Sample viewer

vx.netlux.org/Virus.DOS.Swastika.442

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:35.899943596Z	25	PC: 12a44 \| Get default drive
2018-12-17T22:54:35.9016478Z	26	PC: 12a4d \| Set disk transfer address
2018-12-17T22:54:35.902952624Z	14	PC: 12a55 \| Set default drive (Drive = 'C')
2018-12-17T22:54:35.904232788Z	71	PC: 12a66 \| Get current directory
2018-12-17T22:54:35.907081458Z	78	PC: 12a8e \| Find first file
2018-12-17T22:54:35.912565709Z	61	PC: 12abc \| Open file (Filename = '\COMMAND.COM')
2018-12-17T22:54:35.91873833Z	63	PC: 12ac8 \| Read file or device (Read 65534 bytes on handle 5)
2018-12-17T22:54:35.938043337Z	66	PC: 12ad1 \| Move file pointer
2018-12-17T22:54:35.939329299Z	64	PC: 12adb \| Write file or device (Write 442 bytes on handle 5)
2018-12-17T22:54:35.94196563Z	64	PC: 12ae4 \| Write file or device (Write 54645 bytes on handle 5)
2018-12-17T22:54:36.30230362Z	87	PC: 12aff \| Get or set file date and time
2018-12-17T22:54:36.305041615Z	62	PC: 12b03 \| Close file
2018-12-17T22:54:36.312234195Z	67	PC: 12b0b \| Get or set file attributes
2018-12-17T22:54:36.320399867Z	67	PC: 12b11 \| Get or set file attributes
2018-12-17T22:54:36.329799909Z	79	PC: 12a8e \| Find next file
2018-12-17T22:54:36.332565936Z	14	PC: 12a55 \| Set default drive (Drive = 'D')
2018-12-17T22:54:36.335247088Z	71	PC: 12a66 \| Get current directory
2018-12-17T22:54:36.337955246Z	78	PC: 12a8e \| Find first file
2018-12-17T22:54:36.343563828Z	79	PC: 12a8e \| Find next file
2018-12-17T22:54:36.346960341Z	14	PC: 12a55 \| Set default drive (Drive = 'E')
2018-12-17T22:54:36.348741329Z	71	PC: 12a66 \| Get current directory
2018-12-17T22:54:36.351216956Z	78	PC: 12a8e \| Find first file
2018-12-17T22:54:36.356824201Z	79	PC: 12a8e \| Find next file
2018-12-17T22:54:36.35978348Z	42	PC: 12b89 \| Get date 0x12b89: cmp dh, 0xb 0x12b8c: jl 0x12bcf 0x12b8e: mov ah, 0xf 0x12b90: int 0x10 0x12b92: push bx 0x12b93: push ax 0x12b94: mov ax, 0xe 0x12b97: int 0x10 0x12b99: mov cx, word ptr [0x1d7] 0x12b9d: mov bp, 0x1d9 0x12ba0: push cx 0x12ba1: mov cl, byte ptr [bp] 0x12ba4: inc bp 0x12ba5: mov bl, byte ptr [bp] 0x12ba8: mov bh, 0 0x12baa: mov ax, 0xedb 0x12bad: int 0x10 0x12baf: int 0x10 0x12bb1: loop 0x12bad 0x12bb3: inc bp
2018-12-17T22:54:43.413699394Z	14	PC: 12bd4 \| Set default drive (Drive = 'A')
2018-12-17T22:54:43.415000975Z	2	PC: 12a40 \| Character output (Char = '0d')
2018-12-17T22:54:43.416926199Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11607,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:53.049691324Z	25	PC: 12a44 \| Get default drive
2018-12-25T12:30:53.051832699Z	26	PC: 12a4d \| Set disk transfer address
2018-12-25T12:30:53.052902709Z	14	PC: 12a55 \| Set default drive (Drive = 'C')
2018-12-25T12:30:53.054130999Z	71	PC: 12a66 \| Get current directory
2018-12-25T12:30:53.05706047Z	78	PC: 12a8e \| Find first file
2018-12-25T12:30:53.063259905Z	61	PC: 12abc \| Open file (Filename = '\COMMAND.COM')
2018-12-25T12:30:53.069075209Z	63	PC: 12ac8 \| Read file or device (Read 65534 bytes on handle 5)
2018-12-25T12:30:53.08270379Z	66	PC: 12ad1 \| Move file pointer
2018-12-25T12:30:53.084203492Z	64	PC: 12adb \| Write file or device (Write 442 bytes on handle 5)
2018-12-25T12:30:53.086841326Z	64	PC: 12ae4 \| Write file or device (Write 54645 bytes on handle 5)
2018-12-25T12:30:53.421581117Z	87	PC: 12aff \| Get or set file date and time
2018-12-25T12:30:53.426142354Z	62	PC: 12b03 \| Close file
2018-12-25T12:30:53.432832192Z	67	PC: 12b0b \| Get or set file attributes
2018-12-25T12:30:53.43832872Z	67	PC: 12b11 \| Get or set file attributes
2018-12-25T12:30:53.449081394Z	79	PC: 12a8e \| Find next file (See above)
2018-12-25T12:30:53.451839458Z	14	PC: 12a55 \| Set default drive (See above)
2018-12-25T12:30:53.453341356Z	71	PC: 12a66 \| Get current directory (See above)
2018-12-25T12:30:53.456982531Z	78	PC: 12a8e \| Find first file (See above)
2018-12-25T12:30:53.462226838Z	79	PC: 12a8e \| Find next file (See above)
2018-12-25T12:30:53.464568388Z	14	PC: 12a55 \| Set default drive (See above)
2018-12-25T12:30:53.466510863Z	71	PC: 12a66 \| Get current directory (See above)
2018-12-25T12:30:53.469447568Z	78	PC: 12a8e \| Find first file (See above)
2018-12-25T12:30:53.474980243Z	79	PC: 12a8e \| Find next file (See above)
2018-12-25T12:30:53.478576242Z	42	PC: 12b89 \| Get date 0x12b89: cmp dh, 0xb 0x12b8c: jl 0x12bcf 0x12b8e: mov ah, 0xf 0x12b90: int 0x10 0x12b92: push bx 0x12b93: push ax 0x12b94: mov ax, 0xe 0x12b97: int 0x10 0x12b99: mov cx, word ptr [0x1d7] 0x12b9d: mov bp, 0x1d9 0x12ba0: push cx 0x12ba1: mov cl, byte ptr [bp] 0x12ba4: inc bp 0x12ba5: mov bl, byte ptr [bp] 0x12ba8: mov bh, 0 0x12baa: mov ax, 0xedb 0x12bad: int 0x10 0x12baf: int 0x10 0x12bb1: loop 0x12bad 0x12bb3: inc bp
2018-12-25T12:30:53.486402807Z	14	PC: 12bd4 \| Set default drive (Drive = 'A')
2018-12-25T12:30:53.48844978Z	2	PC: 12a40 \| Character output (Char = '0d')
2018-12-25T12:30:53.491227418Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11607,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:53.129618066Z	25	PC: 12a44 \| Get default drive
2018-12-25T12:30:53.130966607Z	26	PC: 12a4d \| Set disk transfer address
2018-12-25T12:30:53.132741511Z	14	PC: 12a55 \| Set default drive (Drive = 'C')
2018-12-25T12:30:53.134231898Z	71	PC: 12a66 \| Get current directory
2018-12-25T12:30:53.137208362Z	78	PC: 12a8e \| Find first file
2018-12-25T12:30:53.143490467Z	61	PC: 12abc \| Open file (Filename = '\COMMAND.COM')
2018-12-25T12:30:53.153574277Z	63	PC: 12ac8 \| Read file or device (Read 65534 bytes on handle 5)
2018-12-25T12:30:53.171295879Z	66	PC: 12ad1 \| Move file pointer
2018-12-25T12:30:53.17298073Z	64	PC: 12adb \| Write file or device (Write 442 bytes on handle 5)
2018-12-25T12:30:53.177724683Z	64	PC: 12ae4 \| Write file or device (Write 54645 bytes on handle 5)
2018-12-25T12:30:53.528095434Z	87	PC: 12aff \| Get or set file date and time
2018-12-25T12:30:53.529921999Z	62	PC: 12b03 \| Close file
2018-12-25T12:30:53.538246925Z	67	PC: 12b0b \| Get or set file attributes
2018-12-25T12:30:53.5447913Z	67	PC: 12b11 \| Get or set file attributes
2018-12-25T12:30:53.55463455Z	79	PC: 12a8e \| Find next file (See above)
2018-12-25T12:30:53.557323135Z	14	PC: 12a55 \| Set default drive (See above)
2018-12-25T12:30:53.560063194Z	71	PC: 12a66 \| Get current directory (See above)
2018-12-25T12:30:53.56317686Z	78	PC: 12a8e \| Find first file (See above)
2018-12-25T12:30:53.570279619Z	79	PC: 12a8e \| Find next file (See above)
2018-12-25T12:30:53.574545187Z	14	PC: 12a55 \| Set default drive (See above)
2018-12-25T12:30:53.57645872Z	71	PC: 12a66 \| Get current directory (See above)
2018-12-25T12:30:53.579676542Z	78	PC: 12a8e \| Find first file (See above)
2018-12-25T12:30:53.587322972Z	79	PC: 12a8e \| Find next file (See above)
2018-12-25T12:30:53.59047336Z	42	PC: 12b89 \| Get date 0x12b89: cmp dh, 0xb 0x12b8c: jl 0x12bcf 0x12b8e: mov ah, 0xf 0x12b90: int 0x10 0x12b92: push bx 0x12b93: push ax 0x12b94: mov ax, 0xe 0x12b97: int 0x10 0x12b99: mov cx, word ptr [0x1d7] 0x12b9d: mov bp, 0x1d9 0x12ba0: push cx 0x12ba1: mov cl, byte ptr [bp] 0x12ba4: inc bp 0x12ba5: mov bl, byte ptr [bp] 0x12ba8: mov bh, 0 0x12baa: mov ax, 0xedb 0x12bad: int 0x10 0x12baf: int 0x10 0x12bb1: loop 0x12bad 0x12bb3: inc bp
2018-12-25T12:31:00.653683981Z	14	PC: 12bd4 \| Set default drive (Drive = 'A')
2018-12-25T12:31:00.656903091Z	2	PC: 12a40 \| Character output (Char = '0d')
2018-12-25T12:31:00.660213308Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')