Sample viewer

vx.netlux.org/Virus.DOS.Xav.Mandra.535

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:30.120336952Z	26	PC: 12e53 \| Set disk transfer address
2018-12-17T22:01:30.122954115Z	78	PC: 12e5e \| Find first file
2018-12-17T22:01:30.129740855Z	61	PC: 12ea9 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:01:30.136763607Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.138852512Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.145746489Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.154304123Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.156273598Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.160216867Z	61	PC: 12ea9 \| Open file (Filename = '')
2018-12-17T22:01:30.168198381Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.16981657Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.176975638Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.182644014Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.18465118Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.188738697Z	61	PC: 12ea9 \| Open file (Filename = '')
2018-12-17T22:01:30.193821766Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.195319949Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.205237211Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.206742485Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.211720753Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.222574481Z	61	PC: 12ea9 \| Open file (Filename = '')
2018-12-17T22:01:30.229854566Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.231486385Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.252268115Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.253768782Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.255495743Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.266726433Z	61	PC: 12ea9 \| Open file (Filename = '')
2018-12-17T22:01:30.273639172Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.275310957Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.28247006Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.283964687Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.285960257Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.289143634Z	61	PC: 12ea9 \| Open file (Filename = '')
2018-12-17T22:01:30.296022722Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.297380593Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.303796422Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.306333283Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.308495439Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.312085212Z	61	PC: 12ea9 \| Open file (Filename = '')
2018-12-17T22:01:30.325556852Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.327095217Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.333521673Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.336203111Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.338215285Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.341222888Z	61	PC: 12ea9 \| Open file (Filename = '')
2018-12-17T22:01:30.348153299Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-17T22:01:30.34955329Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:30.352028413Z	66	PC: 12eef \| Move file pointer
2018-12-17T22:01:30.354482777Z	64	PC: 12f81 \| Write file or device (Write 535 bytes on handle 5)
2018-12-17T22:01:30.667864075Z	64	PC: 12f9a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:01:30.671708686Z	87	PC: 12fb9 \| Get or set file date and time
2018-12-17T22:01:30.673729352Z	62	PC: 12fbd \| Close file
2018-12-17T22:01:30.691751164Z	79	PC: 12fc1 \| Find next file
2018-12-17T22:01:30.694805718Z	26	PC: 12e67 \| Set disk transfer address
2018-12-17T22:01:30.697339694Z	42	PC: 12e6d \| Get date 0x12e6d: cmp dh, 0xc 0x12e70: jne 0x12e87 0x12e72: mov ah, 9 0x12e74: lea dx, word ptr [bp + 0x2d9] 0x12e78: int 0x21 0x12e7a: in ax, 0x40 0x12e7c: push ax 0x12e7d: in ax, 0x40 0x12e7f: ror ax, 1 0x12e81: ror ax, 1 0x12e83: xor ah, al 0x12e85: push ax 0x12e86: retf 0x12e87: mov ax, 0x100 0x12e8a: push ax 0x12e8b: sub ax, ax 0x12e8d: sub bx, bx 0x12e8f: sub cx, cx 0x12e91: sub dx, dx 0x12e93: sub si, si
2018-12-17T22:01:30.699574623Z	9	PC: 12e7a \| Display string (String= 'MANDRAGORA Group were Arthax, Coder Death, Insane & Xavirus Hacker.')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1286,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:11.552694888Z	26	PC: 12e53 \| Set disk transfer address
2018-12-25T11:43:11.554245542Z	78	PC: 12e5e \| Find first file
2018-12-25T11:43:11.557978489Z	61	PC: 12ea9 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:11.561966765Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-25T11:43:11.563954757Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:11.570963859Z	66	PC: 12eef \| Move file pointer
2018-12-25T11:43:11.572252526Z	62	PC: 12fbd \| Close file
2018-12-25T11:43:11.574253388Z	79	PC: 12fc1 \| Find next file
2018-12-25T11:43:11.576710656Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:11.583074516Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:11.584464138Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:11.59052139Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:11.591704715Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:11.593230384Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:11.595856284Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:11.602296121Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:11.60353627Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:11.610629732Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:11.612709653Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:11.614349841Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:11.626941794Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:11.634674525Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:11.635976689Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:11.642760288Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:11.644265024Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:11.646273516Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:11.64944299Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:11.656942567Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:11.658737383Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:11.665670942Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:11.66695976Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:11.668559626Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:11.671441976Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:11.677725773Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:11.678994665Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:11.685472258Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:11.687015281Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:11.688663139Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:11.692564374Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:11.699014961Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:11.700305027Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:11.707007662Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:11.708355129Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:11.709944682Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:11.71287808Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:11.719661752Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:11.721367622Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:11.724302778Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:11.725849738Z	64	PC: 12f81 \| Write file or device (Write 535 bytes on handle 5)
2018-12-25T11:43:11.741108876Z	64	PC: 12f9a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:11.744195894Z	87	PC: 12fb9 \| Get or set file date and time
2018-12-25T11:43:11.745480461Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:11.75287189Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:11.755756049Z	26	PC: 12e67 \| Set disk transfer address
2018-12-25T11:43:11.757065483Z	42	PC: 12e6d \| Get date 0x12e6d: cmp dh, 0xc 0x12e70: jne 0x12e87 0x12e72: mov ah, 9 0x12e74: lea dx, word ptr [bp + 0x2d9] 0x12e78: int 0x21 0x12e7a: in ax, 0x40 0x12e7c: push ax 0x12e7d: in ax, 0x40 0x12e7f: ror ax, 1 0x12e81: ror ax, 1 0x12e83: xor ah, al 0x12e85: push ax 0x12e86: retf 0x12e87: mov ax, 0x100 0x12e8a: push ax 0x12e8b: sub ax, ax 0x12e8d: sub bx, bx 0x12e8f: sub cx, cx 0x12e91: sub dx, dx 0x12e93: sub si, si
2018-12-25T11:43:11.759488047Z	9	PC: 12e7a \| Display string (String= 'MANDRAGORA Group were Arthax, Coder Death, Insane & Xavirus Hacker.')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1286,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:12.28315208Z	26	PC: 12e53 \| Set disk transfer address
2018-12-25T11:43:12.284745064Z	78	PC: 12e5e \| Find first file
2018-12-25T11:43:12.288870872Z	61	PC: 12ea9 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:12.293065742Z	87	PC: 12ec8 \| Get or set file date and time
2018-12-25T11:43:12.300687427Z	63	PC: 12edb \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:12.306247137Z	66	PC: 12eef \| Move file pointer
2018-12-25T11:43:12.307998745Z	62	PC: 12fbd \| Close file
2018-12-25T11:43:12.310333159Z	79	PC: 12fc1 \| Find next file
2018-12-25T11:43:12.314055712Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:12.325558986Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:12.326871252Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:12.332861159Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:12.334302439Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:12.33546515Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:12.337716789Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:12.342097779Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:12.343308336Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:12.349761358Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:12.351030055Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:12.352572681Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:12.355786304Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:12.362076283Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:12.36334272Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:12.369834984Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:12.370908713Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:12.372206922Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:12.374946247Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:12.37913105Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:12.380059999Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:12.386462068Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:12.387545412Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:12.38928682Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:12.392091966Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:12.398542057Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:12.400466091Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:12.407462157Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:12.408904387Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:12.410552422Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:12.413196147Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:12.421919348Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:12.422988088Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:12.427363024Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:12.428757301Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:12.430005423Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:12.432198685Z	61	PC: 12ea9 \| Open file (See above)
2018-12-25T11:43:12.43809127Z	87	PC: 12ec8 \| Get or set file date and time (See above)
2018-12-25T11:43:12.439145714Z	63	PC: 12edb \| Read file or device (See above)
2018-12-25T11:43:12.44438121Z	66	PC: 12eef \| Move file pointer (See above)
2018-12-25T11:43:12.445969359Z	64	PC: 12f81 \| Write file or device (Write 535 bytes on handle 5)
2018-12-25T11:43:12.458392202Z	64	PC: 12f9a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:12.461456023Z	87	PC: 12fb9 \| Get or set file date and time
2018-12-25T11:43:12.471932223Z	62	PC: 12fbd \| Close file (See above)
2018-12-25T11:43:12.479964422Z	79	PC: 12fc1 \| Find next file (See above)
2018-12-25T11:43:12.482650553Z	26	PC: 12e67 \| Set disk transfer address
2018-12-25T11:43:12.484162046Z	42	PC: 12e6d \| Get date 0x12e6d: cmp dh, 0xc 0x12e70: jne 0x12e87 0x12e72: mov ah, 9 0x12e74: lea dx, word ptr [bp + 0x2d9] 0x12e78: int 0x21 0x12e7a: in ax, 0x40 0x12e7c: push ax 0x12e7d: in ax, 0x40 0x12e7f: ror ax, 1 0x12e81: ror ax, 1 0x12e83: xor ah, al 0x12e85: push ax 0x12e86: retf 0x12e87: mov ax, 0x100 0x12e8a: push ax 0x12e8b: sub ax, ax 0x12e8d: sub bx, bx 0x12e8f: sub cx, cx 0x12e91: sub dx, dx 0x12e93: sub si, si
2018-12-25T11:43:12.486380355Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')