Sample viewer

vx.netlux.org/Virus.DOS.Opic.727

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:34.411368085Z	47	PC: 12acd \| Get disk transfer address
2018-12-17T22:58:34.412743548Z	26	PC: 12ad9 \| Set disk transfer address
2018-12-17T22:58:34.414713928Z	78	PC: 12af1 \| Find first file
2018-12-17T22:58:34.421970287Z	61	PC: 12b6f \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:58:34.429682013Z	63	PC: 12b7c \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:34.433970759Z	66	PC: 12be3 \| Move file pointer
2018-12-17T22:58:34.43679172Z	64	PC: 12c56 \| Write file or device (Write 137 bytes on handle 5)
2018-12-17T22:58:34.441110762Z	64	PC: 12c61 \| Write file or device (Write 590 bytes on handle 5)
2018-12-17T22:58:34.456981129Z	66	PC: 12c6a \| Move file pointer
2018-12-17T22:58:34.458554378Z	64	PC: 12c75 \| Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:58:34.461973953Z	62	PC: 12c79 \| Close file
2018-12-17T22:58:34.471916853Z	79	PC: 12af1 \| Find next file
2018-12-17T22:58:34.474787024Z	59	PC: 12afe \| Change current directory
2018-12-17T22:58:34.482782134Z	42	PC: 12b04 \| Get date 0x12b04: cmp dl, 0x1f 0x12b07: je 0x12b19 0x12b09: nop 0x12b0a: nop 0x12b0b: nop 0x12b0c: cmp dl, 0xd 0x12b0f: je 0x12b19 0x12b11: nop 0x12b12: nop 0x12b13: nop 0x12b14: je 0x12b19 0x12b16: jmp 0x12c7e 0x12b19: mov ah, 0x2c 0x12b1b: int 0x21 0x12b1d: cmp dh, 0x1e 0x12b20: jb 0x12b28 0x12b22: nop 0x12b23: nop 0x12b24: nop 0x12b25: jmp 0x12c7e
2018-12-17T22:58:34.486138456Z	26	PC: 12c84 \| Set disk transfer address
2018-12-17T22:58:34.48801714Z	76	PC: 13128 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12919,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:56.343841824Z	47	PC: 12acd \| Get disk transfer address
2018-12-25T12:36:56.345397714Z	26	PC: 12ad9 \| Set disk transfer address
2018-12-25T12:36:56.347478775Z	78	PC: 12af1 \| Find first file
2018-12-25T12:36:56.353971041Z	61	PC: 12b6f \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:36:56.363261176Z	63	PC: 12b7c \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:56.367231877Z	66	PC: 12be3 \| Move file pointer
2018-12-25T12:36:56.369831836Z	64	PC: 12c56 \| Write file or device (Write 137 bytes on handle 5)
2018-12-25T12:36:56.374215604Z	64	PC: 12c61 \| Write file or device (Write 590 bytes on handle 5)
2018-12-25T12:36:56.418882647Z	66	PC: 12c6a \| Move file pointer
2018-12-25T12:36:56.421203027Z	64	PC: 12c75 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:36:56.425226199Z	62	PC: 12c79 \| Close file
2018-12-25T12:36:56.43697666Z	79	PC: 12af1 \| Find next file (See above)
2018-12-25T12:36:56.440067116Z	59	PC: 12afe \| Change current directory
2018-12-25T12:36:56.444716234Z	42	PC: 12b04 \| Get date 0x12b04: cmp dl, 0x1f 0x12b07: je 0x12b19 0x12b09: nop 0x12b0a: nop 0x12b0b: nop 0x12b0c: cmp dl, 0xd 0x12b0f: je 0x12b19 0x12b11: nop 0x12b12: nop 0x12b13: nop 0x12b14: je 0x12b19 0x12b16: jmp 0x12c7e 0x12b19: mov ah, 0x2c 0x12b1b: int 0x21 0x12b1d: cmp dh, 0x1e 0x12b20: jb 0x12b28 0x12b22: nop 0x12b23: nop 0x12b24: nop 0x12b25: jmp 0x12c7e
2018-12-25T12:36:56.447705883Z	26	PC: 12c84 \| Set disk transfer address
2018-12-25T12:36:56.449744446Z	76	PC: 13128 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12919,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:56.517703152Z	47	PC: 12acd \| Get disk transfer address
2018-12-25T12:36:56.520164038Z	26	PC: 12ad9 \| Set disk transfer address
2018-12-25T12:36:56.521470095Z	78	PC: 12af1 \| Find first file
2018-12-25T12:36:56.527470994Z	61	PC: 12b6f \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:36:56.535022559Z	63	PC: 12b7c \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:56.538363172Z	66	PC: 12be3 \| Move file pointer
2018-12-25T12:36:56.54062112Z	64	PC: 12c56 \| Write file or device (Write 137 bytes on handle 5)
2018-12-25T12:36:56.543875043Z	64	PC: 12c61 \| Write file or device (Write 590 bytes on handle 5)
2018-12-25T12:36:56.557252901Z	66	PC: 12c6a \| Move file pointer
2018-12-25T12:36:56.558607318Z	64	PC: 12c75 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:36:56.56127294Z	62	PC: 12c79 \| Close file
2018-12-25T12:36:56.575987975Z	79	PC: 12af1 \| Find next file (See above)
2018-12-25T12:36:56.578292036Z	59	PC: 12afe \| Change current directory
2018-12-25T12:36:56.582243264Z	42	PC: 12b04 \| Get date 0x12b04: cmp dl, 0x1f 0x12b07: je 0x12b19 0x12b09: nop 0x12b0a: nop 0x12b0b: nop 0x12b0c: cmp dl, 0xd 0x12b0f: je 0x12b19 0x12b11: nop 0x12b12: nop 0x12b13: nop 0x12b14: je 0x12b19 0x12b16: jmp 0x12c7e 0x12b19: mov ah, 0x2c 0x12b1b: int 0x21 0x12b1d: cmp dh, 0x1e 0x12b20: jb 0x12b28 0x12b22: nop 0x12b23: nop 0x12b24: nop 0x12b25: jmp 0x12c7e
2018-12-25T12:36:56.584571734Z	44	PC: 12b1d \| Get time 0x12b1d: cmp dh, 0x1e 0x12b20: jb 0x12b28 0x12b22: nop 0x12b23: nop 0x12b24: nop 0x12b25: jmp 0x12c7e 0x12b28: mov cx, 5 0x12b2b: mov al, 7 0x12b2d: int 0x29 0x12b2f: loop 0x12b2b 0x12b31: mov ah, 0x39 0x12b33: lea dx, word ptr [bp + 0x278] 0x12b37: int 0x21 0x12b39: mov ah, 0x39 0x12b3b: lea dx, word ptr [bp + 0x280] 0x12b3f: int 0x21 0x12b41: mov ax, 0x3d02 0x12b44: lea dx, word ptr [bp + 0x285] 0x12b48: int 0x21 0x12b4a: xchg ax, bx
2018-12-25T12:36:56.586637161Z	26	PC: 12c84 \| Set disk transfer address
2018-12-25T12:36:56.587631226Z	76	PC: 13128 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12919,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:57.641056691Z	47	PC: 12acd \| Get disk transfer address
2018-12-25T12:36:57.644092308Z	26	PC: 12ad9 \| Set disk transfer address
2018-12-25T12:36:57.645985446Z	78	PC: 12af1 \| Find first file
2018-12-25T12:36:57.652827923Z	61	PC: 12b6f \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:36:57.663228831Z	63	PC: 12b7c \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:57.665812211Z	66	PC: 12be3 \| Move file pointer
2018-12-25T12:36:57.667536894Z	64	PC: 12c56 \| Write file or device (Write 137 bytes on handle 5)
2018-12-25T12:36:57.669788195Z	64	PC: 12c61 \| Write file or device (Write 590 bytes on handle 5)
2018-12-25T12:36:57.683494589Z	66	PC: 12c6a \| Move file pointer
2018-12-25T12:36:57.684972908Z	64	PC: 12c75 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:36:57.687929294Z	62	PC: 12c79 \| Close file
2018-12-25T12:36:57.699363168Z	79	PC: 12af1 \| Find next file (See above)
2018-12-25T12:36:57.701974456Z	59	PC: 12afe \| Change current directory
2018-12-25T12:36:57.707303489Z	42	PC: 12b04 \| Get date 0x12b04: cmp dl, 0x1f 0x12b07: je 0x12b19 0x12b09: nop 0x12b0a: nop 0x12b0b: nop 0x12b0c: cmp dl, 0xd 0x12b0f: je 0x12b19 0x12b11: nop 0x12b12: nop 0x12b13: nop 0x12b14: je 0x12b19 0x12b16: jmp 0x12c7e 0x12b19: mov ah, 0x2c 0x12b1b: int 0x21 0x12b1d: cmp dh, 0x1e 0x12b20: jb 0x12b28 0x12b22: nop 0x12b23: nop 0x12b24: nop 0x12b25: jmp 0x12c7e
2018-12-25T12:36:57.710459404Z	44	PC: 12b1d \| Get time 0x12b1d: cmp dh, 0x1e 0x12b20: jb 0x12b28 0x12b22: nop 0x12b23: nop 0x12b24: nop 0x12b25: jmp 0x12c7e 0x12b28: mov cx, 5 0x12b2b: mov al, 7 0x12b2d: int 0x29 0x12b2f: loop 0x12b2b 0x12b31: mov ah, 0x39 0x12b33: lea dx, word ptr [bp + 0x278] 0x12b37: int 0x21 0x12b39: mov ah, 0x39 0x12b3b: lea dx, word ptr [bp + 0x280] 0x12b3f: int 0x21 0x12b41: mov ax, 0x3d02 0x12b44: lea dx, word ptr [bp + 0x285] 0x12b48: int 0x21 0x12b4a: xchg ax, bx
2018-12-25T12:36:57.713276021Z	26	PC: 12c84 \| Set disk transfer address
2018-12-25T12:36:57.71596158Z	76	PC: 13128 \| Terminate with return code (Return code = '0')