Sample viewer

vx.netlux.org/Virus.DOS.Froll.1665

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:21.675951429Z	47	PC: 12fc0 \| Get disk transfer address
2018-12-17T22:20:21.67764419Z	26	PC: 1303c \| Set disk transfer address
2018-12-17T22:20:21.678892239Z	65	PC: 13283 \| Delete file (Filename = 'CHKLIST.CPS')
2018-12-17T22:20:21.684669114Z	65	PC: 13283 \| Delete file (Filename = '\SENTRY.LOG')
2018-12-17T22:20:21.691633791Z	67	PC: 132d7 \| Get or set file attributes
2018-12-17T22:20:21.697355696Z	65	PC: 13283 \| Delete file (Filename = '\NAV_._NO')
2018-12-17T22:20:21.703232118Z	78	PC: 130f7 \| Find first file
2018-12-17T22:20:21.710529816Z	67	PC: 13133 \| Get or set file attributes
2018-12-17T22:20:21.716568244Z	67	PC: 13144 \| Get or set file attributes
2018-12-17T22:20:21.733464849Z	61	PC: 13150 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:21.744343183Z	87	PC: 1315d \| Get or set file date and time
2018-12-17T22:20:21.746292992Z	66	PC: 13177 \| Move file pointer
2018-12-17T22:20:21.747674223Z	66	PC: 131a3 \| Move file pointer
2018-12-17T22:20:21.749045572Z	63	PC: 131b2 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:20:21.756219816Z	66	PC: 131d6 \| Move file pointer
2018-12-17T22:20:21.758588856Z	64	PC: 131f1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:20:21.762880401Z	44	PC: 133ec \| Get time 0x133ec: ret 0x133ed: and byte ptr [si + 0x27], ah 0x133f0: test dh, 0xc6 0x133f3: add cl, byte ptr [bp + di - 0x7100] 0x133f7: call 0x20c87 0x133fa: pushaw 0x133fb: dec bp 0x133fc: adc byte ptr [si], bl 0x133fe: mov es, word ptr [bx + si - 0x38] 0x13401: mov sp, 0x8d10 0x13404: call 0x21f13 0x13407: add byte ptr [bx + si], al 0x13409: sti 0x1340a: add byte ptr [bx + si], al 0x1340c: retf 0x6e18 0x1340f: push di 0x13411: ret 0x13412: add byte ptr [bx + 0x7f], al 0x13415: ret 0x13416: inc word ptr [bx + 0x3f]
2018-12-17T22:20:21.766785907Z	66	PC: 13347 \| Move file pointer
2018-12-17T22:20:21.768322968Z	64	PC: 1335d \| Write file or device (Write 1665 bytes on handle 5)
2018-12-17T22:20:21.776937917Z	44	PC: 133ec \| Get time 0x133ec: ret 0x133ed: and al, cl 0x133ef: dec si 0x133f0: in ax, dx 0x133f1: lea cx, word ptr [di + 0x1704] 0x133f5: add byte ptr [bx], bl 0x133f7: rcr word ptr [bp + di], 1 0x133f9: mov cl, 0xc0 0x133fb: lcall 0x801d:0x3820 0x13400: xchg ax, cx 0x13401: jns 0x13423 0x13403: sbb dx, cx 0x13405: sbb bh, dl 0x13407: add byte ptr [bx + si], al 0x13409: test word ptr [bx + si], 0x9500 0x1340d: xor ah, bl
2018-12-17T22:20:21.779832413Z	44	PC: 133ec \| Get time 0x133ec: ret 0x133ed: and al, cl 0x133ef: dec si 0x133f0: in ax, dx 0x133f1: lea cx, word ptr [di + 0x1704] 0x133f5: add byte ptr [bx], bl 0x133f7: rcr word ptr [bp + di], 1 0x133f9: mov cl, 0xc0 0x133fb: lcall 0x801d:0x3820 0x13400: xchg ax, cx 0x13401: jns 0x13423 0x13403: sbb dx, cx 0x13405: sbb bh, dl 0x13407: add byte ptr [bx + si], al 0x13409: test word ptr [bx + si], 0x9500 0x1340d: xor ah, bl
2018-12-17T22:20:21.781941939Z	64	PC: 13375 \| Write file or device (Write 136 bytes on handle 5)
2018-12-17T22:20:21.784531956Z	87	PC: 133d4 \| Get or set file date and time
2018-12-17T22:20:21.786580842Z	62	PC: 133d8 \| Close file
2018-12-17T22:20:21.795219804Z	67	PC: 133e7 \| Get or set file attributes
2018-12-17T22:20:21.825684545Z	42	PC: 1337d \| Get date 0x1337d: cmp cx, 0x7cc 0x13381: jb 0x1339e 0x13383: add al, dl 0x13385: cmp al, 0x18 0x13387: jne 0x1339e 0x13389: mov di, 0x6d0 0x1338c: call 0x133b8 0x1338f: mov al, byte ptr [di] 0x13391: cmp al, 0x46 0x13393: je 0x1339b 0x13395: call 0x1348a 0x13398: jmp 0x13389 0x1339b: jmp 0x13468 0x1339e: mov ah, 0x1a 0x133a0: mov di, 0x11e 0x133a3: call 0x133b8 0x133a6: mov dx, word ptr [di] 0x133a8: int 0x21 0x133aa: pop bp 0x133ab: pop di
2018-12-17T22:20:21.829907054Z	26	PC: 133aa \| Set disk transfer address

{"DateBased":true,"Day":19,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3533,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:29.393819095Z	47	PC: 12fc0 \| Get disk transfer address
2018-12-25T11:49:29.404368035Z	26	PC: 1303c \| Set disk transfer address
2018-12-25T11:49:29.40574369Z	65	PC: 13283 \| Delete file (Filename = 'CHKLIST.CPS')
2018-12-25T11:49:29.411800424Z	65	PC: 13283 \| Delete file (See above)
2018-12-25T11:49:29.423461315Z	67	PC: 132d7 \| Get or set file attributes
2018-12-25T11:49:29.429707574Z	65	PC: 13283 \| Delete file (See above)
2018-12-25T11:49:29.43596635Z	78	PC: 130f7 \| Find first file
2018-12-25T11:49:29.450478948Z	67	PC: 13133 \| Get or set file attributes
2018-12-25T11:49:29.456706751Z	67	PC: 13144 \| Get or set file attributes
2018-12-25T11:49:29.473743522Z	61	PC: 13150 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:29.481261847Z	87	PC: 1315d \| Get or set file date and time
2018-12-25T11:49:29.483264025Z	66	PC: 13177 \| Move file pointer
2018-12-25T11:49:29.484688594Z	66	PC: 131a3 \| Move file pointer
2018-12-25T11:49:29.486022888Z	63	PC: 131b2 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:49:29.493555933Z	66	PC: 131d6 \| Move file pointer
2018-12-25T11:49:29.495344362Z	64	PC: 131f1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:49:29.49837781Z	44	PC: 133ec \| Get time 0x133ec: ret 0x133ed: and byte ptr [si + 0x27], ah 0x133f0: test dh, 0xc6 0x133f3: add cl, byte ptr [bp + di - 0x7100] 0x133f7: call 0x20c87 0x133fa: pushaw 0x133fb: dec bp 0x133fc: adc byte ptr [si], bl 0x133fe: mov es, word ptr [bx + si - 0x38] 0x13401: mov sp, 0x8d10 0x13404: call 0x21f13 0x13407: add byte ptr [bx + si], al 0x13409: sti 0x1340a: add byte ptr [bx + si], al 0x1340c: retf 0x6e18 0x1340f: push di 0x13411: ret 0x13412: add byte ptr [bx + 0x7f], al 0x13415: ret 0x13416: inc word ptr [bx + 0x3f]
2018-12-25T11:49:29.501893552Z	66	PC: 13347 \| Move file pointer
2018-12-25T11:49:29.503379419Z	64	PC: 1335d \| Write file or device (Write 1665 bytes on handle 5)
2018-12-25T11:49:29.512355763Z	44	PC: 133ec \| Get time (See above)
2018-12-25T11:49:29.515493434Z	44	PC: 133ec \| Get time (See above)
2018-12-25T11:49:29.519854392Z	64	PC: 13375 \| Write file or device (Write 155 bytes on handle 5)
2018-12-25T11:49:29.52719144Z	87	PC: 133d4 \| Get or set file date and time
2018-12-25T11:49:29.529207747Z	62	PC: 133d8 \| Close file
2018-12-25T11:49:29.537157291Z	67	PC: 133e7 \| Get or set file attributes
2018-12-25T11:49:29.546876604Z	42	PC: 1337d \| Get date 0x1337d: cmp cx, 0x7cc 0x13381: jb 0x1339e 0x13383: add al, dl 0x13385: cmp al, 0x18 0x13387: jne 0x1339e 0x13389: mov di, 0x6d0 0x1338c: call 0x133b8 0x1338f: mov al, byte ptr [di] 0x13391: cmp al, 0x46 0x13393: je 0x1339b 0x13395: call 0x1348a 0x13398: jmp 0x13389 0x1339b: jmp 0x13468 0x1339e: mov ah, 0x1a 0x133a0: mov di, 0x11e 0x133a3: call 0x133b8 0x133a6: mov dx, word ptr [di] 0x133a8: int 0x21 0x133aa: pop bp 0x133ab: pop di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3533,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:29.460244631Z	47	PC: 12fc0 \| Get disk transfer address
2018-12-25T11:49:29.462697342Z	26	PC: 1303c \| Set disk transfer address
2018-12-25T11:49:29.463820538Z	65	PC: 13283 \| Delete file (Filename = 'CHKLIST.CPS')
2018-12-25T11:49:29.471076227Z	65	PC: 13283 \| Delete file (See above)
2018-12-25T11:49:29.477324435Z	67	PC: 132d7 \| Get or set file attributes
2018-12-25T11:49:29.483208916Z	65	PC: 13283 \| Delete file (See above)
2018-12-25T11:49:29.48910966Z	78	PC: 130f7 \| Find first file
2018-12-25T11:49:29.50117316Z	67	PC: 13133 \| Get or set file attributes
2018-12-25T11:49:29.513457566Z	67	PC: 13144 \| Get or set file attributes
2018-12-25T11:49:29.529780375Z	61	PC: 13150 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:29.534071849Z	87	PC: 1315d \| Get or set file date and time
2018-12-25T11:49:29.535910445Z	66	PC: 13177 \| Move file pointer
2018-12-25T11:49:29.537456488Z	66	PC: 131a3 \| Move file pointer
2018-12-25T11:49:29.539217636Z	63	PC: 131b2 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:49:29.547065933Z	66	PC: 131d6 \| Move file pointer
2018-12-25T11:49:29.54878141Z	64	PC: 131f1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:49:29.55177632Z	44	PC: 133ec \| Get time 0x133ec: ret 0x133ed: and byte ptr [si + 0x27], ah 0x133f0: test dh, 0xc6 0x133f3: add cl, byte ptr [bp + di - 0x7100] 0x133f7: call 0x20c87 0x133fa: pushaw 0x133fb: dec bp 0x133fc: adc byte ptr [si], bl 0x133fe: mov es, word ptr [bx + si - 0x38] 0x13401: mov sp, 0x8d10 0x13404: call 0x21f13 0x13407: add byte ptr [bx + si], al 0x13409: sti 0x1340a: add byte ptr [bx + si], al 0x1340c: retf 0x6e18 0x1340f: push di 0x13411: ret 0x13412: add byte ptr [bx + 0x7f], al 0x13415: ret 0x13416: inc word ptr [bx + 0x3f]
2018-12-25T11:49:29.555714398Z	66	PC: 13347 \| Move file pointer
2018-12-25T11:49:29.557512895Z	64	PC: 1335d \| Write file or device (Write 1665 bytes on handle 5)
2018-12-25T11:49:29.570416228Z	44	PC: 133ec \| Get time (See above)
2018-12-25T11:49:29.573349952Z	44	PC: 133ec \| Get time (See above)
2018-12-25T11:49:29.575472974Z	64	PC: 13375 \| Write file or device (Write 160 bytes on handle 5)
2018-12-25T11:49:29.578633118Z	87	PC: 133d4 \| Get or set file date and time
2018-12-25T11:49:29.580571753Z	62	PC: 133d8 \| Close file
2018-12-25T11:49:29.588048779Z	67	PC: 133e7 \| Get or set file attributes
2018-12-25T11:49:29.598116745Z	42	PC: 1337d \| Get date 0x1337d: cmp cx, 0x7cc 0x13381: jb 0x1339e 0x13383: add al, dl 0x13385: cmp al, 0x18 0x13387: jne 0x1339e 0x13389: mov di, 0x6d0 0x1338c: call 0x133b8 0x1338f: mov al, byte ptr [di] 0x13391: cmp al, 0x46 0x13393: je 0x1339b 0x13395: call 0x1348a 0x13398: jmp 0x13389 0x1339b: jmp 0x13468 0x1339e: mov ah, 0x1a 0x133a0: mov di, 0x11e 0x133a3: call 0x133b8 0x133a6: mov dx, word ptr [di] 0x133a8: int 0x21 0x133aa: pop bp 0x133ab: pop di
2018-12-25T11:49:29.600537568Z	26	PC: 133aa \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3533,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:29.43970395Z	47	PC: 12fc0 \| Get disk transfer address
2018-12-25T11:49:29.441114368Z	26	PC: 1303c \| Set disk transfer address
2018-12-25T11:49:29.44248995Z	65	PC: 13283 \| Delete file (Filename = 'CHKLIST.CPS')
2018-12-25T11:49:29.448212954Z	65	PC: 13283 \| Delete file (See above)
2018-12-25T11:49:29.454279742Z	67	PC: 132d7 \| Get or set file attributes
2018-12-25T11:49:29.460668477Z	65	PC: 13283 \| Delete file (See above)
2018-12-25T11:49:29.46710186Z	78	PC: 130f7 \| Find first file
2018-12-25T11:49:29.47417701Z	67	PC: 13133 \| Get or set file attributes
2018-12-25T11:49:29.477703363Z	67	PC: 13144 \| Get or set file attributes
2018-12-25T11:49:29.489745096Z	61	PC: 13150 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:29.494113994Z	87	PC: 1315d \| Get or set file date and time
2018-12-25T11:49:29.495525847Z	66	PC: 13177 \| Move file pointer
2018-12-25T11:49:29.496874324Z	66	PC: 131a3 \| Move file pointer
2018-12-25T11:49:29.498302693Z	63	PC: 131b2 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:49:29.504607856Z	66	PC: 131d6 \| Move file pointer
2018-12-25T11:49:29.50570779Z	64	PC: 131f1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:49:29.508143467Z	44	PC: 133ec \| Get time 0x133ec: ret 0x133ed: and byte ptr [si + 0x27], ah 0x133f0: test dh, 0xc6 0x133f3: add cl, byte ptr [bp + di - 0x7100] 0x133f7: call 0x20c87 0x133fa: pushaw 0x133fb: dec bp 0x133fc: adc byte ptr [si], bl 0x133fe: mov es, word ptr [bx + si - 0x38] 0x13401: mov sp, 0x8d10 0x13404: call 0x21f13 0x13407: add byte ptr [bx + si], al 0x13409: sti 0x1340a: add byte ptr [bx + si], al 0x1340c: retf 0x6e18 0x1340f: push di 0x13411: ret 0x13412: add byte ptr [bx + 0x7f], al 0x13415: ret 0x13416: inc word ptr [bx + 0x3f]
2018-12-25T11:49:29.510764999Z	66	PC: 13347 \| Move file pointer
2018-12-25T11:49:29.512182218Z	64	PC: 1335d \| Write file or device (Write 1665 bytes on handle 5)
2018-12-25T11:49:29.52138661Z	44	PC: 133ec \| Get time (See above)
2018-12-25T11:49:29.52405795Z	44	PC: 133ec \| Get time (See above)
2018-12-25T11:49:29.525952795Z	64	PC: 13375 \| Write file or device (Write 150 bytes on handle 5)
2018-12-25T11:49:29.528371276Z	87	PC: 133d4 \| Get or set file date and time
2018-12-25T11:49:29.530250984Z	62	PC: 133d8 \| Close file
2018-12-25T11:49:29.537645433Z	67	PC: 133e7 \| Get or set file attributes
2018-12-25T11:49:29.549927831Z	42	PC: 1337d \| Get date 0x1337d: cmp cx, 0x7cc 0x13381: jb 0x1339e 0x13383: add al, dl 0x13385: cmp al, 0x18 0x13387: jne 0x1339e 0x13389: mov di, 0x6d0 0x1338c: call 0x133b8 0x1338f: mov al, byte ptr [di] 0x13391: cmp al, 0x46 0x13393: je 0x1339b 0x13395: call 0x1348a 0x13398: jmp 0x13389 0x1339b: jmp 0x13468 0x1339e: mov ah, 0x1a 0x133a0: mov di, 0x11e 0x133a3: call 0x133b8 0x133a6: mov dx, word ptr [di] 0x133a8: int 0x21 0x133aa: pop bp 0x133ab: pop di
2018-12-25T11:49:29.552475066Z	26	PC: 133aa \| Set disk transfer address