Sample viewer

vx.netlux.org/Virus.DOS.Oksana.1881

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:53.178786002Z	170	PC: 12ab9 \| UNKNOWN!
2018-12-17T22:57:53.180618334Z	53	PC: 12afe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:53.182176763Z	37	PC: 12b0b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:53.184316123Z	26	PC: 12b6f \| Set disk transfer address
2018-12-17T22:57:53.186984469Z	78	PC: 12b79 \| Find first file
2018-12-17T22:57:53.192962527Z	61	PC: 12b8a \| Open file (Filename = '��.��')
2018-12-17T22:57:53.199855598Z	66	PC: 12b96 \| Move file pointer
2018-12-17T22:57:53.201374018Z	66	PC: 12ba3 \| Move file pointer
2018-12-17T22:57:53.203429266Z	63	PC: 12bad \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:57:53.206545272Z	66	PC: 12bc2 \| Move file pointer
2018-12-17T22:57:53.208167588Z	64	PC: 12bd3 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:57:53.212074142Z	66	PC: 12b96 \| Move file pointer
2018-12-17T22:57:53.213712983Z	66	PC: 12ba3 \| Move file pointer
2018-12-17T22:57:53.215276761Z	63	PC: 12bad \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:57:53.219156628Z	66	PC: 12bec \| Move file pointer
2018-12-17T22:57:53.220840353Z	66	PC: 12bf9 \| Move file pointer
2018-12-17T22:57:53.222477303Z	64	PC: 12c08 \| Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:57:53.230369513Z	62	PC: 12c0c \| Close file
2018-12-17T22:57:53.579813883Z	67	PC: 12f79 \| Get or set file attributes
2018-12-17T22:57:53.585192179Z	42	PC: 12c15 \| Get date 0x12c15: cmp dh, 0xa 0x12c18: je 0x12c1d 0x12c1a: jmp 0x12c3c 0x12c1c: nop 0x12c1d: cmp dl, 0x15 0x12c20: je 0x12c25 0x12c22: jmp 0x12c3c 0x12c24: nop 0x12c25: mov ax, 6 0x12c28: int 0x10 0x12c2a: mov ax, 0xe07 0x12c2d: int 0x10 0x12c2f: push cs 0x12c30: pop ds 0x12c31: mov ah, 9 0x12c33: mov dx, 0x6e9 0x12c36: int 0x21 0x12c38: mov ah, 0 0x12c3a: int 0x16 0x12c3c: push cs
2018-12-17T22:57:53.588247441Z	67	PC: 12c47 \| Get or set file attributes
2018-12-17T22:57:53.594736387Z	67	PC: 12c58 \| Get or set file attributes
2018-12-17T22:57:53.615534312Z	61	PC: 12c61 \| Open file (Filename = '��')
2018-12-17T22:57:53.624676905Z	63	PC: 12c76 \| Read file or device (Read 22 bytes on handle 5)
2018-12-17T22:57:53.631590986Z	66	PC: 12cf1 \| Move file pointer
2018-12-17T22:57:53.633348075Z	64	PC: 12d34 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:57:53.636514708Z	66	PC: 12d3d \| Move file pointer
2018-12-17T22:57:53.639283312Z	64	PC: 12d7d \| Write file or device (Write 1881 bytes on handle 5)
2018-12-17T22:57:53.648300439Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:57:53.649709489Z	64	PC: 12daa \| Write file or device (Write 22 bytes on handle 5)
2018-12-17T22:57:53.657074708Z	62	PC: 12db3 \| Close file
2018-12-17T22:57:53.665554323Z	67	PC: 12f79 \| Get or set file attributes
2018-12-17T22:57:53.675696517Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12706,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:04.647098364Z	170	PC: 12ab9 \| UNKNOWN!
2018-12-25T12:36:04.648117Z	53	PC: 12afe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.650118672Z	37	PC: 12b0b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.652279913Z	26	PC: 12b6f \| Set disk transfer address
2018-12-25T12:36:04.653512318Z	78	PC: 12b79 \| Find first file
2018-12-25T12:36:04.661852351Z	61	PC: 12b8a \| Open file (Filename = '��.��')
2018-12-25T12:36:04.668854336Z	66	PC: 12b96 \| Move file pointer
2018-12-25T12:36:04.670379523Z	66	PC: 12ba3 \| Move file pointer
2018-12-25T12:36:04.677464104Z	63	PC: 12bad \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:36:04.681268686Z	66	PC: 12bc2 \| Move file pointer
2018-12-25T12:36:04.683809513Z	64	PC: 12bd3 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:36:04.688422345Z	66	PC: 12b96 \| Move file pointer (See above)
2018-12-25T12:36:04.690391773Z	66	PC: 12ba3 \| Move file pointer (See above)
2018-12-25T12:36:04.691830663Z	63	PC: 12bad \| Read file or device (See above)
2018-12-25T12:36:04.69516909Z	66	PC: 12bec \| Move file pointer
2018-12-25T12:36:04.700368958Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T12:36:04.701995881Z	64	PC: 12c08 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:36:04.705293001Z	62	PC: 12c0c \| Close file
2018-12-25T12:36:05.380275404Z	67	PC: 12f79 \| Get or set file attributes
2018-12-25T12:36:05.386159455Z	42	PC: 12c15 \| Get date 0x12c15: cmp dh, 0xa 0x12c18: je 0x12c1d 0x12c1a: jmp 0x12c3c 0x12c1c: nop 0x12c1d: cmp dl, 0x15 0x12c20: je 0x12c25 0x12c22: jmp 0x12c3c 0x12c24: nop 0x12c25: mov ax, 6 0x12c28: int 0x10 0x12c2a: mov ax, 0xe07 0x12c2d: int 0x10 0x12c2f: push cs 0x12c30: pop ds 0x12c31: mov ah, 9 0x12c33: mov dx, 0x6e9 0x12c36: int 0x21 0x12c38: mov ah, 0 0x12c3a: int 0x16 0x12c3c: push cs
2018-12-25T12:36:05.389143108Z	67	PC: 12c47 \| Get or set file attributes
2018-12-25T12:36:05.39812082Z	67	PC: 12c58 \| Get or set file attributes
2018-12-25T12:36:05.422839567Z	61	PC: 12c61 \| Open file (Filename = '��')
2018-12-25T12:36:05.431469795Z	63	PC: 12c76 \| Read file or device (Read 22 bytes on handle 5)
2018-12-25T12:36:05.44203136Z	66	PC: 12cf1 \| Move file pointer
2018-12-25T12:36:05.444195515Z	64	PC: 12d34 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:36:05.447688256Z	66	PC: 12d3d \| Move file pointer
2018-12-25T12:36:05.451129622Z	64	PC: 12d7d \| Write file or device (Write 1881 bytes on handle 5)
2018-12-25T12:36:05.462028826Z	66	PC: 12d93 \| Move file pointer
2018-12-25T12:36:05.464049127Z	64	PC: 12daa \| Write file or device (Write 22 bytes on handle 5)
2018-12-25T12:36:05.473166146Z	62	PC: 12db3 \| Close file
2018-12-25T12:36:05.483127553Z	67	PC: 12f79 \| Get or set file attributes (See above)
2018-12-25T12:36:05.494630924Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":21,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12706,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:04.673844233Z	170	PC: 12ab9 \| UNKNOWN!
2018-12-25T12:36:04.675937231Z	53	PC: 12afe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.677498515Z	37	PC: 12b0b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.679703289Z	26	PC: 12b6f \| Set disk transfer address
2018-12-25T12:36:04.681313347Z	78	PC: 12b79 \| Find first file
2018-12-25T12:36:04.687899638Z	61	PC: 12b8a \| Open file (Filename = '��.��')
2018-12-25T12:36:04.694294709Z	66	PC: 12b96 \| Move file pointer
2018-12-25T12:36:04.696163288Z	66	PC: 12ba3 \| Move file pointer
2018-12-25T12:36:04.699100032Z	63	PC: 12bad \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:36:04.702081882Z	66	PC: 12bc2 \| Move file pointer
2018-12-25T12:36:04.703611576Z	64	PC: 12bd3 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:36:04.707118081Z	66	PC: 12b96 \| Move file pointer (See above)
2018-12-25T12:36:04.708821553Z	66	PC: 12ba3 \| Move file pointer (See above)
2018-12-25T12:36:04.710516656Z	63	PC: 12bad \| Read file or device (See above)
2018-12-25T12:36:04.713898193Z	66	PC: 12bec \| Move file pointer
2018-12-25T12:36:04.715506234Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T12:36:04.717022422Z	64	PC: 12c08 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:36:04.729032867Z	62	PC: 12c0c \| Close file
2018-12-25T12:36:05.056427199Z	67	PC: 12f79 \| Get or set file attributes
2018-12-25T12:36:05.061620592Z	42	PC: 12c15 \| Get date 0x12c15: cmp dh, 0xa 0x12c18: je 0x12c1d 0x12c1a: jmp 0x12c3c 0x12c1c: nop 0x12c1d: cmp dl, 0x15 0x12c20: je 0x12c25 0x12c22: jmp 0x12c3c 0x12c24: nop 0x12c25: mov ax, 6 0x12c28: int 0x10 0x12c2a: mov ax, 0xe07 0x12c2d: int 0x10 0x12c2f: push cs 0x12c30: pop ds 0x12c31: mov ah, 9 0x12c33: mov dx, 0x6e9 0x12c36: int 0x21 0x12c38: mov ah, 0 0x12c3a: int 0x16 0x12c3c: push cs
2018-12-25T12:36:05.072091807Z	9	PC: 12c38 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12706,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:04.795132094Z	170	PC: 12ab9 \| UNKNOWN!
2018-12-25T12:36:04.797301946Z	53	PC: 12afe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.798672738Z	37	PC: 12b0b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.800899108Z	26	PC: 12b6f \| Set disk transfer address
2018-12-25T12:36:04.802174753Z	78	PC: 12b79 \| Find first file
2018-12-25T12:36:04.809754995Z	61	PC: 12b8a \| Open file (Filename = '��.��')
2018-12-25T12:36:04.816578346Z	66	PC: 12b96 \| Move file pointer
2018-12-25T12:36:04.817990305Z	66	PC: 12ba3 \| Move file pointer
2018-12-25T12:36:04.820105585Z	63	PC: 12bad \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:36:04.823388766Z	66	PC: 12bc2 \| Move file pointer
2018-12-25T12:36:04.825009924Z	64	PC: 12bd3 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:36:04.829034438Z	66	PC: 12b96 \| Move file pointer (See above)
2018-12-25T12:36:04.830679687Z	66	PC: 12ba3 \| Move file pointer (See above)
2018-12-25T12:36:04.832259768Z	63	PC: 12bad \| Read file or device (See above)
2018-12-25T12:36:04.835895584Z	66	PC: 12bec \| Move file pointer
2018-12-25T12:36:04.837853416Z	66	PC: 12bf9 \| Move file pointer
2018-12-25T12:36:04.839523342Z	64	PC: 12c08 \| Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:36:04.843724311Z	62	PC: 12c0c \| Close file
2018-12-25T12:36:05.380194649Z	67	PC: 12f79 \| Get or set file attributes
2018-12-25T12:36:05.386743973Z	42	PC: 12c15 \| Get date 0x12c15: cmp dh, 0xa 0x12c18: je 0x12c1d 0x12c1a: jmp 0x12c3c 0x12c1c: nop 0x12c1d: cmp dl, 0x15 0x12c20: je 0x12c25 0x12c22: jmp 0x12c3c 0x12c24: nop 0x12c25: mov ax, 6 0x12c28: int 0x10 0x12c2a: mov ax, 0xe07 0x12c2d: int 0x10 0x12c2f: push cs 0x12c30: pop ds 0x12c31: mov ah, 9 0x12c33: mov dx, 0x6e9 0x12c36: int 0x21 0x12c38: mov ah, 0 0x12c3a: int 0x16 0x12c3c: push cs
2018-12-25T12:36:05.38968669Z	67	PC: 12c47 \| Get or set file attributes
2018-12-25T12:36:05.397522782Z	67	PC: 12c58 \| Get or set file attributes
2018-12-25T12:36:05.422876266Z	61	PC: 12c61 \| Open file (Filename = '��')
2018-12-25T12:36:05.435863734Z	63	PC: 12c76 \| Read file or device (Read 22 bytes on handle 5)
2018-12-25T12:36:05.444189168Z	66	PC: 12cf1 \| Move file pointer
2018-12-25T12:36:05.446304094Z	64	PC: 12d34 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T12:36:05.44973867Z	66	PC: 12d3d \| Move file pointer
2018-12-25T12:36:05.457495984Z	64	PC: 12d7d \| Write file or device (Write 1881 bytes on handle 5)
2018-12-25T12:36:05.469254954Z	66	PC: 12d93 \| Move file pointer
2018-12-25T12:36:05.471053592Z	64	PC: 12daa \| Write file or device (Write 22 bytes on handle 5)
2018-12-25T12:36:05.478937516Z	62	PC: 12db3 \| Close file
2018-12-25T12:36:05.488208214Z	67	PC: 12f79 \| Get or set file attributes (See above)
2018-12-25T12:36:05.499765389Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')