Sample viewer

vx.netlux.org/Virus.DOS.YanShort.1835

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:35.96012006Z 47 PC: 12c4f | Get disk transfer address
2018-12-17T22:51:35.966550248Z 53 PC: 12ce3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:51:35.968153129Z 37 PC: 12d01 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:51:35.969713988Z 26 PC: 13246 | Set disk transfer address
2018-12-17T22:51:35.970840757Z 78 PC: 13256 | Find first file
2018-12-17T22:51:35.979457835Z 47 PC: 12e1a | Get disk transfer address
2018-12-17T22:51:35.980833749Z 26 PC: 12e3f | Set disk transfer address
2018-12-17T22:51:35.982285434Z 61 PC: 12e8c | Open file (Filename = '\TEST.EXE')
2018-12-17T22:51:35.989620148Z 66 PC: 12ead | Move file pointer
2018-12-17T22:51:35.991677208Z 66 PC: 12ee0 | Move file pointer
2018-12-17T22:51:35.993701427Z 63 PC: 12f05 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:51:35.996626145Z 62 PC: 12f45 | Close file
2018-12-17T22:51:35.999072381Z 26 PC: 131fa | Set disk transfer address
2018-12-17T22:51:36.000210469Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.002714649Z 26 PC: 13246 | Set disk transfer address
2018-12-17T22:51:36.004236661Z 78 PC: 13256 | Find first file
2018-12-17T22:51:36.009897576Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.012243533Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.016318587Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.018840896Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.021194195Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.024247723Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.026744419Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.029374452Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.032067908Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.03517335Z 26 PC: 13246 | Set disk transfer address
2018-12-17T22:51:36.036248819Z 78 PC: 13256 | Find first file
2018-12-17T22:51:36.042011993Z 47 PC: 12e1a | Get disk transfer address
2018-12-17T22:51:36.043633489Z 26 PC: 12e3f | Set disk transfer address
2018-12-17T22:51:36.044665496Z 61 PC: 12e8c | Open file (Filename = '\TEST.EXE')
2018-12-17T22:51:36.051031335Z 66 PC: 12ead | Move file pointer
2018-12-17T22:51:36.053147886Z 66 PC: 12ee0 | Move file pointer
2018-12-17T22:51:36.054327638Z 63 PC: 12f05 | Read file or device (Read 25 bytes on handle 5)
2018-12-17T22:51:36.057233843Z 62 PC: 12f45 | Close file
2018-12-17T22:51:36.0592857Z 26 PC: 131fa | Set disk transfer address
2018-12-17T22:51:36.060177772Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.062423189Z 26 PC: 13246 | Set disk transfer address
2018-12-17T22:51:36.063988719Z 78 PC: 13256 | Find first file
2018-12-17T22:51:36.069690158Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.072173257Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.075308243Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.077950464Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.080566635Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.083796397Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.086139809Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.089153834Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.096144141Z 79 PC: 1326d | Find next file
2018-12-17T22:51:36.098412589Z 37 PC: 12d01 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:51:36.099436312Z 26 PC: 12d20 | Set disk transfer address
2018-12-17T22:51:36.100837198Z 42 PC: 13279 | Get date 0x13279: cmp dx, 0xc08
0x1327d: je 0x132a2
0x1327f: cmp dx, 0x401
0x13283: je 0x13287
0x13285: jmp 0x132ba
0x13287: mov si, 0x802
0x1328a: sub si, 0x103
0x1328e: add si, bx
0x13290: mov al, byte ptr [si]
0x13292: cmp al, 0x22
0x13294: je 0x132a2
0x13296: mov ah, 0xe
0x13298: mov cx, 1
0x1329b: sub al, 0x7c
0x1329d: int 0x10
0x1329f: inc si
0x132a0: jmp 0x13290
0x132a2: mov ah, 0x19
0x132a4: int 0x21
0x132a6: mov dx, 1
2018-12-17T22:51:36.1031086Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T22:51:36.106981409Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":8,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10611,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:36.710641685Z 47 PC: 12c4f | Get disk transfer address
2018-12-25T12:28:36.712763468Z 53 PC: 12ce3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:28:36.714550267Z 37 PC: 12d01 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:28:36.716193988Z 26 PC: 13246 | Set disk transfer address
2018-12-25T12:28:36.717400462Z 78 PC: 13256 | Find first file
2018-12-25T12:28:36.723465367Z 47 PC: 12e1a | Get disk transfer address
2018-12-25T12:28:36.724425496Z 26 PC: 12e3f | Set disk transfer address
2018-12-25T12:28:36.725364309Z 61 PC: 12e8c | Open file (Filename = '\TEST.EXE')
2018-12-25T12:28:36.729883426Z 66 PC: 12ead | Move file pointer
2018-12-25T12:28:36.731022761Z 66 PC: 12ee0 | Move file pointer
2018-12-25T12:28:36.732094775Z 63 PC: 12f05 | Read file or device (Read 25 bytes on handle 5)
2018-12-25T12:28:36.734700659Z 62 PC: 12f45 | Close file
2018-12-25T12:28:36.736133689Z 26 PC: 131fa | Set disk transfer address
2018-12-25T12:28:36.737116567Z 79 PC: 1326d | Find next file
2018-12-25T12:28:36.739407175Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:36.740605116Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:36.744731104Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.747021953Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.748918136Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.750754728Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.752791622Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.755244707Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.757048385Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.759050989Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.766060132Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.767794273Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:36.768591585Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:36.77297665Z 47 PC: 12e1a | Get disk transfer address (See above)
2018-12-25T12:28:36.773990052Z 26 PC: 12e3f | Set disk transfer address (See above)
2018-12-25T12:28:36.775036391Z 61 PC: 12e8c | Open file (See above)
2018-12-25T12:28:36.782724882Z 66 PC: 12ead | Move file pointer (See above)
2018-12-25T12:28:36.783808744Z 66 PC: 12ee0 | Move file pointer (See above)
2018-12-25T12:28:36.784843639Z 63 PC: 12f05 | Read file or device (See above)
2018-12-25T12:28:36.789938664Z 62 PC: 12f45 | Close file (See above)
2018-12-25T12:28:36.791274305Z 26 PC: 131fa | Set disk transfer address (See above)
2018-12-25T12:28:36.792102751Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.794249899Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:36.795215225Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:36.799046133Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.801325923Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.803400297Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.805257213Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.807702439Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.811591631Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.813330631Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.815190364Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.81760937Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:36.820168756Z 37 PC: 12d01 | Set interrupt vector (See above)
2018-12-25T12:28:36.821367601Z 26 PC: 12d20 | Set disk transfer address
2018-12-25T12:28:36.822943476Z 42 PC: 13279 | Get date 0x13279: cmp dx, 0xc08
0x1327d: je 0x132a2
0x1327f: cmp dx, 0x401
0x13283: je 0x13287
0x13285: jmp 0x132ba
0x13287: mov si, 0x802
0x1328a: sub si, 0x103
0x1328e: add si, bx
0x13290: mov al, byte ptr [si]
0x13292: cmp al, 0x22
0x13294: je 0x132a2
0x13296: mov ah, 0xe
0x13298: mov cx, 1
0x1329b: sub al, 0x7c
0x1329d: int 0x10
0x1329f: inc si
0x132a0: jmp 0x13290
0x132a2: mov ah, 0x19
0x132a4: int 0x21
0x132a6: mov dx, 1
2018-12-25T12:28:36.82456074Z 25 PC: 132a6 | Get default drive
2018-12-25T12:28:36.85337893Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:28:36.860138971Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10611,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:37.971980158Z 47 PC: 12c4f | Get disk transfer address
2018-12-25T12:28:37.974300794Z 53 PC: 12ce3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:28:37.975748598Z 37 PC: 12d01 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:28:37.976976401Z 26 PC: 13246 | Set disk transfer address
2018-12-25T12:28:37.978442028Z 78 PC: 13256 | Find first file
2018-12-25T12:28:37.984777109Z 47 PC: 12e1a | Get disk transfer address
2018-12-25T12:28:37.985826861Z 26 PC: 12e3f | Set disk transfer address
2018-12-25T12:28:37.987470361Z 61 PC: 12e8c | Open file (Filename = '\TEST.EXE')
2018-12-25T12:28:37.995259644Z 66 PC: 12ead | Move file pointer
2018-12-25T12:28:37.996666965Z 66 PC: 12ee0 | Move file pointer
2018-12-25T12:28:37.998324921Z 63 PC: 12f05 | Read file or device (Read 25 bytes on handle 5)
2018-12-25T12:28:38.009614611Z 62 PC: 12f45 | Close file
2018-12-25T12:28:38.011694985Z 26 PC: 131fa | Set disk transfer address
2018-12-25T12:28:38.013272314Z 79 PC: 1326d | Find next file
2018-12-25T12:28:38.015965906Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:38.016901755Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:38.02245409Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.02499115Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.027397516Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.029727062Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.0325652Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.03482152Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.036947422Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.043114983Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.045443832Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.047682827Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:38.049043555Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:38.054610673Z 47 PC: 12e1a | Get disk transfer address (See above)
2018-12-25T12:28:38.05541425Z 26 PC: 12e3f | Set disk transfer address (See above)
2018-12-25T12:28:38.056870454Z 61 PC: 12e8c | Open file (See above)
2018-12-25T12:28:38.063726117Z 66 PC: 12ead | Move file pointer (See above)
2018-12-25T12:28:38.064898567Z 66 PC: 12ee0 | Move file pointer (See above)
2018-12-25T12:28:38.066510028Z 63 PC: 12f05 | Read file or device (See above)
2018-12-25T12:28:38.069243118Z 62 PC: 12f45 | Close file (See above)
2018-12-25T12:28:38.070765941Z 26 PC: 131fa | Set disk transfer address (See above)
2018-12-25T12:28:38.072396974Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.074693283Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:38.075576597Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:38.081540378Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.083890271Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.086215067Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.089010163Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.091424953Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.093880735Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.09663465Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.098977813Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.101212836Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.103789809Z 37 PC: 12d01 | Set interrupt vector (See above)
2018-12-25T12:28:38.10474668Z 26 PC: 12d20 | Set disk transfer address
2018-12-25T12:28:38.105500009Z 42 PC: 13279 | Get date 0x13279: cmp dx, 0xc08
0x1327d: je 0x132a2
0x1327f: cmp dx, 0x401
0x13283: je 0x13287
0x13285: jmp 0x132ba
0x13287: mov si, 0x802
0x1328a: sub si, 0x103
0x1328e: add si, bx
0x13290: mov al, byte ptr [si]
0x13292: cmp al, 0x22
0x13294: je 0x132a2
0x13296: mov ah, 0xe
0x13298: mov cx, 1
0x1329b: sub al, 0x7c
0x1329d: int 0x10
0x1329f: inc si
0x132a0: jmp 0x13290
0x132a2: mov ah, 0x19
0x132a4: int 0x21
0x132a6: mov dx, 1
2018-12-25T12:28:38.107856108Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:28:38.112846244Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10611,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:38.046732639Z 47 PC: 12c4f | Get disk transfer address
2018-12-25T12:28:38.047955547Z 53 PC: 12ce3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:28:38.058483892Z 37 PC: 12d01 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:28:38.059645797Z 26 PC: 13246 | Set disk transfer address
2018-12-25T12:28:38.060548442Z 78 PC: 13256 | Find first file
2018-12-25T12:28:38.06727015Z 47 PC: 12e1a | Get disk transfer address
2018-12-25T12:28:38.068216734Z 26 PC: 12e3f | Set disk transfer address
2018-12-25T12:28:38.069141669Z 61 PC: 12e8c | Open file (Filename = '\TEST.EXE')
2018-12-25T12:28:38.073689024Z 66 PC: 12ead | Move file pointer
2018-12-25T12:28:38.07502532Z 66 PC: 12ee0 | Move file pointer
2018-12-25T12:28:38.076552743Z 63 PC: 12f05 | Read file or device (Read 25 bytes on handle 5)
2018-12-25T12:28:38.079925941Z 62 PC: 12f45 | Close file
2018-12-25T12:28:38.081655248Z 26 PC: 131fa | Set disk transfer address
2018-12-25T12:28:38.082622414Z 79 PC: 1326d | Find next file
2018-12-25T12:28:38.086463707Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:38.087482981Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:38.093711681Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.096645575Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.099282465Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.101833115Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.104964743Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.106761339Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.120421848Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.12337628Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.126197781Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.128720692Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:38.129884842Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:38.13654289Z 47 PC: 12e1a | Get disk transfer address (See above)
2018-12-25T12:28:38.137598609Z 26 PC: 12e3f | Set disk transfer address (See above)
2018-12-25T12:28:38.138717829Z 61 PC: 12e8c | Open file (See above)
2018-12-25T12:28:38.14599026Z 66 PC: 12ead | Move file pointer (See above)
2018-12-25T12:28:38.14828012Z 66 PC: 12ee0 | Move file pointer (See above)
2018-12-25T12:28:38.149583325Z 63 PC: 12f05 | Read file or device (See above)
2018-12-25T12:28:38.153094551Z 62 PC: 12f45 | Close file (See above)
2018-12-25T12:28:38.154930871Z 26 PC: 131fa | Set disk transfer address (See above)
2018-12-25T12:28:38.155986525Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.158759972Z 26 PC: 13246 | Set disk transfer address (See above)
2018-12-25T12:28:38.159868731Z 78 PC: 13256 | Find first file (See above)
2018-12-25T12:28:38.16614141Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.169731082Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.17249526Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.175118542Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.178149528Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.180886234Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.183503417Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.186687155Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.189645759Z 79 PC: 1326d | Find next file (See above)
2018-12-25T12:28:38.192426375Z 37 PC: 12d01 | Set interrupt vector (See above)
2018-12-25T12:28:38.195005209Z 26 PC: 12d20 | Set disk transfer address
2018-12-25T12:28:38.196439811Z 42 PC: 13279 | Get date 0x13279: cmp dx, 0xc08
0x1327d: je 0x132a2
0x1327f: cmp dx, 0x401
0x13283: je 0x13287
0x13285: jmp 0x132ba
0x13287: mov si, 0x802
0x1328a: sub si, 0x103
0x1328e: add si, bx
0x13290: mov al, byte ptr [si]
0x13292: cmp al, 0x22
0x13294: je 0x132a2
0x13296: mov ah, 0xe
0x13298: mov cx, 1
0x1329b: sub al, 0x7c
0x1329d: int 0x10
0x1329f: inc si
0x132a0: jmp 0x13290
0x132a2: mov ah, 0x19
0x132a4: int 0x21
0x132a6: mov dx, 1
2018-12-25T12:28:38.2009384Z 25 PC: 132a6 | Get default drive
2018-12-25T12:28:38.227343649Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:28:38.234713494Z 76 PC: 12c28 | Terminate with return code (Return code = '0')