Sample viewer

vx.netlux.org/Virus.DOS.Moffatts.557

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:05.223646163Z 53 PC: 12a4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:05.233708384Z 37 PC: 12a5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:05.235256352Z 71 PC: 12a69 | Get current directory
2018-12-17T22:52:05.238680334Z 78 PC: 12a9b | Find first file
2018-12-17T22:52:05.248561026Z 78 PC: 12a9b | Find first file
2018-12-17T22:52:05.255662947Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.258457406Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.261486998Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.265578494Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.268350311Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.27113408Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.275190941Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.278769253Z 79 PC: 12a9b | Find next file
2018-12-17T22:52:05.281500143Z 59 PC: 12a7c | Change current directory
2018-12-17T22:52:05.288682385Z 42 PC: 12aef | Get date 0x12aef: cmp cx, 0x7ce
0x12af3: jb 0x12b0b
0x12af5: mov ah, 9
0x12af7: mov dx, 0x1fb
0x12afa: int 0x21
0x12afc: mov cx, 3
0x12aff: push es
0x12b00: mov ax, 0x40
0x12b03: mov es, ax
0x12b05: mov word ptr es:[0x13], dx
0x12b0a: pop es
0x12b0b: ret
0x12b0c: mov ah, 0x3d
0x12b0e: mov dx, 0x9e
0x12b11: int 0x21
0x12b13: xchg ax, bx
0x12b14: ret
0x12b15: mov ax, 0x4301
0x12b18: mov dx, 0x9e
0x12b1b: int 0x21
2018-12-17T22:52:05.291873188Z 9 PC: 12afc | Display string (String= 'MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! [IVP] ')
2018-12-17T22:52:05.304083045Z 37 PC: 12a89 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:05.306329756Z 59 PC: 12a92 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10774,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:11.873416566Z 53 PC: 12a4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:11.876036642Z 37 PC: 12a5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:11.877600824Z 71 PC: 12a69 | Get current directory
2018-12-25T12:29:11.881151204Z 78 PC: 12a9b | Find first file
2018-12-25T12:29:11.888844551Z 78 PC: 12a9b | Find first file (See above)
2018-12-25T12:29:11.895426664Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.898456415Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.901360053Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.90504842Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.90872244Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.911421908Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.914917613Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.917821047Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:11.920403425Z 59 PC: 12a7c | Change current directory
2018-12-25T12:29:11.925644492Z 42 PC: 12aef | Get date 0x12aef: cmp cx, 0x7ce
0x12af3: jb 0x12b0b
0x12af5: mov ah, 9
0x12af7: mov dx, 0x1fb
0x12afa: int 0x21
0x12afc: mov cx, 3
0x12aff: push es
0x12b00: mov ax, 0x40
0x12b03: mov es, ax
0x12b05: mov word ptr es:[0x13], dx
0x12b0a: pop es
0x12b0b: ret
0x12b0c: mov ah, 0x3d
0x12b0e: mov dx, 0x9e
0x12b11: int 0x21
0x12b13: xchg ax, bx
0x12b14: ret
0x12b15: mov ax, 0x4301
0x12b18: mov dx, 0x9e
0x12b1b: int 0x21
2018-12-25T12:29:11.928025538Z 37 PC: 12a89 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:11.929307837Z 59 PC: 12a92 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1998,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10774,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:12.042581053Z 53 PC: 12a4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:12.045439106Z 37 PC: 12a5e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:12.046849365Z 71 PC: 12a69 | Get current directory
2018-12-25T12:29:12.049626394Z 78 PC: 12a9b | Find first file
2018-12-25T12:29:12.057787041Z 78 PC: 12a9b | Find first file (See above)
2018-12-25T12:29:12.068850382Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.071276961Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.073697413Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.076656044Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.079205827Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.081724656Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.085246351Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.088315652Z 79 PC: 12a9b | Find next file (See above)
2018-12-25T12:29:12.090771642Z 59 PC: 12a7c | Change current directory
2018-12-25T12:29:12.095635842Z 42 PC: 12aef | Get date 0x12aef: cmp cx, 0x7ce
0x12af3: jb 0x12b0b
0x12af5: mov ah, 9
0x12af7: mov dx, 0x1fb
0x12afa: int 0x21
0x12afc: mov cx, 3
0x12aff: push es
0x12b00: mov ax, 0x40
0x12b03: mov es, ax
0x12b05: mov word ptr es:[0x13], dx
0x12b0a: pop es
0x12b0b: ret
0x12b0c: mov ah, 0x3d
0x12b0e: mov dx, 0x9e
0x12b11: int 0x21
0x12b13: xchg ax, bx
0x12b14: ret
0x12b15: mov ax, 0x4301
0x12b18: mov dx, 0x9e
0x12b1b: int 0x21
2018-12-25T12:29:12.104828006Z 9 PC: 12afc | Display string (String= 'MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! MOFFATTS!!! [IVP] ')
2018-12-25T12:29:12.115417687Z 37 PC: 12a89 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:12.11700807Z 59 PC: 12a92 | Change current directory