Sample viewer

vx.netlux.org/Virus.DOS.Joker.821

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:23:11.643668533Z	48	PC: 12b37 \| Get DOS version
2018-12-17T22:23:11.645380533Z	44	PC: 12b3f \| Get time 0x12b3f: mov byte ptr [0x103], dl 0x12b43: mov dx, 0x146 0x12b46: mov ah, 0x1a 0x12b48: int 0x21 0x12b4a: mov ah, 0x19 0x12b4c: int 0x21 0x12b4e: mov dl, al 0x12b50: inc dl 0x12b52: mov ah, 0x47 0x12b54: mov si, 0x1a5 0x12b57: int 0x21 0x12b59: mov dx, 0x144 0x12b5c: mov ah, 0x3b 0x12b5e: int 0x21 0x12b60: mov cx, 0x13 0x12b63: mov dx, 0x138 0x12b66: mov ah, 0x4e 0x12b68: int 0x21 0x12b6a: cmp ax, 0x12 0x12b6d: jne 0x12b72
2018-12-17T22:23:11.648016102Z	26	PC: 12b4a \| Set disk transfer address
2018-12-17T22:23:11.649262984Z	25	PC: 12b4e \| Get default drive
2018-12-17T22:23:11.650382601Z	71	PC: 12b59 \| Get current directory
2018-12-17T22:23:11.653537586Z	59	PC: 12b60 \| Change current directory
2018-12-17T22:23:11.6589329Z	78	PC: 12b6a \| Find first file
2018-12-17T22:23:11.668043372Z	87	PC: 12c49 \| Get or set file date and time
2018-12-17T22:23:11.669889219Z	67	PC: 12c55 \| Get or set file attributes
2018-12-17T22:23:11.67216229Z	59	PC: 12c5c \| Change current directory
2018-12-17T22:23:11.682521911Z	59	PC: 12c63 \| Change current directory
2018-12-17T22:23:11.684575412Z	42	PC: 12c67 \| Get date 0x12c67: cmp cx, 0x7c7 0x12c6b: jb 0x12ca5 0x12c6d: cmp dl, 0x19 0x12c70: jb 0x12ca5 0x12c72: cmp al, 5 0x12c74: jne 0x12ca5 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: mov al, byte ptr [0x1f1] 0x12c88: call 0x12c98 0x12c8b: cmp byte ptr [0x1f1], 0x19 0x12c90: je 0x12ca5 0x12c92: inc byte ptr [0x1f1] 0x12c96: loop 0x12c85 0x12c98: mov ah, 5 0x12c9a: mov ch, 0
2018-12-17T22:23:11.694024532Z	76	PC: 12caa \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4058,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:52.25087652Z	48	PC: 12b37 \| Get DOS version
2018-12-25T11:50:52.25249058Z	44	PC: 12b3f \| Get time 0x12b3f: mov byte ptr [0x103], dl 0x12b43: mov dx, 0x146 0x12b46: mov ah, 0x1a 0x12b48: int 0x21 0x12b4a: mov ah, 0x19 0x12b4c: int 0x21 0x12b4e: mov dl, al 0x12b50: inc dl 0x12b52: mov ah, 0x47 0x12b54: mov si, 0x1a5 0x12b57: int 0x21 0x12b59: mov dx, 0x144 0x12b5c: mov ah, 0x3b 0x12b5e: int 0x21 0x12b60: mov cx, 0x13 0x12b63: mov dx, 0x138 0x12b66: mov ah, 0x4e 0x12b68: int 0x21 0x12b6a: cmp ax, 0x12 0x12b6d: jne 0x12b72
2018-12-25T11:50:52.254696528Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T11:50:52.255879378Z	25	PC: 12b4e \| Get default drive
2018-12-25T11:50:52.257467934Z	71	PC: 12b59 \| Get current directory
2018-12-25T11:50:52.260364428Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:50:52.264318686Z	78	PC: 12b6a \| Find first file
2018-12-25T11:50:52.270535284Z	87	PC: 12c49 \| Get or set file date and time
2018-12-25T11:50:52.272069844Z	67	PC: 12c55 \| Get or set file attributes
2018-12-25T11:50:52.273448599Z	59	PC: 12c5c \| Change current directory
2018-12-25T11:50:52.276393483Z	59	PC: 12c63 \| Change current directory
2018-12-25T11:50:52.278330253Z	42	PC: 12c67 \| Get date 0x12c67: cmp cx, 0x7c7 0x12c6b: jb 0x12ca5 0x12c6d: cmp dl, 0x19 0x12c70: jb 0x12ca5 0x12c72: cmp al, 5 0x12c74: jne 0x12ca5 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: mov al, byte ptr [0x1f1] 0x12c88: call 0x12c98 0x12c8b: cmp byte ptr [0x1f1], 0x19 0x12c90: je 0x12ca5 0x12c92: inc byte ptr [0x1f1] 0x12c96: loop 0x12c85 0x12c98: mov ah, 5 0x12c9a: mov ch, 0
2018-12-25T11:50:52.280316159Z	76	PC: 12caa \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4058,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:52.557474654Z	48	PC: 12b37 \| Get DOS version
2018-12-25T11:50:52.558852039Z	44	PC: 12b3f \| Get time 0x12b3f: mov byte ptr [0x103], dl 0x12b43: mov dx, 0x146 0x12b46: mov ah, 0x1a 0x12b48: int 0x21 0x12b4a: mov ah, 0x19 0x12b4c: int 0x21 0x12b4e: mov dl, al 0x12b50: inc dl 0x12b52: mov ah, 0x47 0x12b54: mov si, 0x1a5 0x12b57: int 0x21 0x12b59: mov dx, 0x144 0x12b5c: mov ah, 0x3b 0x12b5e: int 0x21 0x12b60: mov cx, 0x13 0x12b63: mov dx, 0x138 0x12b66: mov ah, 0x4e 0x12b68: int 0x21 0x12b6a: cmp ax, 0x12 0x12b6d: jne 0x12b72
2018-12-25T11:50:52.560410778Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T11:50:52.56117416Z	25	PC: 12b4e \| Get default drive
2018-12-25T11:50:52.562516968Z	71	PC: 12b59 \| Get current directory
2018-12-25T11:50:52.564899614Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:50:52.569030617Z	78	PC: 12b6a \| Find first file
2018-12-25T11:50:52.576001284Z	87	PC: 12c49 \| Get or set file date and time
2018-12-25T11:50:52.577674315Z	67	PC: 12c55 \| Get or set file attributes
2018-12-25T11:50:52.579412252Z	59	PC: 12c5c \| Change current directory
2018-12-25T11:50:52.589372678Z	59	PC: 12c63 \| Change current directory
2018-12-25T11:50:52.591987743Z	42	PC: 12c67 \| Get date 0x12c67: cmp cx, 0x7c7 0x12c6b: jb 0x12ca5 0x12c6d: cmp dl, 0x19 0x12c70: jb 0x12ca5 0x12c72: cmp al, 5 0x12c74: jne 0x12ca5 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: mov al, byte ptr [0x1f1] 0x12c88: call 0x12c98 0x12c8b: cmp byte ptr [0x1f1], 0x19 0x12c90: je 0x12ca5 0x12c92: inc byte ptr [0x1f1] 0x12c96: loop 0x12c85 0x12c98: mov ah, 5 0x12c9a: mov ch, 0
2018-12-25T11:50:52.594275489Z	76	PC: 12caa \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":25,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4058,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:52.603692004Z	48	PC: 12b37 \| Get DOS version
2018-12-25T11:50:52.605201354Z	44	PC: 12b3f \| Get time 0x12b3f: mov byte ptr [0x103], dl 0x12b43: mov dx, 0x146 0x12b46: mov ah, 0x1a 0x12b48: int 0x21 0x12b4a: mov ah, 0x19 0x12b4c: int 0x21 0x12b4e: mov dl, al 0x12b50: inc dl 0x12b52: mov ah, 0x47 0x12b54: mov si, 0x1a5 0x12b57: int 0x21 0x12b59: mov dx, 0x144 0x12b5c: mov ah, 0x3b 0x12b5e: int 0x21 0x12b60: mov cx, 0x13 0x12b63: mov dx, 0x138 0x12b66: mov ah, 0x4e 0x12b68: int 0x21 0x12b6a: cmp ax, 0x12 0x12b6d: jne 0x12b72
2018-12-25T11:50:52.606555599Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T11:50:52.607278791Z	25	PC: 12b4e \| Get default drive
2018-12-25T11:50:52.608802046Z	71	PC: 12b59 \| Get current directory
2018-12-25T11:50:52.611509235Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:50:52.615146782Z	78	PC: 12b6a \| Find first file
2018-12-25T11:50:52.622659508Z	87	PC: 12c49 \| Get or set file date and time
2018-12-25T11:50:52.623969022Z	67	PC: 12c55 \| Get or set file attributes
2018-12-25T11:50:52.625445437Z	59	PC: 12c5c \| Change current directory
2018-12-25T11:50:52.62925478Z	59	PC: 12c63 \| Change current directory
2018-12-25T11:50:52.631003761Z	42	PC: 12c67 \| Get date 0x12c67: cmp cx, 0x7c7 0x12c6b: jb 0x12ca5 0x12c6d: cmp dl, 0x19 0x12c70: jb 0x12ca5 0x12c72: cmp al, 5 0x12c74: jne 0x12ca5 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: mov al, byte ptr [0x1f1] 0x12c88: call 0x12c98 0x12c8b: cmp byte ptr [0x1f1], 0x19 0x12c90: je 0x12ca5 0x12c92: inc byte ptr [0x1f1] 0x12c96: loop 0x12c85 0x12c98: mov ah, 5 0x12c9a: mov ch, 0
2018-12-25T11:50:52.632877368Z	26	PC: 12c7d \| Set disk transfer address

{"DateBased":true,"Day":26,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4058,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:52.879081635Z	48	PC: 12b37 \| Get DOS version
2018-12-25T11:50:52.880975288Z	44	PC: 12b3f \| Get time 0x12b3f: mov byte ptr [0x103], dl 0x12b43: mov dx, 0x146 0x12b46: mov ah, 0x1a 0x12b48: int 0x21 0x12b4a: mov ah, 0x19 0x12b4c: int 0x21 0x12b4e: mov dl, al 0x12b50: inc dl 0x12b52: mov ah, 0x47 0x12b54: mov si, 0x1a5 0x12b57: int 0x21 0x12b59: mov dx, 0x144 0x12b5c: mov ah, 0x3b 0x12b5e: int 0x21 0x12b60: mov cx, 0x13 0x12b63: mov dx, 0x138 0x12b66: mov ah, 0x4e 0x12b68: int 0x21 0x12b6a: cmp ax, 0x12 0x12b6d: jne 0x12b72
2018-12-25T11:50:52.883136702Z	26	PC: 12b4a \| Set disk transfer address
2018-12-25T11:50:52.884179648Z	25	PC: 12b4e \| Get default drive
2018-12-25T11:50:52.886391278Z	71	PC: 12b59 \| Get current directory
2018-12-25T11:50:52.889567098Z	59	PC: 12b60 \| Change current directory
2018-12-25T11:50:52.893277569Z	78	PC: 12b6a \| Find first file
2018-12-25T11:50:52.903853362Z	87	PC: 12c49 \| Get or set file date and time
2018-12-25T11:50:52.906324304Z	67	PC: 12c55 \| Get or set file attributes
2018-12-25T11:50:52.90870471Z	59	PC: 12c5c \| Change current directory
2018-12-25T11:50:52.917731103Z	59	PC: 12c63 \| Change current directory
2018-12-25T11:50:52.920120553Z	42	PC: 12c67 \| Get date 0x12c67: cmp cx, 0x7c7 0x12c6b: jb 0x12ca5 0x12c6d: cmp dl, 0x19 0x12c70: jb 0x12ca5 0x12c72: cmp al, 5 0x12c74: jne 0x12ca5 0x12c76: mov dx, 0x146 0x12c79: mov ah, 0x1a 0x12c7b: int 0x21 0x12c7d: mov ah, 0x4e 0x12c7f: mov cx, 7 0x12c82: mov dx, 0x140 0x12c85: mov al, byte ptr [0x1f1] 0x12c88: call 0x12c98 0x12c8b: cmp byte ptr [0x1f1], 0x19 0x12c90: je 0x12ca5 0x12c92: inc byte ptr [0x1f1] 0x12c96: loop 0x12c85 0x12c98: mov ah, 5 0x12c9a: mov ch, 0
2018-12-25T11:50:52.922702268Z	76	PC: 12caa \| Terminate with return code (Return code = '0')