Sample viewer

vx.netlux.org/Virus.DOS.QDao.1589

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:45.119009497Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-17T22:25:45.128714102Z	53	PC: 9f04a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:45.130114892Z	37	PC: 9f05e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:45.131411621Z	98	PC: 9f064 \| Get current PSP
2018-12-17T22:25:45.134631182Z	47	PC: 9f0e6 \| Get disk transfer address
2018-12-17T22:25:45.136106774Z	26	PC: 9f0f7 \| Set disk transfer address
2018-12-17T22:25:45.137774325Z	78	PC: 9f101 \| Find first file
2018-12-17T22:25:45.145635651Z	47	PC: 9f107 \| Get disk transfer address
2018-12-17T22:25:45.147043447Z	67	PC: 9f170 \| Get or set file attributes
2018-12-17T22:25:45.161955846Z	61	PC: 9f177 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:25:45.169118063Z	63	PC: 9f186 \| Read file or device (Read 112 bytes on handle 5)
2018-12-17T22:25:45.172558416Z	66	PC: 9f1ab \| Move file pointer
2018-12-17T22:25:45.190003821Z	63	PC: 9f1b5 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:25:45.192344127Z	66	PC: 9f1c6 \| Move file pointer
2018-12-17T22:25:45.194481778Z	64	PC: 9f1e8 \| Write file or device (Write 11 bytes on handle 5)
2018-12-17T22:25:45.198120389Z	44	PC: 9f1ec \| Get time 0x9f1ec: inc dl 0x9f1ee: jmp 0x9f31a 0x9f1f1: pop ax 0x9f1f2: pop dx 0x9f1f3: mov cx, 0x10 0x9f1f6: div cx 0x9f1f8: inc ax 0x9f1f9: push ax 0x9f1fa: sub ax, word ptr [si + 8] 0x9f1fd: mov word ptr [si + 0x16], ax 0x9f200: mov word ptr [si + 0xe], ax 0x9f203: xor cx, cx 0x9f205: mov word ptr [si + 0x14], cx 0x9f208: pop ax 0x9f209: mov cx, 0x10 0x9f20c: mul cx 0x9f20e: mov bx, 0x635 0x9f211: mov word ptr cs:[si + 0x10], bx 0x9f215: add word ptr cs:[si + 0x10], 0x180 0x9f21b: add ax, bx
2018-12-17T22:25:45.201380698Z	64	PC: 9f32b \| Write file or device (Write 1589 bytes on handle 5)
2018-12-17T22:25:45.216372306Z	66	PC: 9f23b \| Move file pointer
2018-12-17T22:25:45.221133743Z	64	PC: 9f245 \| Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:25:45.224311985Z	42	PC: 9f24b \| Get date 0x9f24b: cmp dx, 0xb0c 0x9f24f: jne 0x9f298 0x9f251: mov ah, 0xf 0x9f253: int 0x10 0x9f255: cmp al, 3 0x9f257: jne 0x9f298 0x9f259: mov ax, 0xa000 0x9f25c: mov es, ax 0x9f25e: mov ax, word ptr es:[0] 0x9f262: mov word ptr es:[0], 0x9239 0x9f269: cmp word ptr es:[0], 0x9239 0x9f270: mov word ptr es:[0], ax 0x9f274: jne 0x9f298 0x9f276: mov ax, 3 0x9f279: int 0x10 0x9f27b: mov cx, 0x10 0x9f27e: push cs 0x9f27f: pop ds 0x9f280: mov ah, 9 0x9f282: mov dx, 0x4d4
2018-12-17T22:25:45.228035966Z	87	PC: 9f2ac \| Get or set file date and time
2018-12-17T22:25:45.229955453Z	62	PC: 9f2b1 \| Close file
2018-12-17T22:25:45.238062564Z	67	PC: 9f2c0 \| Get or set file attributes
2018-12-17T22:25:45.257472925Z	26	PC: 9f2ea \| Set disk transfer address
2018-12-17T22:25:45.261953872Z	37	PC: 9f2fa \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:45.263665268Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4555,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:09.053613314Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T11:52:09.063563279Z	53	PC: 9f04a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.065266017Z	37	PC: 9f05e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.066532427Z	98	PC: 9f064 \| Get current PSP
2018-12-25T11:52:09.068785857Z	47	PC: 9f0e6 \| Get disk transfer address
2018-12-25T11:52:09.070196054Z	26	PC: 9f0f7 \| Set disk transfer address
2018-12-25T11:52:09.071743377Z	78	PC: 9f101 \| Find first file
2018-12-25T11:52:09.078923457Z	47	PC: 9f107 \| Get disk transfer address
2018-12-25T11:52:09.080859316Z	67	PC: 9f170 \| Get or set file attributes
2018-12-25T11:52:09.0990512Z	61	PC: 9f177 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:52:09.1088453Z	63	PC: 9f186 \| Read file or device (Read 112 bytes on handle 5)
2018-12-25T11:52:09.11317401Z	66	PC: 9f1ab \| Move file pointer
2018-12-25T11:52:09.115029049Z	63	PC: 9f1b5 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:52:09.118204895Z	66	PC: 9f1c6 \| Move file pointer
2018-12-25T11:52:09.120749178Z	64	PC: 9f1e8 \| Write file or device (Write 11 bytes on handle 5)
2018-12-25T11:52:09.124607912Z	44	PC: 9f1ec \| Get time 0x9f1ec: inc dl 0x9f1ee: jmp 0x9f31a 0x9f1f1: pop ax 0x9f1f2: pop dx 0x9f1f3: mov cx, 0x10 0x9f1f6: div cx 0x9f1f8: inc ax 0x9f1f9: push ax 0x9f1fa: sub ax, word ptr [si + 8] 0x9f1fd: mov word ptr [si + 0x16], ax 0x9f200: mov word ptr [si + 0xe], ax 0x9f203: xor cx, cx 0x9f205: mov word ptr [si + 0x14], cx 0x9f208: pop ax 0x9f209: mov cx, 0x10 0x9f20c: mul cx 0x9f20e: mov bx, 0x635 0x9f211: mov word ptr cs:[si + 0x10], bx 0x9f215: add word ptr cs:[si + 0x10], 0x180 0x9f21b: add ax, bx
2018-12-25T11:52:09.127836976Z	64	PC: 9f32b \| Write file or device (Write 1589 bytes on handle 5)
2018-12-25T11:52:09.140340781Z	66	PC: 9f23b \| Move file pointer
2018-12-25T11:52:09.143172026Z	64	PC: 9f245 \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T11:52:09.146773501Z	42	PC: 9f24b \| Get date 0x9f24b: cmp dx, 0xb0c 0x9f24f: jne 0x9f298 0x9f251: mov ah, 0xf 0x9f253: int 0x10 0x9f255: cmp al, 3 0x9f257: jne 0x9f298 0x9f259: mov ax, 0xa000 0x9f25c: mov es, ax 0x9f25e: mov ax, word ptr es:[0] 0x9f262: mov word ptr es:[0], 0x9239 0x9f269: cmp word ptr es:[0], 0x9239 0x9f270: mov word ptr es:[0], ax 0x9f274: jne 0x9f298 0x9f276: mov ax, 3 0x9f279: int 0x10 0x9f27b: mov cx, 0x10 0x9f27e: push cs 0x9f27f: pop ds 0x9f280: mov ah, 9 0x9f282: mov dx, 0x4d4
2018-12-25T11:52:09.150976897Z	87	PC: 9f2ac \| Get or set file date and time
2018-12-25T11:52:09.152954777Z	62	PC: 9f2b1 \| Close file
2018-12-25T11:52:09.162927992Z	67	PC: 9f2c0 \| Get or set file attributes
2018-12-25T11:52:09.169116621Z	26	PC: 9f2ea \| Set disk transfer address
2018-12-25T11:52:09.171051643Z	37	PC: 9f2fa \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.173574643Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":12,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4555,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:09.228352163Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T11:52:09.235471712Z	53	PC: 9f04a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.236999061Z	37	PC: 9f05e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.238530311Z	98	PC: 9f064 \| Get current PSP
2018-12-25T11:52:09.241147144Z	47	PC: 9f0e6 \| Get disk transfer address
2018-12-25T11:52:09.242279791Z	26	PC: 9f0f7 \| Set disk transfer address
2018-12-25T11:52:09.24333905Z	78	PC: 9f101 \| Find first file
2018-12-25T11:52:09.249880912Z	47	PC: 9f107 \| Get disk transfer address
2018-12-25T11:52:09.251868492Z	67	PC: 9f170 \| Get or set file attributes
2018-12-25T11:52:09.270677009Z	61	PC: 9f177 \| Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:52:09.28040936Z	63	PC: 9f186 \| Read file or device (Read 112 bytes on handle 5)
2018-12-25T11:52:09.284406956Z	66	PC: 9f1ab \| Move file pointer
2018-12-25T11:52:09.286315164Z	63	PC: 9f1b5 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:52:09.288666905Z	66	PC: 9f1c6 \| Move file pointer
2018-12-25T11:52:09.291109666Z	64	PC: 9f1e8 \| Write file or device (Write 11 bytes on handle 5)
2018-12-25T11:52:09.295383278Z	44	PC: 9f1ec \| Get time 0x9f1ec: inc dl 0x9f1ee: jmp 0x9f31a 0x9f1f1: pop ax 0x9f1f2: pop dx 0x9f1f3: mov cx, 0x10 0x9f1f6: div cx 0x9f1f8: inc ax 0x9f1f9: push ax 0x9f1fa: sub ax, word ptr [si + 8] 0x9f1fd: mov word ptr [si + 0x16], ax 0x9f200: mov word ptr [si + 0xe], ax 0x9f203: xor cx, cx 0x9f205: mov word ptr [si + 0x14], cx 0x9f208: pop ax 0x9f209: mov cx, 0x10 0x9f20c: mul cx 0x9f20e: mov bx, 0x635 0x9f211: mov word ptr cs:[si + 0x10], bx 0x9f215: add word ptr cs:[si + 0x10], 0x180 0x9f21b: add ax, bx
2018-12-25T11:52:09.298491906Z	64	PC: 9f32b \| Write file or device (Write 1589 bytes on handle 5)
2018-12-25T11:52:09.309354567Z	66	PC: 9f23b \| Move file pointer
2018-12-25T11:52:09.311113603Z	64	PC: 9f245 \| Write file or device (Write 28 bytes on handle 5)
2018-12-25T11:52:09.314196723Z	42	PC: 9f24b \| Get date 0x9f24b: cmp dx, 0xb0c 0x9f24f: jne 0x9f298 0x9f251: mov ah, 0xf 0x9f253: int 0x10 0x9f255: cmp al, 3 0x9f257: jne 0x9f298 0x9f259: mov ax, 0xa000 0x9f25c: mov es, ax 0x9f25e: mov ax, word ptr es:[0] 0x9f262: mov word ptr es:[0], 0x9239 0x9f269: cmp word ptr es:[0], 0x9239 0x9f270: mov word ptr es:[0], ax 0x9f274: jne 0x9f298 0x9f276: mov ax, 3 0x9f279: int 0x10 0x9f27b: mov cx, 0x10 0x9f27e: push cs 0x9f27f: pop ds 0x9f280: mov ah, 9 0x9f282: mov dx, 0x4d4
2018-12-25T11:52:09.317514838Z	87	PC: 9f2ac \| Get or set file date and time
2018-12-25T11:52:09.319537424Z	62	PC: 9f2b1 \| Close file
2018-12-25T11:52:09.327413423Z	67	PC: 9f2c0 \| Get or set file attributes
2018-12-25T11:52:09.332621414Z	26	PC: 9f2ea \| Set disk transfer address
2018-12-25T11:52:09.333833908Z	37	PC: 9f2fa \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:09.335845404Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')