Sample viewer

vx.netlux.org/Virus.DOS.Late.248

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:08.815327358Z	44	PC: 12a5d \| Get time 0x12a5d: cmp ch, 4 0x12a60: jg 0x12a70 0x12a62: mov ah, 9 0x12a64: lea dx, word ptr [si + 0x1bc] 0x12a68: int 0x21 0x12a6a: mov ah, 0 0x12a6c: int 0x16 0x12a6e: int 0x19 0x12a70: mov ah, 0x4e 0x12a72: lea dx, word ptr [si + 0x1b2] 0x12a76: xor cx, cx 0x12a78: int 0x21 0x12a7a: mov dx, 0x9e 0x12a7d: mov ah, 0x3d 0x12a7f: mov al, 2 0x12a81: int 0x21 0x12a83: mov bx, ax 0x12a85: mov ah, 0x3f 0x12a87: lea dx, word ptr [si + 0x1f4] 0x12a8b: mov cx, 4
2018-12-17T22:53:08.818253579Z	9	PC: 12a6a \| Display string (String= 'Get some sleep, will ya? - Late Night Virus - Jack Damn')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11124,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:57.889529131Z	44	PC: 12a5d \| Get time 0x12a5d: cmp ch, 4 0x12a60: jg 0x12a70 0x12a62: mov ah, 9 0x12a64: lea dx, word ptr [si + 0x1bc] 0x12a68: int 0x21 0x12a6a: mov ah, 0 0x12a6c: int 0x16 0x12a6e: int 0x19 0x12a70: mov ah, 0x4e 0x12a72: lea dx, word ptr [si + 0x1b2] 0x12a76: xor cx, cx 0x12a78: int 0x21 0x12a7a: mov dx, 0x9e 0x12a7d: mov ah, 0x3d 0x12a7f: mov al, 2 0x12a81: int 0x21 0x12a83: mov bx, ax 0x12a85: mov ah, 0x3f 0x12a87: lea dx, word ptr [si + 0x1f4] 0x12a8b: mov cx, 4
2018-12-25T12:29:57.893315574Z	9	PC: 12a6a \| Display string (String= 'Get some sleep, will ya? - Late Night Virus - Jack Damn')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":5,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11124,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:58.133417039Z	44	PC: 12a5d \| Get time 0x12a5d: cmp ch, 4 0x12a60: jg 0x12a70 0x12a62: mov ah, 9 0x12a64: lea dx, word ptr [si + 0x1bc] 0x12a68: int 0x21 0x12a6a: mov ah, 0 0x12a6c: int 0x16 0x12a6e: int 0x19 0x12a70: mov ah, 0x4e 0x12a72: lea dx, word ptr [si + 0x1b2] 0x12a76: xor cx, cx 0x12a78: int 0x21 0x12a7a: mov dx, 0x9e 0x12a7d: mov ah, 0x3d 0x12a7f: mov al, 2 0x12a81: int 0x21 0x12a83: mov bx, ax 0x12a85: mov ah, 0x3f 0x12a87: lea dx, word ptr [si + 0x1f4] 0x12a8b: mov cx, 4
2018-12-25T12:29:58.136006679Z	78	PC: 12a7a \| Find first file
2018-12-25T12:29:58.141953763Z	61	PC: 12a83 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:58.148222702Z	63	PC: 12a90 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:29:58.154509365Z	87	PC: 12a9c \| Get or set file date and time
2018-12-25T12:29:58.155968987Z	66	PC: 12aa7 \| Move file pointer
2018-12-25T12:29:58.157307705Z	64	PC: 12ab3 \| Write file or device (Write 248 bytes on handle 5)
2018-12-25T12:29:58.172685591Z	66	PC: 12abc \| Move file pointer
2018-12-25T12:29:58.174211341Z	64	PC: 12acf \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:29:58.181689097Z	87	PC: 12ad6 \| Get or set file date and time
2018-12-25T12:29:58.184135672Z	62	PC: 12ada \| Close file
2018-12-25T12:29:58.192562824Z	79	PC: 12ade \| Find next file
2018-12-25T12:29:58.198829862Z	61	PC: 12a83 \| Open file (See above)
2018-12-25T12:29:58.205278478Z	63	PC: 12a90 \| Read file or device (See above)
2018-12-25T12:29:58.212221814Z	87	PC: 12a9c \| Get or set file date and time (See above)
2018-12-25T12:29:58.213909621Z	66	PC: 12aa7 \| Move file pointer (See above)
2018-12-25T12:29:58.215597904Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T12:29:58.219375362Z	66	PC: 12abc \| Move file pointer (See above)
2018-12-25T12:29:58.220791466Z	64	PC: 12acf \| Write file or device (See above)
2018-12-25T12:29:58.223656094Z	87	PC: 12ad6 \| Get or set file date and time (See above)
2018-12-25T12:29:58.227752234Z	62	PC: 12ada \| Close file (See above)
2018-12-25T12:29:58.235656423Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:29:58.238604452Z	61	PC: 12a83 \| Open file (See above)
2018-12-25T12:29:58.246557588Z	63	PC: 12a90 \| Read file or device (See above)
2018-12-25T12:29:58.254385315Z	87	PC: 12a9c \| Get or set file date and time (See above)
2018-12-25T12:29:58.256168399Z	66	PC: 12aa7 \| Move file pointer (See above)
2018-12-25T12:29:58.258585785Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T12:29:58.261922456Z	66	PC: 12abc \| Move file pointer (See above)
2018-12-25T12:29:58.263517517Z	64	PC: 12acf \| Write file or device (See above)
2018-12-25T12:29:58.266294344Z	87	PC: 12ad6 \| Get or set file date and time (See above)
2018-12-25T12:29:58.269224894Z	62	PC: 12ada \| Close file (See above)
2018-12-25T12:29:58.276670282Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:29:58.279297434Z	61	PC: 12a83 \| Open file (See above)
2018-12-25T12:29:58.288673088Z	63	PC: 12a90 \| Read file or device (See above)
2018-12-25T12:29:58.29754852Z	87	PC: 12a9c \| Get or set file date and time (See above)
2018-12-25T12:29:58.298884311Z	66	PC: 12aa7 \| Move file pointer (See above)
2018-12-25T12:29:58.302401126Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T12:29:58.304919027Z	66	PC: 12abc \| Move file pointer (See above)
2018-12-25T12:29:58.306547684Z	64	PC: 12acf \| Write file or device (See above)
2018-12-25T12:29:58.310433862Z	87	PC: 12ad6 \| Get or set file date and time (See above)
2018-12-25T12:29:58.312223974Z	62	PC: 12ada \| Close file (See above)
2018-12-25T12:29:58.319683505Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:29:58.32273361Z	61	PC: 12a83 \| Open file (See above)
2018-12-25T12:29:58.329880883Z	63	PC: 12a90 \| Read file or device (See above)
2018-12-25T12:29:58.335991958Z	87	PC: 12a9c \| Get or set file date and time (See above)
2018-12-25T12:29:58.337979575Z	66	PC: 12aa7 \| Move file pointer (See above)
2018-12-25T12:29:58.339524205Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T12:29:58.342192641Z	66	PC: 12abc \| Move file pointer (See above)
2018-12-25T12:29:58.344191101Z	64	PC: 12acf \| Write file or device (See above)
2018-12-25T12:29:58.346798987Z	87	PC: 12ad6 \| Get or set file date and time (See above)
2018-12-25T12:29:58.348374334Z	62	PC: 12ada \| Close file (See above)
2018-12-25T12:29:58.356105332Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:29:58.358746775Z	61	PC: 12a83 \| Open file (See above)
2018-12-25T12:29:58.365364907Z	63	PC: 12a90 \| Read file or device (See above)
2018-12-25T12:29:58.372396643Z	87	PC: 12a9c \| Get or set file date and time (See above)
2018-12-25T12:29:58.373843776Z	66	PC: 12aa7 \| Move file pointer (See above)
2018-12-25T12:29:58.375140168Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T12:29:58.383545586Z	66	PC: 12abc \| Move file pointer (See above)
2018-12-25T12:29:58.385315847Z	64	PC: 12acf \| Write file or device (See above)
2018-12-25T12:29:58.392004591Z	87	PC: 12ad6 \| Get or set file date and time (See above)
2018-12-25T12:29:58.394464839Z	62	PC: 12ada \| Close file (See above)
2018-12-25T12:29:58.402541006Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:29:58.40528275Z	61	PC: 12a83 \| Open file (See above)
2018-12-25T12:29:58.411934499Z	63	PC: 12a90 \| Read file or device (See above)
2018-12-25T12:29:58.415905369Z	87	PC: 12a9c \| Get or set file date and time (See above)
2018-12-25T12:29:58.416943795Z	66	PC: 12aa7 \| Move file pointer (See above)
2018-12-25T12:29:58.418508251Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T12:29:58.420309499Z	66	PC: 12abc \| Move file pointer (See above)
2018-12-25T12:29:58.421318374Z	64	PC: 12acf \| Write file or device (See above)
2018-12-25T12:29:58.423550107Z	87	PC: 12ad6 \| Get or set file date and time (See above)
2018-12-25T12:29:58.424736811Z	62	PC: 12ada \| Close file (See above)
2018-12-25T12:29:58.429323727Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:29:58.431362625Z	61	PC: 12a83 \| Open file (See above)
2018-12-25T12:29:58.435828105Z	63	PC: 12a90 \| Read file or device (See above)
2018-12-25T12:29:58.437531653Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:29:58.439822216Z	76	PC: 12a44 \| Terminate with return code (Return code = '18')