Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Seneca.381

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:47.92146003Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7bc 0x12a56: jle 0x12a70 0x12a58: jmp 0x12a5a 0x12a5a: mov ah, 0x2a 0x12a5c: int 0x21 0x12a5e: cmp dh, 0xb 0x12a61: je 0x12a65 0x12a63: jmp 0x12a7b 0x12a65: mov ah, 0x2a 0x12a67: int 0x21 0x12a69: cmp dl, 0x19 0x12a6c: je 0x12aa7 0x12a6e: jmp 0x12a7b 0x12a70: mov ah, 0x2c 0x12a72: int 0x21 0x12a74: cmp cl, 0x1e 0x12a77: jge 0x12a9e 0x12a79: jmp 0x12a7b 0x12a7b: mov dx, 0x26c 0x12a7e: mov ah, 0x4e
2018-12-17T22:52:47.924822137Z	42	PC: 12a5e \| Get date 0x12a5e: cmp dh, 0xb 0x12a61: je 0x12a65 0x12a63: jmp 0x12a7b 0x12a65: mov ah, 0x2a 0x12a67: int 0x21 0x12a69: cmp dl, 0x19 0x12a6c: je 0x12aa7 0x12a6e: jmp 0x12a7b 0x12a70: mov ah, 0x2c 0x12a72: int 0x21 0x12a74: cmp cl, 0x1e 0x12a77: jge 0x12a9e 0x12a79: jmp 0x12a7b 0x12a7b: mov dx, 0x26c 0x12a7e: mov ah, 0x4e 0x12a80: xor cx, cx 0x12a82: int 0x21 0x12a84: jb 0x12a93 0x12a86: jmp 0x12abe 0x12a88: mov ah, 0x4f
2018-12-17T22:52:47.927307304Z	78	PC: 12a84 \| Find first file
2018-12-17T22:52:47.933371476Z	61	PC: 12ad9 \| Open file (Filename = '*.exe')
2018-12-17T22:52:47.938676281Z	62	PC: 12ae4 \| Close file
2018-12-17T22:52:47.942438773Z	61	PC: 12aed \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:52:47.948657381Z	64	PC: 12afe \| Write file or device (Write 381 bytes on handle 2)
2018-12-17T22:52:47.951289576Z	87	PC: 12b10 \| Get or set file date and time
2018-12-17T22:52:47.953561328Z	62	PC: 12b18 \| Close file
2018-12-17T22:52:48.144168147Z	67	PC: 12b25 \| Get or set file attributes
2018-12-17T22:52:48.155895384Z	79	PC: 12a8c \| Find next file
2018-12-17T22:52:48.162979364Z	59	PC: 12a9a \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11010,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:45.547756233Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7bc 0x12a56: jle 0x12a70 0x12a58: jmp 0x12a5a 0x12a5a: mov ah, 0x2a 0x12a5c: int 0x21 0x12a5e: cmp dh, 0xb 0x12a61: je 0x12a65 0x12a63: jmp 0x12a7b 0x12a65: mov ah, 0x2a 0x12a67: int 0x21 0x12a69: cmp dl, 0x19 0x12a6c: je 0x12aa7 0x12a6e: jmp 0x12a7b 0x12a70: mov ah, 0x2c 0x12a72: int 0x21 0x12a74: cmp cl, 0x1e 0x12a77: jge 0x12a9e 0x12a79: jmp 0x12a7b 0x12a7b: mov dx, 0x26c 0x12a7e: mov ah, 0x4e
2018-12-25T12:29:45.550553282Z	44	PC: 12a74 \| Get time 0x12a74: cmp cl, 0x1e 0x12a77: jge 0x12a9e 0x12a79: jmp 0x12a7b 0x12a7b: mov dx, 0x26c 0x12a7e: mov ah, 0x4e 0x12a80: xor cx, cx 0x12a82: int 0x21 0x12a84: jb 0x12a93 0x12a86: jmp 0x12abe 0x12a88: mov ah, 0x4f 0x12a8a: int 0x21 0x12a8c: cmp ax, 0x12 0x12a8f: je 0x12a93 0x12a91: jmp 0x12abe 0x12a93: mov dx, 0x272 0x12a96: mov ah, 0x3b 0x12a98: int 0x21 0x12a9a: jb 0x12abc 0x12a9c: jmp 0x12a7b 0x12a9e: mov ah, 9
2018-12-25T12:29:45.552891559Z	78	PC: 12a84 \| Find first file
2018-12-25T12:29:45.559712043Z	61	PC: 12ad9 \| Open file (Filename = '*.exe')
2018-12-25T12:29:45.566210641Z	62	PC: 12ae4 \| Close file
2018-12-25T12:29:45.568287339Z	61	PC: 12aed \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:45.581153367Z	64	PC: 12afe \| Write file or device (Write 381 bytes on handle 2)
2018-12-25T12:29:45.588739079Z	87	PC: 12b10 \| Get or set file date and time
2018-12-25T12:29:45.590535308Z	62	PC: 12b18 \| Close file
2018-12-25T12:29:45.606011679Z	67	PC: 12b25 \| Get or set file attributes
2018-12-25T12:29:45.611132854Z	79	PC: 12a8c \| Find next file
2018-12-25T12:29:45.614385432Z	59	PC: 12a9a \| Change current directory

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11010,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:45.776360011Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7bc 0x12a56: jle 0x12a70 0x12a58: jmp 0x12a5a 0x12a5a: mov ah, 0x2a 0x12a5c: int 0x21 0x12a5e: cmp dh, 0xb 0x12a61: je 0x12a65 0x12a63: jmp 0x12a7b 0x12a65: mov ah, 0x2a 0x12a67: int 0x21 0x12a69: cmp dl, 0x19 0x12a6c: je 0x12aa7 0x12a6e: jmp 0x12a7b 0x12a70: mov ah, 0x2c 0x12a72: int 0x21 0x12a74: cmp cl, 0x1e 0x12a77: jge 0x12a9e 0x12a79: jmp 0x12a7b 0x12a7b: mov dx, 0x26c 0x12a7e: mov ah, 0x4e
2018-12-25T12:29:45.779329949Z	44	PC: 12a74 \| Get time 0x12a74: cmp cl, 0x1e 0x12a77: jge 0x12a9e 0x12a79: jmp 0x12a7b 0x12a7b: mov dx, 0x26c 0x12a7e: mov ah, 0x4e 0x12a80: xor cx, cx 0x12a82: int 0x21 0x12a84: jb 0x12a93 0x12a86: jmp 0x12abe 0x12a88: mov ah, 0x4f 0x12a8a: int 0x21 0x12a8c: cmp ax, 0x12 0x12a8f: je 0x12a93 0x12a91: jmp 0x12abe 0x12a93: mov dx, 0x272 0x12a96: mov ah, 0x3b 0x12a98: int 0x21 0x12a9a: jb 0x12abc 0x12a9c: jmp 0x12a7b 0x12a9e: mov ah, 9
2018-12-25T12:29:45.781415006Z	78	PC: 12a84 \| Find first file
2018-12-25T12:29:45.787173147Z	61	PC: 12ad9 \| Open file (Filename = '*.exe')
2018-12-25T12:29:45.79302143Z	62	PC: 12ae4 \| Close file
2018-12-25T12:29:45.795385784Z	61	PC: 12aed \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:29:45.802058307Z	64	PC: 12afe \| Write file or device (Write 381 bytes on handle 2)
2018-12-25T12:29:45.805200842Z	87	PC: 12b10 \| Get or set file date and time
2018-12-25T12:29:45.80695707Z	62	PC: 12b18 \| Close file
2018-12-25T12:29:45.820644792Z	67	PC: 12b25 \| Get or set file attributes
2018-12-25T12:29:45.82614962Z	79	PC: 12a8c \| Find next file
2018-12-25T12:29:45.828426926Z	59	PC: 12a9a \| Change current directory