Sample viewer

vx.netlux.org/Virus.DOS.SX.749

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:33.526192354Z	74	PC: 12b6e \| Reallocate memory
2018-12-17T22:58:33.529763766Z	26	PC: 12bc7 \| Set disk transfer address
2018-12-17T22:58:33.531658017Z	72	PC: 12bd2 \| Allocate memory
2018-12-17T22:58:33.534153538Z	42	PC: 12bdf \| Get date 0x12bdf: cmp dh, 0xc 0x12be2: jne 0x12bfc 0x12be4: nop 0x12be5: nop 0x12be6: nop 0x12be7: cmp dl, 1 0x12bea: jne 0x12bfc 0x12bec: nop 0x12bed: nop 0x12bee: nop 0x12bef: mov ah, 9 0x12bf1: lea dx, word ptr [bp + 0x393] 0x12bf5: int 0x21 0x12bf7: mov ax, 0x4c00 0x12bfa: int 0x21 0x12bfc: xor dl, dl 0x12bfe: lea si, word ptr [bp + 0x43c] 0x12c02: mov ah, 0x47 0x12c04: int 0x21 0x12c06: xor cx, cx
2018-12-17T22:58:33.537725812Z	71	PC: 12c06 \| Get current directory
2018-12-17T22:58:33.541887785Z	78	PC: 12c10 \| Find first file
2018-12-17T22:58:33.549006545Z	61	PC: 12c1e \| Open file (Filename = '�!��:�I�!�� ')
2018-12-17T22:58:33.556855047Z	63	PC: 12c30 \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:58:33.561551705Z	66	PC: 12cfd \| Move file pointer
2018-12-17T22:58:33.563712106Z	64	PC: 12d08 \| Write file or device (Write 23 bytes on handle 5)
2018-12-17T22:58:33.579567306Z	64	PC: 12d1b \| Write file or device (Write 726 bytes on handle 5)
2018-12-17T22:58:33.590286885Z	66	PC: 12d2a \| Move file pointer
2018-12-17T22:58:33.592139016Z	64	PC: 12d35 \| Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:58:33.595303053Z	87	PC: 12d47 \| Get or set file date and time
2018-12-17T22:58:33.598347936Z	62	PC: 12d4b \| Close file
2018-12-17T22:58:33.608296576Z	79	PC: 12d55 \| Find next file
2018-12-17T22:58:33.611370974Z	59	PC: 12d62 \| Change current directory
2018-12-17T22:58:33.616967133Z	59	PC: 12d6f \| Change current directory
2018-12-17T22:58:33.619552903Z	73	PC: 12d77 \| Release memory
2018-12-17T22:58:33.626432524Z	76	PC: 0 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12912,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:55.719683394Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:36:55.722761646Z	26	PC: 12bc7 \| Set disk transfer address
2018-12-25T12:36:55.737082438Z	72	PC: 12bd2 \| Allocate memory
2018-12-25T12:36:55.738791475Z	42	PC: 12bdf \| Get date 0x12bdf: cmp dh, 0xc 0x12be2: jne 0x12bfc 0x12be4: nop 0x12be5: nop 0x12be6: nop 0x12be7: cmp dl, 1 0x12bea: jne 0x12bfc 0x12bec: nop 0x12bed: nop 0x12bee: nop 0x12bef: mov ah, 9 0x12bf1: lea dx, word ptr [bp + 0x393] 0x12bf5: int 0x21 0x12bf7: mov ax, 0x4c00 0x12bfa: int 0x21 0x12bfc: xor dl, dl 0x12bfe: lea si, word ptr [bp + 0x43c] 0x12c02: mov ah, 0x47 0x12c04: int 0x21 0x12c06: xor cx, cx
2018-12-25T12:36:55.741162353Z	71	PC: 12c06 \| Get current directory
2018-12-25T12:36:55.74506518Z	78	PC: 12c10 \| Find first file
2018-12-25T12:36:55.752043495Z	61	PC: 12c1e \| Open file (Filename = '�!��:�I�!�� ')
2018-12-25T12:36:55.75982554Z	63	PC: 12c30 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:36:55.764357822Z	66	PC: 12cfd \| Move file pointer
2018-12-25T12:36:55.766607301Z	64	PC: 12d08 \| Write file or device (Write 23 bytes on handle 5)
2018-12-25T12:36:56.413898809Z	64	PC: 12d1b \| Write file or device (Write 726 bytes on handle 5)
2018-12-25T12:36:56.423590141Z	66	PC: 12d2a \| Move file pointer
2018-12-25T12:36:56.426084573Z	64	PC: 12d35 \| Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:36:56.42828506Z	87	PC: 12d47 \| Get or set file date and time
2018-12-25T12:36:56.430489738Z	62	PC: 12d4b \| Close file
2018-12-25T12:36:56.44128667Z	79	PC: 12d55 \| Find next file
2018-12-25T12:36:56.457004706Z	59	PC: 12d62 \| Change current directory
2018-12-25T12:36:56.463055858Z	59	PC: 12d6f \| Change current directory
2018-12-25T12:36:56.46612475Z	73	PC: 12d77 \| Release memory
2018-12-25T12:36:56.473746322Z	76	PC: 0 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12912,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:55.82105804Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:36:55.82291172Z	26	PC: 12bc7 \| Set disk transfer address
2018-12-25T12:36:55.823936463Z	72	PC: 12bd2 \| Allocate memory
2018-12-25T12:36:55.825098569Z	42	PC: 12bdf \| Get date 0x12bdf: cmp dh, 0xc 0x12be2: jne 0x12bfc 0x12be4: nop 0x12be5: nop 0x12be6: nop 0x12be7: cmp dl, 1 0x12bea: jne 0x12bfc 0x12bec: nop 0x12bed: nop 0x12bee: nop 0x12bef: mov ah, 9 0x12bf1: lea dx, word ptr [bp + 0x393] 0x12bf5: int 0x21 0x12bf7: mov ax, 0x4c00 0x12bfa: int 0x21 0x12bfc: xor dl, dl 0x12bfe: lea si, word ptr [bp + 0x43c] 0x12c02: mov ah, 0x47 0x12c04: int 0x21 0x12c06: xor cx, cx
2018-12-25T12:36:55.826612145Z	9	PC: 12bf7 \| Display string (Could not find end pointer)
2018-12-25T12:36:55.830196059Z	76	PC: 12bfc \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12912,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:56.23731833Z	74	PC: 12b6e \| Reallocate memory
2018-12-25T12:36:56.239974206Z	26	PC: 12bc7 \| Set disk transfer address
2018-12-25T12:36:56.241012299Z	72	PC: 12bd2 \| Allocate memory
2018-12-25T12:36:56.242473351Z	42	PC: 12bdf \| Get date 0x12bdf: cmp dh, 0xc 0x12be2: jne 0x12bfc 0x12be4: nop 0x12be5: nop 0x12be6: nop 0x12be7: cmp dl, 1 0x12bea: jne 0x12bfc 0x12bec: nop 0x12bed: nop 0x12bee: nop 0x12bef: mov ah, 9 0x12bf1: lea dx, word ptr [bp + 0x393] 0x12bf5: int 0x21 0x12bf7: mov ax, 0x4c00 0x12bfa: int 0x21 0x12bfc: xor dl, dl 0x12bfe: lea si, word ptr [bp + 0x43c] 0x12c02: mov ah, 0x47 0x12c04: int 0x21 0x12c06: xor cx, cx
2018-12-25T12:36:56.2451139Z	71	PC: 12c06 \| Get current directory
2018-12-25T12:36:56.24820838Z	78	PC: 12c10 \| Find first file
2018-12-25T12:36:56.254230083Z	61	PC: 12c1e \| Open file (Filename = '�!��:�I�!�� ')
2018-12-25T12:36:56.261012798Z	63	PC: 12c30 \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T12:36:56.267241809Z	66	PC: 12cfd \| Move file pointer
2018-12-25T12:36:56.268539817Z	64	PC: 12d08 \| Write file or device (Write 23 bytes on handle 5)
2018-12-25T12:36:56.283609547Z	64	PC: 12d1b \| Write file or device (Write 726 bytes on handle 5)
2018-12-25T12:36:56.306734746Z	66	PC: 12d2a \| Move file pointer
2018-12-25T12:36:56.307958494Z	64	PC: 12d35 \| Write file or device (Write 32 bytes on handle 5)
2018-12-25T12:36:56.310466443Z	87	PC: 12d47 \| Get or set file date and time
2018-12-25T12:36:56.312459258Z	62	PC: 12d4b \| Close file
2018-12-25T12:36:56.320155453Z	79	PC: 12d55 \| Find next file
2018-12-25T12:36:56.322664408Z	59	PC: 12d62 \| Change current directory
2018-12-25T12:36:56.327612264Z	59	PC: 12d6f \| Change current directory
2018-12-25T12:36:56.329398251Z	73	PC: 12d77 \| Release memory
2018-12-25T12:36:56.33559765Z	76	PC: 0 \| Terminate with return code (Return code = '0')