Sample viewer

vx.netlux.org/Virus.DOS.Hide.709

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:34:12.201033027Z	42	PC: 1362d \| Get date 0x1362d: cmp dh, 5 0x13630: jne 0x13667 0x13632: cmp dl, 5 0x13635: jne 0x13667 0x13637: mov dx, 0x2ac 0x1363a: add dx, bp 0x1363c: mov cx, 0x23 0x1363f: mov ah, 0x4e 0x13641: int 0x21 0x13643: jb 0x13667 0x13645: mov si, 0x266 0x13648: add si, bp 0x1364a: mov cx, 0x23 0x1364d: xor word ptr [si], 0xffff 0x13651: inc si 0x13652: inc si 0x13653: loop 0x1364d 0x13655: mov dx, 0x266 0x13658: add dx, bp 0x1365a: mov cx, 0x46
2018-12-17T22:34:12.205270318Z	54	PC: 13706 \| Get free disk space
2018-12-17T22:34:12.243685286Z	78	PC: 13722 \| Find first file
2018-12-17T22:34:12.253118436Z	61	PC: 137b1 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:34:12.259180811Z	63	PC: 137c3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:12.26466147Z	66	PC: 137d4 \| Move file pointer
2018-12-17T22:34:12.266007643Z	64	PC: 137e0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:12.2688021Z	66	PC: 137e9 \| Move file pointer
2018-12-17T22:34:12.27142116Z	64	PC: 137f2 \| Write file or device (Write 709 bytes on handle 5)
2018-12-17T22:34:12.947550931Z	62	PC: 137f6 \| Close file
2018-12-17T22:34:12.954379916Z	61	PC: 13800 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-17T22:34:12.962522501Z	87	PC: 13812 \| Get or set file date and time
2018-12-17T22:34:12.964104418Z	62	PC: 13816 \| Close file
2018-12-17T22:34:12.970041067Z	67	PC: 13826 \| Get or set file attributes
2018-12-17T22:34:12.98012806Z	9	PC: 12a4b \| Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-17T22:34:12.984491076Z	61	PC: 12b0d \| Open file (Filename = '')
2018-12-17T22:34:12.994343969Z	63	PC: 12b25 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:34:13.001477927Z	62	PC: 12b4f \| Close file
2018-12-17T22:34:13.003327475Z	9	PC: 12b55 \| Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-17T22:34:13.011062232Z	76	PC: 12b59 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6119,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:32.62124428Z	42	PC: 1362d \| Get date 0x1362d: cmp dh, 5 0x13630: jne 0x13667 0x13632: cmp dl, 5 0x13635: jne 0x13667 0x13637: mov dx, 0x2ac 0x1363a: add dx, bp 0x1363c: mov cx, 0x23 0x1363f: mov ah, 0x4e 0x13641: int 0x21 0x13643: jb 0x13667 0x13645: mov si, 0x266 0x13648: add si, bp 0x1364a: mov cx, 0x23 0x1364d: xor word ptr [si], 0xffff 0x13651: inc si 0x13652: inc si 0x13653: loop 0x1364d 0x13655: mov dx, 0x266 0x13658: add dx, bp 0x1365a: mov cx, 0x46
2018-12-25T11:58:32.623805997Z	54	PC: 13706 \| Get free disk space
2018-12-25T11:58:32.660721678Z	78	PC: 13722 \| Find first file
2018-12-25T11:58:32.669612134Z	61	PC: 137b1 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T11:58:32.676714186Z	63	PC: 137c3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:32.681867856Z	66	PC: 137d4 \| Move file pointer
2018-12-25T11:58:32.683000713Z	64	PC: 137e0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:32.686822183Z	66	PC: 137e9 \| Move file pointer
2018-12-25T11:58:32.688101027Z	64	PC: 137f2 \| Write file or device (Write 709 bytes on handle 5)
2018-12-25T11:58:33.030760614Z	62	PC: 137f6 \| Close file
2018-12-25T11:58:33.038401378Z	61	PC: 13800 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T11:58:33.048538045Z	87	PC: 13812 \| Get or set file date and time
2018-12-25T11:58:33.051931139Z	62	PC: 13816 \| Close file
2018-12-25T11:58:33.058957611Z	67	PC: 13826 \| Get or set file attributes
2018-12-25T11:58:33.068834353Z	9	PC: 12a4b \| Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-25T11:58:33.072766909Z	61	PC: 12b0d \| Open file (Filename = '')
2018-12-25T11:58:33.07928796Z	63	PC: 12b25 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:58:33.083801785Z	62	PC: 12b4f \| Close file
2018-12-25T11:58:33.085500146Z	9	PC: 12b55 \| Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-25T11:58:33.091971179Z	76	PC: 12b59 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6119,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:33.036961162Z	42	PC: 1362d \| Get date 0x1362d: cmp dh, 5 0x13630: jne 0x13667 0x13632: cmp dl, 5 0x13635: jne 0x13667 0x13637: mov dx, 0x2ac 0x1363a: add dx, bp 0x1363c: mov cx, 0x23 0x1363f: mov ah, 0x4e 0x13641: int 0x21 0x13643: jb 0x13667 0x13645: mov si, 0x266 0x13648: add si, bp 0x1364a: mov cx, 0x23 0x1364d: xor word ptr [si], 0xffff 0x13651: inc si 0x13652: inc si 0x13653: loop 0x1364d 0x13655: mov dx, 0x266 0x13658: add dx, bp 0x1365a: mov cx, 0x46
2018-12-25T11:58:33.040252359Z	54	PC: 13706 \| Get free disk space
2018-12-25T11:58:33.070162628Z	78	PC: 13722 \| Find first file
2018-12-25T11:58:33.079576819Z	61	PC: 137b1 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T11:58:33.087610907Z	63	PC: 137c3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:33.094369868Z	66	PC: 137d4 \| Move file pointer
2018-12-25T11:58:33.095712628Z	64	PC: 137e0 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:33.098876658Z	66	PC: 137e9 \| Move file pointer
2018-12-25T11:58:33.100313461Z	64	PC: 137f2 \| Write file or device (Write 709 bytes on handle 5)
2018-12-25T11:58:33.438966463Z	62	PC: 137f6 \| Close file
2018-12-25T11:58:33.445019218Z	61	PC: 13800 \| Open file (Filename = 'C:\DOS\EDIT.COM')
2018-12-25T11:58:33.449835205Z	87	PC: 13812 \| Get or set file date and time
2018-12-25T11:58:33.450978731Z	62	PC: 13816 \| Close file
2018-12-25T11:58:33.455123685Z	67	PC: 13826 \| Get or set file attributes
2018-12-25T11:58:33.463512313Z	9	PC: 12a4b \| Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-25T11:58:33.466851897Z	61	PC: 12b0d \| Open file (Filename = '')
2018-12-25T11:58:33.472916465Z	63	PC: 12b25 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:58:33.480489471Z	62	PC: 12b4f \| Close file
2018-12-25T11:58:33.48310504Z	9	PC: 12b55 \| Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-25T11:58:33.489531148Z	76	PC: 12b59 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":5,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6119,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:33.746941413Z	42	PC: 1362d \| Get date 0x1362d: cmp dh, 5 0x13630: jne 0x13667 0x13632: cmp dl, 5 0x13635: jne 0x13667 0x13637: mov dx, 0x2ac 0x1363a: add dx, bp 0x1363c: mov cx, 0x23 0x1363f: mov ah, 0x4e 0x13641: int 0x21 0x13643: jb 0x13667 0x13645: mov si, 0x266 0x13648: add si, bp 0x1364a: mov cx, 0x23 0x1364d: xor word ptr [si], 0xffff 0x13651: inc si 0x13652: inc si 0x13653: loop 0x1364d 0x13655: mov dx, 0x266 0x13658: add dx, bp 0x1365a: mov cx, 0x46
2018-12-25T11:58:33.749809539Z	78	PC: 13643 \| Find first file
2018-12-25T11:58:33.757752086Z	64	PC: 13664 \| Write file or device (Write 70 bytes on handle 1)
2018-12-25T11:58:33.766188493Z	67	PC: 13856 \| Get or set file attributes
2018-12-25T11:58:33.783708774Z	79	PC: 1385a \| Find next file
2018-12-25T11:58:33.786688551Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.796748911Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.800053629Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.818413346Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.822764828Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.834873474Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.839479251Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.850236951Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.852956344Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.864015384Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.866726917Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.884613366Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.887796949Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.899846992Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.903031533Z	67	PC: 13856 \| Get or set file attributes (See above)
2018-12-25T11:58:33.913156461Z	79	PC: 1385a \| Find next file (See above)
2018-12-25T11:58:33.915367715Z	9	PC: 12a4b \| Display string (String= 'Copyright (C) 1991 JADE Corporation ')
2018-12-25T11:58:33.921673754Z	61	PC: 12b0d \| Open file (Filename = '')
2018-12-25T11:58:33.928996195Z	63	PC: 12b25 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:58:33.932500994Z	62	PC: 12b4f \| Close file
2018-12-25T11:58:33.93449061Z	9	PC: 12b55 \| Display string (String= 'Warning !!!! Warning !!!! Program was Infected with Virus ')
2018-12-25T11:58:33.943804053Z	76	PC: 12b59 \| Terminate with return code (Return code = '36')