Sample viewer

vx.netlux.org/Virus.DOS.Oksana.1530

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:54:45.357000689Z 26 PC: 12b85 | Set disk transfer address
2018-12-17T22:54:45.358998056Z 78 PC: 12b8f | Find first file
2018-12-17T22:54:45.365839306Z 42 PC: 12baf | Get date 0x12baf: cmp dh, 0xa
0x12bb2: je 0x12bb7
0x12bb4: jmp 0x12bd6
0x12bb6: nop
0x12bb7: cmp dl, 0x15
0x12bba: je 0x12bbf
0x12bbc: jmp 0x12bd6
0x12bbe: nop
0x12bbf: mov ax, 6
0x12bc2: int 0x10
0x12bc4: mov ax, 0xe07
0x12bc7: int 0x10
0x12bc9: push cs
0x12bca: pop ds
0x12bcb: mov ah, 9
0x12bcd: mov dx, 0x5b8
0x12bd0: int 0x21
0x12bd2: mov ah, 0
0x12bd4: int 0x16
0x12bd6: push cs
2018-12-17T22:54:45.368423217Z 67 PC: 12be1 | Get or set file attributes
2018-12-17T22:54:45.37475632Z 67 PC: 12bed | Get or set file attributes
2018-12-17T22:54:45.392471075Z 61 PC: 12bf6 | Open file (Filename = ' 00�ЊĴ��´���:�.��)�')
2018-12-17T22:54:45.4002718Z 63 PC: 12c0b | Read file or device (Read 22 bytes on handle 5)
2018-12-17T22:54:45.407542337Z 66 PC: 12c86 | Move file pointer
2018-12-17T22:54:45.410003037Z 64 PC: 12cc9 | Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:54:45.413127314Z 66 PC: 12cd2 | Move file pointer
2018-12-17T22:54:45.415031666Z 64 PC: 12d12 | Write file or device (Write 1530 bytes on handle 5)
2018-12-17T22:54:45.425921642Z 66 PC: 12d28 | Move file pointer
2018-12-17T22:54:45.428563422Z 64 PC: 12d3f | Write file or device (Write 22 bytes on handle 5)
2018-12-17T22:54:45.438900347Z 62 PC: 12d48 | Close file
2018-12-17T22:54:45.450039903Z 60 PC: 12d8a | Create or truncate file
2018-12-17T22:54:45.463404293Z 64 PC: 12db8 | Write file or device (Write 256 bytes on handle 5)
2018-12-17T22:54:45.467581572Z 62 PC: 12dbc | Close file
2018-12-17T22:54:45.47674461Z 0 PC: 12a45 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11662,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:05.23665758Z 26 PC: 12b85 | Set disk transfer address
2018-12-25T12:31:05.238033844Z 78 PC: 12b8f | Find first file
2018-12-25T12:31:05.243858772Z 42 PC: 12baf | Get date 0x12baf: cmp dh, 0xa
0x12bb2: je 0x12bb7
0x12bb4: jmp 0x12bd6
0x12bb6: nop
0x12bb7: cmp dl, 0x15
0x12bba: je 0x12bbf
0x12bbc: jmp 0x12bd6
0x12bbe: nop
0x12bbf: mov ax, 6
0x12bc2: int 0x10
0x12bc4: mov ax, 0xe07
0x12bc7: int 0x10
0x12bc9: push cs
0x12bca: pop ds
0x12bcb: mov ah, 9
0x12bcd: mov dx, 0x5b8
0x12bd0: int 0x21
0x12bd2: mov ah, 0
0x12bd4: int 0x16
0x12bd6: push cs
2018-12-25T12:31:05.246098832Z 67 PC: 12be1 | Get or set file attributes
2018-12-25T12:31:05.251249321Z 67 PC: 12bed | Get or set file attributes
2018-12-25T12:31:05.267401116Z 61 PC: 12bf6 | Open file (Filename = ' 00�ЊĴ��´���:�.��)�')
2018-12-25T12:31:05.274883972Z 63 PC: 12c0b | Read file or device (Read 22 bytes on handle 5)
2018-12-25T12:31:05.282444845Z 66 PC: 12c86 | Move file pointer
2018-12-25T12:31:05.284964138Z 64 PC: 12cc9 | Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:05.287988483Z 66 PC: 12cd2 | Move file pointer
2018-12-25T12:31:05.289759303Z 64 PC: 12d12 | Write file or device (Write 1530 bytes on handle 5)
2018-12-25T12:31:05.300594352Z 66 PC: 12d28 | Move file pointer
2018-12-25T12:31:05.302601987Z 64 PC: 12d3f | Write file or device (Write 22 bytes on handle 5)
2018-12-25T12:31:05.31070572Z 62 PC: 12d48 | Close file
2018-12-25T12:31:05.321672992Z 60 PC: 12d8a | Create or truncate file
2018-12-25T12:31:05.336059489Z 64 PC: 12db8 | Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:31:05.340422501Z 62 PC: 12dbc | Close file
2018-12-25T12:31:05.351007995Z 0 PC: 12a45 | Program terminate

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11662,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:05.269176131Z 26 PC: 12b85 | Set disk transfer address
2018-12-25T12:31:05.271289928Z 78 PC: 12b8f | Find first file
2018-12-25T12:31:05.277713614Z 42 PC: 12baf | Get date 0x12baf: cmp dh, 0xa
0x12bb2: je 0x12bb7
0x12bb4: jmp 0x12bd6
0x12bb6: nop
0x12bb7: cmp dl, 0x15
0x12bba: je 0x12bbf
0x12bbc: jmp 0x12bd6
0x12bbe: nop
0x12bbf: mov ax, 6
0x12bc2: int 0x10
0x12bc4: mov ax, 0xe07
0x12bc7: int 0x10
0x12bc9: push cs
0x12bca: pop ds
0x12bcb: mov ah, 9
0x12bcd: mov dx, 0x5b8
0x12bd0: int 0x21
0x12bd2: mov ah, 0
0x12bd4: int 0x16
0x12bd6: push cs
2018-12-25T12:31:05.280103723Z 67 PC: 12be1 | Get or set file attributes
2018-12-25T12:31:05.298777236Z 67 PC: 12bed | Get or set file attributes
2018-12-25T12:31:05.316913033Z 61 PC: 12bf6 | Open file (Filename = ' 00�ЊĴ��´���:�.��)�')
2018-12-25T12:31:05.336033068Z 63 PC: 12c0b | Read file or device (Read 22 bytes on handle 5)
2018-12-25T12:31:05.344014911Z 66 PC: 12c86 | Move file pointer
2018-12-25T12:31:05.349875103Z 64 PC: 12cc9 | Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:05.352752826Z 66 PC: 12cd2 | Move file pointer
2018-12-25T12:31:05.382302241Z 64 PC: 12d12 | Write file or device (Write 1530 bytes on handle 5)
2018-12-25T12:31:05.391126856Z 66 PC: 12d28 | Move file pointer
2018-12-25T12:31:05.392603936Z 64 PC: 12d3f | Write file or device (Write 22 bytes on handle 5)
2018-12-25T12:31:05.408385627Z 62 PC: 12d48 | Close file
2018-12-25T12:31:05.422952978Z 60 PC: 12d8a | Create or truncate file
2018-12-25T12:31:05.442752978Z 64 PC: 12db8 | Write file or device (Write 256 bytes on handle 5)
2018-12-25T12:31:05.458735338Z 62 PC: 12dbc | Close file
2018-12-25T12:31:05.470552991Z 0 PC: 12a45 | Program terminate

{"DateBased":true,"Day":21,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11662,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:05.446435598Z 26 PC: 12b85 | Set disk transfer address
2018-12-25T12:31:05.448260956Z 78 PC: 12b8f | Find first file
2018-12-25T12:31:05.454912962Z 42 PC: 12baf | Get date 0x12baf: cmp dh, 0xa
0x12bb2: je 0x12bb7
0x12bb4: jmp 0x12bd6
0x12bb6: nop
0x12bb7: cmp dl, 0x15
0x12bba: je 0x12bbf
0x12bbc: jmp 0x12bd6
0x12bbe: nop
0x12bbf: mov ax, 6
0x12bc2: int 0x10
0x12bc4: mov ax, 0xe07
0x12bc7: int 0x10
0x12bc9: push cs
0x12bca: pop ds
0x12bcb: mov ah, 9
0x12bcd: mov dx, 0x5b8
0x12bd0: int 0x21
0x12bd2: mov ah, 0
0x12bd4: int 0x16
0x12bd6: push cs
2018-12-25T12:31:05.464274517Z 9 PC: 12bd2 | Display string (Could not find end pointer)