Sample viewer

vx.netlux.org/Virus.DOS.YanShort.Bandit

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:32.860568155Z	47	PC: 12a6d \| Get disk transfer address
2018-12-17T22:53:32.861829214Z	26	PC: 13007 \| Set disk transfer address
2018-12-17T22:53:32.863223424Z	78	PC: 13017 \| Find first file
2018-12-17T22:53:32.867407627Z	26	PC: 13007 \| Set disk transfer address
2018-12-17T22:53:32.868274286Z	78	PC: 13017 \| Find first file
2018-12-17T22:53:32.872836236Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.874654336Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.876315888Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.878846784Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.880611568Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.882461418Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.884726743Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.886575695Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.88839165Z	79	PC: 1302e \| Find next file
2018-12-17T22:53:32.89066869Z	42	PC: 12b66 \| Get date 0x12b66: pop si 0x12b67: ret 0x12b68: mov si, dx 0x12b6a: test byte ptr [si + 0x15], 0x10 0x12b6e: jne 0x12b7b 0x12b70: call 0x1301b 0x12b73: jb 0x12b61 0x12b75: test byte ptr [si + 0x15], 0x10 0x12b79: je 0x12b70 0x12b7b: cmp byte ptr [si + 0x1e], 0x2e 0x12b7f: je 0x12b70 0x12b81: call 0x12b9d 0x12b84: push ax 0x12b85: mov ah, 0x1a 0x12b87: int 0x21 0x12b89: pop ax 0x12b8a: push si 0x12b8b: mov si, 0x70b 0x12b8e: sub si, 0x103 0x12b92: add si, bx
2018-12-17T22:53:32.892503837Z	42	PC: 12aa6 \| Get date 0x12aa6: cmp al, 1 0x12aa8: je 0x12aae 0x12aaa: jne 0x12abd 0x12aac: int 0x20 0x12aae: mov ah, 5 0x12ab0: mov ch, 0 0x12ab2: mov cl, 2 0x12ab4: mov dh, 0 0x12ab6: mov dl, 2 0x12ab8: int 0x13 0x12aba: jmp 0x12abd 0x12abc: nop 0x12abd: mov si, 0xa99 0x12ac0: sub si, 0x103 0x12ac4: add si, bx 0x12ac6: mov dx, word ptr [si] 0x12ac8: push ds 0x12ac9: mov ax, word ptr [si + 2] 0x12acc: mov ds, ax 0x12ace: push bx
2018-12-17T22:53:32.89488043Z	26	PC: 12ad4 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11252,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:14.957696535Z	47	PC: 12a6d \| Get disk transfer address
2018-12-25T12:30:14.959525545Z	26	PC: 13007 \| Set disk transfer address
2018-12-25T12:30:14.960702031Z	78	PC: 13017 \| Find first file
2018-12-25T12:30:14.967292864Z	26	PC: 13007 \| Set disk transfer address (See above)
2018-12-25T12:30:14.969060206Z	78	PC: 13017 \| Find first file (See above)
2018-12-25T12:30:14.975619008Z	79	PC: 1302e \| Find next file
2018-12-25T12:30:14.978151074Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:14.981104279Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:14.984178976Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:14.986909447Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:14.989723264Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:14.992826748Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:14.995546177Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:14.998132001Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.007959039Z	42	PC: 12b66 \| Get date 0x12b66: pop si 0x12b67: ret 0x12b68: mov si, dx 0x12b6a: test byte ptr [si + 0x15], 0x10 0x12b6e: jne 0x12b7b 0x12b70: call 0x1301b 0x12b73: jb 0x12b61 0x12b75: test byte ptr [si + 0x15], 0x10 0x12b79: je 0x12b70 0x12b7b: cmp byte ptr [si + 0x1e], 0x2e 0x12b7f: je 0x12b70 0x12b81: call 0x12b9d 0x12b84: push ax 0x12b85: mov ah, 0x1a 0x12b87: int 0x21 0x12b89: pop ax 0x12b8a: push si 0x12b8b: mov si, 0x70b 0x12b8e: sub si, 0x103 0x12b92: add si, bx
2018-12-25T12:30:15.010653342Z	42	PC: 12aa6 \| Get date 0x12aa6: cmp al, 1 0x12aa8: je 0x12aae 0x12aaa: jne 0x12abd 0x12aac: int 0x20 0x12aae: mov ah, 5 0x12ab0: mov ch, 0 0x12ab2: mov cl, 2 0x12ab4: mov dh, 0 0x12ab6: mov dl, 2 0x12ab8: int 0x13 0x12aba: jmp 0x12abd 0x12abc: nop 0x12abd: mov si, 0xa99 0x12ac0: sub si, 0x103 0x12ac4: add si, bx 0x12ac6: mov dx, word ptr [si] 0x12ac8: push ds 0x12ac9: mov ax, word ptr [si + 2] 0x12acc: mov ds, ax 0x12ace: push bx
2018-12-25T12:30:15.013051831Z	26	PC: 12ad4 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11252,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:15.109055236Z	47	PC: 12a6d \| Get disk transfer address
2018-12-25T12:30:15.111680103Z	26	PC: 13007 \| Set disk transfer address
2018-12-25T12:30:15.113047584Z	78	PC: 13017 \| Find first file
2018-12-25T12:30:15.11923707Z	26	PC: 13007 \| Set disk transfer address (See above)
2018-12-25T12:30:15.120841575Z	78	PC: 13017 \| Find first file (See above)
2018-12-25T12:30:15.127661282Z	79	PC: 1302e \| Find next file
2018-12-25T12:30:15.1300981Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.132575216Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.135734927Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.138499161Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.144779973Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.148945583Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.152382071Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.155064347Z	79	PC: 1302e \| Find next file (See above)
2018-12-25T12:30:15.157984086Z	42	PC: 12b66 \| Get date 0x12b66: pop si 0x12b67: ret 0x12b68: mov si, dx 0x12b6a: test byte ptr [si + 0x15], 0x10 0x12b6e: jne 0x12b7b 0x12b70: call 0x1301b 0x12b73: jb 0x12b61 0x12b75: test byte ptr [si + 0x15], 0x10 0x12b79: je 0x12b70 0x12b7b: cmp byte ptr [si + 0x1e], 0x2e 0x12b7f: je 0x12b70 0x12b81: call 0x12b9d 0x12b84: push ax 0x12b85: mov ah, 0x1a 0x12b87: int 0x21 0x12b89: pop ax 0x12b8a: push si 0x12b8b: mov si, 0x70b 0x12b8e: sub si, 0x103 0x12b92: add si, bx
2018-12-25T12:30:15.160126377Z	42	PC: 12aa6 \| Get date 0x12aa6: cmp al, 1 0x12aa8: je 0x12aae 0x12aaa: jne 0x12abd 0x12aac: int 0x20 0x12aae: mov ah, 5 0x12ab0: mov ch, 0 0x12ab2: mov cl, 2 0x12ab4: mov dh, 0 0x12ab6: mov dl, 2 0x12ab8: int 0x13 0x12aba: jmp 0x12abd 0x12abc: nop 0x12abd: mov si, 0xa99 0x12ac0: sub si, 0x103 0x12ac4: add si, bx 0x12ac6: mov dx, word ptr [si] 0x12ac8: push ds 0x12ac9: mov ax, word ptr [si + 2] 0x12acc: mov ds, ax 0x12ace: push bx
2018-12-25T12:30:15.162671498Z	26	PC: 12ad4 \| Set disk transfer address