Sample viewer

vx.netlux.org/Virus.DOS.Quevedo.442

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:36:01.848208078Z 53 PC: 12a47 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:36:01.849479094Z 53 PC: 12a52 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:36:01.850271387Z 61 PC: 12a5c | Open file (Filename = 'c:\w')
2018-12-17T22:36:01.853701051Z 42 PC: 12a71 | Get date 0x12a71: cmp dh, 9
0x12a74: jne 0x12a7d
0x12a76: mov ah, 9
0x12a78: mov dx, 0x1ba
0x12a7b: int 0x21
0x12a7d: mov ah, 0x4e
0x12a7f: xor cx, cx
0x12a81: mov dx, 0x271
0x12a84: int 0x21
0x12a86: jb 0x12a8b
0x12a88: call 0x12a9e
0x12a8b: mov ah, 0x4e
0x12a8d: xor cx, cx
0x12a8f: mov dx, 0x277
0x12a92: int 0x21
0x12a94: jb 0x12a99
0x12a96: call 0x12a9e
0x12a99: mov ax, 0x4c00
0x12a9c: int 0x21
0x12a9e: mov dx, 0x9e
2018-12-17T22:36:01.855529868Z 78 PC: 12a86 | Find first file
2018-12-17T22:36:01.859028746Z 78 PC: 12a94 | Find first file
2018-12-17T22:36:01.862563764Z 76 PC: 12a9e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6509,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:44.475156457Z 53 PC: 12a47 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:59:44.477834785Z 53 PC: 12a52 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:59:44.479744182Z 61 PC: 12a5c | Open file (Filename = 'c:\w')
2018-12-25T11:59:44.486554713Z 42 PC: 12a71 | Get date 0x12a71: cmp dh, 9
0x12a74: jne 0x12a7d
0x12a76: mov ah, 9
0x12a78: mov dx, 0x1ba
0x12a7b: int 0x21
0x12a7d: mov ah, 0x4e
0x12a7f: xor cx, cx
0x12a81: mov dx, 0x271
0x12a84: int 0x21
0x12a86: jb 0x12a8b
0x12a88: call 0x12a9e
0x12a8b: mov ah, 0x4e
0x12a8d: xor cx, cx
0x12a8f: mov dx, 0x277
0x12a92: int 0x21
0x12a94: jb 0x12a99
0x12a96: call 0x12a9e
0x12a99: mov ax, 0x4c00
0x12a9c: int 0x21
0x12a9e: mov dx, 0x9e
2018-12-25T11:59:44.489249908Z 78 PC: 12a86 | Find first file
2018-12-25T11:59:44.496393092Z 78 PC: 12a94 | Find first file
2018-12-25T11:59:44.502924899Z 76 PC: 12a9e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6509,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:44.481706701Z 53 PC: 12a47 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:59:44.483427749Z 53 PC: 12a52 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:59:44.486266332Z 61 PC: 12a5c | Open file (Filename = 'c:\w')
2018-12-25T11:59:44.493694955Z 42 PC: 12a71 | Get date 0x12a71: cmp dh, 9
0x12a74: jne 0x12a7d
0x12a76: mov ah, 9
0x12a78: mov dx, 0x1ba
0x12a7b: int 0x21
0x12a7d: mov ah, 0x4e
0x12a7f: xor cx, cx
0x12a81: mov dx, 0x271
0x12a84: int 0x21
0x12a86: jb 0x12a8b
0x12a88: call 0x12a9e
0x12a8b: mov ah, 0x4e
0x12a8d: xor cx, cx
0x12a8f: mov dx, 0x277
0x12a92: int 0x21
0x12a94: jb 0x12a99
0x12a96: call 0x12a9e
0x12a99: mov ax, 0x4c00
0x12a9c: int 0x21
0x12a9e: mov dx, 0x9e
2018-12-25T11:59:44.496149794Z 9 PC: 12a7d | Display string (String= 'Virus QUEVEDO! b Xavirus Hacker ')
2018-12-25T11:59:44.50282122Z 78 PC: 12a86 | Find first file
2018-12-25T11:59:44.509680629Z 78 PC: 12a94 | Find first file
2018-12-25T11:59:44.517378157Z 76 PC: 12a9e | Terminate with return code (Return code = '0')