Sample viewer

vx.netlux.org/Virus.DOS.Slovakia.1629

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:32.420471933Z	44	PC: 13dde \| Get time 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff
2018-12-17T22:41:32.422924234Z	44	PC: 13deb \| Get time 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff 0x13e12: ja 0x13e19 0x13e14: cmp dh, 2 0x13e17: jb 0x13dff 0x13e19: cmp al, 1 0x13e1b: je 0x13e27
2018-12-17T22:41:32.425677776Z	67	PC: 13dc5 \| Get or set file attributes
2018-12-17T22:41:32.431902945Z	42	PC: 13dc5 \| Get date 0x13dc5: ret 0x13dc6: push dx 0x13dc7: push cx 0x13dc8: mov ah, 0x2c 0x13dca: call 0x23dc3 0x13dcd: mov ah, 0 0x13dcf: mov al, dl 0x13dd1: pop cx 0x13dd2: pop dx 0x13dd3: ret 0x13dd4: xor cx, cx 0x13dd6: mov dx, 0x36 0x13dd9: mov ax, 0x2c21 0x13ddc: int 0x21 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh
2018-12-17T22:41:32.434405532Z	48	PC: 13dc5 \| Get DOS version
2018-12-17T22:41:32.442897582Z	37	PC: 13dc5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:32.445041363Z	47	PC: 13dc5 \| Get disk transfer address
2018-12-17T22:41:32.447337633Z	26	PC: 13dc5 \| Set disk transfer address
2018-12-17T22:41:32.451287847Z	71	PC: 13dc5 \| Get current directory
2018-12-17T22:41:32.466689788Z	78	PC: 13dc5 \| Find first file
2018-12-17T22:41:32.476892767Z	67	PC: 13dc5 \| Get or set file attributes
2018-12-17T22:41:32.496215508Z	67	PC: 13dc5 \| Get or set file attributes
2018-12-17T22:41:32.854989764Z	61	PC: 13dc5 \| Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:41:32.863716489Z	87	PC: 13dc5 \| Get or set file date and time
2018-12-17T22:41:32.866425485Z	63	PC: 13dc5 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:41:32.875435382Z	66	PC: 13dc5 \| Move file pointer
2018-12-17T22:41:32.877609148Z	44	PC: 13dc5 \| Get time 0x13dc5: ret 0x13dc6: push dx 0x13dc7: push cx 0x13dc8: mov ah, 0x2c 0x13dca: call 0x23dc3 0x13dcd: mov ah, 0 0x13dcf: mov al, dl 0x13dd1: pop cx 0x13dd2: pop dx 0x13dd3: ret 0x13dd4: xor cx, cx 0x13dd6: mov dx, 0x36 0x13dd9: mov ax, 0x2c21 0x13ddc: int 0x21 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh
2018-12-17T22:41:32.886739716Z	64	PC: 13dc5 \| Write file or device (Write 72 bytes on handle 5)
2018-12-17T22:41:32.895389236Z	44	PC: 13dc5 \| Get time 0x13dc5: ret 0x13dc6: push dx 0x13dc7: push cx 0x13dc8: mov ah, 0x2c 0x13dca: call 0x23dc3 0x13dcd: mov ah, 0 0x13dcf: mov al, dl 0x13dd1: pop cx 0x13dd2: pop dx 0x13dd3: ret 0x13dd4: xor cx, cx 0x13dd6: mov dx, 0x36 0x13dd9: mov ax, 0x2c21 0x13ddc: int 0x21 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh
2018-12-17T22:41:32.898039978Z	44	PC: 13dc5 \| Get time 0x13dc5: ret 0x13dc6: push dx 0x13dc7: push cx 0x13dc8: mov ah, 0x2c 0x13dca: call 0x23dc3 0x13dcd: mov ah, 0 0x13dcf: mov al, dl 0x13dd1: pop cx 0x13dd2: pop dx 0x13dd3: ret 0x13dd4: xor cx, cx 0x13dd6: mov dx, 0x36 0x13dd9: mov ax, 0x2c21 0x13ddc: int 0x21 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh
2018-12-17T22:41:32.901436061Z	64	PC: 13dc5 \| Write file or device (Write 1661 bytes on handle 5)
2018-12-17T22:41:32.913286652Z	66	PC: 13dc5 \| Move file pointer
2018-12-17T22:41:32.914939587Z	64	PC: 13dc5 \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:41:32.919245115Z	87	PC: 13dc5 \| Get or set file date and time
2018-12-17T22:41:32.924411025Z	62	PC: 13dc5 \| Close file
2018-12-17T22:41:32.93255668Z	67	PC: 13dc5 \| Get or set file attributes
2018-12-17T22:41:32.943669889Z	26	PC: 13dc5 \| Set disk transfer address
2018-12-17T22:41:32.946818801Z	37	PC: 13dc5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:32.94852488Z	42	PC: 13dc5 \| Get date 0x13dc5: ret 0x13dc6: push dx 0x13dc7: push cx 0x13dc8: mov ah, 0x2c 0x13dca: call 0x23dc3 0x13dcd: mov ah, 0 0x13dcf: mov al, dl 0x13dd1: pop cx 0x13dd2: pop dx 0x13dd3: ret 0x13dd4: xor cx, cx 0x13dd6: mov dx, 0x36 0x13dd9: mov ax, 0x2c21 0x13ddc: int 0x21 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh
2018-12-17T22:41:32.951392806Z	44	PC: 13dc5 \| Get time 0x13dc5: ret 0x13dc6: push dx 0x13dc7: push cx 0x13dc8: mov ah, 0x2c 0x13dca: call 0x23dc3 0x13dcd: mov ah, 0 0x13dcf: mov al, dl 0x13dd1: pop cx 0x13dd2: pop dx 0x13dd3: ret 0x13dd4: xor cx, cx 0x13dd6: mov dx, 0x36 0x13dd9: mov ax, 0x2c21 0x13ddc: int 0x21 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:15.780924533Z	44	PC: 13dde \| Get time 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff
2018-12-25T12:01:15.783443115Z	44	PC: 13deb \| Get time 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff 0x13e12: ja 0x13e19 0x13e14: cmp dh, 2 0x13e17: jb 0x13dff 0x13e19: cmp al, 1 0x13e1b: je 0x13e27
2018-12-25T12:01:15.785536882Z	67	PC: 13dc5 \| Get or set file attributes
2018-12-25T12:01:15.790585356Z	42	PC: 13dc5 \| Get date (See above)
2018-12-25T12:01:15.793624761Z	48	PC: 13dc5 \| Get DOS version (See above)
2018-12-25T12:01:15.794720851Z	37	PC: 13dc5 \| Set interrupt vector (See above)
2018-12-25T12:01:15.795766299Z	47	PC: 13dc5 \| Get disk transfer address (See above)
2018-12-25T12:01:15.797778273Z	26	PC: 13dc5 \| Set disk transfer address (See above)
2018-12-25T12:01:15.798874767Z	71	PC: 13dc5 \| Get current directory (See above)
2018-12-25T12:01:15.801670533Z	78	PC: 13dc5 \| Find first file (See above)
2018-12-25T12:01:15.811023097Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:15.817824113Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:16.145886377Z	61	PC: 13dc5 \| Open file (See above)
2018-12-25T12:01:16.15311077Z	87	PC: 13dc5 \| Get or set file date and time (See above)
2018-12-25T12:01:16.155405648Z	63	PC: 13dc5 \| Read file or device (See above)
2018-12-25T12:01:16.166841632Z	66	PC: 13dc5 \| Move file pointer (See above)
2018-12-25T12:01:16.177889157Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.181697631Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.18840099Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.191030843Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.19474435Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.2086773Z	66	PC: 13dc5 \| Move file pointer (See above)
2018-12-25T12:01:16.210419512Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.214401566Z	87	PC: 13dc5 \| Get or set file date and time (See above)
2018-12-25T12:01:16.216462112Z	62	PC: 13dc5 \| Close file (See above)
2018-12-25T12:01:16.226546315Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:16.240422869Z	26	PC: 13dc5 \| Set disk transfer address (See above)
2018-12-25T12:01:16.241472347Z	37	PC: 13dc5 \| Set interrupt vector (See above)
2018-12-25T12:01:16.242573226Z	42	PC: 13dc5 \| Get date (See above)
2018-12-25T12:01:16.24547363Z	76	PC: 13a42 \| Terminate with return code (Return code = '119')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":56,"TimeBased":true,"OriginalID":7255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:15.786616003Z	44	PC: 13dde \| Get time 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff
2018-12-25T12:01:15.792244685Z	44	PC: 13deb \| Get time 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff 0x13e12: ja 0x13e19 0x13e14: cmp dh, 2 0x13e17: jb 0x13dff 0x13e19: cmp al, 1 0x13e1b: je 0x13e27
2018-12-25T12:01:15.794962039Z	67	PC: 13dc5 \| Get or set file attributes
2018-12-25T12:01:15.800965004Z	42	PC: 13dc5 \| Get date (See above)
2018-12-25T12:01:15.80350376Z	48	PC: 13dc5 \| Get DOS version (See above)
2018-12-25T12:01:15.80551286Z	37	PC: 13dc5 \| Set interrupt vector (See above)
2018-12-25T12:01:15.80673581Z	47	PC: 13dc5 \| Get disk transfer address (See above)
2018-12-25T12:01:15.808002027Z	26	PC: 13dc5 \| Set disk transfer address (See above)
2018-12-25T12:01:15.809551855Z	71	PC: 13dc5 \| Get current directory (See above)
2018-12-25T12:01:15.813016109Z	78	PC: 13dc5 \| Find first file (See above)
2018-12-25T12:01:15.823314601Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:15.831414213Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:16.513480559Z	61	PC: 13dc5 \| Open file (See above)
2018-12-25T12:01:16.521211465Z	87	PC: 13dc5 \| Get or set file date and time (See above)
2018-12-25T12:01:16.524707034Z	63	PC: 13dc5 \| Read file or device (See above)
2018-12-25T12:01:16.530914943Z	66	PC: 13dc5 \| Move file pointer (See above)
2018-12-25T12:01:16.532462598Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.535812446Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.542692448Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.545113125Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.548608486Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.560053194Z	66	PC: 13dc5 \| Move file pointer (See above)
2018-12-25T12:01:16.562077096Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.565953664Z	87	PC: 13dc5 \| Get or set file date and time (See above)
2018-12-25T12:01:16.568189557Z	62	PC: 13dc5 \| Close file (See above)
2018-12-25T12:01:16.575910643Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:16.586928773Z	26	PC: 13dc5 \| Set disk transfer address (See above)
2018-12-25T12:01:16.588482508Z	37	PC: 13dc5 \| Set interrupt vector (See above)
2018-12-25T12:01:16.589805902Z	42	PC: 13dc5 \| Get date (See above)
2018-12-25T12:01:16.593330407Z	76	PC: 13a42 \| Terminate with return code (Return code = '119')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":57,"TimeBased":true,"OriginalID":7255,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:15.865688908Z	44	PC: 13dde \| Get time 0x13dde: call 0x23a56 0x13de1: mov bx, dx 0x13de3: mov ax, 0x2c42 0x13de6: mov cx, 0x15f7 0x13de9: int 0x21 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff
2018-12-25T12:01:15.86865798Z	44	PC: 13deb \| Get time 0x13deb: cmp dh, bh 0x13ded: jae 0x13df2 0x13def: add dh, 0x3b 0x13df2: sub dh, bh 0x13df4: cmp dh, 2 0x13df7: ja 0x13dfc 0x13df9: jmp 0x13a65 0x13dfc: call 0x23c36 0x13dff: ret 0x13e00: cmp byte ptr [0x65b], 0xf 0x13e05: jbe 0x13dff 0x13e07: mov ah, 0x2a 0x13e09: call 0x23dc3 0x13e0c: cmp cx, 0x7c8 0x13e10: jb 0x13dff 0x13e12: ja 0x13e19 0x13e14: cmp dh, 2 0x13e17: jb 0x13dff 0x13e19: cmp al, 1 0x13e1b: je 0x13e27
2018-12-25T12:01:15.87145732Z	67	PC: 13dc5 \| Get or set file attributes
2018-12-25T12:01:15.878207339Z	42	PC: 13dc5 \| Get date (See above)
2018-12-25T12:01:15.880472795Z	48	PC: 13dc5 \| Get DOS version (See above)
2018-12-25T12:01:15.882377669Z	37	PC: 13dc5 \| Set interrupt vector (See above)
2018-12-25T12:01:15.88366243Z	47	PC: 13dc5 \| Get disk transfer address (See above)
2018-12-25T12:01:15.885099206Z	26	PC: 13dc5 \| Set disk transfer address (See above)
2018-12-25T12:01:15.889422829Z	71	PC: 13dc5 \| Get current directory (See above)
2018-12-25T12:01:15.893208615Z	78	PC: 13dc5 \| Find first file (See above)
2018-12-25T12:01:15.903673698Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:15.911967751Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:16.513602535Z	61	PC: 13dc5 \| Open file (See above)
2018-12-25T12:01:16.521467402Z	87	PC: 13dc5 \| Get or set file date and time (See above)
2018-12-25T12:01:16.523965535Z	63	PC: 13dc5 \| Read file or device (See above)
2018-12-25T12:01:16.530052109Z	66	PC: 13dc5 \| Move file pointer (See above)
2018-12-25T12:01:16.531479475Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.534030968Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.54235262Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.544643386Z	44	PC: 13dc5 \| Get time (See above)
2018-12-25T12:01:16.54706449Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.558538509Z	66	PC: 13dc5 \| Move file pointer (See above)
2018-12-25T12:01:16.560110027Z	64	PC: 13dc5 \| Write file or device (See above)
2018-12-25T12:01:16.563586942Z	87	PC: 13dc5 \| Get or set file date and time (See above)
2018-12-25T12:01:16.565760895Z	62	PC: 13dc5 \| Close file (See above)
2018-12-25T12:01:16.577215762Z	67	PC: 13dc5 \| Get or set file attributes (See above)
2018-12-25T12:01:16.58833253Z	26	PC: 13dc5 \| Set disk transfer address (See above)
2018-12-25T12:01:16.592500233Z	37	PC: 13dc5 \| Set interrupt vector (See above)
2018-12-25T12:01:16.594050247Z	42	PC: 13dc5 \| Get date (See above)
2018-12-25T12:01:16.597117385Z	76	PC: 13a42 \| Terminate with return code (Return code = '119')