Sample viewer

vx.netlux.org/Virus.DOS.PoorMan.1168

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:06.12073892Z	42	PC: 12c74 \| Get date 0x12c74: cmp cx, 0x7c9 0x12c78: jb 0x12c8b 0x12c7a: mov ah, 0x2c 0x12c7c: int 0x21 0x12c7e: cmp cl, 0x1e 0x12c81: jne 0x12c8b 0x12c83: mov ax, word ptr [0x108] 0x12c86: add ax, 0x3d0 0x12c89: call ax 0x12c8b: mov ah, 0xd 0x12c8d: mov dl, 0x80 0x12c8f: sub bx, bx 0x12c91: int 0x13 0x12c93: cmp al, 0 0x12c95: jne 0x12c9f 0x12c97: mov ax, word ptr [0x108] 0x12c9a: add ax, 0x24d 0x12c9d: call ax 0x12c9f: mov ax, word ptr [0x108] 0x12ca2: add ax, 0x288
2018-12-17T22:55:06.124368307Z	44	PC: 12c7e \| Get time 0x12c7e: cmp cl, 0x1e 0x12c81: jne 0x12c8b 0x12c83: mov ax, word ptr [0x108] 0x12c86: add ax, 0x3d0 0x12c89: call ax 0x12c8b: mov ah, 0xd 0x12c8d: mov dl, 0x80 0x12c8f: sub bx, bx 0x12c91: int 0x13 0x12c93: cmp al, 0 0x12c95: jne 0x12c9f 0x12c97: mov ax, word ptr [0x108] 0x12c9a: add ax, 0x24d 0x12c9d: call ax 0x12c9f: mov ax, word ptr [0x108] 0x12ca2: add ax, 0x288 0x12ca5: call ax 0x12ca7: cld 0x12ca8: mov ax, word ptr [0x108] 0x12cab: sub ax, 0x10
2018-12-17T22:55:06.12742149Z	61	PC: 12cca \| Open file (Filename = 'c:\command.com')
2018-12-17T22:55:06.134360752Z	87	PC: 12d68 \| Get or set file date and time
2018-12-17T22:55:06.136287046Z	66	PC: 12d7e \| Move file pointer
2018-12-17T22:55:06.138743336Z	66	PC: 12d94 \| Move file pointer
2018-12-17T22:55:06.14057942Z	63	PC: 12da3 \| Read file or device (Read 16 bytes on handle 5)
2018-12-17T22:55:06.143401728Z	66	PC: 12dd9 \| Move file pointer
2018-12-17T22:55:06.146073363Z	64	PC: 12de8 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:55:06.148855256Z	66	PC: 12df6 \| Move file pointer
2018-12-17T22:55:06.150401454Z	64	PC: 12e05 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:55:06.154302463Z	66	PC: 12e19 \| Move file pointer
2018-12-17T22:55:06.156040722Z	64	PC: 12e23 \| Write file or device (Write 1152 bytes on handle 5)
2018-12-17T22:55:06.490518194Z	87	PC: 12e35 \| Get or set file date and time
2018-12-17T22:55:06.493101824Z	62	PC: 12e3d \| Close file
2018-12-17T22:55:06.501744571Z	61	PC: 12ce9 \| Open file (Filename = 'c:\dos\command.com')
2018-12-17T22:55:06.513591405Z	61	PC: 12d06 \| Open file (Filename = '\command.com')
2018-12-17T22:55:06.520874043Z	78	PC: 12d2b \| Find first file
2018-12-17T22:55:06.528356036Z	61	PC: 12d35 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:06.535445381Z	87	PC: 12d68 \| Get or set file date and time
2018-12-17T22:55:06.537269272Z	66	PC: 12d7e \| Move file pointer
2018-12-17T22:55:06.539474079Z	66	PC: 12d94 \| Move file pointer
2018-12-17T22:55:06.54136748Z	63	PC: 12da3 \| Read file or device (Read 16 bytes on handle 5)
2018-12-17T22:55:06.548588353Z	66	PC: 12dd9 \| Move file pointer
2018-12-17T22:55:06.551442882Z	64	PC: 12de8 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:55:06.554798664Z	66	PC: 12df6 \| Move file pointer
2018-12-17T22:55:06.556470619Z	64	PC: 12e05 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:55:06.560743356Z	66	PC: 12e19 \| Move file pointer
2018-12-17T22:55:06.562814552Z	64	PC: 12e23 \| Write file or device (Write 1152 bytes on handle 5)
2018-12-17T22:55:06.578809608Z	87	PC: 12e35 \| Get or set file date and time
2018-12-17T22:55:06.582107271Z	62	PC: 12e3d \| Close file
2018-12-17T22:55:06.597500054Z	9	PC: 12a47 \| Display string (String= 'BEGGER VIRUS!')
2018-12-17T22:55:06.60027313Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11775,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:25.894927215Z	42	PC: 12c74 \| Get date 0x12c74: cmp cx, 0x7c9 0x12c78: jb 0x12c8b 0x12c7a: mov ah, 0x2c 0x12c7c: int 0x21 0x12c7e: cmp cl, 0x1e 0x12c81: jne 0x12c8b 0x12c83: mov ax, word ptr [0x108] 0x12c86: add ax, 0x3d0 0x12c89: call ax 0x12c8b: mov ah, 0xd 0x12c8d: mov dl, 0x80 0x12c8f: sub bx, bx 0x12c91: int 0x13 0x12c93: cmp al, 0 0x12c95: jne 0x12c9f 0x12c97: mov ax, word ptr [0x108] 0x12c9a: add ax, 0x24d 0x12c9d: call ax 0x12c9f: mov ax, word ptr [0x108] 0x12ca2: add ax, 0x288
2018-12-25T12:31:25.89840009Z	61	PC: 12d06 \| Open file (Filename = '\command.com')
2018-12-25T12:31:25.904729473Z	78	PC: 12d2b \| Find first file
2018-12-25T12:31:25.911731629Z	61	PC: 12d35 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:25.932327969Z	87	PC: 12d68 \| Get or set file date and time
2018-12-25T12:31:25.934192628Z	66	PC: 12d7e \| Move file pointer
2018-12-25T12:31:25.942754051Z	66	PC: 12d94 \| Move file pointer
2018-12-25T12:31:25.945462391Z	63	PC: 12da3 \| Read file or device (Read 16 bytes on handle 5)
2018-12-25T12:31:25.958850843Z	66	PC: 12dd9 \| Move file pointer
2018-12-25T12:31:25.960661914Z	64	PC: 12de8 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:25.963638998Z	66	PC: 12df6 \| Move file pointer
2018-12-25T12:31:25.966349915Z	64	PC: 12e05 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:25.968911952Z	66	PC: 12e19 \| Move file pointer
2018-12-25T12:31:25.970208918Z	64	PC: 12e23 \| Write file or device (Write 1152 bytes on handle 5)
2018-12-25T12:31:25.986538268Z	87	PC: 12e35 \| Get or set file date and time
2018-12-25T12:31:25.989324402Z	62	PC: 12e3d \| Close file
2018-12-25T12:31:25.994830151Z	9	PC: 12a47 \| Display string (String= 'BEGGER VIRUS!')
2018-12-25T12:31:25.99791026Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11775,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:25.931933044Z	42	PC: 12c74 \| Get date 0x12c74: cmp cx, 0x7c9 0x12c78: jb 0x12c8b 0x12c7a: mov ah, 0x2c 0x12c7c: int 0x21 0x12c7e: cmp cl, 0x1e 0x12c81: jne 0x12c8b 0x12c83: mov ax, word ptr [0x108] 0x12c86: add ax, 0x3d0 0x12c89: call ax 0x12c8b: mov ah, 0xd 0x12c8d: mov dl, 0x80 0x12c8f: sub bx, bx 0x12c91: int 0x13 0x12c93: cmp al, 0 0x12c95: jne 0x12c9f 0x12c97: mov ax, word ptr [0x108] 0x12c9a: add ax, 0x24d 0x12c9d: call ax 0x12c9f: mov ax, word ptr [0x108] 0x12ca2: add ax, 0x288
2018-12-25T12:31:25.935993384Z	61	PC: 12d06 \| Open file (Filename = '\command.com')
2018-12-25T12:31:25.942218933Z	78	PC: 12d2b \| Find first file
2018-12-25T12:31:25.948849189Z	61	PC: 12d35 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:25.955988076Z	87	PC: 12d68 \| Get or set file date and time
2018-12-25T12:31:25.957405809Z	66	PC: 12d7e \| Move file pointer
2018-12-25T12:31:25.958823972Z	66	PC: 12d94 \| Move file pointer
2018-12-25T12:31:25.960409115Z	63	PC: 12da3 \| Read file or device (Read 16 bytes on handle 5)
2018-12-25T12:31:25.967186537Z	66	PC: 12dd9 \| Move file pointer
2018-12-25T12:31:25.968444486Z	64	PC: 12de8 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:25.970954588Z	66	PC: 12df6 \| Move file pointer
2018-12-25T12:31:25.977644163Z	64	PC: 12e05 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:25.992718739Z	66	PC: 12e19 \| Move file pointer
2018-12-25T12:31:25.994163559Z	64	PC: 12e23 \| Write file or device (Write 1152 bytes on handle 5)
2018-12-25T12:31:26.026553044Z	87	PC: 12e35 \| Get or set file date and time
2018-12-25T12:31:26.028939735Z	62	PC: 12e3d \| Close file
2018-12-25T12:31:26.041767218Z	9	PC: 12a47 \| Display string (String= 'BEGGER VIRUS!')
2018-12-25T12:31:26.045006913Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":0,"TimeBased":true,"OriginalID":11775,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:25.950369867Z	42	PC: 12c74 \| Get date 0x12c74: cmp cx, 0x7c9 0x12c78: jb 0x12c8b 0x12c7a: mov ah, 0x2c 0x12c7c: int 0x21 0x12c7e: cmp cl, 0x1e 0x12c81: jne 0x12c8b 0x12c83: mov ax, word ptr [0x108] 0x12c86: add ax, 0x3d0 0x12c89: call ax 0x12c8b: mov ah, 0xd 0x12c8d: mov dl, 0x80 0x12c8f: sub bx, bx 0x12c91: int 0x13 0x12c93: cmp al, 0 0x12c95: jne 0x12c9f 0x12c97: mov ax, word ptr [0x108] 0x12c9a: add ax, 0x24d 0x12c9d: call ax 0x12c9f: mov ax, word ptr [0x108] 0x12ca2: add ax, 0x288
2018-12-25T12:31:25.954344509Z	61	PC: 12d06 \| Open file (Filename = '\command.com')
2018-12-25T12:31:25.960805894Z	78	PC: 12d2b \| Find first file
2018-12-25T12:31:25.973152346Z	61	PC: 12d35 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:25.985757694Z	87	PC: 12d68 \| Get or set file date and time
2018-12-25T12:31:25.987353902Z	66	PC: 12d7e \| Move file pointer
2018-12-25T12:31:25.988967472Z	66	PC: 12d94 \| Move file pointer
2018-12-25T12:31:25.99176383Z	63	PC: 12da3 \| Read file or device (Read 16 bytes on handle 5)
2018-12-25T12:31:25.998122204Z	66	PC: 12dd9 \| Move file pointer
2018-12-25T12:31:26.001134557Z	64	PC: 12de8 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:26.003127139Z	66	PC: 12df6 \| Move file pointer
2018-12-25T12:31:26.004311601Z	64	PC: 12e05 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:26.00614862Z	66	PC: 12e19 \| Move file pointer
2018-12-25T12:31:26.007216062Z	64	PC: 12e23 \| Write file or device (Write 1152 bytes on handle 5)
2018-12-25T12:31:26.025981944Z	87	PC: 12e35 \| Get or set file date and time
2018-12-25T12:31:26.027727963Z	62	PC: 12e3d \| Close file
2018-12-25T12:31:26.035550989Z	9	PC: 12a47 \| Display string (String= 'BEGGER VIRUS!')
2018-12-25T12:31:26.042744652Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":30,"Second":0,"TimeBased":true,"OriginalID":11775,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:25.981419657Z	42	PC: 12c74 \| Get date 0x12c74: cmp cx, 0x7c9 0x12c78: jb 0x12c8b 0x12c7a: mov ah, 0x2c 0x12c7c: int 0x21 0x12c7e: cmp cl, 0x1e 0x12c81: jne 0x12c8b 0x12c83: mov ax, word ptr [0x108] 0x12c86: add ax, 0x3d0 0x12c89: call ax 0x12c8b: mov ah, 0xd 0x12c8d: mov dl, 0x80 0x12c8f: sub bx, bx 0x12c91: int 0x13 0x12c93: cmp al, 0 0x12c95: jne 0x12c9f 0x12c97: mov ax, word ptr [0x108] 0x12c9a: add ax, 0x24d 0x12c9d: call ax 0x12c9f: mov ax, word ptr [0x108] 0x12ca2: add ax, 0x288
2018-12-25T12:31:25.985034539Z	61	PC: 12d06 \| Open file (Filename = '\command.com')
2018-12-25T12:31:25.991395083Z	78	PC: 12d2b \| Find first file
2018-12-25T12:31:25.997160742Z	61	PC: 12d35 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:26.00463133Z	87	PC: 12d68 \| Get or set file date and time
2018-12-25T12:31:26.006295809Z	66	PC: 12d7e \| Move file pointer
2018-12-25T12:31:26.007915271Z	66	PC: 12d94 \| Move file pointer
2018-12-25T12:31:26.009700439Z	63	PC: 12da3 \| Read file or device (Read 16 bytes on handle 5)
2018-12-25T12:31:26.01660265Z	66	PC: 12dd9 \| Move file pointer
2018-12-25T12:31:26.018164463Z	64	PC: 12de8 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:26.020869868Z	66	PC: 12df6 \| Move file pointer
2018-12-25T12:31:26.023481382Z	64	PC: 12e05 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:31:26.026260761Z	66	PC: 12e19 \| Move file pointer
2018-12-25T12:31:26.027818132Z	64	PC: 12e23 \| Write file or device (Write 1152 bytes on handle 5)
2018-12-25T12:31:26.04307129Z	87	PC: 12e35 \| Get or set file date and time
2018-12-25T12:31:26.044569799Z	62	PC: 12e3d \| Close file
2018-12-25T12:31:26.051807351Z	9	PC: 12a47 \| Display string (String= 'BEGGER VIRUS!')
2018-12-25T12:31:26.054834043Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')