Sample viewer

vx.netlux.org/Virus.DOS.Corrupted.DIW.377

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:55:21.252782278Z	47	PC: 12a66 \| Get disk transfer address
2018-12-17T22:55:21.255556897Z	26	PC: 12a74 \| Set disk transfer address
2018-12-17T22:55:21.257150274Z	78	PC: 12b00 \| Find first file
2018-12-17T22:55:21.263905719Z	78	PC: 12b43 \| Find first file
2018-12-17T22:55:21.270541329Z	44	PC: 12b63 \| Get time 0x12b63: cmp ch, 0xf 0x12b66: jl 0x12b9c 0x12b68: mov bx, di 0x12b6a: add bx, 0x179 0x12b6e: mov ah, 2 0x12b70: mov al, 1 0x12b72: mov dh, 0 0x12b74: mov dl, 0x80 0x12b76: mov cl, 1 0x12b78: mov ch, 0 0x12b7a: int 0x13 0x12b7c: mov si, bx 0x12b7e: add si, 0x1be 0x12b82: mov ah, byte ptr es:[si] 0x12b85: cmp ah, 0x80 0x12b88: jne 0x12b8d 0x12b8a: call 0x12b9d 0x12b8d: mov ah, byte ptr es:[si + 0x10] 0x12b91: cmp ah, 0x80 0x12b94: jne 0x12b9c
2018-12-17T22:55:21.274149736Z	26	PC: 12a89 \| Set disk transfer address
2018-12-17T22:55:21.275623308Z	47	PC: 12a66 \| Get disk transfer address
2018-12-17T22:55:21.276899148Z	26	PC: 12a74 \| Set disk transfer address
2018-12-17T22:55:21.279322906Z	78	PC: 12b00 \| Find first file
2018-12-17T22:55:21.284467673Z	78	PC: 12b43 \| Find first file
2018-12-17T22:55:21.29094743Z	44	PC: 12b63 \| Get time 0x12b63: cmp ch, 0x44 0x12b66: dec di 0x12b67: push bx 0x12b68: add byte ptr [bx + si + 0x52], dl 0x12b6b: dec di 0x12b6c: dec bp 0x12b6d: push ax 0x12b6e: push sp 0x12b6f: cmp ax, 0x5024 0x12b72: and al, 0x47 0x12b74: add byte ptr [bp + di + 0x4f], al 0x12b77: dec bp 0x12b78: push bx 0x12b79: push ax 0x12b7a: inc bp 0x12b7b: inc bx 0x12b7c: cmp ax, 0x3a43 0x12b7f: pop sp 0x12b80: inc bx 0x12b81: dec di

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11865,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:27.001155857Z	47	PC: 12a66 \| Get disk transfer address
2018-12-25T12:31:27.006400568Z	26	PC: 12a74 \| Set disk transfer address
2018-12-25T12:31:27.007753602Z	78	PC: 12b00 \| Find first file
2018-12-25T12:31:27.013749286Z	78	PC: 12b43 \| Find first file
2018-12-25T12:31:27.020039695Z	44	PC: 12b63 \| Get time 0x12b63: cmp ch, 0xf 0x12b66: jl 0x12b9c 0x12b68: mov bx, di 0x12b6a: add bx, 0x179 0x12b6e: mov ah, 2 0x12b70: mov al, 1 0x12b72: mov dh, 0 0x12b74: mov dl, 0x80 0x12b76: mov cl, 1 0x12b78: mov ch, 0 0x12b7a: int 0x13 0x12b7c: mov si, bx 0x12b7e: add si, 0x1be 0x12b82: mov ah, byte ptr es:[si] 0x12b85: cmp ah, 0x80 0x12b88: jne 0x12b8d 0x12b8a: call 0x12b9d 0x12b8d: mov ah, byte ptr es:[si + 0x10] 0x12b91: cmp ah, 0x80 0x12b94: jne 0x12b9c
2018-12-25T12:31:27.022165311Z	26	PC: 12a89 \| Set disk transfer address
2018-12-25T12:31:27.023287489Z	47	PC: 12a66 \| Get disk transfer address (See above)
2018-12-25T12:31:27.025914915Z	26	PC: 12a74 \| Set disk transfer address (See above)
2018-12-25T12:31:27.030488461Z	78	PC: 12b00 \| Find first file (See above)
2018-12-25T12:31:27.035231336Z	78	PC: 12b43 \| Find first file (See above)
2018-12-25T12:31:27.041193769Z	44	PC: 12b63 \| Get time (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":15,"Min":0,"Second":0,"TimeBased":true,"OriginalID":11865,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:27.049812071Z	47	PC: 12a66 \| Get disk transfer address
2018-12-25T12:31:27.052038171Z	26	PC: 12a74 \| Set disk transfer address
2018-12-25T12:31:27.053333831Z	78	PC: 12b00 \| Find first file
2018-12-25T12:31:27.060944164Z	78	PC: 12b43 \| Find first file
2018-12-25T12:31:27.067773072Z	44	PC: 12b63 \| Get time 0x12b63: cmp ch, 0xf 0x12b66: jl 0x12b9c 0x12b68: mov bx, di 0x12b6a: add bx, 0x179 0x12b6e: mov ah, 2 0x12b70: mov al, 1 0x12b72: mov dh, 0 0x12b74: mov dl, 0x80 0x12b76: mov cl, 1 0x12b78: mov ch, 0 0x12b7a: int 0x13 0x12b7c: mov si, bx 0x12b7e: add si, 0x1be 0x12b82: mov ah, byte ptr es:[si] 0x12b85: cmp ah, 0x80 0x12b88: jne 0x12b8d 0x12b8a: call 0x12b9d 0x12b8d: mov ah, byte ptr es:[si + 0x10] 0x12b91: cmp ah, 0x80 0x12b94: jne 0x12b9c
2018-12-25T12:31:27.077438625Z	26	PC: 12a89 \| Set disk transfer address
2018-12-25T12:31:27.079246135Z	47	PC: 12a66 \| Get disk transfer address (See above)
2018-12-25T12:31:27.080926921Z	26	PC: 12a74 \| Set disk transfer address (See above)
2018-12-25T12:31:27.083598045Z	78	PC: 12b00 \| Find first file (See above)
2018-12-25T12:31:27.088885031Z	78	PC: 12b43 \| Find first file (See above)
2018-12-25T12:31:27.096197721Z	44	PC: 12b63 \| Get time (See above)