Sample viewer

vx.netlux.org/Virus.DOS.CLME.Ming.1262

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:34.982963679Z	44	PC: 12b42 \| Get time 0x12b42: cmp ch, 0xe 0x12b45: je 0x12b9d 0x12b47: mov ah, 0x47 0x12b49: xor dl, dl 0x12b4b: lea si, word ptr [bp + 0x2d5] 0x12b4f: int 0x21 0x12b51: mov ah, 0x1a 0x12b53: lea dx, word ptr [bp + 0x323] 0x12b57: int 0x21 0x12b59: jmp 0x12b88 0x12b5b: mov ah, 0x3b 0x12b5d: lea dx, word ptr [bp + 0x315] 0x12b61: int 0x21 0x12b63: mov ah, 0x4e 0x12b65: lea dx, word ptr [bp + 0x2d3] 0x12b69: mov cx, 0x11 0x12b6c: int 0x21 0x12b6e: jb 0x12b9a 0x12b70: mov bx, word ptr [bp + 0x2d1] 0x12b74: dec bx
2018-12-17T22:52:34.98575349Z	71	PC: 12b51 \| Get current directory
2018-12-17T22:52:34.988104667Z	26	PC: 12b59 \| Set disk transfer address
2018-12-17T22:52:34.989131876Z	78	PC: 12b92 \| Find first file
2018-12-17T22:52:34.998863277Z	61	PC: 12bb4 \| Open file (Filename = '')
2018-12-17T22:52:35.006851222Z	63	PC: 12bc0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:35.013869206Z	62	PC: 12beb \| Close file
2018-12-17T22:52:35.017244525Z	74	PC: 12bf6 \| Reallocate memory
2018-12-17T22:52:35.020228872Z	74	PC: 12bfe \| Reallocate memory
2018-12-17T22:52:35.022097983Z	72	PC: 12c05 \| Allocate memory
2018-12-17T22:52:35.024082972Z	61	PC: 12c10 \| Open file (Filename = '')
2018-12-17T22:52:35.032093199Z	87	PC: 12c17 \| Get or set file date and time
2018-12-17T22:52:35.033591133Z	64	PC: 12c24 \| Write file or device (Write 3 bytes on handle 6)
2018-12-17T22:52:35.036949701Z	66	PC: 12c2c \| Move file pointer
2018-12-17T22:52:35.042982725Z	64	PC: 12c47 \| Write file or device (Write 1387 bytes on handle 6)
2018-12-17T22:52:35.060708773Z	87	PC: 12c54 \| Get or set file date and time
2018-12-17T22:52:35.06313446Z	62	PC: 12c58 \| Close file
2018-12-17T22:52:35.082349535Z	74	PC: 12c5d \| Reallocate memory
2018-12-17T22:52:35.086202202Z	59	PC: 12c88 \| Change current directory
2018-12-17T22:52:35.091088941Z	59	PC: 12c90 \| Change current directory
2018-12-17T22:52:35.093599568Z	26	PC: 12c9b \| Set disk transfer address
2018-12-17T22:52:35.09622505Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10932,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:38.285718142Z	44	PC: 12b42 \| Get time 0x12b42: cmp ch, 0xe 0x12b45: je 0x12b9d 0x12b47: mov ah, 0x47 0x12b49: xor dl, dl 0x12b4b: lea si, word ptr [bp + 0x2d5] 0x12b4f: int 0x21 0x12b51: mov ah, 0x1a 0x12b53: lea dx, word ptr [bp + 0x323] 0x12b57: int 0x21 0x12b59: jmp 0x12b88 0x12b5b: mov ah, 0x3b 0x12b5d: lea dx, word ptr [bp + 0x315] 0x12b61: int 0x21 0x12b63: mov ah, 0x4e 0x12b65: lea dx, word ptr [bp + 0x2d3] 0x12b69: mov cx, 0x11 0x12b6c: int 0x21 0x12b6e: jb 0x12b9a 0x12b70: mov bx, word ptr [bp + 0x2d1] 0x12b74: dec bx
2018-12-25T12:29:38.28882768Z	71	PC: 12b51 \| Get current directory
2018-12-25T12:29:38.292032757Z	26	PC: 12b59 \| Set disk transfer address
2018-12-25T12:29:38.293233342Z	78	PC: 12b92 \| Find first file
2018-12-25T12:29:38.302462119Z	61	PC: 12bb4 \| Open file (Filename = '')
2018-12-25T12:29:38.308664647Z	63	PC: 12bc0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:38.31464712Z	62	PC: 12beb \| Close file
2018-12-25T12:29:38.31637349Z	74	PC: 12bf6 \| Reallocate memory
2018-12-25T12:29:38.317768081Z	74	PC: 12bfe \| Reallocate memory
2018-12-25T12:29:38.318907569Z	72	PC: 12c05 \| Allocate memory
2018-12-25T12:29:38.320390392Z	61	PC: 12c10 \| Open file (Filename = '')
2018-12-25T12:29:38.325081651Z	87	PC: 12c17 \| Get or set file date and time
2018-12-25T12:29:38.326121215Z	64	PC: 12c24 \| Write file or device (Write 3 bytes on handle 6)
2018-12-25T12:29:38.327944813Z	66	PC: 12c2c \| Move file pointer
2018-12-25T12:29:38.330347259Z	64	PC: 12c47 \| Write file or device (Write 1365 bytes on handle 6)
2018-12-25T12:29:38.342609546Z	87	PC: 12c54 \| Get or set file date and time
2018-12-25T12:29:38.343621151Z	62	PC: 12c58 \| Close file
2018-12-25T12:29:38.349049032Z	74	PC: 12c5d \| Reallocate memory
2018-12-25T12:29:38.350155794Z	59	PC: 12c88 \| Change current directory
2018-12-25T12:29:38.352581157Z	59	PC: 12c90 \| Change current directory
2018-12-25T12:29:38.354327178Z	26	PC: 12c9b \| Set disk transfer address
2018-12-25T12:29:38.355205303Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":14,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10932,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:38.307153042Z	44	PC: 12b42 \| Get time 0x12b42: cmp ch, 0xe 0x12b45: je 0x12b9d 0x12b47: mov ah, 0x47 0x12b49: xor dl, dl 0x12b4b: lea si, word ptr [bp + 0x2d5] 0x12b4f: int 0x21 0x12b51: mov ah, 0x1a 0x12b53: lea dx, word ptr [bp + 0x323] 0x12b57: int 0x21 0x12b59: jmp 0x12b88 0x12b5b: mov ah, 0x3b 0x12b5d: lea dx, word ptr [bp + 0x315] 0x12b61: int 0x21 0x12b63: mov ah, 0x4e 0x12b65: lea dx, word ptr [bp + 0x2d3] 0x12b69: mov cx, 0x11 0x12b6c: int 0x21 0x12b6e: jb 0x12b9a 0x12b70: mov bx, word ptr [bp + 0x2d1] 0x12b74: dec bx
2018-12-25T12:29:38.310818315Z	9	PC: 12c76 \| Display string (Could not find end pointer)
2018-12-25T12:29:38.315151717Z	71	PC: 12b51 \| Get current directory
2018-12-25T12:29:38.318764182Z	26	PC: 12b59 \| Set disk transfer address
2018-12-25T12:29:38.320356835Z	78	PC: 12b92 \| Find first file
2018-12-25T12:29:38.328236542Z	61	PC: 12bb4 \| Open file (Filename = '')
2018-12-25T12:29:38.335855011Z	63	PC: 12bc0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:38.343291629Z	62	PC: 12beb \| Close file
2018-12-25T12:29:38.346034023Z	74	PC: 12bf6 \| Reallocate memory
2018-12-25T12:29:38.348162856Z	74	PC: 12bfe \| Reallocate memory
2018-12-25T12:29:38.350124179Z	72	PC: 12c05 \| Allocate memory
2018-12-25T12:29:38.353501883Z	61	PC: 12c10 \| Open file (Filename = '')
2018-12-25T12:29:38.362222361Z	87	PC: 12c17 \| Get or set file date and time
2018-12-25T12:29:38.364132523Z	64	PC: 12c24 \| Write file or device (Write 3 bytes on handle 6)
2018-12-25T12:29:38.3685608Z	66	PC: 12c2c \| Move file pointer
2018-12-25T12:29:38.372191939Z	64	PC: 12c47 \| Write file or device (Write 1373 bytes on handle 6)
2018-12-25T12:29:38.388116193Z	87	PC: 12c54 \| Get or set file date and time
2018-12-25T12:29:38.390077602Z	62	PC: 12c58 \| Close file
2018-12-25T12:29:38.398639431Z	74	PC: 12c5d \| Reallocate memory
2018-12-25T12:29:38.400462814Z	59	PC: 12c88 \| Change current directory
2018-12-25T12:29:38.404870274Z	59	PC: 12c90 \| Change current directory
2018-12-25T12:29:38.40747194Z	26	PC: 12c9b \| Set disk transfer address
2018-12-25T12:29:38.408558073Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')