Sample viewer

vx.netlux.org/Virus.DOS.Eescout.616

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:25.92974574Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.931041596Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.933691376Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.935790843Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-17T22:58:25.938600945Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.941118376Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.942606573Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.947602995Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.953342744Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-17T22:58:25.95584137Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.957283371Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.959796765Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.961805621Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.963781665Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-17T22:58:25.966470409Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.968254572Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.969485005Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.975868654Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.980524555Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-17T22:58:25.982712458Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.984042918Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.987253082Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.989263241Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:25.990997991Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-17T22:58:25.993706812Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.996323321Z	26	PC: 12c35 \| Set disk transfer address
2018-12-17T22:58:25.998542532Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:26.023421655Z	78	PC: 12ae0 \| Find first file
2018-12-17T22:58:26.032140554Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-17T22:58:26.034409067Z	26	PC: 12c35 \| Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12884,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:43.893640394Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T12:36:43.896576793Z	78	PC: 12ae0 \| Find first file
2018-12-25T12:36:43.898950223Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:43.901228162Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-25T12:36:43.904286211Z	9	PC: 12c27 \| Display string (Could not find end pointer)
2018-12-25T12:36:43.995487529Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:43.996967721Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:43.998221877Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.00511312Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.010323426Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.013252693Z	9	PC: 12c27 \| Display string (See above)
2018-12-25T12:36:44.038558293Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.040118767Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.041551632Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.056966418Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.059365871Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.062327797Z	9	PC: 12c27 \| Display string (See above)
2018-12-25T12:36:44.166358514Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.168210528Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.169917528Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.177105923Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.182804489Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.186250831Z	9	PC: 12c27 \| Display string (See above)
2018-12-25T12:36:44.217624786Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.220536137Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.222434441Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.225499651Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.236603035Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.239631305Z	9	PC: 12c27 \| Display string (See above)
2018-12-25T12:36:44.338520142Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.342022671Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.343404604Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.349934383Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.357519918Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.359991203Z	9	PC: 12c27 \| Display string (See above)
2018-12-25T12:36:44.460822091Z	26	PC: 12c35 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12884,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:44.101634499Z	26	PC: 12c35 \| Set disk transfer address
2018-12-25T12:36:44.103373142Z	78	PC: 12ae0 \| Find first file
2018-12-25T12:36:44.106102041Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.108503768Z	42	PC: 12c1b \| Get date 0x12c1b: cmp al, 5 0x12c1d: jb 0x12c27 0x12c1f: mov ah, 9 0x12c21: lea dx, word ptr [bp + 0x31e] 0x12c25: int 0x21 0x12c27: ret 0x12c28: mov ah, 0x42 0x12c2a: xor cx, cx 0x12c2c: xor dx, dx 0x12c2e: int 0x21 0x12c30: ret 0x12c31: mov ah, 0x1a 0x12c33: int 0x21 0x12c35: ret 0x12c36: mov ah, 0x3d 0x12c38: lea dx, word ptr [bp + 0x38c] 0x12c3c: int 0x21 0x12c3e: xchg ax, bx 0x12c3f: ret 0x12c40: mov ax, 0x4301
2018-12-25T12:36:44.111343464Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.116784082Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.118097128Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.124938146Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.131971646Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.134497199Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.136330626Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.152019581Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.154247495Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.156534009Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.159034565Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.161596084Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.164119288Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.171158299Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.176966708Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.179648619Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.181094159Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.188288466Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.190745433Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.193133906Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.200347466Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.20216014Z	26	PC: 12c35 \| Set disk transfer address (See above)
2018-12-25T12:36:44.203817404Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.210774823Z	78	PC: 12ae0 \| Find first file (See above)
2018-12-25T12:36:44.217940405Z	42	PC: 12c1b \| Get date (See above)
2018-12-25T12:36:44.220677733Z	26	PC: 12c35 \| Set disk transfer address (See above)