Sample viewer

vx.netlux.org/Virus.DOS.Velocet.2000

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:42.60342192Z	61	PC: 12cbf \| Open file (Filename = 'A:\TEST.EXE')
2018-12-17T22:30:42.611939167Z	66	PC: 12ccc \| Move file pointer
2018-12-17T22:30:42.613793393Z	63	PC: 12ce0 \| Read file or device (Read 2000 bytes on handle 5)
2018-12-17T22:30:42.623714875Z	135	PC: 152ab \| UNKNOWN!
2018-12-17T22:30:42.625318236Z	53	PC: 152b8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:42.627217882Z	37	PC: 152cb \| Set interrupt vector (Interrupt = '253' AKA 'UNKNOWN!')
2018-12-17T22:30:42.6287442Z	74	PC: 152e8 \| Reallocate memory
2018-12-17T22:30:42.630628033Z	82	PC: 152f8 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:30:42.633172048Z	37	PC: 15397 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:30:42.634739965Z	42	PC: 157a5 \| Get date 0x157a5: cmp dx, 0x113 0x157a9: je 0x157ad 0x157ab: jmp 0x157b0 0x157ad: call 0x157b3 0x157b0: popf 0x157b1: popaw 0x157b2: ret 0x157b3: mov dl, 0x80 0x157b5: mov ah, 8 0x157b7: int 0x13 0x157b9: jae 0x157be 0x157bb: jmp 0x15874 0x157be: add dl, 0x7f 0x157c1: mov byte ptr cs:[0x37], dl 0x157c6: mov ah, 8 0x157c8: int 0x13 0x157ca: inc dh 0x157cc: mov byte ptr cs:[0x6f], dh 0x157d1: and cl, 0x3f 0x157d4: mov byte ptr cs:[0x70], cl
2018-12-17T22:30:42.637713299Z	9	PC: 12a86 \| Display string (Could not find end pointer)
2018-12-17T22:30:42.645752713Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:30:42.647504556Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:30:42.655401868Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:30:42.658776291Z	9	PC: 12a86 \| Display string (String= 'Size change=07D0h/02000d. ')
2018-12-17T22:30:42.663494097Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5491,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:35.979531164Z	61	PC: 12cbf \| Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:54:35.987520553Z	66	PC: 12ccc \| Move file pointer
2018-12-25T11:54:35.989400075Z	63	PC: 12ce0 \| Read file or device (Read 2000 bytes on handle 5)
2018-12-25T11:54:35.998570862Z	135	PC: 152ab \| UNKNOWN!
2018-12-25T11:54:35.999866486Z	53	PC: 152b8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:36.002401082Z	37	PC: 152cb \| Set interrupt vector (Interrupt = '253' AKA 'UNKNOWN!')
2018-12-25T11:54:36.004049402Z	74	PC: 152e8 \| Reallocate memory
2018-12-25T11:54:36.005944453Z	82	PC: 152f8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:54:36.008861528Z	37	PC: 15397 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:36.010197993Z	42	PC: 157a5 \| Get date 0x157a5: cmp dx, 0x113 0x157a9: je 0x157ad 0x157ab: jmp 0x157b0 0x157ad: call 0x157b3 0x157b0: popf 0x157b1: popaw 0x157b2: ret 0x157b3: mov dl, 0x80 0x157b5: mov ah, 8 0x157b7: int 0x13 0x157b9: jae 0x157be 0x157bb: jmp 0x15874 0x157be: add dl, 0x7f 0x157c1: mov byte ptr cs:[0x37], dl 0x157c6: mov ah, 8 0x157c8: int 0x13 0x157ca: inc dh 0x157cc: mov byte ptr cs:[0x6f], dh 0x157d1: and cl, 0x3f 0x157d4: mov byte ptr cs:[0x70], cl
2018-12-25T11:54:36.012712387Z	9	PC: 12a86 \| Display string (Could not find end pointer)
2018-12-25T11:54:36.02043946Z	48	PC: 12a8f \| Get DOS version
2018-12-25T11:54:36.021722138Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T11:54:36.028903653Z	93	PC: 12afe \| File sharing functions
2018-12-25T11:54:36.031346244Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T11:54:36.035851765Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":19,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5491,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:36.183501032Z	61	PC: 12cbf \| Open file (Filename = 'A:\TEST.EXE')
2018-12-25T11:54:36.188166488Z	66	PC: 12ccc \| Move file pointer
2018-12-25T11:54:36.189187385Z	63	PC: 12ce0 \| Read file or device (Read 2000 bytes on handle 5)
2018-12-25T11:54:36.194123916Z	135	PC: 152ab \| UNKNOWN!
2018-12-25T11:54:36.194857335Z	53	PC: 152b8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:36.196599074Z	37	PC: 152cb \| Set interrupt vector (Interrupt = '253' AKA 'UNKNOWN!')
2018-12-25T11:54:36.197745422Z	74	PC: 152e8 \| Reallocate memory
2018-12-25T11:54:36.199517789Z	82	PC: 152f8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:54:36.207149201Z	37	PC: 15397 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:36.20864396Z	42	PC: 157a5 \| Get date 0x157a5: cmp dx, 0x113 0x157a9: je 0x157ad 0x157ab: jmp 0x157b0 0x157ad: call 0x157b3 0x157b0: popf 0x157b1: popaw 0x157b2: ret 0x157b3: mov dl, 0x80 0x157b5: mov ah, 8 0x157b7: int 0x13 0x157b9: jae 0x157be 0x157bb: jmp 0x15874 0x157be: add dl, 0x7f 0x157c1: mov byte ptr cs:[0x37], dl 0x157c6: mov ah, 8 0x157c8: int 0x13 0x157ca: inc dh 0x157cc: mov byte ptr cs:[0x6f], dh 0x157d1: and cl, 0x3f 0x157d4: mov byte ptr cs:[0x70], cl
2018-12-25T11:54:36.578753891Z	9	PC: 15872 \| Display string (String= 'Velocet. By Dogor...')