Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Elben.159

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:04.177371781Z	78	PC: 12a76 \| Find first file
2018-12-17T22:54:04.184738629Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.188361344Z	61	PC: 12a59 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:54:04.195662679Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.20388842Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.220867253Z	79	PC: 12a84 \| Find next file
2018-12-17T22:54:04.224890961Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.228013116Z	61	PC: 12a59 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:54:04.23662355Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.245337498Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.254230572Z	79	PC: 12a84 \| Find next file
2018-12-17T22:54:04.266072427Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.275078253Z	61	PC: 12a59 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:54:04.302914991Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.31749592Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.334648409Z	79	PC: 12a84 \| Find next file
2018-12-17T22:54:04.337971972Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.347833276Z	61	PC: 12a59 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:54:04.362099233Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.379388008Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.400235909Z	79	PC: 12a84 \| Find next file
2018-12-17T22:54:04.410652075Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.413479155Z	61	PC: 12a59 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:54:04.421018677Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.430005288Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.439887701Z	79	PC: 12a84 \| Find next file
2018-12-17T22:54:04.443108961Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.445984874Z	61	PC: 12a59 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:54:04.456059538Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.463528277Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.472206559Z	79	PC: 12a84 \| Find next file
2018-12-17T22:54:04.476255725Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.486969309Z	61	PC: 12a59 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:54:04.495746035Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.504804821Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.514772264Z	79	PC: 12a84 \| Find next file
2018-12-17T22:54:04.520123185Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-17T22:54:04.525043968Z	61	PC: 12a59 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:54:04.533034478Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-17T22:54:04.536667181Z	62	PC: 12a69 \| Close file
2018-12-17T22:54:04.546988348Z	79	PC: 12a84 \| Find next file

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11428,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:33.508128529Z	78	PC: 12a76 \| Find first file
2018-12-25T12:30:33.514513055Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-25T12:30:33.518094164Z	61	PC: 12a59 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:33.524590221Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-25T12:30:33.530723798Z	62	PC: 12a69 \| Close file
2018-12-25T12:30:33.549459438Z	79	PC: 12a84 \| Find next file
2018-12-25T12:30:33.552378916Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.554834742Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.564582438Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.571636621Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.579577303Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.582707965Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.585313872Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.592510845Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.59971366Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.609270191Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.611905428Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.613929468Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.620698102Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.627803312Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.63553841Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.639398132Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.641855426Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.648398828Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.653955388Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.659021329Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.66099381Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.668463247Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.679977004Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.687294164Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.696319716Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.699896928Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.702459165Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.708999792Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.715373038Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.72295266Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.72560775Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.729049873Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.735430858Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.743251223Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.752057374Z	79	PC: 12a84 \| Find next file (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":11428,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:33.757828562Z	78	PC: 12a76 \| Find first file
2018-12-25T12:30:33.76507379Z	44	PC: 12ad5 \| Get time 0x12ad5: cmp dh, 0 0x12ad8: je 0x12ad1 0x12ada: mov byte ptr [0x152], dh 0x12ade: ret 0x12adf: mov dl, byte ptr [bx] 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret
2018-12-25T12:30:33.769754519Z	61	PC: 12a59 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:30:33.777351052Z	64	PC: 12a65 \| Write file or device (Write 159 bytes on handle 5)
2018-12-25T12:30:33.786845356Z	62	PC: 12a69 \| Close file
2018-12-25T12:30:33.82123732Z	79	PC: 12a84 \| Find next file
2018-12-25T12:30:33.824918641Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.827845832Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.83719841Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.844887869Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.854360703Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.858340375Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.861034414Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.868898335Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.877022847Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.887341909Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.891657828Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.89435539Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.90259294Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.910081927Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.91983973Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.924777451Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.927384345Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.935415325Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.945277238Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.954892379Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.960408605Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.964473419Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:33.97249978Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:33.980440293Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:33.990513872Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:33.994913441Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:33.997959952Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:34.005742391Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:34.026584054Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:34.047563558Z	79	PC: 12a84 \| Find next file (See above)
2018-12-25T12:30:34.050860671Z	44	PC: 12ad5 \| Get time (See above)
2018-12-25T12:30:34.054208693Z	61	PC: 12a59 \| Open file (See above)
2018-12-25T12:30:34.062567105Z	64	PC: 12a65 \| Write file or device (See above)
2018-12-25T12:30:34.066200986Z	62	PC: 12a69 \| Close file (See above)
2018-12-25T12:30:34.076393534Z	79	PC: 12a84 \| Find next file (See above)