | Get or set file date and time
2018-12-25T12:52:56.410217042Z 67 PC: 12bc8 | Get or set file attributes
2018-12-25T12:52:56.415885934Z 62 PC: 12bcc | Close file
2018-12-25T12:52:56.42467566Z 79 PC: 12bee | Find next file
2018-12-25T12:52:56.427411089Z 78 PC: 12bfd | Find first file
2018-12-25T12:52:56.433206516Z 59 PC: 12c15 | Change current directory
2018-12-25T12:52:56.440773054Z 78 PC: 12b44 | Find first file (See above)
2018-12-25T12:52:56.450477926Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:52:56.461118892Z 61 PC: 12b76 | Open file (See above)
2018-12-25T12:52:56.469274895Z 63 PC: 12b82 | Read file or device (See above)
2018-12-25T12:52:56.476370915Z 66 PC: 12b8c | Move file pointer (See above)
2018-12-25T12:52:56.477978726Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:52:56.486458432Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:52:56.488439612Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T12:52:56.496011208Z 87 PC: 12bbb | Get or set file date and time (See above)
2018-12-25T12:52:56.499314094Z 67 PC: 12bc8 | Get or set file attributes (See above)
2018-12-25T12:52:56.504267514Z 62 PC: 12bcc | Close file (See above)
2018-12-25T12:52:56.511865878Z 79 PC: 12bee | Find next file (See above)
2018-12-25T12:52:56.518134271Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:52:56.529165319Z 61 PC: 12b76 | Open file (See above)
2018-12-25T12:52:56.537052354Z 63 PC: 12b82 | Read file or device (See above)
2018-12-25T12:52:56.545328041Z 66 PC: 12b8c | Move file pointer (See above)
2018-12-25T12:52:56.548150901Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:52:56.556113517Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:52:56.557702324Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T12:52:56.572598155Z 87 PC: 12bbb | Get or set file date and time (See above)
2018-12-25T12:52:56.574388828Z 67 PC: 12bc8 | Get or set file attributes (See above)
2018-12-25T12:52:56.579195954Z 62 PC: 12bcc | Close file (See above)
2018-12-25T12:52:56.58706308Z 79 PC: 12bee | Find next file (See above)
2018-12-25T12:52:56.590566318Z 67 PC: 12b6d | Get or set file attributes (See above)
2018-12-25T12:52:56.60076837Z 61 PC: 12b76 | Open file (See above)
2018-12-25T12:52:56.614719863Z 63 PC: 12b82 | Read file or device (See above)
2018-12-25T12:52:56.621826787Z 66 PC: 12b8c | Move file pointer (See above)
2018-12-25T12:52:56.623377438Z 64 PC: 12b96 | Write file or device (See above)
2018-12-25T12:52:56.630555979Z 66 PC: 12ba0 | Move file pointer (See above)
2018-12-25T12:52:56.632058667Z 64 PC: 12baa | Write file or device (See above)
2018-12-25T12:52:56.640797208Z 87 PC: 12bbb | Get or set file date and time (See above)
2018-12-25T12:52:56.642338025Z 67 PC: 12bc8 | Get or set file attributes (See above)
2018-12-25T12:52:56.64712117Z 62 PC: 12bcc | Close file (See above)
2018-12-25T12:52:56.65464544Z 42 PC: 12c5b | Get date 0x12c5b: cmp dl, 8
0x12c5e: jne 0x12c87
0x12c60: mov byte ptr [0x150], 1
0x12c65: mov al, byte ptr [0x14b]
0x12c68: mov cx, 0x140
0x12c6b: xor dx, dx
0x12c6d: xor bx, bx
0x12c6f: int 0x26
0x12c71: popf
0x12c72: cmp byte ptr [0x14a], 2
0x12c77: jne 0x12c96
0x12c79: mov al, 3
0x12c7b: mov cx, 0x140
0x12c7e: xor dx, dx
0x12c80: xor bx, bx
0x12c82: int 0x26
0x12c84: popf
0x12c85: jmp 0x12c96
0x12c87: mov ah, 0xe
0x12c89: mov dl, byte ptr [0x15e]
2018-12-25T12:52:56.656749586Z 14 PC: 12c8f | Set default drive (Drive = 'A')
2018-12-25T12:52:56.658092934Z 59 PC: 12c96 | Change current directory
2018-12-25T12:52:56.662965364Z 48 PC: 133d3 | Get DOS version
2018-12-25T12:52:56.664370973Z 9 PC: 133df | Display string (String= ' Incorrect DOS version ')