Sample viewer

vx.netlux.org/Virus.DOS.TalkHead.519

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:25.506735035Z	26	PC: 12a4a \| Set disk transfer address
2018-12-17T22:50:25.509232808Z	78	PC: 12a5a \| Find first file
2018-12-17T22:50:25.515478168Z	61	PC: 12a65 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:25.522141965Z	87	PC: 12a70 \| Get or set file date and time
2018-12-17T22:50:25.52418115Z	63	PC: 12a86 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:50:25.533135018Z	66	PC: 12a9e \| Move file pointer
2018-12-17T22:50:25.534798834Z	64	PC: 12aac \| Write file or device (Write 519 bytes on handle 5)
2018-12-17T22:50:25.548825198Z	87	PC: 12ac2 \| Get or set file date and time
2018-12-17T22:50:25.552693309Z	62	PC: 12aca \| Close file
2018-12-17T22:50:25.560441829Z	79	PC: 12a5a \| Find next file
2018-12-17T22:50:25.563378611Z	61	PC: 12a65 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:25.571354579Z	87	PC: 12a70 \| Get or set file date and time
2018-12-17T22:50:25.573078146Z	63	PC: 12a86 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:50:25.579612577Z	66	PC: 12a9e \| Move file pointer
2018-12-17T22:50:25.582296102Z	64	PC: 12aac \| Write file or device (Write 519 bytes on handle 5)
2018-12-17T22:50:25.590810471Z	87	PC: 12ac2 \| Get or set file date and time
2018-12-17T22:50:25.592601606Z	62	PC: 12aca \| Close file
2018-12-17T22:50:25.60128685Z	91	PC: 12ae2 \| Create new file
2018-12-17T22:50:25.957771083Z	64	PC: 12af3 \| Write file or device (Write 519 bytes on handle 5)
2018-12-17T22:50:25.978039176Z	87	PC: 12b05 \| Get or set file date and time
2018-12-17T22:50:25.97983498Z	62	PC: 12b0d \| Close file
2018-12-17T22:50:25.98624765Z	91	PC: 12b27 \| Create new file
2018-12-17T22:50:25.997956777Z	64	PC: 12b3a \| Write file or device (Write 519 bytes on handle 5)
2018-12-17T22:50:26.006769801Z	87	PC: 12b4c \| Get or set file date and time
2018-12-17T22:50:26.01087853Z	62	PC: 12b54 \| Close file
2018-12-17T22:50:26.019952607Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 5 0x12b5a: jne 0x12b76 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp ch, 0x11 0x12b63: jne 0x12b76 0x12b65: mov si, 0x23a 0x12b68: mov cx, 0x48 0x12b6b: lodsb al, byte ptr [si] 0x12b6c: sub al, 0x7f 0x12b6e: mov ah, 2 0x12b70: mov dl, al 0x12b72: int 0x21 0x12b74: loop 0x12b6b 0x12b76: mov ah, 0x4c 0x12b78: int 0x21 0x12b7a: shl di, cl 0x12b7c: call 0x1cb71 0x12b7f: loopne 0x12b69 0x12b81: in ax, dx
2018-12-17T22:50:26.022751497Z	76	PC: 12b7a \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10211,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:28.463352617Z	26	PC: 12a4a \| Set disk transfer address
2018-12-25T12:27:28.465682657Z	78	PC: 12a5a \| Find first file
2018-12-25T12:27:28.471831017Z	61	PC: 12a65 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:28.478409791Z	87	PC: 12a70 \| Get or set file date and time
2018-12-25T12:27:28.480296297Z	63	PC: 12a86 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:27:28.486971829Z	66	PC: 12a9e \| Move file pointer
2018-12-25T12:27:28.488599669Z	64	PC: 12aac \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:27:28.504466744Z	87	PC: 12ac2 \| Get or set file date and time
2018-12-25T12:27:28.507089909Z	62	PC: 12aca \| Close file
2018-12-25T12:27:28.515259255Z	79	PC: 12a5a \| Find next file (See above)
2018-12-25T12:27:28.518409919Z	61	PC: 12a65 \| Open file (See above)
2018-12-25T12:27:28.52642898Z	87	PC: 12a70 \| Get or set file date and time (See above)
2018-12-25T12:27:28.52904686Z	63	PC: 12a86 \| Read file or device (See above)
2018-12-25T12:27:28.540200937Z	66	PC: 12a9e \| Move file pointer (See above)
2018-12-25T12:27:28.54457703Z	64	PC: 12aac \| Write file or device (See above)
2018-12-25T12:27:28.560542898Z	87	PC: 12ac2 \| Get or set file date and time (See above)
2018-12-25T12:27:28.562572002Z	62	PC: 12aca \| Close file (See above)
2018-12-25T12:27:28.571195292Z	91	PC: 12ae2 \| Create new file
2018-12-25T12:27:28.907822888Z	64	PC: 12af3 \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:27:28.916953185Z	87	PC: 12b05 \| Get or set file date and time
2018-12-25T12:27:28.920396577Z	62	PC: 12b0d \| Close file
2018-12-25T12:27:28.937269738Z	91	PC: 12b27 \| Create new file
2018-12-25T12:27:29.30947211Z	64	PC: 12b3a \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:27:29.318165321Z	87	PC: 12b4c \| Get or set file date and time
2018-12-25T12:27:29.321056101Z	62	PC: 12b54 \| Close file
2018-12-25T12:27:29.328836538Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 5 0x12b5a: jne 0x12b76 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp ch, 0x11 0x12b63: jne 0x12b76 0x12b65: mov si, 0x23a 0x12b68: mov cx, 0x48 0x12b6b: lodsb al, byte ptr [si] 0x12b6c: sub al, 0x7f 0x12b6e: mov ah, 2 0x12b70: mov dl, al 0x12b72: int 0x21 0x12b74: loop 0x12b6b 0x12b76: mov ah, 0x4c 0x12b78: int 0x21 0x12b7a: shl di, cl 0x12b7c: call 0x1cb71 0x12b7f: loopne 0x12b69 0x12b81: in ax, dx
2018-12-25T12:27:29.331254338Z	76	PC: 12b7a \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10211,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:28.696908026Z	26	PC: 12a4a \| Set disk transfer address
2018-12-25T12:27:28.699251096Z	78	PC: 12a5a \| Find first file
2018-12-25T12:27:28.705959325Z	61	PC: 12a65 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:28.712589284Z	87	PC: 12a70 \| Get or set file date and time
2018-12-25T12:27:28.71534259Z	63	PC: 12a86 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:27:28.740625988Z	66	PC: 12a9e \| Move file pointer
2018-12-25T12:27:28.741996133Z	64	PC: 12aac \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:27:28.908405569Z	87	PC: 12ac2 \| Get or set file date and time
2018-12-25T12:27:28.9108802Z	62	PC: 12aca \| Close file
2018-12-25T12:27:28.91878997Z	79	PC: 12a5a \| Find next file (See above)
2018-12-25T12:27:28.922209933Z	61	PC: 12a65 \| Open file (See above)
2018-12-25T12:27:28.930449352Z	87	PC: 12a70 \| Get or set file date and time (See above)
2018-12-25T12:27:28.933125777Z	63	PC: 12a86 \| Read file or device (See above)
2018-12-25T12:27:28.956832768Z	66	PC: 12a9e \| Move file pointer (See above)
2018-12-25T12:27:28.960816764Z	64	PC: 12aac \| Write file or device (See above)
2018-12-25T12:27:28.968861735Z	87	PC: 12ac2 \| Get or set file date and time (See above)
2018-12-25T12:27:28.970616273Z	62	PC: 12aca \| Close file (See above)
2018-12-25T12:27:28.979159605Z	91	PC: 12ae2 \| Create new file
2018-12-25T12:27:29.310311145Z	64	PC: 12af3 \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:27:29.319588842Z	87	PC: 12b05 \| Get or set file date and time
2018-12-25T12:27:29.322433978Z	62	PC: 12b0d \| Close file
2018-12-25T12:27:29.329285267Z	91	PC: 12b27 \| Create new file
2018-12-25T12:27:29.340736734Z	64	PC: 12b3a \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T12:27:29.349795673Z	87	PC: 12b4c \| Get or set file date and time
2018-12-25T12:27:29.351615045Z	62	PC: 12b54 \| Close file
2018-12-25T12:27:29.359414741Z	42	PC: 12b58 \| Get date 0x12b58: cmp al, 5 0x12b5a: jne 0x12b76 0x12b5c: mov ah, 0x2c 0x12b5e: int 0x21 0x12b60: cmp ch, 0x11 0x12b63: jne 0x12b76 0x12b65: mov si, 0x23a 0x12b68: mov cx, 0x48 0x12b6b: lodsb al, byte ptr [si] 0x12b6c: sub al, 0x7f 0x12b6e: mov ah, 2 0x12b70: mov dl, al 0x12b72: int 0x21 0x12b74: loop 0x12b6b 0x12b76: mov ah, 0x4c 0x12b78: int 0x21 0x12b7a: shl di, cl 0x12b7c: call 0x1cb71 0x12b7f: loopne 0x12b69 0x12b81: in ax, dx
2018-12-25T12:27:29.362731078Z	44	PC: 12b60 \| Get time 0x12b60: cmp ch, 0x11 0x12b63: jne 0x12b76 0x12b65: mov si, 0x23a 0x12b68: mov cx, 0x48 0x12b6b: lodsb al, byte ptr [si] 0x12b6c: sub al, 0x7f 0x12b6e: mov ah, 2 0x12b70: mov dl, al 0x12b72: int 0x21 0x12b74: loop 0x12b6b 0x12b76: mov ah, 0x4c 0x12b78: int 0x21 0x12b7a: shl di, cl 0x12b7c: call 0x1cb71 0x12b7f: loopne 0x12b69 0x12b81: in ax, dx 0x12b82: cmpsb byte ptr [si], byte ptr es:[di] 0x12b83: lahf 0x12b85: in ax, dx 0x12b86: out dx, al
2018-12-25T12:27:29.365734684Z	76	PC: 12b7a \| Terminate with return code (Return code = '0')