Sample viewer

vx.netlux.org/Virus.DOS.BrPI.Kobrin.489

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:53.778162254Z 26 PC: 12a47 | Set disk transfer address
2018-12-17T22:53:53.779937228Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:53.782197824Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a63
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a63
0x12a61: jmp 0x12a6e
0x12a63: jmp 0x12b37
0x12a66: sub ch, byte ptr [0x4f43]
0x12a6a: dec bp
0x12a6b: add byte ptr [di + 2], ch
0x12a6e: mov dx, 0x126
0x12a71: mov cx, 0x23
0x12a74: mov ah, 0x4e
0x12a76: int 0x21
0x12a78: jb 0x12aa3
0x12a7a: mov cx, 0x20
0x12a7d: mov ax, 0x4301
0x12a80: mov dx, 0xff1e
0x12a83: int 0x21
0x12a85: jb 0x12aa3
0x12a87: mov dx, 0xff1e
2018-12-17T22:53:53.785026688Z 78 PC: 12a78 | Find first file
2018-12-17T22:53:53.791934043Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:53.810600917Z 61 PC: 12a8f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:53.818142874Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:53.820059885Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:53.828445707Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:53.831482732Z 62 PC: 12b16 | Close file
2018-12-17T22:53:53.833905743Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:53.845116Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:53.84860261Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:53.859493137Z 61 PC: 12a8f | Open file (Filename = 'PRINT.COM')
2018-12-17T22:53:53.866584067Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:53.869262257Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:53.87635499Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:53.878043632Z 62 PC: 12b16 | Close file
2018-12-17T22:53:53.881218696Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:53.892243285Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:53.895199648Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:53.907616542Z 61 PC: 12a8f | Open file (Filename = 'HELLO.COM')
2018-12-17T22:53:53.915116189Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:53.916625434Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:53.924264524Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:53.926637351Z 62 PC: 12b16 | Close file
2018-12-17T22:53:53.929163446Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:53.940957891Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:53.944087229Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:53.954568777Z 61 PC: 12a8f | Open file (Filename = 'PHANG.COM')
2018-12-17T22:53:53.961976522Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:53.963888925Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:53.971183998Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:53.972876187Z 62 PC: 12b16 | Close file
2018-12-17T22:53:53.976369488Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:53.987423171Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:53.990667876Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:54.001706732Z 61 PC: 12a8f | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:53:54.00945658Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:54.011103954Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:54.01895426Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:54.020469185Z 62 PC: 12b16 | Close file
2018-12-17T22:53:54.022719042Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:54.037479959Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:54.040590892Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:54.051586326Z 61 PC: 12a8f | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:53:54.060494329Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:54.062212276Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:54.069154707Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:54.072817487Z 64 PC: 12aec | Write file or device (Write 489 bytes on handle 5)
2018-12-17T22:53:54.081940574Z 66 PC: 12af7 | Move file pointer
2018-12-17T22:53:54.083968794Z 64 PC: 12b01 | Write file or device (Write 489 bytes on handle 5)
2018-12-17T22:53:54.092127599Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T22:53:54.09452884Z 62 PC: 12b16 | Close file
2018-12-17T22:53:54.103736966Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:54.116208823Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:54.120431004Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:54.131115845Z 61 PC: 12a8f | Open file (Filename = 'PAH.COM')
2018-12-17T22:53:54.138514984Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:54.141625827Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:54.14877724Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:54.150390941Z 62 PC: 12b16 | Close file
2018-12-17T22:53:54.153083138Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:54.163877825Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:54.166623653Z 67 PC: 12a85 | Get or set file attributes
2018-12-17T22:53:54.178316868Z 61 PC: 12a8f | Open file (Filename = 'TEST.COM')
2018-12-17T22:53:54.185656895Z 87 PC: 12aab | Get or set file date and time
2018-12-17T22:53:54.187612609Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-17T22:53:54.191053192Z 66 PC: 12ad0 | Move file pointer
2018-12-17T22:53:54.193385092Z 64 PC: 12aec | Write file or device (Write 489 bytes on handle 5)
2018-12-17T22:53:54.202306941Z 66 PC: 12af7 | Move file pointer
2018-12-17T22:53:54.204155373Z 64 PC: 12b01 | Write file or device (Write 489 bytes on handle 5)
2018-12-17T22:53:54.207979426Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T22:53:54.209666966Z 62 PC: 12b16 | Close file
2018-12-17T22:53:54.218209432Z 67 PC: 12b26 | Get or set file attributes
2018-12-17T22:53:54.229534125Z 79 PC: 12b2f | Find next file
2018-12-17T22:53:54.232521526Z 37 PC: 12bc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:53:54.234440401Z 9 PC: 12a8a | Display string (Could not find end pointer)
2018-12-17T22:53:54.258147853Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11370,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:26.706813697Z 26 PC: 12a47 | Set disk transfer address
2018-12-25T12:30:26.70859024Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:26.710967652Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a63
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a63
0x12a61: jmp 0x12a6e
0x12a63: jmp 0x12b37
0x12a66: sub ch, byte ptr [0x4f43]
0x12a6a: dec bp
0x12a6b: add byte ptr [di + 2], ch
0x12a6e: mov dx, 0x126
0x12a71: mov cx, 0x23
0x12a74: mov ah, 0x4e
0x12a76: int 0x21
0x12a78: jb 0x12aa3
0x12a7a: mov cx, 0x20
0x12a7d: mov ax, 0x4301
0x12a80: mov dx, 0xff1e
0x12a83: int 0x21
0x12a85: jb 0x12aa3
0x12a87: mov dx, 0xff1e
2018-12-25T12:30:26.713944416Z 78 PC: 12a78 | Find first file
2018-12-25T12:30:26.721045639Z 67 PC: 12a85 | Get or set file attributes
2018-12-25T12:30:26.738529418Z 61 PC: 12a8f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:26.746302983Z 87 PC: 12aab | Get or set file date and time
2018-12-25T12:30:26.748283042Z 63 PC: 12ac5 | Read file or device (Read 489 bytes on handle 5)
2018-12-25T12:30:26.758182046Z 66 PC: 12ad0 | Move file pointer
2018-12-25T12:30:26.760212085Z 62 PC: 12b16 | Close file
2018-12-25T12:30:26.762584444Z 67 PC: 12b26 | Get or set file attributes
2018-12-25T12:30:26.775227901Z 79 PC: 12b2f | Find next file
2018-12-25T12:30:26.778262805Z 67 PC: 12a85 | Get or set file attributes (See above)
2018-12-25T12:30:26.789323628Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:30:26.798349014Z 87 PC: 12aab | Get or set file date and time (See above)
2018-12-25T12:30:26.800202946Z 63 PC: 12ac5 | Read file or device (See above)
2018-12-25T12:30:26.807555732Z 66 PC: 12ad0 | Move file pointer (See above)
2018-12-25T12:30:26.809512367Z 62 PC: 12b16 | Close file (See above)
2018-12-25T12:30:26.812732942Z 67 PC: 12b26 | Get or set file attributes (See above)
2018-12-25T12:30:26.824975076Z 79 PC: 12b2f | Find next file (See above)
2018-12-25T12:30:26.828568758Z 67 PC: 12a85 | Get or set file attributes (See above)
2018-12-25T12:30:26.841404048Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:30:26.849999101Z 87 PC: 12aab | Get or set file date and time (See above)
2018-12-25T12:30:26.852162183Z 63 PC: 12ac5 | Read file or device (See above)
2018-12-25T12:30:26.861413679Z 66 PC: 12ad0 | Move file pointer (See above)
2018-12-25T12:30:26.863359375Z 62 PC: 12b16 | Close file (See above)
2018-12-25T12:30:26.865652488Z 67 PC: 12b26 | Get or set file attributes (See above)
2018-12-25T12:30:26.878137458Z 79 PC: 12b2f | Find next file (See above)
2018-12-25T12:30:26.881263089Z 67 PC: 12a85 | Get or set file attributes (See above)
2018-12-25T12:30:26.892220381Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:30:26.902021901Z 87 PC: 12aab | Get or set file date and time (See above)
2018-12-25T12:30:26.904076045Z 63 PC: 12ac5 | Read file or device (See above)
2018-12-25T12:30:26.911603455Z 66 PC: 12ad0 | Move file pointer (See above)
2018-12-25T12:30:26.913836829Z 62 PC: 12b16 | Close file (See above)
2018-12-25T12:30:26.916577379Z 67 PC: 12b26 | Get or set file attributes (See above)
2018-12-25T12:30:26.927964825Z 79 PC: 12b2f | Find next file (See above)
2018-12-25T12:30:26.931609174Z 67 PC: 12a85 | Get or set file attributes (See above)
2018-12-25T12:30:26.943659233Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:30:26.95141528Z 87 PC: 12aab | Get or set file date and time (See above)
2018-12-25T12:30:26.953327699Z 63 PC: 12ac5 | Read file or device (See above)
2018-12-25T12:30:26.961235392Z 66 PC: 12ad0 | Move file pointer (See above)
2018-12-25T12:30:26.96315072Z 62 PC: 12b16 | Close file (See above)
2018-12-25T12:30:26.96550862Z 67 PC: 12b26 | Get or set file attributes (See above)
2018-12-25T12:30:26.978729259Z 79 PC: 12b2f | Find next file (See above)
2018-12-25T12:30:26.981803168Z 67 PC: 12a85 | Get or set file attributes (See above)
2018-12-25T12:30:26.992662855Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:30:27.001069217Z 87 PC: 12aab | Get or set file date and time (See above)
2018-12-25T12:30:27.003154495Z 63 PC: 12ac5 | Read file or device (See above)
2018-12-25T12:30:27.010280826Z 66 PC: 12ad0 | Move file pointer (See above)
2018-12-25T12:30:27.012400139Z 64 PC: 12aec | Write file or device (Write 489 bytes on handle 5)
2018-12-25T12:30:27.021955956Z 66 PC: 12af7 | Move file pointer
2018-12-25T12:30:27.02392539Z 64 PC: 12b01 | Write file or device (Write 489 bytes on handle 5)
2018-12-25T12:30:27.031511116Z 87 PC: 12b10 | Get or set file date and time
2018-12-25T12:30:27.034568168Z 62 PC: 12b16 | Close file (See above)
2018-12-25T12:30:27.043400027Z 67 PC: 12b26 | Get or set file attributes (See above)
2018-12-25T12:30:27.054376548Z 79 PC: 12b2f | Find next file (See above)
2018-12-25T12:30:27.058649784Z 67 PC: 12a85 | Get or set file attributes (See above)
2018-12-25T12:30:27.069653123Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:30:27.077430691Z 87 PC: 12aab | Get or set file date and time (See above)
2018-12-25T12:30:27.079862718Z 63 PC: 12ac5 | Read file or device (See above)
2018-12-25T12:30:27.087295197Z 66 PC: 12ad0 | Move file pointer (See above)
2018-12-25T12:30:27.089189624Z 62 PC: 12b16 | Close file (See above)
2018-12-25T12:30:27.092315859Z 67 PC: 12b26 | Get or set file attributes (See above)
2018-12-25T12:30:27.104404545Z 79 PC: 12b2f | Find next file (See above)
2018-12-25T12:30:27.107259302Z 67 PC: 12a85 | Get or set file attributes (See above)
2018-12-25T12:30:27.118131168Z 61 PC: 12a8f | Open file (See above)
2018-12-25T12:30:27.125813724Z 87 PC: 12aab | Get or set file date and time (See above)
2018-12-25T12:30:27.127860824Z 63 PC: 12ac5 | Read file or device (See above)
2018-12-25T12:30:27.131075441Z 66 PC: 12ad0 | Move file pointer (See above)
2018-12-25T12:30:27.133408538Z 64 PC: 12aec | Write file or device (See above)
2018-12-25T12:30:27.143158849Z 66 PC: 12af7 | Move file pointer (See above)
2018-12-25T12:30:27.145012797Z 64 PC: 12b01 | Write file or device (See above)
2018-12-25T12:30:27.149010488Z 87 PC: 12b10 | Get or set file date and time (See above)
2018-12-25T12:30:27.152142412Z 62 PC: 12b16 | Close file (See above)
2018-12-25T12:30:27.160933547Z 67 PC: 12b26 | Get or set file attributes (See above)
2018-12-25T12:30:27.173306669Z 79 PC: 12b2f | Find next file (See above)
2018-12-25T12:30:27.176433503Z 37 PC: 12bc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:27.178447058Z 9 PC: 12a8a | Display string (Could not find end pointer)
2018-12-25T12:30:27.199023137Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11370,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:18.955291074Z 26 PC: 12a47 | Set disk transfer address
2018-12-25T13:07:18.957333951Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:18.960978608Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a63
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a63
0x12a61: jmp 0x12a6e
0x12a63: jmp 0x12b37
0x12a66: sub ch, byte ptr [0x4f43]
0x12a6a: dec bp
0x12a6b: add byte ptr [di + 2], ch
0x12a6e: mov dx, 0x126
0x12a71: mov cx, 0x23
0x12a74: mov ah, 0x4e
0x12a76: int 0x21
0x12a78: jb 0x12aa3
0x12a7a: mov cx, 0x20
0x12a7d: mov ax, 0x4301
0x12a80: mov dx, 0xff1e
0x12a83: int 0x21
0x12a85: jb 0x12aa3
0x12a87: mov dx, 0xff1e
2018-12-25T13:07:20.359109101Z 37 PC: 12bc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:20.362328265Z 9 PC: 12a8a | Display string (Could not find end pointer)
2018-12-25T13:07:20.383148146Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11370,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:27.254726139Z 26 PC: 12a47 | Set disk transfer address
2018-12-25T12:30:27.256035445Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:27.257936038Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a63
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a63
0x12a61: jmp 0x12a6e
0x12a63: jmp 0x12b37
0x12a66: sub ch, byte ptr [0x4f43]
0x12a6a: dec bp
0x12a6b: add byte ptr [di + 2], ch
0x12a6e: mov dx, 0x126
0x12a71: mov cx, 0x23
0x12a74: mov ah, 0x4e
0x12a76: int 0x21
0x12a78: jb 0x12aa3
0x12a7a: mov cx, 0x20
0x12a7d: mov ax, 0x4301
0x12a80: mov dx, 0xff1e
0x12a83: int 0x21
0x12a85: jb 0x12aa3
0x12a87: mov dx, 0xff1e
2018-12-25T12:30:27.270488858Z 37 PC: 12bc5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:30:27.275359603Z 9 PC: 12a8a | Display string (Could not find end pointer)
2018-12-25T12:30:27.292632643Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')