Sample viewer

vx.netlux.org/Virus.DOS.Grog.660

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:12.070710898Z 26 PC: 14601 | Set disk transfer address
2018-12-17T22:39:12.072215095Z 78 PC: 14612 | Find first file
2018-12-17T22:39:12.07954533Z 61 PC: 14665 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:39:12.086408736Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.093089315Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.096112307Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.099238383Z 61 PC: 14665 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:39:12.106907728Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.114385843Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.116592505Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.119757073Z 61 PC: 14665 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:39:12.128020899Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.135819869Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.13807395Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.14147245Z 61 PC: 14665 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:39:12.14940392Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.156221287Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.158444861Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.163140217Z 61 PC: 14665 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:39:12.170769276Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.177512144Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.180443923Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.183734329Z 61 PC: 14665 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:39:12.190884795Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.198452979Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.20077572Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.2037977Z 61 PC: 14665 | Open file (Filename = 'PAH.COM')
2018-12-17T22:39:12.211329155Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.218056223Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.220038532Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.223966069Z 61 PC: 14665 | Open file (Filename = 'TEST.COM')
2018-12-17T22:39:12.230931877Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:39:12.233763047Z 62 PC: 14623 | Close file
2018-12-17T22:39:12.235962675Z 79 PC: 14612 | Find next file
2018-12-17T22:39:12.239508132Z 42 PC: 1462b | Get date 0x1462b: cmp dh, 5
0x1462e: jne 0x14641
0x14630: lea si, word ptr [bp + 0x100]
0x14634: mov di, 0x100
0x14637: mov cx, 0x198
0x1463a: rep movsb byte ptr es:[di], byte ptr [si]
0x1463c: mov ax, 0x106
0x1463f: jmp ax
0x14641: mov dx, 0x80
0x14644: mov ah, 0x1a
0x14646: int 0x21
0x14648: xor ax, ax
0x1464a: push ax
0x1464b: push ax
0x1464c: push ax
0x1464d: pop bx
0x1464e: pop cx
0x1464f: pop dx
0x14650: mov si, 0x100
0x14653: push si
2018-12-17T22:39:12.242723186Z 26 PC: 14648 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6742,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:16.773628345Z 26 PC: 14601 | Set disk transfer address
2018-12-25T12:00:16.775921109Z 78 PC: 14612 | Find first file
2018-12-25T12:00:16.781655372Z 61 PC: 14665 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:16.787743622Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:16.794110287Z 62 PC: 14623 | Close file
2018-12-25T12:00:16.795857841Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.798249329Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.810143676Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.816363323Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.817905231Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.820753365Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.826918472Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.832833642Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.834814051Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.837280758Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.84340722Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.849665046Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.851298157Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.853678793Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.860174022Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.866926185Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.868528449Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.870976322Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.877513338Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.883603101Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.88517567Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.888097439Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.89427522Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.900089106Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.902010933Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.904438635Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.910680121Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.917274511Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.919143326Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.921418209Z 42 PC: 1462b | Get date 0x1462b: cmp dh, 5
0x1462e: jne 0x14641
0x14630: lea si, word ptr [bp + 0x100]
0x14634: mov di, 0x100
0x14637: mov cx, 0x198
0x1463a: rep movsb byte ptr es:[di], byte ptr [si]
0x1463c: mov ax, 0x106
0x1463f: jmp ax
0x14641: mov dx, 0x80
0x14644: mov ah, 0x1a
0x14646: int 0x21
0x14648: xor ax, ax
0x1464a: push ax
0x1464b: push ax
0x1464c: push ax
0x1464d: pop bx
0x1464e: pop cx
0x1464f: pop dx
0x14650: mov si, 0x100
0x14653: push si
2018-12-25T12:00:16.923894736Z 26 PC: 14648 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6742,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:16.93464803Z 26 PC: 14601 | Set disk transfer address
2018-12-25T12:00:16.937806678Z 78 PC: 14612 | Find first file
2018-12-25T12:00:16.94323907Z 61 PC: 14665 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:16.94995295Z 63 PC: 14671 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:16.95717719Z 62 PC: 14623 | Close file
2018-12-25T12:00:16.959393101Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.962151147Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.969549321Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.977772427Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.979669681Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:16.982443182Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:16.990809984Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:16.9976956Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:16.999739014Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:17.002347801Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:17.011195664Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:17.017717745Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:17.01949438Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:17.022338395Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:17.026951444Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:17.032388948Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:17.033698473Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:17.035631379Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:17.040365403Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:17.046918917Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:17.04863412Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:17.051177241Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:17.058989917Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:17.06560658Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:17.067232203Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:17.070508712Z 61 PC: 14665 | Open file (See above)
2018-12-25T12:00:17.07772142Z 63 PC: 14671 | Read file or device (See above)
2018-12-25T12:00:17.080422253Z 62 PC: 14623 | Close file (See above)
2018-12-25T12:00:17.082396637Z 79 PC: 14612 | Find next file (See above)
2018-12-25T12:00:17.084816664Z 42 PC: 1462b | Get date 0x1462b: cmp dh, 5
0x1462e: jne 0x14641
0x14630: lea si, word ptr [bp + 0x100]
0x14634: mov di, 0x100
0x14637: mov cx, 0x198
0x1463a: rep movsb byte ptr es:[di], byte ptr [si]
0x1463c: mov ax, 0x106
0x1463f: jmp ax
0x14641: mov dx, 0x80
0x14644: mov ah, 0x1a
0x14646: int 0x21
0x14648: xor ax, ax
0x1464a: push ax
0x1464b: push ax
0x1464c: push ax
0x1464d: pop bx
0x1464e: pop cx
0x1464f: pop dx
0x14650: mov si, 0x100
0x14653: push si
2018-12-25T12:00:17.086892146Z 42 PC: 12b72 | Get date 0x12b72: cmp dl, 0xf
0x12b75: jne 0x12b99
0x12b77: mov dx, 0x109
0x12b7a: mov ax, 0x251c
0x12b7d: int 0x21
0x12b7f: mov ax, 0x3521
0x12b82: int 0x21
0x12b84: mov word ptr [0x164], bx
0x12b88: mov word ptr [0x166], es
0x12b8c: mov dx, 0x15e
0x12b8f: mov ax, 0x2521
0x12b92: int 0x21
0x12b94: mov dx, 0x22e
0x12b97: int 0x27
0x12b99: cmp dl, 0xf
0x12b9c: ja 0x12bd6
0x12b9e: call 0x12bd1
0x12ba1: or ax, 0x90a
0x12ba4: sub ax, 0x3c3d
0x12ba7: and byte ptr [bx + di + 0x6c], cl
2018-12-25T12:00:17.089377286Z 9 PC: 12bd6 | Display string (String= ' -=< Il Mostro (C) '93 by Grog - Italy >=- ')