Sample viewer

vx.netlux.org/Virus.DOS.Khizhnjak.846

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:11.141414237Z	25	PC: 1e544 \| Get default drive
2018-12-17T23:11:11.14446974Z	14	PC: 1e54d \| Set default drive (Drive = 'C')
2018-12-17T23:11:11.14623063Z	78	PC: 1e57b \| Find first file
2018-12-17T23:11:11.152540908Z	67	PC: 1e5c6 \| Get or set file attributes
2018-12-17T23:11:11.503664427Z	61	PC: 1e5d3 \| Open file (Filename = '')
2018-12-17T23:11:11.519496995Z	63	PC: 1e5e7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:11:11.526907655Z	66	PC: 1e5f9 \| Move file pointer
2018-12-17T23:11:11.529778361Z	66	PC: 1e634 \| Move file pointer
2018-12-17T23:11:11.531867225Z	63	PC: 1e647 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:11:11.535232219Z	87	PC: 1e65f \| Get or set file date and time
2018-12-17T23:11:11.537802564Z	66	PC: 1e683 \| Move file pointer
2018-12-17T23:11:11.54062913Z	64	PC: 1e694 \| Write file or device (Write 846 bytes on handle 5)
2018-12-17T23:11:11.551601395Z	66	PC: 1e6a3 \| Move file pointer
2018-12-17T23:11:11.556745511Z	64	PC: 1e6b3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:11:11.561156589Z	87	PC: 1e6c2 \| Get or set file date and time
2018-12-17T23:11:11.562983846Z	42	PC: 1e6c6 \| Get date 0x1e6c6: cmp dh, 6 0x1e6c9: jl 0x1e6de 0x1e6cb: mov ah, 9 0x1e6cd: mov dx, 0x332 0x1e6d0: int 0x21 0x1e6d2: mov dx, 0x3c2 0x1e6d5: int 0x21 0x1e6d7: xor ah, ah 0x1e6d9: int 0x16 0x1e6db: jmp 0x1e70a 0x1e6dd: nop 0x1e6de: cmp word ptr [0x312], -1 0x1e6e3: je 0x1e6ed 0x1e6e5: mov bx, word ptr [0x312] 0x1e6e9: mov ah, 0x3e 0x1e6eb: int 0x21 0x1e6ed: cmp word ptr cs:[0x103], -1 0x1e6f3: je 0x1e727 0x1e6f5: mov ah, 0xe 0x1e6f7: mov dl, byte ptr [0x331]
2018-12-17T23:11:11.565295916Z	9	PC: 1e6d2 \| Display string (Could not find end pointer)
2018-12-17T23:11:11.574673484Z	9	PC: 1e6d7 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17104,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:47.957733291Z	25	PC: 1e544 \| Get default drive
2018-12-25T12:54:47.959495194Z	14	PC: 1e54d \| Set default drive (Drive = 'C')
2018-12-25T12:54:47.960844311Z	78	PC: 1e57b \| Find first file
2018-12-25T12:54:47.966245475Z	67	PC: 1e5c6 \| Get or set file attributes
2018-12-25T12:54:48.374880576Z	61	PC: 1e5d3 \| Open file (Filename = '')
2018-12-25T12:54:48.38174428Z	63	PC: 1e5e7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:48.384700732Z	66	PC: 1e5f9 \| Move file pointer
2018-12-25T12:54:48.387510935Z	66	PC: 1e634 \| Move file pointer
2018-12-25T12:54:48.389214703Z	63	PC: 1e647 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:54:48.392529234Z	87	PC: 1e65f \| Get or set file date and time
2018-12-25T12:54:48.394527973Z	66	PC: 1e683 \| Move file pointer
2018-12-25T12:54:48.395852338Z	64	PC: 1e694 \| Write file or device (Write 846 bytes on handle 5)
2018-12-25T12:54:48.40550715Z	66	PC: 1e6a3 \| Move file pointer
2018-12-25T12:54:48.407320373Z	64	PC: 1e6b3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:48.409955646Z	87	PC: 1e6c2 \| Get or set file date and time
2018-12-25T12:54:48.41128993Z	42	PC: 1e6c6 \| Get date 0x1e6c6: cmp dh, 6 0x1e6c9: jl 0x1e6de 0x1e6cb: mov ah, 9 0x1e6cd: mov dx, 0x332 0x1e6d0: int 0x21 0x1e6d2: mov dx, 0x3c2 0x1e6d5: int 0x21 0x1e6d7: xor ah, ah 0x1e6d9: int 0x16 0x1e6db: jmp 0x1e70a 0x1e6dd: nop 0x1e6de: cmp word ptr [0x312], -1 0x1e6e3: je 0x1e6ed 0x1e6e5: mov bx, word ptr [0x312] 0x1e6e9: mov ah, 0x3e 0x1e6eb: int 0x21 0x1e6ed: cmp word ptr cs:[0x103], -1 0x1e6f3: je 0x1e727 0x1e6f5: mov ah, 0xe 0x1e6f7: mov dl, byte ptr [0x331]
2018-12-25T12:54:48.41398756Z	62	PC: 1e6ed \| Close file
2018-12-25T12:54:48.420719096Z	14	PC: 1e712 \| Set default drive (Drive = 'A')
2018-12-25T12:54:48.421801664Z	80	PC: 13ea9 \| Set current PSP
2018-12-25T12:54:48.422953743Z	48	PC: 13ead \| Get DOS version
2018-12-25T12:54:48.424686528Z	2	PC: 13d5c \| Character output (Char = '49')
2018-12-25T12:54:48.427110999Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.429489289Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.431675952Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.4339051Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.436355227Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.438529005Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.440844734Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.443571612Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.445970591Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.447950409Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.450485672Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.452707891Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.454959659Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.45743203Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.459891337Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.462287896Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.465163758Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.467198099Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.46921641Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.471743029Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.473221681Z	2	PC: 13d5c \| Character output (See above)
2018-12-25T12:54:48.474544585Z	2	PC: 13d5c \| Character output (See above)

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17104,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:48.778726713Z	25	PC: 1e544 \| Get default drive
2018-12-25T12:54:48.779640367Z	14	PC: 1e54d \| Set default drive (Drive = 'C')
2018-12-25T12:54:48.78073488Z	78	PC: 1e57b \| Find first file
2018-12-25T12:54:48.786533509Z	67	PC: 1e5c6 \| Get or set file attributes
2018-12-25T12:54:49.194041362Z	61	PC: 1e5d3 \| Open file (Filename = '')
2018-12-25T12:54:49.198502351Z	63	PC: 1e5e7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:49.200772055Z	66	PC: 1e5f9 \| Move file pointer
2018-12-25T12:54:49.202326396Z	66	PC: 1e634 \| Move file pointer
2018-12-25T12:54:49.20328796Z	63	PC: 1e647 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:54:49.205361141Z	87	PC: 1e65f \| Get or set file date and time
2018-12-25T12:54:49.206545585Z	66	PC: 1e683 \| Move file pointer
2018-12-25T12:54:49.207492799Z	64	PC: 1e694 \| Write file or device (Write 846 bytes on handle 5)
2018-12-25T12:54:49.21426038Z	66	PC: 1e6a3 \| Move file pointer
2018-12-25T12:54:49.215620794Z	64	PC: 1e6b3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:49.218331699Z	87	PC: 1e6c2 \| Get or set file date and time
2018-12-25T12:54:49.220014575Z	42	PC: 1e6c6 \| Get date 0x1e6c6: cmp dh, 6 0x1e6c9: jl 0x1e6de 0x1e6cb: mov ah, 9 0x1e6cd: mov dx, 0x332 0x1e6d0: int 0x21 0x1e6d2: mov dx, 0x3c2 0x1e6d5: int 0x21 0x1e6d7: xor ah, ah 0x1e6d9: int 0x16 0x1e6db: jmp 0x1e70a 0x1e6dd: nop 0x1e6de: cmp word ptr [0x312], -1 0x1e6e3: je 0x1e6ed 0x1e6e5: mov bx, word ptr [0x312] 0x1e6e9: mov ah, 0x3e 0x1e6eb: int 0x21 0x1e6ed: cmp word ptr cs:[0x103], -1 0x1e6f3: je 0x1e727 0x1e6f5: mov ah, 0xe 0x1e6f7: mov dl, byte ptr [0x331]
2018-12-25T12:54:49.222367128Z	9	PC: 1e6d2 \| Display string (Could not find end pointer)
2018-12-25T12:54:49.229592904Z	9	PC: 1e6d7 \| Display string (Could not find end pointer)