Sample viewer

vx.netlux.org/Virus.DOS.Vein.237

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:33.114414979Z	42	PC: 12a46 \| Get date 0x12a46: cmp dl, 3 0x12a49: je 0x12a53 0x12a4b: call 0x12a5e 0x12a4e: mov ax, 0x4c00 0x12a51: int 0x21 0x12a53: xor cx, cx 0x12a55: mov ah, 9 0x12a57: mov dx, 0x164 0x12a5a: int 0x21 0x12a5c: int 0x20 0x12a5e: nop 0x12a5f: nop 0x12a60: call 0x12a63 0x12a63: pop bp 0x12a64: add ax, 2 0x12a67: inc ax 0x12a68: sub ax, 3 0x12a6b: nop 0x12a6c: mov ah, 0x4e 0x12a6e: mov dx, 0x1e7
2018-12-17T22:50:33.117955472Z	78	PC: 12a76 \| Find first file
2018-12-17T22:50:33.124129572Z	61	PC: 12a82 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:33.130572492Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.131977955Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.139726975Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.14150659Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.155152557Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.158739133Z	61	PC: 12a82 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:33.170581666Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.17204308Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.183834367Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.185367979Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.192568642Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.196180004Z	61	PC: 12a82 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:33.202795402Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.204279337Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.21177772Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.213734577Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.221843744Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.225833808Z	61	PC: 12a82 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:33.232406365Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.234058286Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.241932918Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.2437975Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.25362361Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.257497315Z	61	PC: 12a82 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:33.263952121Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.265448446Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.272924791Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.276062494Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.283372499Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.285884536Z	61	PC: 12a82 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:33.293188712Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.294512597Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.300825145Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.302770342Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.312421652Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.314938378Z	61	PC: 12a82 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:50:33.322131632Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.32363971Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.331471054Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.333822157Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.340998085Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.343497147Z	61	PC: 12a82 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:50:33.350028083Z	87	PC: 12a88 \| Get or set file date and time
2018-12-17T22:50:33.352134959Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-17T22:50:33.358722024Z	87	PC: 12a9b \| Get or set file date and time
2018-12-17T22:50:33.360139356Z	62	PC: 12a9f \| Close file
2018-12-17T22:50:33.372004542Z	79	PC: 12a76 \| Find next file
2018-12-17T22:50:33.374982375Z	76	PC: 12a53 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10259,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:36.401032396Z	42	PC: 12a46 \| Get date 0x12a46: cmp dl, 3 0x12a49: je 0x12a53 0x12a4b: call 0x12a5e 0x12a4e: mov ax, 0x4c00 0x12a51: int 0x21 0x12a53: xor cx, cx 0x12a55: mov ah, 9 0x12a57: mov dx, 0x164 0x12a5a: int 0x21 0x12a5c: int 0x20 0x12a5e: nop 0x12a5f: nop 0x12a60: call 0x12a63 0x12a63: pop bp 0x12a64: add ax, 2 0x12a67: inc ax 0x12a68: sub ax, 3 0x12a6b: nop 0x12a6c: mov ah, 0x4e 0x12a6e: mov dx, 0x1e7
2018-12-25T12:27:36.403439989Z	78	PC: 12a76 \| Find first file
2018-12-25T12:27:36.409810759Z	61	PC: 12a82 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:36.418461243Z	87	PC: 12a88 \| Get or set file date and time
2018-12-25T12:27:36.419805886Z	64	PC: 12a94 \| Write file or device (Write 237 bytes on handle 5)
2018-12-25T12:27:36.42614121Z	87	PC: 12a9b \| Get or set file date and time
2018-12-25T12:27:36.428040824Z	62	PC: 12a9f \| Close file
2018-12-25T12:27:36.441543191Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.444080771Z	61	PC: 12a82 \| Open file (See above)
2018-12-25T12:27:36.450833082Z	87	PC: 12a88 \| Get or set file date and time (See above)
2018-12-25T12:27:36.452137536Z	64	PC: 12a94 \| Write file or device (See above)
2018-12-25T12:27:36.458563996Z	87	PC: 12a9b \| Get or set file date and time (See above)
2018-12-25T12:27:36.460244116Z	62	PC: 12a9f \| Close file (See above)
2018-12-25T12:27:36.481703861Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.493560995Z	61	PC: 12a82 \| Open file (See above)
2018-12-25T12:27:36.500475287Z	87	PC: 12a88 \| Get or set file date and time (See above)
2018-12-25T12:27:36.502111891Z	64	PC: 12a94 \| Write file or device (See above)
2018-12-25T12:27:36.521058379Z	87	PC: 12a9b \| Get or set file date and time (See above)
2018-12-25T12:27:36.52333422Z	62	PC: 12a9f \| Close file (See above)
2018-12-25T12:27:36.694657792Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.697657058Z	61	PC: 12a82 \| Open file (See above)
2018-12-25T12:27:36.704427724Z	87	PC: 12a88 \| Get or set file date and time (See above)
2018-12-25T12:27:36.706822347Z	64	PC: 12a94 \| Write file or device (See above)
2018-12-25T12:27:36.713838947Z	87	PC: 12a9b \| Get or set file date and time (See above)
2018-12-25T12:27:36.715718713Z	62	PC: 12a9f \| Close file (See above)
2018-12-25T12:27:36.758870145Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.76155284Z	61	PC: 12a82 \| Open file (See above)
2018-12-25T12:27:36.768473716Z	87	PC: 12a88 \| Get or set file date and time (See above)
2018-12-25T12:27:36.771231678Z	64	PC: 12a94 \| Write file or device (See above)
2018-12-25T12:27:36.777782682Z	87	PC: 12a9b \| Get or set file date and time (See above)
2018-12-25T12:27:36.779328832Z	62	PC: 12a9f \| Close file (See above)
2018-12-25T12:27:36.799839222Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.802726455Z	61	PC: 12a82 \| Open file (See above)
2018-12-25T12:27:36.809720413Z	87	PC: 12a88 \| Get or set file date and time (See above)
2018-12-25T12:27:36.812505088Z	64	PC: 12a94 \| Write file or device (See above)
2018-12-25T12:27:36.821218049Z	87	PC: 12a9b \| Get or set file date and time (See above)
2018-12-25T12:27:36.822982569Z	62	PC: 12a9f \| Close file (See above)
2018-12-25T12:27:36.831748087Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.835883448Z	61	PC: 12a82 \| Open file (See above)
2018-12-25T12:27:36.844019349Z	87	PC: 12a88 \| Get or set file date and time (See above)
2018-12-25T12:27:36.846030093Z	64	PC: 12a94 \| Write file or device (See above)
2018-12-25T12:27:36.854862573Z	87	PC: 12a9b \| Get or set file date and time (See above)
2018-12-25T12:27:36.857148341Z	62	PC: 12a9f \| Close file (See above)
2018-12-25T12:27:36.866700419Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.871110348Z	61	PC: 12a82 \| Open file (See above)
2018-12-25T12:27:36.877689718Z	87	PC: 12a88 \| Get or set file date and time (See above)
2018-12-25T12:27:36.879324113Z	64	PC: 12a94 \| Write file or device (See above)
2018-12-25T12:27:36.88317898Z	87	PC: 12a9b \| Get or set file date and time (See above)
2018-12-25T12:27:36.885769109Z	62	PC: 12a9f \| Close file (See above)
2018-12-25T12:27:36.893768892Z	79	PC: 12a76 \| Find next file (See above)
2018-12-25T12:27:36.896799431Z	76	PC: 12a53 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10259,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:36.50067607Z	42	PC: 12a46 \| Get date 0x12a46: cmp dl, 3 0x12a49: je 0x12a53 0x12a4b: call 0x12a5e 0x12a4e: mov ax, 0x4c00 0x12a51: int 0x21 0x12a53: xor cx, cx 0x12a55: mov ah, 9 0x12a57: mov dx, 0x164 0x12a5a: int 0x21 0x12a5c: int 0x20 0x12a5e: nop 0x12a5f: nop 0x12a60: call 0x12a63 0x12a63: pop bp 0x12a64: add ax, 2 0x12a67: inc ax 0x12a68: sub ax, 3 0x12a6b: nop 0x12a6c: mov ah, 0x4e 0x12a6e: mov dx, 0x1e7
2018-12-25T12:27:36.502421654Z	9	PC: 12a5c \| Display string (String= 'Enjoy knowledge before it too becomes a crime..... KNOWLEDGE virus by: VEiN 1995 GReeTZ 2 aLL N #Virus and Tara J******* :) ')