Sample viewer

vx.netlux.org/Virus.DOS.July13.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:45.164976135Z 47 PC: 16227 | Get disk transfer address
2018-12-17T22:10:45.172658674Z 26 PC: 1623c | Set disk transfer address
2018-12-17T22:10:45.173633313Z 78 PC: 16245 | Find first file
2018-12-17T22:10:45.179696998Z 61 PC: 1624f | Open file (Filename = 'TEST.EXE')
2018-12-17T22:10:45.187070188Z 63 PC: 16268 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:10:45.189571785Z 62 PC: 1627b | Close file
2018-12-17T22:10:45.191153623Z 79 PC: 1627f | Find next file
2018-12-17T22:10:45.193761869Z 59 PC: 163d6 | Change current directory
2018-12-17T22:10:45.197559171Z 26 PC: 163e4 | Set disk transfer address
2018-12-17T22:10:45.19849176Z 42 PC: 163ea | Get date 0x163ea: cmp dl, 0xd
0x163ed: jne 0x163f7
0x163ef: cmp dh, 7
0x163f2: jne 0x163f7
0x163f4: call 0x16434
0x163f7: xor ax, ax
0x163f9: mov ds, ax
0x163fb: mov si, 0x90
0x163fe: mov ax, word ptr cs:[0x439]
0x16402: mov bx, word ptr cs:[0x43b]
0x16407: mov word ptr [si], ax
0x16409: mov word ptr [si + 2], bx
0x1640c: mov ds, word ptr cs:[0x449]
0x16411: mov es, word ptr cs:[0x44f]
0x16416: cli
0x16417: mov ss, word ptr cs:[0x445]
0x1641c: mov sp, word ptr cs:[0x447]
0x16421: xor ax, ax
0x16423: xor bx, bx
0x16425: xor cx, cx
2018-12-17T22:10:45.200998779Z 48 PC: 13170 | Get DOS version
2018-12-17T22:10:45.202145815Z 74 PC: 131cb | Reallocate memory
2018-12-17T22:10:45.203511351Z 48 PC: 13224 | Get DOS version
2018-12-17T22:10:45.204930689Z 53 PC: 1322c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:45.205965739Z 37 PC: 1323e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:45.207491706Z 68 PC: 132c2 | I/O control for devices (Set for = '*')
2018-12-17T22:10:45.208835084Z 68 PC: 132c2 | I/O control for devices
2018-12-17T22:10:45.20997539Z 68 PC: 132c2 | I/O control for devices (Set for = '')
2018-12-17T22:10:45.211210136Z 68 PC: 132c2 | I/O control for devices (Set for = '')
2018-12-17T22:10:45.212371664Z 68 PC: 132c2 | I/O control for devices (Set for = '')
2018-12-17T22:10:45.220117717Z 61 PC: 149ec | Open file (Filename = '.exe')
2018-12-17T22:10:45.224023587Z 64 PC: 14cee | Write file or device (Write 37 bytes on handle 2)
2018-12-17T22:10:45.227017134Z 64 PC: 14cee | Write file or device (Write 55 bytes on handle 1)
2018-12-17T22:10:45.231753384Z 37 PC: 13357 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:45.232542467Z 76 PC: 13340 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2318,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:30.371502776Z 47 PC: 16227 | Get disk transfer address
2018-12-25T11:45:30.373326647Z 26 PC: 1623c | Set disk transfer address
2018-12-25T11:45:30.374347247Z 78 PC: 16245 | Find first file
2018-12-25T11:45:30.378251448Z 61 PC: 1624f | Open file (Filename = 'TEST.EXE')
2018-12-25T11:45:30.38451192Z 63 PC: 16268 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:45:30.386902179Z 62 PC: 1627b | Close file
2018-12-25T11:45:30.388355226Z 79 PC: 1627f | Find next file
2018-12-25T11:45:30.390273943Z 59 PC: 163d6 | Change current directory
2018-12-25T11:45:30.393555216Z 26 PC: 163e4 | Set disk transfer address
2018-12-25T11:45:30.394691638Z 42 PC: 163ea | Get date 0x163ea: cmp dl, 0xd
0x163ed: jne 0x163f7
0x163ef: cmp dh, 7
0x163f2: jne 0x163f7
0x163f4: call 0x16434
0x163f7: xor ax, ax
0x163f9: mov ds, ax
0x163fb: mov si, 0x90
0x163fe: mov ax, word ptr cs:[0x439]
0x16402: mov bx, word ptr cs:[0x43b]
0x16407: mov word ptr [si], ax
0x16409: mov word ptr [si + 2], bx
0x1640c: mov ds, word ptr cs:[0x449]
0x16411: mov es, word ptr cs:[0x44f]
0x16416: cli
0x16417: mov ss, word ptr cs:[0x445]
0x1641c: mov sp, word ptr cs:[0x447]
0x16421: xor ax, ax
0x16423: xor bx, bx
0x16425: xor cx, cx
2018-12-25T11:45:30.397086896Z 48 PC: 13170 | Get DOS version
2018-12-25T11:45:30.398817854Z 74 PC: 131cb | Reallocate memory
2018-12-25T11:45:30.400734605Z 48 PC: 13224 | Get DOS version
2018-12-25T11:45:30.402448982Z 53 PC: 1322c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.404853459Z 37 PC: 1323e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.408937633Z 68 PC: 132c2 | I/O control for devices (Set for = '*')
2018-12-25T11:45:30.410902826Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.413589844Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.415190915Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.416879202Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.422387413Z 61 PC: 149ec | Open file (Filename = '.exe')
2018-12-25T11:45:30.428346836Z 64 PC: 14cee | Write file or device (Write 37 bytes on handle 2)
2018-12-25T11:45:30.434502103Z 64 PC: 14cee | Write file or device (See above)
2018-12-25T11:45:30.440322172Z 37 PC: 13357 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.441829422Z 76 PC: 13340 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2318,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:30.624588641Z 47 PC: 16227 | Get disk transfer address
2018-12-25T11:45:30.632265201Z 26 PC: 1623c | Set disk transfer address
2018-12-25T11:45:30.633820716Z 78 PC: 16245 | Find first file
2018-12-25T11:45:30.643160664Z 61 PC: 1624f | Open file (Filename = 'TEST.EXE')
2018-12-25T11:45:30.65180348Z 63 PC: 16268 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:45:30.654983075Z 62 PC: 1627b | Close file
2018-12-25T11:45:30.657173755Z 79 PC: 1627f | Find next file
2018-12-25T11:45:30.660075596Z 59 PC: 163d6 | Change current directory
2018-12-25T11:45:30.66646651Z 26 PC: 163e4 | Set disk transfer address
2018-12-25T11:45:30.667837977Z 42 PC: 163ea | Get date 0x163ea: cmp dl, 0xd
0x163ed: jne 0x163f7
0x163ef: cmp dh, 7
0x163f2: jne 0x163f7
0x163f4: call 0x16434
0x163f7: xor ax, ax
0x163f9: mov ds, ax
0x163fb: mov si, 0x90
0x163fe: mov ax, word ptr cs:[0x439]
0x16402: mov bx, word ptr cs:[0x43b]
0x16407: mov word ptr [si], ax
0x16409: mov word ptr [si + 2], bx
0x1640c: mov ds, word ptr cs:[0x449]
0x16411: mov es, word ptr cs:[0x44f]
0x16416: cli
0x16417: mov ss, word ptr cs:[0x445]
0x1641c: mov sp, word ptr cs:[0x447]
0x16421: xor ax, ax
0x16423: xor bx, bx
0x16425: xor cx, cx
2018-12-25T11:45:30.670419109Z 48 PC: 13170 | Get DOS version
2018-12-25T11:45:30.672573462Z 74 PC: 131cb | Reallocate memory
2018-12-25T11:45:30.674325951Z 48 PC: 13224 | Get DOS version
2018-12-25T11:45:30.675600046Z 53 PC: 1322c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.68315805Z 37 PC: 1323e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.685428486Z 68 PC: 132c2 | I/O control for devices (Set for = '*')
2018-12-25T11:45:30.686885299Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.689140203Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.69085288Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.692488507Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.699160204Z 61 PC: 149ec | Open file (Filename = '.exe')
2018-12-25T11:45:30.706229716Z 64 PC: 14cee | Write file or device (Write 37 bytes on handle 2)
2018-12-25T11:45:30.71346092Z 64 PC: 14cee | Write file or device (See above)
2018-12-25T11:45:30.720118531Z 37 PC: 13357 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.722033447Z 76 PC: 13340 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2318,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:30.743857193Z 47 PC: 16227 | Get disk transfer address
2018-12-25T11:45:30.746146035Z 26 PC: 1623c | Set disk transfer address
2018-12-25T11:45:30.747844588Z 78 PC: 16245 | Find first file
2018-12-25T11:45:30.754782512Z 61 PC: 1624f | Open file (Filename = 'TEST.EXE')
2018-12-25T11:45:30.762689556Z 63 PC: 16268 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:45:30.765466062Z 62 PC: 1627b | Close file
2018-12-25T11:45:30.767461501Z 79 PC: 1627f | Find next file
2018-12-25T11:45:30.770544465Z 59 PC: 163d6 | Change current directory
2018-12-25T11:45:30.775017038Z 26 PC: 163e4 | Set disk transfer address
2018-12-25T11:45:30.776233715Z 42 PC: 163ea | Get date 0x163ea: cmp dl, 0xd
0x163ed: jne 0x163f7
0x163ef: cmp dh, 7
0x163f2: jne 0x163f7
0x163f4: call 0x16434
0x163f7: xor ax, ax
0x163f9: mov ds, ax
0x163fb: mov si, 0x90
0x163fe: mov ax, word ptr cs:[0x439]
0x16402: mov bx, word ptr cs:[0x43b]
0x16407: mov word ptr [si], ax
0x16409: mov word ptr [si + 2], bx
0x1640c: mov ds, word ptr cs:[0x449]
0x16411: mov es, word ptr cs:[0x44f]
0x16416: cli
0x16417: mov ss, word ptr cs:[0x445]
0x1641c: mov sp, word ptr cs:[0x447]
0x16421: xor ax, ax
0x16423: xor bx, bx
0x16425: xor cx, cx
2018-12-25T11:45:30.779152634Z 53 PC: 16439 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:45:30.780876968Z 82 PC: 1644c | Get DOS internal pointers (SYSVARS)
2018-12-25T11:45:30.782520501Z 37 PC: 16493 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:45:30.783970508Z 48 PC: 13170 | Get DOS version
2018-12-25T11:45:30.785163927Z 74 PC: 131cb | Reallocate memory
2018-12-25T11:45:30.786715766Z 48 PC: 13224 | Get DOS version
2018-12-25T11:45:30.78793637Z 53 PC: 1322c | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.789620356Z 37 PC: 1323e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.79139333Z 68 PC: 132c2 | I/O control for devices (Set for = '*')
2018-12-25T11:45:30.794951486Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.797589594Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.79892773Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.800183955Z 68 PC: 132c2 | I/O control for devices (See above)
2018-12-25T11:45:30.806453472Z 61 PC: 149ec | Open file (Filename = '.exe')
2018-12-25T11:45:30.813241774Z 64 PC: 14cee | Write file or device (Write 37 bytes on handle 2)
2018-12-25T11:45:30.833342439Z 64 PC: 14cee | Write file or device (See above)
2018-12-25T11:45:30.840774731Z 37 PC: 13357 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:30.842489428Z 76 PC: 13340 | Terminate with return code (Return code = '1')