Sample viewer

vx.netlux.org/Virus.DOS.Grog.1007

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:34.506413974Z 42 PC: 13014 | Get date 0x13014: cmp dl, 0x1f
0x13017: jne 0x1303f
0x13019: call 0x13036
0x1301c: dec cx
0x1301d: insb byte ptr es:[di], dx
0x1301e: inc bx
0x1301f: jne 0x13090
0x13021: arpl word ptr [bx - 6], bp
0x13024: sub byte ptr [bp + di + 0x29], al
0x13027: cli
0x13028: daa
0x13029: cmp word ptr [bp + di], si
0x1302b: cli
0x1302c: bound di, dword ptr [bx + di - 6]
0x1302f: inc di
0x13030: push dx
0x13031: dec di
0x13032: inc di
0x13033: or ax, 0x240a
0x13036: pop dx
2018-12-17T22:44:34.509261452Z 61 PC: 13056 | Open file (Filename = '��������H�!s�')
2018-12-17T22:44:34.515498155Z 76 PC: 13007 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8261,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:59.678588672Z 42 PC: 13014 | Get date 0x13014: cmp dl, 0x1f
0x13017: jne 0x1303f
0x13019: call 0x13036
0x1301c: dec cx
0x1301d: insb byte ptr es:[di], dx
0x1301e: inc bx
0x1301f: jne 0x13090
0x13021: arpl word ptr [bx - 6], bp
0x13024: sub byte ptr [bp + di + 0x29], al
0x13027: cli
0x13028: daa
0x13029: cmp word ptr [bp + di], si
0x1302b: cli
0x1302c: bound di, dword ptr [bx + di - 6]
0x1302f: inc di
0x13030: push dx
0x13031: dec di
0x13032: inc di
0x13033: or ax, 0x240a
0x13036: pop dx
2018-12-25T12:03:59.683407965Z 61 PC: 13056 | Open file (Filename = 'ero')
2018-12-25T12:03:59.688498717Z 76 PC: 13007 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8261,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:59.85588765Z 42 PC: 13014 | Get date 0x13014: cmp dl, 0x1f
0x13017: jne 0x1303f
0x13019: call 0x13036
0x1301c: dec cx
0x1301d: insb byte ptr es:[di], dx
0x1301e: inc bx
0x1301f: jne 0x13090
0x13021: arpl word ptr [bx - 6], bp
0x13024: sub byte ptr [bp + di + 0x29], al
0x13027: cli
0x13028: daa
0x13029: cmp word ptr [bp + di], si
0x1302b: cli
0x1302c: bound di, dword ptr [bx + di - 6]
0x1302f: inc di
0x13030: push dx
0x13031: dec di
0x13032: inc di
0x13033: or ax, 0x240a
0x13036: pop dx
2018-12-25T12:03:59.858379398Z 9 PC: 1303d | Display string (Could not find end pointer)
2018-12-25T12:03:59.862279861Z 61 PC: 13056 | Open file (Filename = '')
2018-12-25T12:03:59.864615722Z 76 PC: 13007 | Terminate with return code (Return code = '0')