Sample viewer

vx.netlux.org/Virus.DOS.Evasor.466

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:59.416160275Z	26	PC: 1328f \| Set disk transfer address
2018-12-17T22:56:59.417607526Z	78	PC: 1329a \| Find first file
2018-12-17T22:56:59.433661345Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.458361053Z	61	PC: 132eb \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:56:59.465870787Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.469540335Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.476834303Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.478614818Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.491519266Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.494886431Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.506326438Z	61	PC: 132eb \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:56:59.514876345Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.517324515Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.524768385Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.527154316Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.542681271Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.546934068Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.560484857Z	61	PC: 132eb \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:56:59.570613321Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.572264042Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.58094065Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.583815063Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.592599999Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.596037197Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.608736793Z	61	PC: 132eb \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:56:59.628445703Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.631484966Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.639783158Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.641618922Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.650360244Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.655019333Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.666558972Z	61	PC: 132eb \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:56:59.674696139Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.676758042Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.68465884Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.686622085Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.695076093Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.699785694Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.71101291Z	61	PC: 132eb \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:56:59.718804015Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.721376496Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.728714288Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.730765532Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.739727088Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.743474649Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.754651013Z	61	PC: 132eb \| Open file (Filename = 'PAH.COM')
2018-12-17T22:56:59.769696883Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.772149101Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.779653785Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.782041335Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.791824847Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.797596889Z	67	PC: 132e5 \| Get or set file attributes
2018-12-17T22:56:59.807212259Z	61	PC: 132eb \| Open file (Filename = 'TEST.COM')
2018-12-17T22:56:59.812082376Z	87	PC: 132f1 \| Get or set file date and time
2018-12-17T22:56:59.813584761Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:56:59.82101187Z	87	PC: 13367 \| Get or set file date and time
2018-12-17T22:56:59.824523582Z	62	PC: 1336b \| Close file
2018-12-17T22:56:59.83311695Z	79	PC: 1329a \| Find next file
2018-12-17T22:56:59.835923321Z	59	PC: 132a4 \| Change current directory
2018-12-17T22:56:59.841432276Z	42	PC: 132aa \| Get date 0x132aa: cmp dh, 7 0x132ad: je 0x132b7 0x132af: mov dx, 0x80 0x132b2: mov ah, 0x1a 0x132b4: int 0x21 0x132b6: ret 0x132b7: mov ah, 9 0x132b9: lea dx, word ptr [bp + 0x274] 0x132bd: int 0x21 0x132bf: jmp 0x132af 0x132c1: lea dx, word ptr [bp + 0x2c8] 0x132c5: mov di, dx 0x132c7: mov cx, 0x40 0x132ca: mov al, 0x2e 0x132cc: cld 0x132cd: repne scasb al, byte ptr es:[di] 0x132cf: cmp word ptr [di + 1], 0x4d4f 0x132d4: je 0x132d9 0x132d6: jmp 0x13367 0x132d9: lea dx, word ptr [bp + 0x2c8]
2018-12-17T22:56:59.845949325Z	26	PC: 132b6 \| Set disk transfer address
2018-12-17T22:56:59.847242422Z	9	PC: 12a47 \| Display string (String= 'Soy un COM infectado!! ')
2018-12-17T22:56:59.852630037Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12409,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:53.114778095Z	26	PC: 1328f \| Set disk transfer address
2018-12-25T12:32:53.117353946Z	78	PC: 1329a \| Find first file
2018-12-25T12:32:53.123566107Z	67	PC: 132e5 \| Get or set file attributes
2018-12-25T12:32:53.155486011Z	61	PC: 132eb \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:53.165272219Z	87	PC: 132f1 \| Get or set file date and time
2018-12-25T12:32:53.166715691Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:32:53.173266328Z	87	PC: 13367 \| Get or set file date and time
2018-12-25T12:32:53.175018195Z	62	PC: 1336b \| Close file
2018-12-25T12:32:53.18339956Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.186301617Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.203126675Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.211050477Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.212690855Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.219678307Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.222515309Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.230282584Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.233576141Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.258501237Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.270219477Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.271712042Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.279680087Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.28304727Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.290205363Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.29893259Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.308533458Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.314871891Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.31690874Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.323109416Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.32456884Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.350378738Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.354088752Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.365541093Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.369986039Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.37176474Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.377542868Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.379463126Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.387272509Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.390166384Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.400243051Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.407456006Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.409199469Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.415617604Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.419243206Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.426126747Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.428681646Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.438870989Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.445474931Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.447089021Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.453949817Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.455706362Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.463459699Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.466785689Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.476606724Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.488528105Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.490927598Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.497388638Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.499177381Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.507229817Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.509797122Z	59	PC: 132a4 \| Change current directory
2018-12-25T12:32:53.51406015Z	42	PC: 132aa \| Get date 0x132aa: cmp dh, 7 0x132ad: je 0x132b7 0x132af: mov dx, 0x80 0x132b2: mov ah, 0x1a 0x132b4: int 0x21 0x132b6: ret 0x132b7: mov ah, 9 0x132b9: lea dx, word ptr [bp + 0x274] 0x132bd: int 0x21 0x132bf: jmp 0x132af 0x132c1: lea dx, word ptr [bp + 0x2c8] 0x132c5: mov di, dx 0x132c7: mov cx, 0x40 0x132ca: mov al, 0x2e 0x132cc: cld 0x132cd: repne scasb al, byte ptr es:[di] 0x132cf: cmp word ptr [di + 1], 0x4d4f 0x132d4: je 0x132d9 0x132d6: jmp 0x13367 0x132d9: lea dx, word ptr [bp + 0x2c8]
2018-12-25T12:32:53.517377829Z	26	PC: 132b6 \| Set disk transfer address
2018-12-25T12:32:53.519144785Z	9	PC: 12a47 \| Display string (String= 'Soy un COM infectado!! ')
2018-12-25T12:32:53.523302821Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12409,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:53.887866046Z	26	PC: 1328f \| Set disk transfer address
2018-12-25T12:32:53.889555503Z	78	PC: 1329a \| Find first file
2018-12-25T12:32:53.896111234Z	67	PC: 132e5 \| Get or set file attributes
2018-12-25T12:32:53.912650027Z	61	PC: 132eb \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:32:53.928565298Z	87	PC: 132f1 \| Get or set file date and time
2018-12-25T12:32:53.930347728Z	63	PC: 132fe \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:32:53.936923592Z	87	PC: 13367 \| Get or set file date and time
2018-12-25T12:32:53.938929846Z	62	PC: 1336b \| Close file
2018-12-25T12:32:53.949342366Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:53.952075858Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:53.962221636Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:53.973830672Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:53.980062474Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:53.987153009Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:53.990811117Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:53.997933969Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:54.001026028Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:54.012228405Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:54.019520817Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:54.021406472Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:54.028784844Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:54.030718407Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:54.046624762Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:54.050574401Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:54.060514965Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:54.067024145Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:54.070088683Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:54.076332388Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:54.077823524Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:54.086037338Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:54.08865011Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:54.098665774Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:54.106136919Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:54.107744899Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:54.114418303Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:54.116818943Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:54.123951881Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:54.126807299Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:54.137204585Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:54.144828844Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:54.146744295Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:54.154918476Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:54.157154259Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:54.164418018Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:54.16761749Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:54.17783154Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:54.18529257Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:54.186894382Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:54.193679853Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:54.195381556Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:54.202550865Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:54.206835547Z	67	PC: 132e5 \| Get or set file attributes (See above)
2018-12-25T12:32:54.216869377Z	61	PC: 132eb \| Open file (See above)
2018-12-25T12:32:54.223636863Z	87	PC: 132f1 \| Get or set file date and time (See above)
2018-12-25T12:32:54.226329521Z	63	PC: 132fe \| Read file or device (See above)
2018-12-25T12:32:54.229154947Z	87	PC: 13367 \| Get or set file date and time (See above)
2018-12-25T12:32:54.231314131Z	62	PC: 1336b \| Close file (See above)
2018-12-25T12:32:54.239305355Z	79	PC: 1329a \| Find next file (See above)
2018-12-25T12:32:54.244244649Z	59	PC: 132a4 \| Change current directory
2018-12-25T12:32:54.249572705Z	42	PC: 132aa \| Get date 0x132aa: cmp dh, 7 0x132ad: je 0x132b7 0x132af: mov dx, 0x80 0x132b2: mov ah, 0x1a 0x132b4: int 0x21 0x132b6: ret 0x132b7: mov ah, 9 0x132b9: lea dx, word ptr [bp + 0x274] 0x132bd: int 0x21 0x132bf: jmp 0x132af 0x132c1: lea dx, word ptr [bp + 0x2c8] 0x132c5: mov di, dx 0x132c7: mov cx, 0x40 0x132ca: mov al, 0x2e 0x132cc: cld 0x132cd: repne scasb al, byte ptr es:[di] 0x132cf: cmp word ptr [di + 1], 0x4d4f 0x132d4: je 0x132d9 0x132d6: jmp 0x13367 0x132d9: lea dx, word ptr [bp + 0x2c8]
2018-12-25T12:32:54.252664141Z	9	PC: 132bf \| Display string (String= 'Evasor v2.2 Pruslas [Los Sicarios de Midas] ')
2018-12-25T12:32:54.260831001Z	26	PC: 132b6 \| Set disk transfer address
2018-12-25T12:32:54.262276971Z	9	PC: 12a47 \| Display string (String= 'Soy un COM infectado!! ')
2018-12-25T12:32:54.267276386Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')