Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Gram.4175

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:11.306220081Z	78	PC: 12a57 \| Find first file
2018-12-17T22:51:11.313216124Z	61	PC: 12a73 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:11.320990078Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.33649186Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.345719174Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.35008187Z	61	PC: 12a73 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:51:11.357147023Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.367955117Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.381383754Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.384278542Z	61	PC: 12a73 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:51:11.391142818Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.401716211Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.410512615Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.413686578Z	61	PC: 12a73 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:51:11.422503111Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.434793029Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.444256236Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.447415682Z	61	PC: 12a73 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:51:11.455004839Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.464087522Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.472872715Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.47756457Z	61	PC: 12a73 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:51:11.488890937Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.499956655Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.510372042Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.513243697Z	61	PC: 12a73 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:51:11.521371214Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.531355401Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.540166955Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.543213207Z	61	PC: 12a73 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:51:11.551939911Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-17T22:51:11.561161886Z	62	PC: 12a82 \| Close file
2018-12-17T22:51:11.574839711Z	79	PC: 12a57 \| Find next file
2018-12-17T22:51:11.57827251Z	59	PC: 12a64 \| Change current directory
2018-12-17T22:51:11.583172375Z	42	PC: 12a8a \| Get date 0x12a8a: cmp dl, 0xf 0x12a8d: jne 0x12ac5 0x12a8f: nop 0x12a90: nop 0x12a91: nop 0x12a92: call 0x12ac7 0x12a95: push cs 0x12a96: pop ds 0x12a97: mov ax, 0xb800 0x12a9a: mov es, ax 0x12a9c: xor di, di 0x12a9e: mov si, 0x1af 0x12aa1: mov cx, 0xfa0 0x12aa4: nop 0x12aa5: rep movsd dword ptr es:[di], dword ptr [si] 0x12aa7: xor ax, ax 0x12aa9: int 0x16 0x12aab: cdq 0x12aac: xor cx, cx 0x12aae: mov ax, 0x5701

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10477,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:09.676698424Z	78	PC: 12a57 \| Find first file
2018-12-25T12:28:09.684140748Z	61	PC: 12a73 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:09.690721455Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-25T12:28:09.705366709Z	62	PC: 12a82 \| Close file
2018-12-25T12:28:09.714432802Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.717338897Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.723935745Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.733531923Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.753693324Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.765393893Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.773405491Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.782336395Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.790338771Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.79340432Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.800246715Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.808846806Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.816852314Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.825996119Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.832131339Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.840792336Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.856403374Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.859893858Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.866563092Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.876818333Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.891276879Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.894270018Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.901860437Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.910683339Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.919032576Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.922157701Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.929375043Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.937325524Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.945028732Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.948444986Z	59	PC: 12a64 \| Change current directory
2018-12-25T12:28:09.952799989Z	42	PC: 12a8a \| Get date 0x12a8a: cmp dl, 0xf 0x12a8d: jne 0x12ac5 0x12a8f: nop 0x12a90: nop 0x12a91: nop 0x12a92: call 0x12ac7 0x12a95: push cs 0x12a96: pop ds 0x12a97: mov ax, 0xb800 0x12a9a: mov es, ax 0x12a9c: xor di, di 0x12a9e: mov si, 0x1af 0x12aa1: mov cx, 0xfa0 0x12aa4: nop 0x12aa5: rep movsd dword ptr es:[di], dword ptr [si] 0x12aa7: xor ax, ax 0x12aa9: int 0x16 0x12aab: cdq 0x12aac: xor cx, cx 0x12aae: mov ax, 0x5701

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10477,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:09.716990313Z	78	PC: 12a57 \| Find first file
2018-12-25T12:28:09.723942376Z	61	PC: 12a73 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:09.730950044Z	64	PC: 12a7e \| Write file or device (Write 4175 bytes on handle 5)
2018-12-25T12:28:09.746134611Z	62	PC: 12a82 \| Close file
2018-12-25T12:28:09.759255143Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.764979525Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.771535032Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.779847113Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.788398628Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.791000419Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.79784124Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.807499475Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.815763287Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.818380384Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.8315563Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.845048367Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.85302765Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.856270116Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.863691463Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.87283067Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.881204189Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.884726465Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.891093972Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.902643277Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.916274306Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.919166655Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.9258243Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.935361484Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.943672279Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.94630325Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:28:09.953803824Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:28:09.961893138Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:28:09.969850483Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:28:09.973809747Z	59	PC: 12a64 \| Change current directory
2018-12-25T12:28:09.978299786Z	42	PC: 12a8a \| Get date 0x12a8a: cmp dl, 0xf 0x12a8d: jne 0x12ac5 0x12a8f: nop 0x12a90: nop 0x12a91: nop 0x12a92: call 0x12ac7 0x12a95: push cs 0x12a96: pop ds 0x12a97: mov ax, 0xb800 0x12a9a: mov es, ax 0x12a9c: xor di, di 0x12a9e: mov si, 0x1af 0x12aa1: mov cx, 0xfa0 0x12aa4: nop 0x12aa5: rep movsd dword ptr es:[di], dword ptr [si] 0x12aa7: xor ax, ax 0x12aa9: int 0x16 0x12aab: cdq 0x12aac: xor cx, cx 0x12aae: mov ax, 0x5701
2018-12-25T12:28:09.980794765Z	78	PC: 12ace \| Find first file