Sample viewer

vx.netlux.org/Virus.DOS.Rotor.1068

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:08:33.984845311Z 254 PC: 1eca1 | UNKNOWN!
2018-12-17T22:08:33.985687275Z 42 PC: 1ece3 | Get date 0x1ece3: cmp dh, dl
0x1ece5: jne 0x1ecef
0x1ece7: mov byte ptr es:[0x438], 1
0x1eced: jmp 0x1ecf5
0x1ecef: mov byte ptr es:[0x438], 0
0x1ecf5: xor ax, ax
0x1ecf7: mov ds, ax
0x1ecf9: mov ax, word ptr [0x84]
0x1ecfc: mov word ptr es:[0x42c], ax
0x1ed00: mov ax, word ptr [0x86]
0x1ed03: mov word ptr es:[0x42e], ax
0x1ed07: mov ax, word ptr [0x20]
0x1ed0a: mov word ptr es:[0x434], ax
0x1ed0e: mov ax, word ptr [0x22]
0x1ed11: mov word ptr es:[0x436], ax
0x1ed15: cli
0x1ed16: mov word ptr [0x84], 0x19a
0x1ed1c: mov word ptr [0x86], es
0x1ed20: mov word ptr [0x20], 0x126
0x1ed26: mov word ptr [0x22], es
2018-12-17T22:08:33.987842338Z 67 PC: 9ee45 | Get or set file attributes
2018-12-17T22:08:33.993315785Z 61 PC: 9ee6a | Open file (Filename = 'c:\command.com')
2018-12-17T22:08:33.999053846Z 87 PC: 9ee7b | Get or set file date and time
2018-12-17T22:08:34.000262026Z 63 PC: 9ee98 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:08:34.003025321Z 66 PC: 9eec8 | Move file pointer
2018-12-17T22:08:34.004351875Z 64 PC: 9eedb | Write file or device (Write 1068 bytes on handle 5)
2018-12-17T22:08:34.606947439Z 66 PC: 9eeec | Move file pointer
2018-12-17T22:08:34.61034039Z 64 PC: 9ef07 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:08:34.613260036Z 87 PC: 9efda | Get or set file date and time
2018-12-17T22:08:34.614321503Z 87 PC: 9efe9 | Get or set file date and time
2018-12-17T22:08:34.616513639Z 62 PC: 9eff0 | Close file
2018-12-17T22:08:34.624038766Z 61 PC: 1ed36 | Open file
2018-12-17T22:08:34.630561846Z 62 PC: 1ed3e | Close file
2018-12-17T22:08:34.63268666Z 80 PC: 140a9 | Set current PSP
2018-12-17T22:08:34.635543626Z 48 PC: 140ad | Get DOS version
2018-12-17T22:08:34.636986675Z 2 PC: 13f5c | Character output (Char = '56')
2018-12-17T22:08:34.639401931Z 2 PC: 13f5c | Character output (Char = '65')
2018-12-17T22:08:34.64451313Z 2 PC: 13f5c | Character output (Char = '72')
2018-12-17T22:08:34.646620794Z 2 PC: 13f5c | Character output (Char = '73')
2018-12-17T22:08:34.648866192Z 2 PC: 13f5c | Character output (Char = '69')
2018-12-17T22:08:34.651132195Z 2 PC: 13f5c | Character output (Char = 'a2')
2018-12-17T22:08:34.65341988Z 2 PC: 13f5c | Character output (Char = '6e')
2018-12-17T22:08:34.656487461Z 2 PC: 13f5c | Character output (Char = '20')
2018-12-17T22:08:34.659598471Z 2 PC: 13f5c | Character output (Char = '69')
2018-12-17T22:08:34.662027621Z 2 PC: 13f5c | Character output (Char = '6e')
2018-12-17T22:08:34.66453861Z 2 PC: 13f5c | Character output (Char = '63')
2018-12-17T22:08:34.667113631Z 2 PC: 13f5c | Character output (Char = '6f')
2018-12-17T22:08:34.669286739Z 2 PC: 13f5c | Character output (Char = '72')
2018-12-17T22:08:34.671621117Z 2 PC: 13f5c | Character output (Char = '72')
2018-12-17T22:08:34.673764556Z 2 PC: 13f5c | Character output (Char = '65')
2018-12-17T22:08:34.675986055Z 2 PC: 13f5c | Character output (Char = '63')
2018-12-17T22:08:34.678224436Z 2 PC: 13f5c | Character output (Char = '74')
2018-12-17T22:08:34.681631121Z 2 PC: 13f5c | Character output (Char = '61')
2018-12-17T22:08:34.684092916Z 2 PC: 13f5c | Character output (Char = '20')
2018-12-17T22:08:34.68655839Z 2 PC: 13f5c | Character output (Char = '64')
2018-12-17T22:08:34.690009068Z 2 PC: 13f5c | Character output (Char = '65')
2018-12-17T22:08:34.692449468Z 2 PC: 13f5c | Character output (Char = '20')
2018-12-17T22:08:34.694553935Z 2 PC: 13f5c | Character output (Char = '44')
2018-12-17T22:08:34.698217655Z 2 PC: 13f5c | Character output (Char = '4f')
2018-12-17T22:08:34.70089729Z 2 PC: 13f5c | Character output (Char = '53')
2018-12-17T22:08:34.703664173Z 2 PC: 13f5c | Character output (Char = '0d')
2018-12-17T22:08:34.710167544Z 2 PC: 13f5c | Character output (Char = '0a')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2079,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:52.437248987Z 254 PC: 1eca1 | UNKNOWN!
2018-12-25T11:44:52.438570127Z 42 PC: 1ece3 | Get date 0x1ece3: cmp dh, dl
0x1ece5: jne 0x1ecef
0x1ece7: mov byte ptr es:[0x438], 1
0x1eced: jmp 0x1ecf5
0x1ecef: mov byte ptr es:[0x438], 0
0x1ecf5: xor ax, ax
0x1ecf7: mov ds, ax
0x1ecf9: mov ax, word ptr [0x84]
0x1ecfc: mov word ptr es:[0x42c], ax
0x1ed00: mov ax, word ptr [0x86]
0x1ed03: mov word ptr es:[0x42e], ax
0x1ed07: mov ax, word ptr [0x20]
0x1ed0a: mov word ptr es:[0x434], ax
0x1ed0e: mov ax, word ptr [0x22]
0x1ed11: mov word ptr es:[0x436], ax
0x1ed15: cli
0x1ed16: mov word ptr [0x84], 0x19a
0x1ed1c: mov word ptr [0x86], es
0x1ed20: mov word ptr [0x20], 0x126
0x1ed26: mov word ptr [0x22], es
2018-12-25T11:44:52.440718792Z 67 PC: 9ee45 | Get or set file attributes
2018-12-25T11:44:52.446507426Z 61 PC: 9ee6a | Open file (Filename = 'c:\command.com')
2018-12-25T11:44:52.453725857Z 87 PC: 9ee7b | Get or set file date and time
2018-12-25T11:44:52.455445253Z 63 PC: 9ee98 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:44:52.458281211Z 66 PC: 9eec8 | Move file pointer
2018-12-25T11:44:52.460463276Z 64 PC: 9eedb | Write file or device (Write 1068 bytes on handle 5)
2018-12-25T11:44:52.803691182Z 66 PC: 9eeec | Move file pointer
2018-12-25T11:44:52.805313065Z 64 PC: 9ef07 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:52.810120607Z 87 PC: 9efda | Get or set file date and time
2018-12-25T11:44:52.812363716Z 87 PC: 9efe9 | Get or set file date and time
2018-12-25T11:44:52.814126316Z 62 PC: 9eff0 | Close file
2018-12-25T11:44:52.823103199Z 61 PC: 1ed36 | Open file
2018-12-25T11:44:52.830134783Z 62 PC: 1ed3e | Close file
2018-12-25T11:44:52.832681789Z 80 PC: 140a9 | Set current PSP
2018-12-25T11:44:52.834781608Z 48 PC: 140ad | Get DOS version
2018-12-25T11:44:52.836389351Z 2 PC: 13f5c | Character output (Char = '56')
2018-12-25T11:44:52.838774296Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.841681621Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.844699785Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.847182702Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.849614366Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.852663657Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.855174315Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.85746563Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.860421563Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.863526144Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.866222037Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.869023999Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.871824016Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.874585071Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.878463064Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.881374271Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.885610539Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.889063563Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.891542813Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.893953917Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.897100379Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.899880314Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.902387078Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.906550758Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.909962154Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:52.914035557Z 2 PC: 13f5c | Character output (See above)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2079,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:53.454859476Z 254 PC: 1eca1 | UNKNOWN!
2018-12-25T11:44:53.455845438Z 42 PC: 1ece3 | Get date 0x1ece3: cmp dh, dl
0x1ece5: jne 0x1ecef
0x1ece7: mov byte ptr es:[0x438], 1
0x1eced: jmp 0x1ecf5
0x1ecef: mov byte ptr es:[0x438], 0
0x1ecf5: xor ax, ax
0x1ecf7: mov ds, ax
0x1ecf9: mov ax, word ptr [0x84]
0x1ecfc: mov word ptr es:[0x42c], ax
0x1ed00: mov ax, word ptr [0x86]
0x1ed03: mov word ptr es:[0x42e], ax
0x1ed07: mov ax, word ptr [0x20]
0x1ed0a: mov word ptr es:[0x434], ax
0x1ed0e: mov ax, word ptr [0x22]
0x1ed11: mov word ptr es:[0x436], ax
0x1ed15: cli
0x1ed16: mov word ptr [0x84], 0x19a
0x1ed1c: mov word ptr [0x86], es
0x1ed20: mov word ptr [0x20], 0x126
0x1ed26: mov word ptr [0x22], es
2018-12-25T11:44:53.4576392Z 67 PC: 9ee45 | Get or set file attributes
2018-12-25T11:44:53.461093857Z 61 PC: 9ee6a | Open file (Filename = 'c:\command.com')
2018-12-25T11:44:53.46569221Z 87 PC: 9ee7b | Get or set file date and time
2018-12-25T11:44:53.466633283Z 63 PC: 9ee98 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:44:53.468335568Z 66 PC: 9eec8 | Move file pointer
2018-12-25T11:44:53.469939362Z 64 PC: 9eedb | Write file or device (Write 1068 bytes on handle 5)
2018-12-25T11:44:53.812989815Z 66 PC: 9eeec | Move file pointer
2018-12-25T11:44:53.815038678Z 64 PC: 9ef07 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:53.82287043Z 87 PC: 9efda | Get or set file date and time
2018-12-25T11:44:53.825509276Z 87 PC: 9efe9 | Get or set file date and time
2018-12-25T11:44:53.827644668Z 62 PC: 9eff0 | Close file
2018-12-25T11:44:53.837346386Z 61 PC: 1ed36 | Open file
2018-12-25T11:44:53.844903229Z 62 PC: 1ed3e | Close file
2018-12-25T11:44:53.847578983Z 80 PC: 140a9 | Set current PSP
2018-12-25T11:44:53.849159508Z 48 PC: 140ad | Get DOS version
2018-12-25T11:44:53.851667529Z 2 PC: 13f5c | Character output (Char = '56')
2018-12-25T11:44:53.854633094Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.857621295Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.861487634Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.864428351Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.867336003Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.871445241Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.874317961Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.87724704Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.880948864Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.884093942Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.886937149Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.890037443Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.89314362Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.895708417Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.899065794Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.901962079Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.904523686Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.907244878Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.912185076Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.914992351Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.917809259Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.921596391Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.927164584Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.93140826Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.93832619Z 2 PC: 13f5c | Character output (See above)
2018-12-25T11:44:53.941148651Z 2 PC: 13f5c | Character output (See above)