Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.1310.e

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:01.398537811Z	238	PC: 13251 \| UNKNOWN!
2018-12-17T22:58:01.399632926Z	53	PC: 1325d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:01.400604475Z	54	PC: 9f771 \| Get free disk space
2018-12-17T22:58:01.434554726Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:01.436112601Z	67	PC: 9f7be \| Get or set file attributes
2018-12-17T22:58:01.443844505Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-17T22:58:01.809957381Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-17T22:58:01.817500745Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-17T22:58:01.819403283Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:58:01.821142772Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:58:01.827704758Z	66	PC: 9f828 \| Move file pointer
2018-12-17T22:58:01.829144843Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:58:01.835099454Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:58:01.836647675Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:01.840536835Z	66	PC: 9fa5d \| Move file pointer
2018-12-17T22:58:01.842245502Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-17T22:58:01.852356515Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:58:01.85444083Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:01.85738369Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-17T22:58:01.859258049Z	62	PC: 9f9f7 \| Close file
2018-12-17T22:58:01.867291289Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-17T22:58:01.876725771Z	42	PC: 132ec \| Get date 0x132ec: cmp dx, 0x714 0x132f0: jne 0x13311 0x132f2: xor ax, ax 0x132f4: mov es, ax 0x132f6: mov dx, 0x49f 0x132f9: mov word ptr es:[0x70], dx 0x132fe: mov word ptr es:[0x72], ds 0x13303: mov bx, bx 0x13305: mov ax, ax 0x13307: mov cx, cx 0x13309: mov bx, bx 0x1330b: mov cx, cx 0x1330d: mov ax, ax 0x1330f: mov ax, ax 0x13311: cmp byte ptr cs:[si + 0x3b], 1 0x13316: je 0x1332a 0x13318: push cs 0x13319: push cs 0x1331a: pop ds 0x1331b: pop es
2018-12-17T22:58:01.878942237Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12740,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:11.961586834Z	238	PC: 13251 \| UNKNOWN!
2018-12-25T12:36:11.963174835Z	53	PC: 1325d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:11.964743391Z	54	PC: 9f771 \| Get free disk space
2018-12-25T12:36:12.004266896Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:12.006084598Z	67	PC: 9f7be \| Get or set file attributes
2018-12-25T12:36:12.011797323Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-25T12:36:12.341576733Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-25T12:36:12.348400985Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-25T12:36:12.350344219Z	66	PC: 9fa4e \| Move file pointer
2018-12-25T12:36:12.351965439Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:36:12.367559689Z	66	PC: 9f828 \| Move file pointer
2018-12-25T12:36:12.37037811Z	63	PC: 9fa3f \| Read file or device (See above)
2018-12-25T12:36:12.378257186Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:36:12.379893108Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:12.383318031Z	66	PC: 9fa5d \| Move file pointer
2018-12-25T12:36:12.387212066Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-25T12:36:12.65899807Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:36:12.66121409Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:12.664521725Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-25T12:36:12.666185721Z	62	PC: 9f9f7 \| Close file
2018-12-25T12:36:12.702771316Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-25T12:36:12.711699671Z	42	PC: 132ec \| Get date 0x132ec: cmp dx, 0x714 0x132f0: jne 0x13311 0x132f2: xor ax, ax 0x132f4: mov es, ax 0x132f6: mov dx, 0x49f 0x132f9: mov word ptr es:[0x70], dx 0x132fe: mov word ptr es:[0x72], ds 0x13303: mov bx, bx 0x13305: mov ax, ax 0x13307: mov cx, cx 0x13309: mov bx, bx 0x1330b: mov cx, cx 0x1330d: mov ax, ax 0x1330f: mov ax, ax 0x13311: cmp byte ptr cs:[si + 0x3b], 1 0x13316: je 0x1332a 0x13318: push cs 0x13319: push cs 0x1331a: pop ds 0x1331b: pop es
2018-12-25T12:36:12.713818554Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":20,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12740,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:12.306715097Z	238	PC: 13251 \| UNKNOWN!
2018-12-25T12:36:12.308466063Z	53	PC: 1325d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:12.310300476Z	54	PC: 9f771 \| Get free disk space
2018-12-25T12:36:12.357298214Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:12.362558642Z	67	PC: 9f7be \| Get or set file attributes
2018-12-25T12:36:12.370392055Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-25T12:36:12.705304156Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-25T12:36:12.7128584Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-25T12:36:12.714658324Z	66	PC: 9fa4e \| Move file pointer
2018-12-25T12:36:12.716378603Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:36:12.723388455Z	66	PC: 9f828 \| Move file pointer
2018-12-25T12:36:12.725410613Z	63	PC: 9fa3f \| Read file or device (See above)
2018-12-25T12:36:12.731885203Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:36:12.733299765Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:12.736577749Z	66	PC: 9fa5d \| Move file pointer
2018-12-25T12:36:12.7382836Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-25T12:36:12.748414036Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T12:36:12.750340059Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:12.753053747Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-25T12:36:12.754359339Z	62	PC: 9f9f7 \| Close file
2018-12-25T12:36:12.771297286Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-25T12:36:12.78107071Z	42	PC: 132ec \| Get date 0x132ec: cmp dx, 0x714 0x132f0: jne 0x13311 0x132f2: xor ax, ax 0x132f4: mov es, ax 0x132f6: mov dx, 0x49f 0x132f9: mov word ptr es:[0x70], dx 0x132fe: mov word ptr es:[0x72], ds 0x13303: mov bx, bx 0x13305: mov ax, ax 0x13307: mov cx, cx 0x13309: mov bx, bx 0x1330b: mov cx, cx 0x1330d: mov ax, ax 0x1330f: mov ax, ax 0x13311: cmp byte ptr cs:[si + 0x3b], 1 0x13316: je 0x1332a 0x13318: push cs 0x13319: push cs 0x1331a: pop ds 0x1331b: pop es
2018-12-25T12:36:12.783295823Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')