Sample viewer

vx.netlux.org/Virus.DOS.Galicia.800

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:41.207494277Z 42 PC: 12a51 | Get date 0x12a51: mov al, dh
0x12a53: and al, 1
0x12a55: je 0x12a5d
0x12a57: call 0x12af7
0x12a5a: call 0x12b48
0x12a5d: push cs
0x12a5e: pop ax
0x12a5f: add ax, 0x1000
0x12a62: mov es, ax
0x12a64: mov si, 0x80
0x12a67: mov di, 0
0x12a6a: mov cx, 0x20
0x12a6d: rep movsb byte ptr es:[di], byte ptr [si]
0x12a6f: mov di, 0x80
0x12a72: mov si, 0x100
0x12a75: mov cx, 0x320
0x12a78: rep movsb byte ptr es:[di], byte ptr [si]
0x12a7a: push es
0x12a7b: mov ax, 0xc0
0x12a7e: push ax
2018-12-17T22:57:41.210385479Z 78 PC: 22a0e | Find first file
2018-12-17T22:57:41.21630742Z 61 PC: 22af6 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:57:41.222622515Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.22994446Z 66 PC: 22a39 | Move file pointer
2018-12-17T22:57:41.231861967Z 64 PC: 22a46 | Write file or device (Write 1207 bytes on handle 5)
2018-12-17T22:57:41.245815542Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.253982135Z 79 PC: 22a4e | Find next file
2018-12-17T22:57:41.256907278Z 61 PC: 22af6 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:57:41.263273905Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.270140772Z 66 PC: 22a39 | Move file pointer
2018-12-17T22:57:41.271660485Z 64 PC: 22a46 | Write file or device (Write 827 bytes on handle 5)
2018-12-17T22:57:41.283509544Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.330505246Z 79 PC: 22a4e | Find next file
2018-12-17T22:57:41.333768569Z 61 PC: 22af6 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:57:41.339781082Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.345560758Z 66 PC: 22a39 | Move file pointer
2018-12-17T22:57:41.347545632Z 64 PC: 22a46 | Write file or device (Write 892 bytes on handle 5)
2018-12-17T22:57:41.358892327Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.419990237Z 79 PC: 22a4e | Find next file
2018-12-17T22:57:41.422469006Z 61 PC: 22af6 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:57:41.426450276Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.430348965Z 66 PC: 22a39 | Move file pointer
2018-12-17T22:57:41.43193262Z 64 PC: 22a46 | Write file or device (Write 829 bytes on handle 5)
2018-12-17T22:57:41.456555437Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.51969066Z 79 PC: 22a4e | Find next file
2018-12-17T22:57:41.52262291Z 61 PC: 22af6 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:57:41.529571876Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.535795457Z 66 PC: 22a39 | Move file pointer
2018-12-17T22:57:41.537075366Z 64 PC: 22a46 | Write file or device (Write 829 bytes on handle 5)
2018-12-17T22:57:41.566259142Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.608172473Z 79 PC: 22a4e | Find next file
2018-12-17T22:57:41.611482067Z 61 PC: 22af6 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:57:41.619425619Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.626099993Z 66 PC: 22a39 | Move file pointer
2018-12-17T22:57:41.627895009Z 64 PC: 22a46 | Write file or device (Write 1301 bytes on handle 5)
2018-12-17T22:57:41.637752186Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.646136544Z 79 PC: 22a4e | Find next file
2018-12-17T22:57:41.6524921Z 61 PC: 22af6 | Open file (Filename = 'PAH.COM')
2018-12-17T22:57:41.659971043Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.666368154Z 66 PC: 22a39 | Move file pointer
2018-12-17T22:57:41.667855632Z 64 PC: 22a46 | Write file or device (Write 829 bytes on handle 5)
2018-12-17T22:57:41.677078178Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.684731919Z 79 PC: 22a4e | Find next file
2018-12-17T22:57:41.687296306Z 61 PC: 22af6 | Open file (Filename = 'TEST.COM')
2018-12-17T22:57:41.693872664Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-17T22:57:41.70139364Z 62 PC: 22a4a | Close file
2018-12-17T22:57:41.703653653Z 79 PC: 22a4e | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12626,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:43.508544099Z 42 PC: 12a51 | Get date 0x12a51: mov al, dh
0x12a53: and al, 1
0x12a55: je 0x12a5d
0x12a57: call 0x12af7
0x12a5a: call 0x12b48
0x12a5d: push cs
0x12a5e: pop ax
0x12a5f: add ax, 0x1000
0x12a62: mov es, ax
0x12a64: mov si, 0x80
0x12a67: mov di, 0
0x12a6a: mov cx, 0x20
0x12a6d: rep movsb byte ptr es:[di], byte ptr [si]
0x12a6f: mov di, 0x80
0x12a72: mov si, 0x100
0x12a75: mov cx, 0x320
0x12a78: rep movsb byte ptr es:[di], byte ptr [si]
0x12a7a: push es
0x12a7b: mov ax, 0xc0
0x12a7e: push ax
2018-12-25T12:35:43.829247155Z 78 PC: 22a0e | Find first file
2018-12-25T12:35:43.838072306Z 61 PC: 22af6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:43.844604549Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:35:43.851931785Z 66 PC: 22a39 | Move file pointer
2018-12-25T12:35:43.853491895Z 64 PC: 22a46 | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:35:43.866728905Z 62 PC: 22a4a | Close file
2018-12-25T12:35:43.87593635Z 79 PC: 22a4e | Find next file
2018-12-25T12:35:43.886195207Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:43.89273587Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:43.899116899Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:43.901623836Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:43.909693629Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:43.918178584Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:43.923262806Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:43.930327994Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:43.937371679Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:43.939692104Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:43.948849767Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:43.956995562Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:43.960775907Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:43.967961408Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:43.974622208Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:43.976296271Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:43.985294558Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:43.994125137Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:43.997728774Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.005924833Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.012459995Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:44.016163953Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:44.024557228Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.034923171Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.044414504Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.052915208Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.059430738Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:44.061150159Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:44.071054641Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.078946271Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.081538212Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.088727119Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.099312451Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:44.100864493Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:44.110961184Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.120637663Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.124268778Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.13208298Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.14024419Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.142880828Z 79 PC: 22a4e | Find next file (See above)

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12626,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:35:43.856145731Z 42 PC: 12a51 | Get date 0x12a51: mov al, dh
0x12a53: and al, 1
0x12a55: je 0x12a5d
0x12a57: call 0x12af7
0x12a5a: call 0x12b48
0x12a5d: push cs
0x12a5e: pop ax
0x12a5f: add ax, 0x1000
0x12a62: mov es, ax
0x12a64: mov si, 0x80
0x12a67: mov di, 0
0x12a6a: mov cx, 0x20
0x12a6d: rep movsb byte ptr es:[di], byte ptr [si]
0x12a6f: mov di, 0x80
0x12a72: mov si, 0x100
0x12a75: mov cx, 0x320
0x12a78: rep movsb byte ptr es:[di], byte ptr [si]
0x12a7a: push es
0x12a7b: mov ax, 0xc0
0x12a7e: push ax
2018-12-25T12:35:43.867245019Z 78 PC: 22a0e | Find first file
2018-12-25T12:35:43.873766089Z 61 PC: 22af6 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:35:43.878067149Z 63 PC: 22a1f | Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:35:43.882511025Z 66 PC: 22a39 | Move file pointer
2018-12-25T12:35:43.883595943Z 64 PC: 22a46 | Write file or device (Write 1207 bytes on handle 5)
2018-12-25T12:35:43.895976677Z 62 PC: 22a4a | Close file
2018-12-25T12:35:43.905755791Z 79 PC: 22a4e | Find next file
2018-12-25T12:35:43.909240043Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:43.91596083Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:43.922161337Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:43.923538121Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:43.930137208Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:43.94748153Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:43.950505755Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:43.957741258Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:43.964422798Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:43.975366751Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:43.989009862Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.001675045Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.015499799Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.022813672Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.035193664Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:44.039986917Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:44.048405966Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.05641055Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.060284396Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.06697913Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.073430216Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:44.075864274Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:44.083856351Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.091828089Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.110610961Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.115136584Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.121017696Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:44.123424459Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:44.132871916Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.160269773Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.163637175Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.170135967Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.189826376Z 66 PC: 22a39 | Move file pointer (See above)
2018-12-25T12:35:44.191987739Z 64 PC: 22a46 | Write file or device (See above)
2018-12-25T12:35:44.20722637Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.22510251Z 79 PC: 22a4e | Find next file (See above)
2018-12-25T12:35:44.228070212Z 61 PC: 22af6 | Open file (See above)
2018-12-25T12:35:44.235251935Z 63 PC: 22a1f | Read file or device (See above)
2018-12-25T12:35:44.242258033Z 62 PC: 22a4a | Close file (See above)
2018-12-25T12:35:44.244278569Z 79 PC: 22a4e | Find next file (See above)