Sample viewer

vx.netlux.org/Virus.DOS.Oksana.1843

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:59:17.285926814Z	170	PC: 139f9 \| UNKNOWN!
2018-12-17T21:59:17.287302387Z	53	PC: 13a3e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:17.288353368Z	37	PC: 13a4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:17.290061677Z	26	PC: 13aaf \| Set disk transfer address
2018-12-17T21:59:17.291041891Z	78	PC: 13ab9 \| Find first file
2018-12-17T21:59:17.305761549Z	61	PC: 13aca \| Open file
2018-12-17T21:59:17.311736682Z	66	PC: 13ad6 \| Move file pointer
2018-12-17T21:59:17.312962207Z	66	PC: 13ae3 \| Move file pointer
2018-12-17T21:59:17.319893385Z	63	PC: 13aed \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:59:17.322618739Z	66	PC: 13b02 \| Move file pointer
2018-12-17T21:59:17.323842533Z	64	PC: 13b13 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T21:59:17.327290568Z	66	PC: 13ad6 \| Move file pointer
2018-12-17T21:59:17.328614128Z	66	PC: 13ae3 \| Move file pointer
2018-12-17T21:59:17.329826494Z	63	PC: 13aed \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:59:17.333011219Z	66	PC: 13b2c \| Move file pointer
2018-12-17T21:59:17.334626085Z	66	PC: 13b39 \| Move file pointer
2018-12-17T21:59:17.33598825Z	64	PC: 13b48 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T21:59:17.339115188Z	62	PC: 13b4c \| Close file
2018-12-17T21:59:17.677678421Z	67	PC: 13ec4 \| Get or set file attributes
2018-12-17T21:59:17.682819861Z	42	PC: 13b55 \| Get date 0x13b55: cmp dh, 0xa 0x13b58: je 0x13b5d 0x13b5a: jmp 0x13b7c 0x13b5c: nop 0x13b5d: cmp dl, 0x15 0x13b60: je 0x13b65 0x13b62: jmp 0x13b7c 0x13b64: nop 0x13b65: mov ax, 6 0x13b68: int 0x10 0x13b6a: mov ax, 0xe07 0x13b6d: int 0x10 0x13b6f: push cs 0x13b70: pop ds 0x13b71: mov ah, 9 0x13b73: mov dx, 0x6c3 0x13b76: int 0x21 0x13b78: mov ah, 0 0x13b7a: int 0x16 0x13b7c: push cs
2018-12-17T21:59:17.686580288Z	67	PC: 13b87 \| Get or set file attributes
2018-12-17T21:59:17.693772406Z	67	PC: 13b98 \| Get or set file attributes
2018-12-17T21:59:17.709552544Z	61	PC: 13ba1 \| Open file
2018-12-17T21:59:17.717150832Z	63	PC: 13bb6 \| Read file or device (Read 22 bytes on handle 5)
2018-12-17T21:59:17.733914475Z	66	PC: 13c31 \| Move file pointer
2018-12-17T21:59:17.735697115Z	64	PC: 13c74 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T21:59:17.739060708Z	66	PC: 13c7d \| Move file pointer
2018-12-17T21:59:17.751822561Z	64	PC: 13cbd \| Write file or device (Write 1843 bytes on handle 5)
2018-12-17T21:59:17.762003843Z	66	PC: 13cd3 \| Move file pointer
2018-12-17T21:59:17.765223926Z	64	PC: 13cea \| Write file or device (Write 22 bytes on handle 5)
2018-12-17T21:59:17.773534234Z	62	PC: 13cf3 \| Close file
2018-12-17T21:59:17.781922335Z	67	PC: 13ec4 \| Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1022,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:25.051413189Z	170	PC: 139f9 \| UNKNOWN!
2018-12-25T11:42:25.053976524Z	53	PC: 13a3e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:25.055378937Z	37	PC: 13a4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:25.057553227Z	26	PC: 13aaf \| Set disk transfer address
2018-12-25T11:42:25.059456327Z	78	PC: 13ab9 \| Find first file
2018-12-25T11:42:25.065724857Z	61	PC: 13aca \| Open file
2018-12-25T11:42:25.071699194Z	66	PC: 13ad6 \| Move file pointer
2018-12-25T11:42:25.073744321Z	66	PC: 13ae3 \| Move file pointer
2018-12-25T11:42:25.075238063Z	63	PC: 13aed \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:42:25.078043543Z	66	PC: 13b02 \| Move file pointer
2018-12-25T11:42:25.080083483Z	64	PC: 13b13 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:42:25.082905392Z	66	PC: 13ad6 \| Move file pointer (See above)
2018-12-25T11:42:25.084267298Z	66	PC: 13ae3 \| Move file pointer (See above)
2018-12-25T11:42:25.085646456Z	63	PC: 13aed \| Read file or device (See above)
2018-12-25T11:42:25.088797869Z	66	PC: 13b2c \| Move file pointer
2018-12-25T11:42:25.090637339Z	66	PC: 13b39 \| Move file pointer
2018-12-25T11:42:25.092265867Z	64	PC: 13b48 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:42:25.095689883Z	62	PC: 13b4c \| Close file
2018-12-25T11:42:25.413034916Z	67	PC: 13ec4 \| Get or set file attributes
2018-12-25T11:42:25.417970173Z	42	PC: 13b55 \| Get date 0x13b55: cmp dh, 0xa 0x13b58: je 0x13b5d 0x13b5a: jmp 0x13b7c 0x13b5c: nop 0x13b5d: cmp dl, 0x15 0x13b60: je 0x13b65 0x13b62: jmp 0x13b7c 0x13b64: nop 0x13b65: mov ax, 6 0x13b68: int 0x10 0x13b6a: mov ax, 0xe07 0x13b6d: int 0x10 0x13b6f: push cs 0x13b70: pop ds 0x13b71: mov ah, 9 0x13b73: mov dx, 0x6c3 0x13b76: int 0x21 0x13b78: mov ah, 0 0x13b7a: int 0x16 0x13b7c: push cs
2018-12-25T11:42:25.420346191Z	67	PC: 13b87 \| Get or set file attributes
2018-12-25T11:42:25.423994516Z	67	PC: 13b98 \| Get or set file attributes
2018-12-25T11:42:25.747741028Z	61	PC: 13ba1 \| Open file
2018-12-25T11:42:25.755982379Z	63	PC: 13bb6 \| Read file or device (Read 22 bytes on handle 5)
2018-12-25T11:42:25.76236649Z	66	PC: 13c31 \| Move file pointer
2018-12-25T11:42:25.76384881Z	64	PC: 13c74 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:42:25.767428105Z	66	PC: 13c7d \| Move file pointer
2018-12-25T11:42:25.769651217Z	64	PC: 13cbd \| Write file or device (Write 1843 bytes on handle 5)
2018-12-25T11:42:25.778701364Z	66	PC: 13cd3 \| Move file pointer
2018-12-25T11:42:25.780539551Z	64	PC: 13cea \| Write file or device (Write 22 bytes on handle 5)
2018-12-25T11:42:25.786960485Z	62	PC: 13cf3 \| Close file
2018-12-25T11:42:25.794953048Z	67	PC: 13ec4 \| Get or set file attributes (See above)

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1022,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:25.206422593Z	170	PC: 139f9 \| UNKNOWN!
2018-12-25T11:42:25.207918902Z	53	PC: 13a3e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:25.209147417Z	37	PC: 13a4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:25.211084835Z	26	PC: 13aaf \| Set disk transfer address
2018-12-25T11:42:25.212291844Z	78	PC: 13ab9 \| Find first file
2018-12-25T11:42:25.218745599Z	61	PC: 13aca \| Open file
2018-12-25T11:42:25.225203426Z	66	PC: 13ad6 \| Move file pointer
2018-12-25T11:42:25.226649255Z	66	PC: 13ae3 \| Move file pointer
2018-12-25T11:42:25.228513003Z	63	PC: 13aed \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:42:25.231554936Z	66	PC: 13b02 \| Move file pointer
2018-12-25T11:42:25.232971094Z	64	PC: 13b13 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:42:25.236340639Z	66	PC: 13ad6 \| Move file pointer (See above)
2018-12-25T11:42:25.23777777Z	66	PC: 13ae3 \| Move file pointer (See above)
2018-12-25T11:42:25.239164277Z	63	PC: 13aed \| Read file or device (See above)
2018-12-25T11:42:25.243136135Z	66	PC: 13b2c \| Move file pointer
2018-12-25T11:42:25.244668858Z	66	PC: 13b39 \| Move file pointer
2018-12-25T11:42:25.24597887Z	64	PC: 13b48 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:42:25.249116636Z	62	PC: 13b4c \| Close file
2018-12-25T11:42:25.589242569Z	67	PC: 13ec4 \| Get or set file attributes
2018-12-25T11:42:25.594502322Z	42	PC: 13b55 \| Get date 0x13b55: cmp dh, 0xa 0x13b58: je 0x13b5d 0x13b5a: jmp 0x13b7c 0x13b5c: nop 0x13b5d: cmp dl, 0x15 0x13b60: je 0x13b65 0x13b62: jmp 0x13b7c 0x13b64: nop 0x13b65: mov ax, 6 0x13b68: int 0x10 0x13b6a: mov ax, 0xe07 0x13b6d: int 0x10 0x13b6f: push cs 0x13b70: pop ds 0x13b71: mov ah, 9 0x13b73: mov dx, 0x6c3 0x13b76: int 0x21 0x13b78: mov ah, 0 0x13b7a: int 0x16 0x13b7c: push cs
2018-12-25T11:42:25.597313091Z	67	PC: 13b87 \| Get or set file attributes
2018-12-25T11:42:25.603502921Z	67	PC: 13b98 \| Get or set file attributes
2018-12-25T11:42:25.623444153Z	61	PC: 13ba1 \| Open file
2018-12-25T11:42:25.631070417Z	63	PC: 13bb6 \| Read file or device (Read 22 bytes on handle 5)
2018-12-25T11:42:25.638411478Z	66	PC: 13c31 \| Move file pointer
2018-12-25T11:42:25.639966712Z	64	PC: 13c74 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:42:25.643171269Z	66	PC: 13c7d \| Move file pointer
2018-12-25T11:42:25.645899215Z	64	PC: 13cbd \| Write file or device (Write 1843 bytes on handle 5)
2018-12-25T11:42:25.657233147Z	66	PC: 13cd3 \| Move file pointer
2018-12-25T11:42:25.658665107Z	64	PC: 13cea \| Write file or device (Write 22 bytes on handle 5)
2018-12-25T11:42:25.666269494Z	62	PC: 13cf3 \| Close file
2018-12-25T11:42:25.67549455Z	67	PC: 13ec4 \| Get or set file attributes (See above)

{"DateBased":true,"Day":21,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1022,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:25.374740328Z	170	PC: 139f9 \| UNKNOWN!
2018-12-25T11:42:25.377255945Z	53	PC: 13a3e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:25.37868533Z	37	PC: 13a4b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:25.380303987Z	26	PC: 13aaf \| Set disk transfer address
2018-12-25T11:42:25.382051359Z	78	PC: 13ab9 \| Find first file
2018-12-25T11:42:25.385949721Z	61	PC: 13aca \| Open file
2018-12-25T11:42:25.389830037Z	66	PC: 13ad6 \| Move file pointer
2018-12-25T11:42:25.393900673Z	66	PC: 13ae3 \| Move file pointer
2018-12-25T11:42:25.395233199Z	63	PC: 13aed \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:42:25.397444103Z	66	PC: 13b02 \| Move file pointer
2018-12-25T11:42:25.399272974Z	64	PC: 13b13 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:42:25.402748329Z	66	PC: 13ad6 \| Move file pointer (See above)
2018-12-25T11:42:25.406147867Z	66	PC: 13ae3 \| Move file pointer (See above)
2018-12-25T11:42:25.407915029Z	63	PC: 13aed \| Read file or device (See above)
2018-12-25T11:42:25.410376956Z	66	PC: 13b2c \| Move file pointer
2018-12-25T11:42:25.411820547Z	66	PC: 13b39 \| Move file pointer
2018-12-25T11:42:25.41369894Z	64	PC: 13b48 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:42:25.415901701Z	62	PC: 13b4c \| Close file
2018-12-25T11:42:25.747148412Z	67	PC: 13ec4 \| Get or set file attributes
2018-12-25T11:42:25.751324018Z	42	PC: 13b55 \| Get date 0x13b55: cmp dh, 0xa 0x13b58: je 0x13b5d 0x13b5a: jmp 0x13b7c 0x13b5c: nop 0x13b5d: cmp dl, 0x15 0x13b60: je 0x13b65 0x13b62: jmp 0x13b7c 0x13b64: nop 0x13b65: mov ax, 6 0x13b68: int 0x10 0x13b6a: mov ax, 0xe07 0x13b6d: int 0x10 0x13b6f: push cs 0x13b70: pop ds 0x13b71: mov ah, 9 0x13b73: mov dx, 0x6c3 0x13b76: int 0x21 0x13b78: mov ah, 0 0x13b7a: int 0x16 0x13b7c: push cs
2018-12-25T11:42:25.761207491Z	9	PC: 13b78 \| Display string (Could not find end pointer)