Sample viewer

vx.netlux.org/Virus.DOS.Grodno.399.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:50.776096005Z	26	PC: 12bba \| Set disk transfer address
2018-12-17T22:20:50.777735912Z	78	PC: 12bc6 \| Find first file
2018-12-17T22:20:50.786552613Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-17T22:20:50.787911193Z	67	PC: 12bfe \| Get or set file attributes
2018-12-17T22:20:50.790738785Z	67	PC: 12c13 \| Get or set file attributes
2018-12-17T22:20:50.796009193Z	61	PC: 12c1e \| Open file (Filename = '')
2018-12-17T22:20:50.798315322Z	87	PC: 12c26 \| Get or set file date and time
2018-12-17T22:20:50.799589786Z	66	PC: 12c3f \| Move file pointer
2018-12-17T22:20:50.801325641Z	26	PC: 12ce2 \| Set disk transfer address
2018-12-17T22:20:50.802558487Z	42	PC: 12ce6 \| Get date 0x12ce6: cmp al, 5 0x12ce8: jne 0x12cfa 0x12cea: cmp dl, 0xd 0x12ced: jne 0x12cfa 0x12cef: mov ax, 0x12d 0x12cf2: mov dx, 0x81 0x12cf5: mov cx, 1 0x12cf8: int 0x13 0x12cfa: ret 0x12cfb: pop di 0x12cfc: push di 0x12cfd: ret 0x12cfe: jmp 0x12d01 0x12d01: call 0x12e4e 0x12d04: sub ch, byte ptr [0x4f43] 0x12d08: dec bp 0x12d09: add byte ptr [di], dh 0x12d0b: xor byte ptr [0x4f43], ch 0x12d0f: dec bp 0x12d10: add byte ptr [0x4f43], ch
2018-12-17T22:20:50.804882363Z	71	PC: 176e3 \| Get current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3624,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:45.422760398Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T11:49:45.424117235Z	78	PC: 12bc6 \| Find first file
2018-12-25T11:49:45.428293399Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-25T11:49:45.429152682Z	67	PC: 12bfe \| Get or set file attributes
2018-12-25T11:49:45.431196329Z	67	PC: 12c13 \| Get or set file attributes
2018-12-25T11:49:45.432978591Z	61	PC: 12c1e \| Open file (Filename = '')
2018-12-25T11:49:45.4350462Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T11:49:45.437933184Z	66	PC: 12c3f \| Move file pointer
2018-12-25T11:49:45.439637361Z	26	PC: 12ce2 \| Set disk transfer address
2018-12-25T11:49:45.440977057Z	42	PC: 12ce6 \| Get date 0x12ce6: cmp al, 5 0x12ce8: jne 0x12cfa 0x12cea: cmp dl, 0xd 0x12ced: jne 0x12cfa 0x12cef: mov ax, 0x12d 0x12cf2: mov dx, 0x81 0x12cf5: mov cx, 1 0x12cf8: int 0x13 0x12cfa: ret 0x12cfb: pop di 0x12cfc: push di 0x12cfd: ret 0x12cfe: jmp 0x12d01 0x12d01: call 0x12e4e 0x12d04: sub ch, byte ptr [0x4f43] 0x12d08: dec bp 0x12d09: add byte ptr [di], dh 0x12d0b: xor byte ptr [0x4f43], ch 0x12d0f: dec bp 0x12d10: add byte ptr [0x4f43], ch

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3624,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:45.547766584Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T11:49:45.548884344Z	78	PC: 12bc6 \| Find first file
2018-12-25T11:49:45.552660033Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-25T11:49:45.553580125Z	67	PC: 12bfe \| Get or set file attributes
2018-12-25T11:49:45.555060547Z	67	PC: 12c13 \| Get or set file attributes
2018-12-25T11:49:45.556482167Z	61	PC: 12c1e \| Open file (Filename = '')
2018-12-25T11:49:45.557902632Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T11:49:45.559083614Z	66	PC: 12c3f \| Move file pointer
2018-12-25T11:49:45.560427988Z	26	PC: 12ce2 \| Set disk transfer address
2018-12-25T11:49:45.561222647Z	42	PC: 12ce6 \| Get date 0x12ce6: cmp al, 5 0x12ce8: jne 0x12cfa 0x12cea: cmp dl, 0xd 0x12ced: jne 0x12cfa 0x12cef: mov ax, 0x12d 0x12cf2: mov dx, 0x81 0x12cf5: mov cx, 1 0x12cf8: int 0x13 0x12cfa: ret 0x12cfb: pop di 0x12cfc: push di 0x12cfd: ret 0x12cfe: jmp 0x12d01 0x12d01: call 0x12e4e 0x12d04: sub ch, byte ptr [0x4f43] 0x12d08: dec bp 0x12d09: add byte ptr [di], dh 0x12d0b: xor byte ptr [0x4f43], ch 0x12d0f: dec bp 0x12d10: add byte ptr [0x4f43], ch

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3624,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:45.620071829Z	26	PC: 12bba \| Set disk transfer address
2018-12-25T11:49:45.621525212Z	78	PC: 12bc6 \| Find first file
2018-12-25T11:49:45.628005511Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-25T11:49:45.628990883Z	67	PC: 12bfe \| Get or set file attributes
2018-12-25T11:49:45.630783342Z	67	PC: 12c13 \| Get or set file attributes
2018-12-25T11:49:45.633157997Z	61	PC: 12c1e \| Open file (Filename = '')
2018-12-25T11:49:45.635884354Z	87	PC: 12c26 \| Get or set file date and time
2018-12-25T11:49:45.637801253Z	66	PC: 12c3f \| Move file pointer
2018-12-25T11:49:45.640043787Z	26	PC: 12ce2 \| Set disk transfer address
2018-12-25T11:49:45.641600556Z	42	PC: 12ce6 \| Get date 0x12ce6: cmp al, 5 0x12ce8: jne 0x12cfa 0x12cea: cmp dl, 0xd 0x12ced: jne 0x12cfa 0x12cef: mov ax, 0x12d 0x12cf2: mov dx, 0x81 0x12cf5: mov cx, 1 0x12cf8: int 0x13 0x12cfa: ret 0x12cfb: pop di 0x12cfc: push di 0x12cfd: ret 0x12cfe: jmp 0x12d01 0x12d01: call 0x12e4e 0x12d04: sub ch, byte ptr [0x4f43] 0x12d08: dec bp 0x12d09: add byte ptr [di], dh 0x12d0b: xor byte ptr [0x4f43], ch 0x12d0f: dec bp 0x12d10: add byte ptr [0x4f43], ch
2018-12-25T11:49:45.645489289Z	71	PC: 176e3 \| Get current directory