Sample viewer

vx.netlux.org/Virus.DOS.Grog.647

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:21.428884957Z 26 PC: 14213 | Set disk transfer address
2018-12-17T22:20:21.459512639Z 78 PC: 14224 | Find first file
2018-12-17T22:20:21.466881618Z 61 PC: 14277 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:21.476145676Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.484005984Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.487691727Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.491185648Z 61 PC: 14277 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:20:21.500182998Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.509065519Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.511501268Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.516724756Z 61 PC: 14277 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:20:21.524880727Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.53317451Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.536512377Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.540178875Z 61 PC: 14277 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:20:21.548772879Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.555872789Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.558128086Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.561668236Z 61 PC: 14277 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:20:21.568059026Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.574309307Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.586408873Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.589733449Z 61 PC: 14277 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:20:21.596431168Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.603803109Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.605780188Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.608634139Z 61 PC: 14277 | Open file (Filename = 'PAH.COM')
2018-12-17T22:20:21.615951929Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.624047692Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.626682621Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.630732819Z 61 PC: 14277 | Open file (Filename = 'TEST.COM')
2018-12-17T22:20:21.638433677Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:20:21.641489255Z 62 PC: 14235 | Close file
2018-12-17T22:20:21.644457667Z 79 PC: 14224 | Find next file
2018-12-17T22:20:21.647657734Z 42 PC: 1423d | Get date 0x1423d: cmp dh, 6
0x14240: jne 0x14253
0x14242: mov cx, 0x17d
0x14245: lea si, word ptr [bp + 0x100]
0x14249: mov di, 0x100
0x1424c: rep movsb byte ptr es:[di], byte ptr [si]
0x1424e: mov ax, 0x106
0x14251: jmp ax
0x14253: mov ah, 0x1a
0x14255: mov dx, 0x80
0x14258: int 0x21
0x1425a: mov si, 0x100
0x1425d: push si
0x1425e: pop di
0x1425f: push cs
0x14260: push cs
0x14261: pop ds
0x14262: pop es
0x14263: xor ax, ax
0x14265: push ax
2018-12-17T22:20:21.667378229Z 26 PC: 1425a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3532,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:29.215951685Z 26 PC: 14213 | Set disk transfer address
2018-12-25T11:49:29.217508722Z 78 PC: 14224 | Find first file
2018-12-25T11:49:29.223108723Z 61 PC: 14277 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:29.229176109Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:29.235874012Z 62 PC: 14235 | Close file
2018-12-25T11:49:29.237140698Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.238768348Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.245350834Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.251391047Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.252932988Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.255748314Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.261930458Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.26789456Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.272412122Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.275045921Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.280262812Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.284009457Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.285436467Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.287118274Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.291271228Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.299917508Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.302291967Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.304877354Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.311644602Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.317706614Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.319402434Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.322407747Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.328517313Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.335472897Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.347376562Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.34944656Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.354059927Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.358643478Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.360519752Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.362430784Z 42 PC: 1423d | Get date 0x1423d: cmp dh, 6
0x14240: jne 0x14253
0x14242: mov cx, 0x17d
0x14245: lea si, word ptr [bp + 0x100]
0x14249: mov di, 0x100
0x1424c: rep movsb byte ptr es:[di], byte ptr [si]
0x1424e: mov ax, 0x106
0x14251: jmp ax
0x14253: mov ah, 0x1a
0x14255: mov dx, 0x80
0x14258: int 0x21
0x1425a: mov si, 0x100
0x1425d: push si
0x1425e: pop di
0x1425f: push cs
0x14260: push cs
0x14261: pop ds
0x14262: pop es
0x14263: xor ax, ax
0x14265: push ax
2018-12-25T11:49:29.364245428Z 26 PC: 1425a | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3532,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:29.204589026Z 26 PC: 14213 | Set disk transfer address
2018-12-25T11:49:29.206083184Z 78 PC: 14224 | Find first file
2018-12-25T11:49:29.211583634Z 61 PC: 14277 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:29.217877407Z 63 PC: 14283 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:49:29.224754224Z 62 PC: 14235 | Close file
2018-12-25T11:49:29.226529673Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.228305454Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.236209089Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.242443504Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.244725049Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.254603598Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.261010377Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.267467603Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.269249172Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.272874868Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.279377405Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.287455328Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.290247256Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.292880895Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.299397153Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.308111312Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.310191321Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.312957406Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.319876986Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.326230554Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.328242015Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.336216665Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.342684939Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.349489021Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.351642645Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.35455718Z 61 PC: 14277 | Open file (See above)
2018-12-25T11:49:29.361300269Z 63 PC: 14283 | Read file or device (See above)
2018-12-25T11:49:29.364394275Z 62 PC: 14235 | Close file (See above)
2018-12-25T11:49:29.366487303Z 79 PC: 14224 | Find next file (See above)
2018-12-25T11:49:29.369067394Z 42 PC: 1423d | Get date 0x1423d: cmp dh, 6
0x14240: jne 0x14253
0x14242: mov cx, 0x17d
0x14245: lea si, word ptr [bp + 0x100]
0x14249: mov di, 0x100
0x1424c: rep movsb byte ptr es:[di], byte ptr [si]
0x1424e: mov ax, 0x106
0x14251: jmp ax
0x14253: mov ah, 0x1a
0x14255: mov dx, 0x80
0x14258: int 0x21
0x1425a: mov si, 0x100
0x1425d: push si
0x1425e: pop di
0x1425f: push cs
0x14260: push cs
0x14261: pop ds
0x14262: pop es
0x14263: xor ax, ax
0x14265: push ax
2018-12-25T11:49:29.371578284Z 42 PC: 12b56 | Get date 0x12b56: cmp dl, 0xf
0x12b59: jne 0x12b7d
0x12b5b: mov ax, 0x251c
0x12b5e: mov dx, 0x109
0x12b61: int 0x21
0x12b63: mov ax, 0x3521
0x12b66: int 0x21
0x12b68: mov word ptr [0x166], es
0x12b6c: mov word ptr [0x164], bx
0x12b70: mov ax, 0x2521
0x12b73: mov dx, 0x15e
0x12b76: int 0x21
0x12b78: mov dx, 0x212
0x12b7b: int 0x27
0x12b7d: cmp dl, 0xf
0x12b80: ja 0x12bbb
0x12b82: call 0x12bb6
0x12b85: or ax, 0x90a
0x12b88: sub ax, 0x5b3d
0x12b8b: and byte ptr [bx + di + 0x76], al
2018-12-25T11:49:29.377573226Z 9 PC: 12bbb | Display string (String= ' -=[ Aver Torto (C) '93 by Grog - Italy ]=- ')