Sample viewer

vx.netlux.org/Virus.DOS.HKill.997

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:39:45.966520791Z 26 PC: 1ceb7 | Set disk transfer address
2018-12-17T22:39:45.967673517Z 71 PC: 1ced9 | Get current directory
2018-12-17T22:39:45.970421186Z 78 PC: 1cef5 | Find first file
2018-12-17T22:39:45.975274904Z 61 PC: 1cfc5 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:39:45.98320604Z 87 PC: 1cfd4 | Get or set file date and time
2018-12-17T22:39:45.984487831Z 63 PC: 1cfed | Read file or device (Read 29 bytes on handle 5)
2018-12-17T22:39:45.989383103Z 87 PC: 1d022 | Get or set file date and time
2018-12-17T22:39:45.991400178Z 62 PC: 1d026 | Close file
2018-12-17T22:39:46.006938151Z 79 PC: 1cf2c | Find next file
2018-12-17T22:39:46.010067384Z 59 PC: 1cf38 | Change current directory
2018-12-17T22:39:46.014522442Z 42 PC: 1cf48 | Get date 0x1cf48: cmp al, 1
0x1cf4a: jne 0x1cf5a
0x1cf4c: mov al, byte ptr cs:[bp + 0x353]
0x1cf51: and al, 0x14
0x1cf53: cmp al, 0x14
0x1cf55: jne 0x1cf5a
0x1cf57: call 0x1d1e7
0x1cf5a: inc byte ptr cs:[bp + 0x354]
0x1cf5f: lea ax, word ptr [bp + 0x354]
0x1cf63: mov dx, 0x3b00
0x1cf66: xchg ax, dx
0x1cf67: int 0x21
0x1cf69: call 0x1d259
0x1cf6c: mov dx, 0x1a00
0x1cf6f: mov ax, 0x80
0x1cf72: xchg ax, dx
0x1cf73: int 0x21
0x1cf75: mov cx, 8
0x1cf78: lea si, word ptr [bp + 0x188]
0x1cf7c: lea di, word ptr [bp + 0x180]
2018-12-17T22:39:46.01651717Z 59 PC: 1cf69 | Change current directory
2018-12-17T22:39:46.020293077Z 26 PC: 1cf75 | Set disk transfer address
2018-12-17T22:39:46.032469647Z 48 PC: 18800 | Get DOS version
2018-12-17T22:39:46.034061778Z 74 PC: 18879 | Reallocate memory
2018-12-17T22:39:46.037266669Z 53 PC: 188f7 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:46.041058952Z 37 PC: 18909 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:39:46.043885058Z 68 PC: 18999 | I/O control for devices
2018-12-17T22:39:46.045785062Z 68 PC: 18999 | I/O control for devices (Set for = '^�')
2018-12-17T22:39:46.048374659Z 68 PC: 18999 | I/O control for devices (Set for = 'F�@�F��v��')
2018-12-17T22:39:46.050363336Z 68 PC: 18999 | I/O control for devices (Set for = '��� RQ�N���RQ�N��RQ�r��v��')
2018-12-17T22:39:46.05220611Z 68 PC: 18999 | I/O control for devices (Set for = '��� RQ�N���RQ�N��RQ�r��v��')
2018-12-17T22:39:46.058510068Z 56 PC: 18e06 | Get or set country info
2018-12-17T22:39:46.060811577Z 68 PC: 16d11 | I/O control for devices (Set for = '���=�ZҼ߱�(ڭ27��ʺ9U*C�Z �����T���:�z�{$���@� W`y��㨆 p��w�q��. �[Ɍ44R��R�~��')
2018-12-17T22:39:46.062506928Z 68 PC: 16d26 | I/O control for devices (Set for = '*eg?\I8�`�{9U��jl��˝sWkb��bh��+"`g�>�:�e��=��R2h��h�!�܅���N��S"޿DY��ug�y���y��r����0eqUŢm8u1��P���N�~l'��d�N��s�a�+�j����')
2018-12-17T22:39:46.065444932Z 84 PC: 174f7 | Get verify flag
2018-12-17T22:39:46.066945449Z 51 PC: 174ff | Get or set Ctrl-Break
2018-12-17T22:39:46.068194233Z 51 PC: 1750a | Get or set Ctrl-Break
2018-12-17T22:39:46.078739652Z 37 PC: 17514 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:39:46.081206078Z 53 PC: 17046 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:46.083651386Z 37 PC: 17056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:39:46.087116591Z 55 PC: 16d4c | Get or set switch character
2018-12-17T22:39:46.090220116Z 43 PC: 174db | Set date
2018-12-17T22:39:46.092721865Z 61 PC: 18f65 | Open file (Filename = '�:*O�k')
2018-12-17T22:39:46.101990992Z 61 PC: 18f65 | Open file (Filename = 'A:/PKZIP.CFG')
2018-12-17T22:39:46.108837333Z 68 PC: 169f5 | I/O control for devices (Set for = '!')
2018-12-17T22:39:46.120210121Z 61 PC: 17292 | Open file (Filename = '�LNf��ƚ�juF�D�� �iU�U���t��e���N�P��/���g/!��"w��9>��N�gfW�c�LEg�qOv�����ӷ �ص����A��1M���Y��A3�t���Q]*�?��ˇ9��CB�'��,�a�7�5�CÄ#�9t�4�� ֌_c��p�c���2����Q�ia/��
2018-12-17T22:39:46.128649538Z 227 PC: 16df6 | UNKNOWN!
2018-12-17T22:39:46.130119334Z 96 PC: 16dac | Qualify filename
2018-12-17T22:39:46.135195995Z 64 PC: 17184 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:39:46.141409336Z 64 PC: 17184 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:39:46.171243301Z 12 PC: 18e06 | Flush input buffer and input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6838,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:20.1620687Z 26 PC: 1ceb7 | Set disk transfer address
2018-12-25T12:00:20.163794532Z 71 PC: 1ced9 | Get current directory
2018-12-25T12:00:20.166922903Z 78 PC: 1cef5 | Find first file
2018-12-25T12:00:20.173442627Z 61 PC: 1cfc5 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:00:20.182163218Z 87 PC: 1cfd4 | Get or set file date and time
2018-12-25T12:00:20.183870398Z 63 PC: 1cfed | Read file or device (Read 29 bytes on handle 5)
2018-12-25T12:00:20.186683627Z 87 PC: 1d022 | Get or set file date and time
2018-12-25T12:00:20.189122222Z 62 PC: 1d026 | Close file
2018-12-25T12:00:21.466521179Z 79 PC: 1cf2c | Find next file
2018-12-25T12:00:21.469242894Z 59 PC: 1cf38 | Change current directory
2018-12-25T12:00:21.480439327Z 42 PC: 1cf48 | Get date 0x1cf48: cmp al, 1
0x1cf4a: jne 0x1cf5a
0x1cf4c: mov al, byte ptr cs:[bp + 0x353]
0x1cf51: and al, 0x14
0x1cf53: cmp al, 0x14
0x1cf55: jne 0x1cf5a
0x1cf57: call 0x1d1e7
0x1cf5a: inc byte ptr cs:[bp + 0x354]
0x1cf5f: lea ax, word ptr [bp + 0x354]
0x1cf63: mov dx, 0x3b00
0x1cf66: xchg ax, dx
0x1cf67: int 0x21
0x1cf69: call 0x1d259
0x1cf6c: mov dx, 0x1a00
0x1cf6f: mov ax, 0x80
0x1cf72: xchg ax, dx
0x1cf73: int 0x21
0x1cf75: mov cx, 8
0x1cf78: lea si, word ptr [bp + 0x188]
0x1cf7c: lea di, word ptr [bp + 0x180]
2018-12-25T12:00:21.482906359Z 59 PC: 1cf69 | Change current directory
2018-12-25T12:00:21.494155659Z 26 PC: 1cf75 | Set disk transfer address
2018-12-25T12:00:21.515307927Z 48 PC: 18800 | Get DOS version
2018-12-25T12:00:21.518164195Z 74 PC: 18879 | Reallocate memory
2018-12-25T12:00:21.521073227Z 53 PC: 188f7 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:21.52298454Z 37 PC: 18909 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:21.52485264Z 68 PC: 18999 | I/O control for devices
2018-12-25T12:00:21.52678977Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:21.528382098Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:21.530467814Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:21.531855254Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:21.53678938Z 56 PC: 18e06 | Get or set country info
2018-12-25T12:00:21.539762557Z 68 PC: 16d11 | I/O control for devices (Set for = '���=�ZҼ߱�(ڭ27��ʺ9U*C�Z �����T���:�z�{$���@� W`y��㨆 p��w�q��. �[Ɍ44R��R�~��')
2018-12-25T12:00:21.541135293Z 68 PC: 16d26 | I/O control for devices (Set for = '*eg?\I8�`�{9U��jl��˝sWkb��bh��+"`g�>�:�e��=��R2h��h�!�܅���N��S"޿DY��ug�y���y��r����0eqUŢm8u1��P���N�~l'��d�N��s�a�+�j����')
2018-12-25T12:00:21.542568291Z 84 PC: 174f7 | Get verify flag
2018-12-25T12:00:21.544180022Z 51 PC: 174ff | Get or set Ctrl-Break
2018-12-25T12:00:21.545187802Z 51 PC: 1750a | Get or set Ctrl-Break
2018-12-25T12:00:21.546250704Z 37 PC: 17514 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:00:21.549913045Z 53 PC: 17046 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:21.552164412Z 37 PC: 17056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:21.554696823Z 55 PC: 16d4c | Get or set switch character
2018-12-25T12:00:21.557933753Z 43 PC: 174db | Set date
2018-12-25T12:00:21.561116721Z 61 PC: 18f65 | Open file (Filename = '�:*O�k')
2018-12-25T12:00:21.573413409Z 61 PC: 18f65 | Open file (See above)
2018-12-25T12:00:21.589071421Z 68 PC: 169f5 | I/O control for devices (Set for = '!')
2018-12-25T12:00:21.598234642Z 61 PC: 17292 | Open file (Filename = '�LNf��ƚ�juF�D�� �iU�U���t��e���N�P��/���g/!��"w��9>��N�gfW�c�LEg�qOv�����ӷ �ص����A��1M���Y��A3�t���Q]*�?��ˇ9��CB�'��,�a�7�5�CÄ#�9t�4�� ֌_c��p�c���2����Q�ia/��
2018-12-25T12:00:21.606000374Z 227 PC: 16df6 | UNKNOWN!
2018-12-25T12:00:21.607786598Z 96 PC: 16dac | Qualify filename
2018-12-25T12:00:21.613178574Z 64 PC: 17184 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:00:21.616961464Z 64 PC: 17184 | Write file or device (See above)
2018-12-25T12:00:21.651409606Z 12 PC: 18e06 | Flush input buffer and input (See above)

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6838,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:20.561322873Z 26 PC: 1ceb7 | Set disk transfer address
2018-12-25T12:00:20.563411287Z 71 PC: 1ced9 | Get current directory
2018-12-25T12:00:20.56622651Z 78 PC: 1cef5 | Find first file
2018-12-25T12:00:20.571930165Z 61 PC: 1cfc5 | Open file (Filename = 'TEST.EXE')
2018-12-25T12:00:20.578883202Z 87 PC: 1cfd4 | Get or set file date and time
2018-12-25T12:00:20.580379389Z 63 PC: 1cfed | Read file or device (Read 29 bytes on handle 5)
2018-12-25T12:00:20.58309378Z 87 PC: 1d022 | Get or set file date and time
2018-12-25T12:00:20.586910924Z 62 PC: 1d026 | Close file
2018-12-25T12:00:20.709792242Z 79 PC: 1cf2c | Find next file
2018-12-25T12:00:20.712182797Z 59 PC: 1cf38 | Change current directory
2018-12-25T12:00:20.721935177Z 42 PC: 1cf48 | Get date 0x1cf48: cmp al, 1
0x1cf4a: jne 0x1cf5a
0x1cf4c: mov al, byte ptr cs:[bp + 0x353]
0x1cf51: and al, 0x14
0x1cf53: cmp al, 0x14
0x1cf55: jne 0x1cf5a
0x1cf57: call 0x1d1e7
0x1cf5a: inc byte ptr cs:[bp + 0x354]
0x1cf5f: lea ax, word ptr [bp + 0x354]
0x1cf63: mov dx, 0x3b00
0x1cf66: xchg ax, dx
0x1cf67: int 0x21
0x1cf69: call 0x1d259
0x1cf6c: mov dx, 0x1a00
0x1cf6f: mov ax, 0x80
0x1cf72: xchg ax, dx
0x1cf73: int 0x21
0x1cf75: mov cx, 8
0x1cf78: lea si, word ptr [bp + 0x188]
0x1cf7c: lea di, word ptr [bp + 0x180]
2018-12-25T12:00:20.724103636Z 59 PC: 1cf69 | Change current directory
2018-12-25T12:00:20.73322008Z 26 PC: 1cf75 | Set disk transfer address
2018-12-25T12:00:20.752574795Z 48 PC: 18800 | Get DOS version
2018-12-25T12:00:20.754527497Z 74 PC: 18879 | Reallocate memory
2018-12-25T12:00:20.757924456Z 53 PC: 188f7 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:20.759945759Z 37 PC: 18909 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:00:20.761940875Z 68 PC: 18999 | I/O control for devices
2018-12-25T12:00:20.763874496Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:20.765698432Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:20.766996297Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:20.768324628Z 68 PC: 18999 | I/O control for devices (See above)
2018-12-25T12:00:20.772970375Z 56 PC: 18e06 | Get or set country info
2018-12-25T12:00:20.775072737Z 68 PC: 16d11 | I/O control for devices (Set for = '���=�ZҼ߱�(ڭ27��ʺ9U*C�Z �����T���:�z�{$���@� W`y��㨆 p��w�q��. �[Ɍ44R��R�~��')
2018-12-25T12:00:20.776761004Z 68 PC: 16d26 | I/O control for devices (Set for = '*eg?\I8�`�{9U��jl��˝sWkb��bh��+"`g�>�:�e��=��R2h��h�!�܅���N��S"޿DY��ug�y���y��r����0eqUŢm8u1��P���N�~l'��d�N��s�a�+�j����')
2018-12-25T12:00:20.778560855Z 84 PC: 174f7 | Get verify flag
2018-12-25T12:00:20.779531352Z 51 PC: 174ff | Get or set Ctrl-Break
2018-12-25T12:00:20.78022154Z 51 PC: 1750a | Get or set Ctrl-Break
2018-12-25T12:00:20.781296106Z 37 PC: 17514 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:00:20.783334619Z 53 PC: 17046 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:20.785454791Z 37 PC: 17056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:00:20.788866041Z 55 PC: 16d4c | Get or set switch character
2018-12-25T12:00:20.791031445Z 43 PC: 174db | Set date
2018-12-25T12:00:20.793856461Z 61 PC: 18f65 | Open file (Filename = '�:*O�k')
2018-12-25T12:00:20.805031415Z 61 PC: 18f65 | Open file (See above)
2018-12-25T12:00:20.811562645Z 68 PC: 169f5 | I/O control for devices (Set for = '!')
2018-12-25T12:00:20.822453759Z 61 PC: 17292 | Open file (Filename = '�LNf��ƚ�juF�D�� �iU�U���t��e���N�P��/���g/!��"w��9>��N�gfW�c�LEg�qOv�����ӷ �ص����A��1M���Y��A3�t���Q]*�?��ˇ9��CB�'��,�a�7�5�CÄ#�9t�4�� ֌_c��p�c���2����Q�ia/��
2018-12-25T12:00:20.829710659Z 227 PC: 16df6 | UNKNOWN!
2018-12-25T12:00:20.841547818Z 96 PC: 16dac | Qualify filename
2018-12-25T12:00:20.846383665Z 64 PC: 17184 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:00:20.852122875Z 64 PC: 17184 | Write file or device (See above)
2018-12-25T12:00:20.882514477Z 12 PC: 18e06 | Flush input buffer and input (See above)