Sample viewer

vx.netlux.org/Virus.DOS.Erase.669.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:22.928852366Z 26 PC: 12a47 | Set disk transfer address
2018-12-17T22:57:22.932048124Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:22.933715679Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a6e
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a6e
0x12a61: call 0x12c69
0x12a64: clc
0x12a65: mov al, byte ptr [0xfbfa]
0x12a68: cmp al, 0xb
0x12a6a: je 0x12a9f
0x12a6c: jmp 0x12a81
0x12a6e: jmp 0x12b71
0x12a71: stosb byte ptr es:[di], al
0x12a72: scasb al, byte ptr es:[di]
0x12a73: ret
0x12a74: iret
0x12a75: int 0
0x12a77: ret
0x12a78: iret
0x12a79: int 0xd3
0x12a7b: rol ch, 1
2018-12-17T22:57:22.936828311Z 78 PC: 12c9b | Find first file
2018-12-17T22:57:22.943431785Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.286656645Z 61 PC: 12ac2 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:57:23.294264657Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.30275029Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.304913948Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.307778162Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.309314501Z 64 PC: 12b19 | Write file or device (Write 669 bytes on handle 5)
2018-12-17T22:57:23.320424406Z 66 PC: 12b24 | Move file pointer
2018-12-17T22:57:23.322120214Z 64 PC: 12b2e | Write file or device (Write 669 bytes on handle 5)
2018-12-17T22:57:23.329419256Z 87 PC: 12b3d | Get or set file date and time
2018-12-17T22:57:23.332007131Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.340674445Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.350973466Z 78 PC: 12a94 | Find first file
2018-12-17T22:57:23.358766547Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.375641841Z 61 PC: 12ac2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:23.382657129Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.390096776Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.391628616Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.393621071Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.395521724Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.397775822Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.408852144Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.412037563Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.423930511Z 61 PC: 12ac2 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:23.431257195Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.439282501Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.442578698Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.44510657Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.447222749Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.450325993Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.461780526Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.464630073Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.476560311Z 61 PC: 12ac2 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:23.483581962Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.490587862Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.492587792Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.495893977Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.497451255Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.499347069Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.510322612Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.513267549Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.523635549Z 61 PC: 12ac2 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:23.531605252Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.538425243Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.539837338Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.54258333Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.545690863Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.547888714Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.56590849Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.568917988Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.579400514Z 61 PC: 12ac2 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:23.587257494Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.594402357Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.596338667Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.599004178Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.600996573Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.603155422Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.613697219Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.617785866Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.628611267Z 61 PC: 12ac2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:23.635690726Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.643222405Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.644773771Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.647392033Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.65019895Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.652151511Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.662700713Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.666116865Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.67669994Z 61 PC: 12ac2 | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:23.683467754Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.691540039Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.693207633Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.695196082Z 66 PC: 12b02 | Move file pointer
2018-12-17T22:57:23.696859499Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.699121902Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.709897099Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.71265851Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T22:57:23.723751063Z 61 PC: 12ac2 | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:23.731080071Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-17T22:57:23.738839228Z 66 PC: 12ae1 | Move file pointer
2018-12-17T22:57:23.74156366Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:57:23.744540697Z 62 PC: 12b41 | Close file
2018-12-17T22:57:23.746705577Z 67 PC: 12b51 | Get or set file attributes
2018-12-17T22:57:23.758659038Z 79 PC: 12b69 | Find next file
2018-12-17T22:57:23.761146123Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12537,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:35.846714007Z 26 PC: 12a47 | Set disk transfer address
2018-12-25T12:35:35.850537669Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:35:35.852176561Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a6e
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a6e
0x12a61: call 0x12c69
0x12a64: clc
0x12a65: mov al, byte ptr [0xfbfa]
0x12a68: cmp al, 0xb
0x12a6a: je 0x12a9f
0x12a6c: jmp 0x12a81
0x12a6e: jmp 0x12b71
0x12a71: stosb byte ptr es:[di], al
0x12a72: scasb al, byte ptr es:[di]
0x12a73: ret
0x12a74: iret
0x12a75: int 0
0x12a77: ret
0x12a78: iret
0x12a79: int 0xd3
0x12a7b: rol ch, 1
2018-12-25T12:35:35.85489187Z 78 PC: 12c9b | Find first file
2018-12-25T12:35:35.861900448Z 67 PC: 12aaa | Get or set file attributes
2018-12-25T12:35:36.19096563Z 61 PC: 12ac2 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:35:36.1978878Z 63 PC: 12ad5 | Read file or device (Read 669 bytes on handle 5)
2018-12-25T12:35:36.202698848Z 66 PC: 12ae1 | Move file pointer
2018-12-25T12:35:36.204676012Z 63 PC: 12aeb | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:35:36.20726104Z 66 PC: 12b02 | Move file pointer
2018-12-25T12:35:36.208597139Z 64 PC: 12b19 | Write file or device (Write 669 bytes on handle 5)
2018-12-25T12:35:36.220278575Z 66 PC: 12b24 | Move file pointer
2018-12-25T12:35:36.221977234Z 64 PC: 12b2e | Write file or device (Write 669 bytes on handle 5)
2018-12-25T12:35:36.229462005Z 87 PC: 12b3d | Get or set file date and time
2018-12-25T12:35:36.232572218Z 62 PC: 12b41 | Close file
2018-12-25T12:35:36.239827832Z 67 PC: 12b51 | Get or set file attributes
2018-12-25T12:35:36.248951115Z 78 PC: 12a94 | Find first file
2018-12-25T12:35:36.256186189Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.27189711Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.278855494Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.2853242Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.287717241Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.289407212Z 66 PC: 12b02 | Move file pointer (See above)
2018-12-25T12:35:36.29074083Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.293164913Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.303386106Z 79 PC: 12b69 | Find next file
2018-12-25T12:35:36.306124821Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.316802004Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.320923551Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.325398424Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.327584738Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.329100147Z 66 PC: 12b02 | Move file pointer (See above)
2018-12-25T12:35:36.330158953Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.338593515Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.345421164Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T12:35:36.347462034Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.356125012Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.366284815Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.372200334Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.374656819Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.377041659Z 66 PC: 12b02 | Move file pointer (See above)
2018-12-25T12:35:36.378670454Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.381566787Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.390468518Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T12:35:36.392330351Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.399890616Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.404102813Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.410367567Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.412475609Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.414330076Z 66 PC: 12b02 | Move file pointer (See above)
2018-12-25T12:35:36.415941716Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.418672191Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.429020764Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T12:35:36.43187005Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.444522097Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.452008143Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.458448748Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.460415898Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.463329679Z 66 PC: 12b02 | Move file pointer (See above)
2018-12-25T12:35:36.464746289Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.466969776Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.473577777Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T12:35:36.475429799Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.485497318Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.506039916Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.512680595Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.514337402Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.5175189Z 66 PC: 12b02 | Move file pointer (See above)
2018-12-25T12:35:36.518893714Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.520609673Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.546176916Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T12:35:36.550465396Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.583262163Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.588340703Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.593582057Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.594784249Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.5973356Z 66 PC: 12b02 | Move file pointer (See above)
2018-12-25T12:35:36.598770306Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.600071748Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.621339051Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T12:35:36.625235972Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:35:36.652913183Z 61 PC: 12ac2 | Open file (See above)
2018-12-25T12:35:36.659948706Z 63 PC: 12ad5 | Read file or device (See above)
2018-12-25T12:35:36.665215215Z 66 PC: 12ae1 | Move file pointer (See above)
2018-12-25T12:35:36.66638532Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T12:35:36.673613586Z 62 PC: 12b41 | Close file (See above)
2018-12-25T12:35:36.675074654Z 67 PC: 12b51 | Get or set file attributes (See above)
2018-12-25T12:35:36.708988041Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T12:35:36.711493234Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12537,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:35.939769316Z 26 PC: 12a47 | Set disk transfer address
2018-12-25T12:35:35.94166145Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:35:35.943447982Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a6e
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a6e
0x12a61: call 0x12c69
0x12a64: clc
0x12a65: mov al, byte ptr [0xfbfa]
0x12a68: cmp al, 0xb
0x12a6a: je 0x12a9f
0x12a6c: jmp 0x12a81
0x12a6e: jmp 0x12b71
0x12a71: stosb byte ptr es:[di], al
0x12a72: scasb al, byte ptr es:[di]
0x12a73: ret
0x12a74: iret
0x12a75: int 0
0x12a77: ret
0x12a78: iret
0x12a79: int 0xd3
0x12a7b: rol ch, 1
2018-12-25T12:35:36.190688763Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12537,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:36.181651024Z 26 PC: 12a47 | Set disk transfer address
2018-12-25T12:35:36.184535251Z 37 PC: 12a53 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:35:36.185668627Z 42 PC: 12a57 | Get date 0x12a57: cmp dl, 0xb
0x12a5a: je 0x12a6e
0x12a5c: cmp dl, 0x17
0x12a5f: je 0x12a6e
0x12a61: call 0x12c69
0x12a64: clc
0x12a65: mov al, byte ptr [0xfbfa]
0x12a68: cmp al, 0xb
0x12a6a: je 0x12a9f
0x12a6c: jmp 0x12a81
0x12a6e: jmp 0x12b71
0x12a71: stosb byte ptr es:[di], al
0x12a72: scasb al, byte ptr es:[di]
0x12a73: ret
0x12a74: iret
0x12a75: int 0
0x12a77: ret
0x12a78: iret
0x12a79: int 0xd3
0x12a7b: rol ch, 1
2018-12-25T12:35:36.20293972Z 37 PC: 12c05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')