Sample viewer

vx.netlux.org/Virus.DOS.Mateo.974

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:41.788179033Z	53	PC: 12a9b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:41.789685051Z	37	PC: 12aa4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:56:41.791147726Z	44	PC: 12aad \| Get time 0x12aad: cmp cl, 0xd 0x12ab0: je 0x12b2a 0x12ab2: call 0x12b50 0x12ab5: call 0x12b2e 0x12ab8: lea di, word ptr [bp + 0x191] 0x12abc: lea si, word ptr [bp + 0x199] 0x12ac0: movsw word ptr es:[di], word ptr [si] 0x12ac1: movsw word ptr es:[di], word ptr [si] 0x12ac2: movsw word ptr es:[di], word ptr [si] 0x12ac3: jmp 0x12ac6 0x12ac5: ljmp 0x3a86:0xc6a5 0x12aca: add ax, 0x8d00 0x12acd: xchg ax, si 0x12ace: mov ax, word ptr [0xe801] 0x12ad1: xchg byte ptr [bx + si], al 0x12ad3: jmp 0x12ad6 0x12ad5: jbe 0x12a57 0x12ad7: mov si, 0x53a 0x12ada: add ax, 0x973 0x12add: mov ah, 0x3b
2018-12-17T22:56:41.793321591Z	71	PC: 12b58 \| Get current directory
2018-12-17T22:56:41.79659002Z	26	PC: 12b35 \| Set disk transfer address
2018-12-17T22:56:41.797622885Z	78	PC: 12b5f \| Find first file
2018-12-17T22:56:41.803405461Z	67	PC: 12b6c \| Get or set file attributes
2018-12-17T22:56:41.813821674Z	67	PC: 12b79 \| Get or set file attributes
2018-12-17T22:56:41.832495276Z	61	PC: 12b81 \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:56:41.843914168Z	87	PC: 12b86 \| Get or set file date and time
2018-12-17T22:56:41.84518575Z	63	PC: 12b95 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:56:41.851510408Z	66	PC: 12b9d \| Move file pointer
2018-12-17T22:56:41.8528206Z	87	PC: 12bb3 \| Get or set file date and time
2018-12-17T22:56:41.854188385Z	62	PC: 12bb6 \| Close file
2018-12-17T22:56:41.862881833Z	67	PC: 12bbc \| Get or set file attributes
2018-12-17T22:56:41.872369676Z	79	PC: 12b5f \| Find next file
2018-12-17T22:56:41.874610473Z	59	PC: 12ae4 \| Change current directory
2018-12-17T22:56:41.879206787Z	59	PC: 12b45 \| Change current directory
2018-12-17T22:56:41.882975818Z	26	PC: 12b4f \| Set disk transfer address
2018-12-17T22:56:41.883981076Z	9	PC: 12a4c \| Display string (Could not find end pointer)
2018-12-17T22:56:41.888629676Z	76	PC: 12a50 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12305,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.416437559Z	53	PC: 12a9b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:26.41800688Z	37	PC: 12aa4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:32:26.419259785Z	44	PC: 12aad \| Get time 0x12aad: cmp cl, 0xd 0x12ab0: je 0x12b2a 0x12ab2: call 0x12b50 0x12ab5: call 0x12b2e 0x12ab8: lea di, word ptr [bp + 0x191] 0x12abc: lea si, word ptr [bp + 0x199] 0x12ac0: movsw word ptr es:[di], word ptr [si] 0x12ac1: movsw word ptr es:[di], word ptr [si] 0x12ac2: movsw word ptr es:[di], word ptr [si] 0x12ac3: jmp 0x12ac6 0x12ac5: ljmp 0x3a86:0xc6a5 0x12aca: add ax, 0x8d00 0x12acd: xchg ax, si 0x12ace: mov ax, word ptr [0xe801] 0x12ad1: xchg byte ptr [bx + si], al 0x12ad3: jmp 0x12ad6 0x12ad5: jbe 0x12a57 0x12ad7: mov si, 0x53a 0x12ada: add ax, 0x973 0x12add: mov ah, 0x3b
2018-12-25T12:32:26.421033083Z	71	PC: 12b58 \| Get current directory
2018-12-25T12:32:26.423842702Z	26	PC: 12b35 \| Set disk transfer address
2018-12-25T12:32:26.42498817Z	78	PC: 12b5f \| Find first file
2018-12-25T12:32:26.431470192Z	67	PC: 12b6c \| Get or set file attributes
2018-12-25T12:32:26.437940461Z	67	PC: 12b79 \| Get or set file attributes
2018-12-25T12:32:26.455322002Z	61	PC: 12b81 \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:32:26.462511594Z	87	PC: 12b86 \| Get or set file date and time
2018-12-25T12:32:26.464117838Z	63	PC: 12b95 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:32:26.467518769Z	66	PC: 12b9d \| Move file pointer
2018-12-25T12:32:26.468960742Z	87	PC: 12bb3 \| Get or set file date and time
2018-12-25T12:32:26.470485737Z	62	PC: 12bb6 \| Close file
2018-12-25T12:32:26.478486248Z	67	PC: 12bbc \| Get or set file attributes
2018-12-25T12:32:26.489402359Z	79	PC: 12b5f \| Find next file (See above)
2018-12-25T12:32:26.493254648Z	59	PC: 12ae4 \| Change current directory
2018-12-25T12:32:26.49875359Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:32:26.5030128Z	26	PC: 12b4f \| Set disk transfer address
2018-12-25T12:32:26.504032535Z	9	PC: 12a4c \| Display string (Could not find end pointer)
2018-12-25T12:32:26.508763718Z	76	PC: 12a50 \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":13,"Second":0,"TimeBased":true,"OriginalID":12305,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.5392139Z	53	PC: 12a9b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:32:26.540965734Z	37	PC: 12aa4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:32:26.542644646Z	44	PC: 12aad \| Get time 0x12aad: cmp cl, 0xd 0x12ab0: je 0x12b2a 0x12ab2: call 0x12b50 0x12ab5: call 0x12b2e 0x12ab8: lea di, word ptr [bp + 0x191] 0x12abc: lea si, word ptr [bp + 0x199] 0x12ac0: movsw word ptr es:[di], word ptr [si] 0x12ac1: movsw word ptr es:[di], word ptr [si] 0x12ac2: movsw word ptr es:[di], word ptr [si] 0x12ac3: jmp 0x12ac6 0x12ac5: ljmp 0x3a86:0xc6a5 0x12aca: add ax, 0x8d00 0x12acd: xchg ax, si 0x12ace: mov ax, word ptr [0xe801] 0x12ad1: xchg byte ptr [bx + si], al 0x12ad3: jmp 0x12ad6 0x12ad5: jbe 0x12a57 0x12ad7: mov si, 0x53a 0x12ada: add ax, 0x973 0x12add: mov ah, 0x3b
2018-12-25T12:32:26.549055361Z	9	PC: 12c07 \| Display string (String= 'VIRUS MATEO v5.1 BY MATII')
2018-12-25T12:32:26.552399245Z	78	PC: 12b5f \| Find first file
2018-12-25T12:32:26.561314476Z	67	PC: 12b6c \| Get or set file attributes
2018-12-25T12:32:26.566080083Z	59	PC: 12ae4 \| Change current directory
2018-12-25T12:32:26.571017508Z	59	PC: 12b45 \| Change current directory
2018-12-25T12:32:26.576815507Z	26	PC: 12b4f \| Set disk transfer address