Sample viewer

vx.netlux.org/Virus.DOS.Khizhnjak.565

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:17.952222033Z 25 PC: 1e544 | Get default drive
2018-12-17T23:09:17.95501487Z 14 PC: 1e54d | Set default drive (Drive = 'C')
2018-12-17T23:09:17.957335278Z 78 PC: 1e57e | Find first file
2018-12-17T23:09:17.963921737Z 67 PC: 1e5c9 | Get or set file attributes
2018-12-17T23:09:18.303980862Z 61 PC: 1e5d3 | Open file (Filename = '��������PSQ�ێË��J�!�>�u3�>R')
2018-12-17T23:09:18.311047574Z 63 PC: 1e5f1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:18.314295324Z 66 PC: 1e62a | Move file pointer
2018-12-17T23:09:18.316831039Z 63 PC: 1e634 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:09:18.320401404Z 87 PC: 1e648 | Get or set file date and time
2018-12-17T23:09:18.321881941Z 66 PC: 1e668 | Move file pointer
2018-12-17T23:09:18.324475064Z 64 PC: 1e675 | Write file or device (Write 565 bytes on handle 5)
2018-12-17T23:09:18.331784939Z 66 PC: 1e680 | Move file pointer
2018-12-17T23:09:18.333963683Z 64 PC: 1e68c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:18.337553616Z 87 PC: 1e69b | Get or set file date and time
2018-12-17T23:09:18.340833464Z 42 PC: 1e69f | Get date 0x1e69f: cmp dh, 2
0x1e6a2: jl 0x1e6cc
0x1e6a4: cmp dl, 0x14
0x1e6a7: jl 0x1e6cc
0x1e6a9: mov ah, 0x2c
0x1e6ab: int 0x21
0x1e6ad: cmp ch, 0xb
0x1e6b0: jl 0x1e6cc
0x1e6b2: mov bx, 0x100
0x1e6b5: mov dx, 0x80
0x1e6b8: mov cx, 1
0x1e6bb: mov ax, 0x501
0x1e6be: int 0x13
0x1e6c0: jb 0x1e6cc
0x1e6c2: mov ax, 0x1b5
0x1e6c5: push ax
0x1e6c6: mov bx, 0x2fb
0x1e6c9: inc bx
0x1e6ca: jmp bx
0x1e6cc: cmp word ptr [0x315], -1
2018-12-17T23:09:18.344743212Z 62 PC: 1e6db | Close file
2018-12-17T23:09:18.352234041Z 14 PC: 1e700 | Set default drive (Drive = 'A')
2018-12-17T23:09:18.35503797Z 80 PC: 13ea9 | Set current PSP
2018-12-17T23:09:18.356142234Z 48 PC: 13ead | Get DOS version
2018-12-17T23:09:18.357673627Z 2 PC: 13d5c | Character output (Char = '49')
2018-12-17T23:09:18.360815198Z 2 PC: 13d5c | Character output (Char = '6e')
2018-12-17T23:09:18.363464467Z 2 PC: 13d5c | Character output (Char = '63')
2018-12-17T23:09:18.366780251Z 2 PC: 13d5c | Character output (Char = '6f')
2018-12-17T23:09:18.370600908Z 2 PC: 13d5c | Character output (Char = '72')
2018-12-17T23:09:18.373663087Z 2 PC: 13d5c | Character output (Char = '72')
2018-12-17T23:09:18.377074359Z 2 PC: 13d5c | Character output (Char = '65')
2018-12-17T23:09:18.380542688Z 2 PC: 13d5c | Character output (Char = '63')
2018-12-17T23:09:18.383358589Z 2 PC: 13d5c | Character output (Char = '74')
2018-12-17T23:09:18.38619143Z 2 PC: 13d5c | Character output (Char = '20')
2018-12-17T23:09:18.388961067Z 2 PC: 13d5c | Character output (Char = '44')
2018-12-17T23:09:18.392875447Z 2 PC: 13d5c | Character output (Char = '4f')
2018-12-17T23:09:18.395671607Z 2 PC: 13d5c | Character output (Char = '53')
2018-12-17T23:09:18.398550566Z 2 PC: 13d5c | Character output (Char = '20')
2018-12-17T23:09:18.413382687Z 2 PC: 13d5c | Character output (Char = '76')
2018-12-17T23:09:18.41559503Z 2 PC: 13d5c | Character output (Char = '65')
2018-12-17T23:09:18.41791595Z 2 PC: 13d5c | Character output (Char = '72')
2018-12-17T23:09:18.422528447Z 2 PC: 13d5c | Character output (Char = '73')
2018-12-17T23:09:18.425386908Z 2 PC: 13d5c | Character output (Char = '69')
2018-12-17T23:09:18.428556406Z 2 PC: 13d5c | Character output (Char = '6f')
2018-12-17T23:09:18.431886668Z 2 PC: 13d5c | Character output (Char = '6e')
2018-12-17T23:09:18.43477905Z 2 PC: 13d5c | Character output (Char = '0d')
2018-12-17T23:09:18.437922626Z 2 PC: 13d5c | Character output (Char = '0a')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16476,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:03.934845194Z 25 PC: 1e544 | Get default drive
2018-12-25T12:53:03.935577753Z 14 PC: 1e54d | Set default drive (Drive = 'C')
2018-12-25T12:53:03.936373115Z 78 PC: 1e57e | Find first file
2018-12-25T12:53:03.939829569Z 67 PC: 1e5c9 | Get or set file attributes
2018-12-25T12:53:05.001542331Z 61 PC: 1e5d3 | Open file (Filename = '��������PSQ�ێË��J�!�>�u3�>R')
2018-12-25T12:53:05.006845199Z 63 PC: 1e5f1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:05.009182367Z 66 PC: 1e62a | Move file pointer
2018-12-25T12:53:05.010837664Z 63 PC: 1e634 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:53:05.013284838Z 87 PC: 1e648 | Get or set file date and time
2018-12-25T12:53:05.014838325Z 66 PC: 1e668 | Move file pointer
2018-12-25T12:53:05.016063349Z 64 PC: 1e675 | Write file or device (Write 565 bytes on handle 5)
2018-12-25T12:53:05.024239442Z 66 PC: 1e680 | Move file pointer
2018-12-25T12:53:05.025728239Z 64 PC: 1e68c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:05.028857354Z 87 PC: 1e69b | Get or set file date and time
2018-12-25T12:53:05.030910507Z 42 PC: 1e69f | Get date 0x1e69f: cmp dh, 2
0x1e6a2: jl 0x1e6cc
0x1e6a4: cmp dl, 0x14
0x1e6a7: jl 0x1e6cc
0x1e6a9: mov ah, 0x2c
0x1e6ab: int 0x21
0x1e6ad: cmp ch, 0xb
0x1e6b0: jl 0x1e6cc
0x1e6b2: mov bx, 0x100
0x1e6b5: mov dx, 0x80
0x1e6b8: mov cx, 1
0x1e6bb: mov ax, 0x501
0x1e6be: int 0x13
0x1e6c0: jb 0x1e6cc
0x1e6c2: mov ax, 0x1b5
0x1e6c5: push ax
0x1e6c6: mov bx, 0x2fb
0x1e6c9: inc bx
0x1e6ca: jmp bx
0x1e6cc: cmp word ptr [0x315], -1
2018-12-25T12:53:05.032953811Z 62 PC: 1e6db | Close file
2018-12-25T12:53:05.039932354Z 14 PC: 1e700 | Set default drive (Drive = 'A')
2018-12-25T12:53:05.04143714Z 80 PC: 13ea9 | Set current PSP
2018-12-25T12:53:05.04216085Z 48 PC: 13ead | Get DOS version
2018-12-25T12:53:05.043388757Z 2 PC: 13d5c | Character output (Char = '49')
2018-12-25T12:53:05.045997212Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.047947292Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.04995755Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.055288132Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.056790679Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.058185367Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.060129403Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.061592833Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.062985027Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.065619183Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.06755039Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.069447828Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.072216602Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.07429818Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.076569043Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.079153212Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.081067123Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.082962557Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.085211651Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.087374917Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.089383453Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:05.091889418Z 2 PC: 13d5c | Character output (See above)

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16476,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:03.772278665Z 25 PC: 1e544 | Get default drive
2018-12-25T12:53:03.773962743Z 14 PC: 1e54d | Set default drive (Drive = 'C')
2018-12-25T12:53:03.775140314Z 78 PC: 1e57e | Find first file
2018-12-25T12:53:03.781173884Z 67 PC: 1e5c9 | Get or set file attributes
2018-12-25T12:53:04.144282447Z 61 PC: 1e5d3 | Open file (Filename = '��������PSQ�ێË��J�!�>�u3�>R')
2018-12-25T12:53:04.151262622Z 63 PC: 1e5f1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:04.154415157Z 66 PC: 1e62a | Move file pointer
2018-12-25T12:53:04.157143091Z 63 PC: 1e634 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:53:04.160396518Z 87 PC: 1e648 | Get or set file date and time
2018-12-25T12:53:04.161892762Z 66 PC: 1e668 | Move file pointer
2018-12-25T12:53:04.165945734Z 64 PC: 1e675 | Write file or device (Write 565 bytes on handle 5)
2018-12-25T12:53:04.173234192Z 66 PC: 1e680 | Move file pointer
2018-12-25T12:53:04.175088453Z 64 PC: 1e68c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:04.190631524Z 87 PC: 1e69b | Get or set file date and time
2018-12-25T12:53:04.193481501Z 42 PC: 1e69f | Get date 0x1e69f: cmp dh, 2
0x1e6a2: jl 0x1e6cc
0x1e6a4: cmp dl, 0x14
0x1e6a7: jl 0x1e6cc
0x1e6a9: mov ah, 0x2c
0x1e6ab: int 0x21
0x1e6ad: cmp ch, 0xb
0x1e6b0: jl 0x1e6cc
0x1e6b2: mov bx, 0x100
0x1e6b5: mov dx, 0x80
0x1e6b8: mov cx, 1
0x1e6bb: mov ax, 0x501
0x1e6be: int 0x13
0x1e6c0: jb 0x1e6cc
0x1e6c2: mov ax, 0x1b5
0x1e6c5: push ax
0x1e6c6: mov bx, 0x2fb
0x1e6c9: inc bx
0x1e6ca: jmp bx
0x1e6cc: cmp word ptr [0x315], -1
2018-12-25T12:53:04.196300348Z 62 PC: 1e6db | Close file
2018-12-25T12:53:04.210869234Z 14 PC: 1e700 | Set default drive (Drive = 'A')
2018-12-25T12:53:04.21623105Z 80 PC: 13ea9 | Set current PSP
2018-12-25T12:53:04.217266572Z 48 PC: 13ead | Get DOS version
2018-12-25T12:53:04.21862984Z 2 PC: 13d5c | Character output (Char = '49')
2018-12-25T12:53:04.221561881Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.224260656Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.227047256Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.230167081Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.232580758Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.235055775Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.23785769Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.240569101Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.242746994Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.245921157Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.248385853Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.250933826Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.254004854Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.256481062Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.258792194Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.261622762Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.264857792Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.267246848Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.270990266Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.273818002Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.276342485Z 2 PC: 13d5c | Character output (See above)
2018-12-25T12:53:04.28804252Z 2 PC: 13d5c | Character output (See above)

{"DateBased":true,"Day":20,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16476,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:04.267344724Z 25 PC: 1e544 | Get default drive
2018-12-25T12:53:04.268339047Z 14 PC: 1e54d | Set default drive (Drive = 'C')
2018-12-25T12:53:04.269527133Z 78 PC: 1e57e | Find first file
2018-12-25T12:53:04.274964927Z 67 PC: 1e5c9 | Get or set file attributes
2018-12-25T12:53:05.000921686Z 61 PC: 1e5d3 | Open file (Filename = '��������PSQ�ێË��J�!�>�u3�>R')
2018-12-25T12:53:05.006849244Z 63 PC: 1e5f1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:05.008996282Z 66 PC: 1e62a | Move file pointer
2018-12-25T12:53:05.018601414Z 63 PC: 1e634 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:53:05.021063484Z 87 PC: 1e648 | Get or set file date and time
2018-12-25T12:53:05.022686873Z 66 PC: 1e668 | Move file pointer
2018-12-25T12:53:05.024457729Z 64 PC: 1e675 | Write file or device (Write 565 bytes on handle 5)
2018-12-25T12:53:05.029513328Z 66 PC: 1e680 | Move file pointer
2018-12-25T12:53:05.031376341Z 64 PC: 1e68c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:05.034066397Z 87 PC: 1e69b | Get or set file date and time
2018-12-25T12:53:05.035300387Z 42 PC: 1e69f | Get date 0x1e69f: cmp dh, 2
0x1e6a2: jl 0x1e6cc
0x1e6a4: cmp dl, 0x14
0x1e6a7: jl 0x1e6cc
0x1e6a9: mov ah, 0x2c
0x1e6ab: int 0x21
0x1e6ad: cmp ch, 0xb
0x1e6b0: jl 0x1e6cc
0x1e6b2: mov bx, 0x100
0x1e6b5: mov dx, 0x80
0x1e6b8: mov cx, 1
0x1e6bb: mov ax, 0x501
0x1e6be: int 0x13
0x1e6c0: jb 0x1e6cc
0x1e6c2: mov ax, 0x1b5
0x1e6c5: push ax
0x1e6c6: mov bx, 0x2fb
0x1e6c9: inc bx
0x1e6ca: jmp bx
0x1e6cc: cmp word ptr [0x315], -1
2018-12-25T12:53:05.037047863Z 44 PC: 1e6ad | Get time 0x1e6ad: cmp ch, 0xb
0x1e6b0: jl 0x1e6cc
0x1e6b2: mov bx, 0x100
0x1e6b5: mov dx, 0x80
0x1e6b8: mov cx, 1
0x1e6bb: mov ax, 0x501
0x1e6be: int 0x13
0x1e6c0: jb 0x1e6cc
0x1e6c2: mov ax, 0x1b5
0x1e6c5: push ax
0x1e6c6: mov bx, 0x2fb
0x1e6c9: inc bx
0x1e6ca: jmp bx
0x1e6cc: cmp word ptr [0x315], -1
0x1e6d1: je 0x1e6db
0x1e6d3: mov bx, word ptr [0x315]
0x1e6d7: mov ah, 0x3e
0x1e6d9: int 0x21
0x1e6db: cmp word ptr cs:[0x103], -1
0x1e6e1: je 0x1e716
2018-12-25T12:53:05.040082265Z 74 PC: 12c82 | Reallocate memory
2018-12-25T12:53:05.041329767Z 72 PC: 12cc3 | Allocate memory
2018-12-25T12:53:05.042739251Z 73 PC: 12ce5 | Release memory
2018-12-25T12:53:05.044285678Z 72 PC: 12cfb | Allocate memory
2018-12-25T12:53:05.046117694Z 72 PC: 12d03 | Allocate memory
2018-12-25T12:53:05.050971725Z 73 PC: 12d20 | Release memory