Sample viewer

vx.netlux.org/Virus.DOS.Trivial.78.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:12.848191078Z	26	PC: 12a47 \| Set disk transfer address
2018-12-17T22:53:12.850352417Z	78	PC: 12a51 \| Find first file
2018-12-17T22:53:12.856278158Z	61	PC: 12a61 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:12.862694194Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:12.869809346Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:12.884269283Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:12.887211361Z	61	PC: 12a61 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:53:12.894175983Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:12.901447856Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:12.910337375Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:12.913178061Z	61	PC: 12a61 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:53:12.920263158Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:12.926853857Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:12.935030138Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:12.938759536Z	61	PC: 12a61 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:53:12.94547797Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:12.95280318Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:12.961856064Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:12.96445084Z	61	PC: 12a61 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:53:12.971472111Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:12.982339311Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:12.989897904Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:12.992747385Z	61	PC: 12a61 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:53:13.000003831Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:13.00691655Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:13.014664859Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:13.017722156Z	61	PC: 12a61 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:53:13.026965201Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:13.033633595Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:13.042384933Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:13.046514261Z	61	PC: 12a61 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:53:13.053179121Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-17T22:53:13.056181682Z	62	PC: 12a70 \| Close file
2018-12-17T22:53:13.064800884Z	79	PC: 12a57 \| Find next file
2018-12-17T22:53:13.067498477Z	42	PC: 12a76 \| Get date 0x12a76: cmp dh, 1 0x12a79: je 0x12a85 0x12a7b: cmp dh, 6 0x12a7e: je 0x12a85 0x12a80: mov ax, 0x4c00 0x12a83: int 0x21 0x12a85: mov ax, 0x701 0x12a88: mov ch, 0 0x12a8a: mov dl, 0x80 0x12a8c: int 0x13 0x12a8e: sub ch, byte ptr [0x4f43] 0x12a92: dec bp 0x12a93: add byte ptr [bx + di], al 0x12a95: aas 0x12a96: aas 0x12a97: aas 0x12a98: aas 0x12a99: aas 0x12a9a: aas 0x12a9b: aas
2018-12-17T22:53:13.069595235Z	76	PC: 12a85 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11146,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:58.349626733Z	26	PC: 12a47 \| Set disk transfer address
2018-12-25T12:29:58.350798457Z	78	PC: 12a51 \| Find first file
2018-12-25T12:29:58.357790255Z	61	PC: 12a61 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:58.364846187Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-25T12:29:58.371998885Z	62	PC: 12a70 \| Close file
2018-12-25T12:29:58.818882308Z	79	PC: 12a57 \| Find next file
2018-12-25T12:29:58.82207168Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.830341104Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.851482588Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.861264314Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.864283635Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.88091231Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.888911527Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.897799218Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.9012948Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.909091874Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.917087216Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.927428271Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.93054555Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.938754676Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.946707502Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.955867606Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.959102313Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.966589118Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.97511016Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.983774307Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.986969388Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.994865011Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.004642549Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.013523469Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.017572658Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:59.026309528Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.029544669Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.039497896Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.042471236Z	42	PC: 12a76 \| Get date 0x12a76: cmp dh, 1 0x12a79: je 0x12a85 0x12a7b: cmp dh, 6 0x12a7e: je 0x12a85 0x12a80: mov ax, 0x4c00 0x12a83: int 0x21 0x12a85: mov ax, 0x701 0x12a88: mov ch, 0 0x12a8a: mov dl, 0x80 0x12a8c: int 0x13 0x12a8e: sub ch, byte ptr [0x4f43] 0x12a92: dec bp 0x12a93: add byte ptr [bx + di], al 0x12a95: aas 0x12a96: aas 0x12a97: aas 0x12a98: aas 0x12a99: aas 0x12a9a: aas 0x12a9b: aas

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11146,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:58.686126213Z	26	PC: 12a47 \| Set disk transfer address
2018-12-25T12:29:58.694384341Z	78	PC: 12a51 \| Find first file
2018-12-25T12:29:58.700734012Z	61	PC: 12a61 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:58.707562597Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-25T12:29:58.725093132Z	62	PC: 12a70 \| Close file
2018-12-25T12:29:58.739386921Z	79	PC: 12a57 \| Find next file
2018-12-25T12:29:58.742363106Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.754816716Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.763341829Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.773375112Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.776056074Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.786691566Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.793226159Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.801077591Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.804361413Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.811321003Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.817720093Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.825728475Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.838870245Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.84516286Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.852087377Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.859375912Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.861837511Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.87342645Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.880142951Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.893274934Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.896573045Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.904441949Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.911058313Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.918784108Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.922216387Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.92867547Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.935562863Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.943201222Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.94554558Z	42	PC: 12a76 \| Get date 0x12a76: cmp dh, 1 0x12a79: je 0x12a85 0x12a7b: cmp dh, 6 0x12a7e: je 0x12a85 0x12a80: mov ax, 0x4c00 0x12a83: int 0x21 0x12a85: mov ax, 0x701 0x12a88: mov ch, 0 0x12a8a: mov dl, 0x80 0x12a8c: int 0x13 0x12a8e: sub ch, byte ptr [0x4f43] 0x12a92: dec bp 0x12a93: add byte ptr [bx + di], al 0x12a95: aas 0x12a96: aas 0x12a97: aas 0x12a98: aas 0x12a99: aas 0x12a9a: aas 0x12a9b: aas
2018-12-25T12:29:58.947786723Z	76	PC: 12a85 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11146,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:58.923814575Z	26	PC: 12a47 \| Set disk transfer address
2018-12-25T12:29:58.927869778Z	78	PC: 12a51 \| Find first file
2018-12-25T12:29:58.934497926Z	61	PC: 12a61 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:58.941612231Z	64	PC: 12a6c \| Write file or device (Write 78 bytes on handle 5)
2018-12-25T12:29:58.948617077Z	62	PC: 12a70 \| Close file
2018-12-25T12:29:58.964241564Z	79	PC: 12a57 \| Find next file
2018-12-25T12:29:58.967181376Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:58.97491051Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:58.982783943Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:58.990774541Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:58.993739636Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:59.002153949Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.009275075Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.017553753Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.021425077Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:59.028121693Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.035036776Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.043445023Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.046014753Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:59.052837537Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.061070711Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.069158708Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.07174074Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:59.083625811Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.090286453Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.09802207Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.101351382Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:59.107935996Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.114784675Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.12296063Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.125563062Z	61	PC: 12a61 \| Open file (See above)
2018-12-25T12:29:59.137786276Z	64	PC: 12a6c \| Write file or device (See above)
2018-12-25T12:29:59.144788208Z	62	PC: 12a70 \| Close file (See above)
2018-12-25T12:29:59.152434218Z	79	PC: 12a57 \| Find next file (See above)
2018-12-25T12:29:59.154778223Z	42	PC: 12a76 \| Get date 0x12a76: cmp dh, 1 0x12a79: je 0x12a85 0x12a7b: cmp dh, 6 0x12a7e: je 0x12a85 0x12a80: mov ax, 0x4c00 0x12a83: int 0x21 0x12a85: mov ax, 0x701 0x12a88: mov ch, 0 0x12a8a: mov dl, 0x80 0x12a8c: int 0x13 0x12a8e: sub ch, byte ptr [0x4f43] 0x12a92: dec bp 0x12a93: add byte ptr [bx + di], al 0x12a95: aas 0x12a96: aas 0x12a97: aas 0x12a98: aas 0x12a99: aas 0x12a9a: aas 0x12a9b: aas