Sample viewer

vx.netlux.org/Virus.DOS.Dillinger.547

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:51.398307126Z	26	PC: 12b6c \| Set disk transfer address
2018-12-17T22:53:51.400210523Z	78	PC: 12b75 \| Find first file
2018-12-17T22:53:51.408998997Z	61	PC: 12ba4 \| Open file (Filename = '')
2018-12-17T22:53:51.417398297Z	63	PC: 12bb8 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:53:51.424722016Z	66	PC: 12c31 \| Move file pointer
2018-12-17T22:53:51.426210831Z	64	PC: 12c3f \| Write file or device (Write 954 bytes on handle 5)
2018-12-17T22:53:51.441227408Z	62	PC: 12c43 \| Close file
2018-12-17T22:53:51.449953018Z	44	PC: 12c4b \| Get time 0x12c4b: cmp ch, 0x12 0x12c4e: jl 0x12c87 0x12c50: mov cx, 0x1a 0x12c53: push cx 0x12c54: mov dx, 0x109 0x12c57: mov ah, 9 0x12c59: int 0x21 0x12c5b: pop cx 0x12c5c: loop 0x12c53 0x12c5e: mov cx, 0xa 0x12c61: push cx 0x12c62: mov ah, 0xb 0x12c64: mov bx, 4 0x12c67: int 0x10 0x12c69: mov cx, 0x12c 0x12c6c: dec ah 0x12c6e: jne 0x12c6c 0x12c70: dec cx 0x12c71: jne 0x12c6c 0x12c73: mov ah, 0xb
2018-12-17T22:53:51.452731876Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11357,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:24.069552707Z	26	PC: 12b6c \| Set disk transfer address
2018-12-25T12:30:24.07067897Z	78	PC: 12b75 \| Find first file
2018-12-25T12:30:24.07517741Z	61	PC: 12ba4 \| Open file (Filename = '')
2018-12-25T12:30:24.079546137Z	63	PC: 12bb8 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:30:24.083790041Z	66	PC: 12c31 \| Move file pointer
2018-12-25T12:30:24.085404492Z	64	PC: 12c3f \| Write file or device (Write 954 bytes on handle 5)
2018-12-25T12:30:24.098896094Z	62	PC: 12c43 \| Close file
2018-12-25T12:30:24.107592523Z	44	PC: 12c4b \| Get time 0x12c4b: cmp ch, 0x12 0x12c4e: jl 0x12c87 0x12c50: mov cx, 0x1a 0x12c53: push cx 0x12c54: mov dx, 0x109 0x12c57: mov ah, 9 0x12c59: int 0x21 0x12c5b: pop cx 0x12c5c: loop 0x12c53 0x12c5e: mov cx, 0xa 0x12c61: push cx 0x12c62: mov ah, 0xb 0x12c64: mov bx, 4 0x12c67: int 0x10 0x12c69: mov cx, 0x12c 0x12c6c: dec ah 0x12c6e: jne 0x12c6c 0x12c70: dec cx 0x12c71: jne 0x12c6c 0x12c73: mov ah, 0xb
2018-12-25T12:30:24.110526974Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":18,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11357,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:24.221853672Z	26	PC: 12b6c \| Set disk transfer address
2018-12-25T12:30:24.223312838Z	78	PC: 12b75 \| Find first file
2018-12-25T12:30:24.227521536Z	61	PC: 12ba4 \| Open file (Filename = '')
2018-12-25T12:30:24.233751096Z	63	PC: 12bb8 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:30:24.240289634Z	66	PC: 12c31 \| Move file pointer
2018-12-25T12:30:24.241467039Z	64	PC: 12c3f \| Write file or device (Write 954 bytes on handle 5)
2018-12-25T12:30:24.25419904Z	62	PC: 12c43 \| Close file
2018-12-25T12:30:24.262330135Z	44	PC: 12c4b \| Get time 0x12c4b: cmp ch, 0x12 0x12c4e: jl 0x12c87 0x12c50: mov cx, 0x1a 0x12c53: push cx 0x12c54: mov dx, 0x109 0x12c57: mov ah, 9 0x12c59: int 0x21 0x12c5b: pop cx 0x12c5c: loop 0x12c53 0x12c5e: mov cx, 0xa 0x12c61: push cx 0x12c62: mov ah, 0xb 0x12c64: mov bx, 4 0x12c67: int 0x10 0x12c69: mov cx, 0x12c 0x12c6c: dec ah 0x12c6e: jne 0x12c6c 0x12c70: dec cx 0x12c71: jne 0x12c6c 0x12c73: mov ah, 0xb
2018-12-25T12:30:24.26425195Z	9	PC: 12c5b \| Display string (String= ' Hey YOU !!! Don't be silly ... I'm DILLINGER. ')
2018-12-25T12:30:24.272393564Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.27896165Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.286350752Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.293702123Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.301548319Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.309109058Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.315232251Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.323380557Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.332553024Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.340398959Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.347940012Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.354896527Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.362263284Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.369717838Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.377763299Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.385151064Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.393189589Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.399712817Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.407090593Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.413456858Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.421247827Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.427322555Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.432750619Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.440582146Z	9	PC: 12c5b \| Display string (See above)
2018-12-25T12:30:24.448238878Z	9	PC: 12c5b \| Display string (See above)