Sample viewer

vx.netlux.org/Virus.DOS.Trieda.851

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:46.309893693Z 47 PC: 13596 | Get disk transfer address
2018-12-17T22:58:46.311978692Z 26 PC: 135b2 | Set disk transfer address
2018-12-17T22:58:46.314243088Z 78 PC: 13719 | Find first file
2018-12-17T22:58:46.330322199Z 61 PC: 13738 | Open file (Filename = 'ù_^ZY[XÃPSRVèW')
2018-12-17T22:58:46.33780338Z 63 PC: 1374b | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:58:46.345948269Z 62 PC: 13801 | Close file
2018-12-17T22:58:46.348331348Z 79 PC: 13807 | Find next file
2018-12-17T22:58:46.351425844Z 59 PC: 135be | Change current directory
2018-12-17T22:58:46.357423507Z 78 PC: 13719 | Find first file
2018-12-17T22:58:46.364461365Z 61 PC: 13738 | Open file (Filename = 'ù_^ZY[XÃPSRVèW')
2018-12-17T22:58:46.371898623Z 63 PC: 1374b | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:58:46.375885196Z 62 PC: 13801 | Close file
2018-12-17T22:58:46.378434848Z 79 PC: 13807 | Find next file
2018-12-17T22:58:46.381549111Z 59 PC: 13612 | Change current directory
2018-12-17T22:58:46.388179243Z 78 PC: 13719 | Find first file
2018-12-17T22:58:46.396146117Z 61 PC: 13738 | Open file (Filename = 'ù_^ZY[XÃPSRVèW')
2018-12-17T22:58:46.40414983Z 63 PC: 1374b | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:58:46.407252972Z 62 PC: 13801 | Close file
2018-12-17T22:58:46.410842509Z 79 PC: 13807 | Find next file
2018-12-17T22:58:46.413972362Z 59 PC: 13666 | Change current directory
2018-12-17T22:58:46.416281703Z 42 PC: 13671 | Get date 0x13671: cmp dx, 0x603
0x13675: jne 0x136d1
0x13677: mov dx, 0x122
0x1367a: add dx, bp
0x1367c: mov ah, 9
0x1367e: int 0x21
0x13680: jmp 0x136d1
0x13682: nop
0x13683: push sp
0x13684: jb 0x136ef
0x13686: popaw
0x13689: and byte ptr [si], dh
0x1368b: inc bx
0x1368d: and byte ptr [bp + 0x20], dh
0x13690: je 0x136f7
0x13692: outsb dx, byte ptr [si]
0x13693: je 0x13704
0x13695: and byte ptr [si + 0x65], ah
0x13698: outsb dx, byte ptr [si]
0x13699: and byte ptr [bp + si + 0x6f], dh
2018-12-17T22:58:46.419937754Z 26 PC: 136df | Set disk transfer address
2018-12-17T22:58:46.421993929Z 48 PC: 12ae1 | Get DOS version
2018-12-17T22:58:46.423600518Z 9 PC: 12af0 | Display string (Could not find end pointer)
2018-12-17T22:58:46.431014974Z 74 PC: 12b5c | Reallocate memory
2018-12-17T22:58:46.433919904Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:58:46.435570586Z 51 PC: 12dd8 | Get or set Ctrl-Break
2018-12-17T22:58:46.437318912Z 51 PC: 12de3 | Get or set Ctrl-Break
2018-12-17T22:58:46.439047681Z 72 PC: 131cb | Allocate memory
2018-12-17T22:58:46.441311135Z 41 PC: 13246 | Parse filename
2018-12-17T22:58:46.443387508Z 41 PC: 1324f | Parse filename
2018-12-17T22:58:46.446605126Z 75 PC: 13219 | Execute program

{"DateBased":true,"Day":3,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12983,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:07.331582614Z 47 PC: 13596 | Get disk transfer address
2018-12-25T12:37:07.333247253Z 26 PC: 135b2 | Set disk transfer address
2018-12-25T12:37:07.334491794Z 78 PC: 13719 | Find first file
2018-12-25T12:37:07.340147179Z 61 PC: 13738 | Open file (Filename = 'ù_^ZY[XÃPSRVèW')
2018-12-25T12:37:07.347306808Z 63 PC: 1374b | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:37:07.351797536Z 62 PC: 13801 | Close file
2018-12-25T12:37:07.353478573Z 79 PC: 13807 | Find next file
2018-12-25T12:37:07.356653579Z 59 PC: 135be | Change current directory
2018-12-25T12:37:07.360940094Z 78 PC: 13719 | Find first file (See above)
2018-12-25T12:37:07.366712491Z 61 PC: 13738 | Open file (See above)
2018-12-25T12:37:07.378432198Z 63 PC: 1374b | Read file or device (See above)
2018-12-25T12:37:07.385372568Z 62 PC: 13801 | Close file (See above)
2018-12-25T12:37:07.387346065Z 79 PC: 13807 | Find next file (See above)
2018-12-25T12:37:07.390077288Z 59 PC: 13612 | Change current directory
2018-12-25T12:37:07.396070123Z 78 PC: 13719 | Find first file (See above)
2018-12-25T12:37:07.402376402Z 61 PC: 13738 | Open file (See above)
2018-12-25T12:37:07.408573036Z 63 PC: 1374b | Read file or device (See above)
2018-12-25T12:37:07.411822343Z 62 PC: 13801 | Close file (See above)
2018-12-25T12:37:07.413498135Z 79 PC: 13807 | Find next file (See above)
2018-12-25T12:37:07.41605914Z 59 PC: 13666 | Change current directory
2018-12-25T12:37:07.418693358Z 42 PC: 13671 | Get date 0x13671: cmp dx, 0x603
0x13675: jne 0x136d1
0x13677: mov dx, 0x122
0x1367a: add dx, bp
0x1367c: mov ah, 9
0x1367e: int 0x21
0x13680: jmp 0x136d1
0x13682: nop
0x13683: push sp
0x13684: jb 0x136ef
0x13686: popaw
0x13689: and byte ptr [si], dh
0x1368b: inc bx
0x1368d: and byte ptr [bp + 0x20], dh
0x13690: je 0x136f7
0x13692: outsb dx, byte ptr [si]
0x13693: je 0x13704
0x13695: and byte ptr [si + 0x65], ah
0x13698: outsb dx, byte ptr [si]
0x13699: and byte ptr [bp + si + 0x6f], dh
2018-12-25T12:37:07.421658668Z 9 PC: 13680 | Display string (Could not find end pointer)
2018-12-25T12:37:07.428680184Z 26 PC: 136df | Set disk transfer address
2018-12-25T12:37:07.431076769Z 48 PC: 12ae1 | Get DOS version
2018-12-25T12:37:07.434410972Z 9 PC: 12af0 | Display string (Could not find end pointer)
2018-12-25T12:37:07.440617386Z 74 PC: 12b5c | Reallocate memory
2018-12-25T12:37:07.443384104Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:07.444793365Z 51 PC: 12dd8 | Get or set Ctrl-Break
2018-12-25T12:37:07.445815854Z 51 PC: 12de3 | Get or set Ctrl-Break
2018-12-25T12:37:07.447677445Z 72 PC: 131cb | Allocate memory
2018-12-25T12:37:07.450046545Z 41 PC: 13246 | Parse filename
2018-12-25T12:37:07.452882199Z 41 PC: 1324f | Parse filename
2018-12-25T12:37:07.454738133Z 75 PC: 13219 | Execute program

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12983,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:07.374937981Z 47 PC: 13596 | Get disk transfer address
2018-12-25T12:37:07.376546419Z 26 PC: 135b2 | Set disk transfer address
2018-12-25T12:37:07.377642403Z 78 PC: 13719 | Find first file
2018-12-25T12:37:07.383530814Z 61 PC: 13738 | Open file (Filename = 'ù_^ZY[XÃPSRVèW')
2018-12-25T12:37:07.399345636Z 63 PC: 1374b | Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:37:07.409378389Z 62 PC: 13801 | Close file
2018-12-25T12:37:07.412103242Z 79 PC: 13807 | Find next file
2018-12-25T12:37:07.416051566Z 59 PC: 135be | Change current directory
2018-12-25T12:37:07.420643006Z 78 PC: 13719 | Find first file (See above)
2018-12-25T12:37:07.427872374Z 61 PC: 13738 | Open file (See above)
2018-12-25T12:37:07.435588858Z 63 PC: 1374b | Read file or device (See above)
2018-12-25T12:37:07.439061992Z 62 PC: 13801 | Close file (See above)
2018-12-25T12:37:07.441291672Z 79 PC: 13807 | Find next file (See above)
2018-12-25T12:37:07.445984066Z 59 PC: 13612 | Change current directory
2018-12-25T12:37:07.452176646Z 78 PC: 13719 | Find first file (See above)
2018-12-25T12:37:07.458176631Z 61 PC: 13738 | Open file (See above)
2018-12-25T12:37:07.465069644Z 63 PC: 1374b | Read file or device (See above)
2018-12-25T12:37:07.469267587Z 62 PC: 13801 | Close file (See above)
2018-12-25T12:37:07.477807949Z 79 PC: 13807 | Find next file (See above)
2018-12-25T12:37:07.493926914Z 59 PC: 13666 | Change current directory
2018-12-25T12:37:07.496944512Z 42 PC: 13671 | Get date 0x13671: cmp dx, 0x603
0x13675: jne 0x136d1
0x13677: mov dx, 0x122
0x1367a: add dx, bp
0x1367c: mov ah, 9
0x1367e: int 0x21
0x13680: jmp 0x136d1
0x13682: nop
0x13683: push sp
0x13684: jb 0x136ef
0x13686: popaw
0x13689: and byte ptr [si], dh
0x1368b: inc bx
0x1368d: and byte ptr [bp + 0x20], dh
0x13690: je 0x136f7
0x13692: outsb dx, byte ptr [si]
0x13693: je 0x13704
0x13695: and byte ptr [si + 0x65], ah
0x13698: outsb dx, byte ptr [si]
0x13699: and byte ptr [bp + si + 0x6f], dh
2018-12-25T12:37:07.499507835Z 26 PC: 136df | Set disk transfer address
2018-12-25T12:37:07.501032272Z 48 PC: 12ae1 | Get DOS version
2018-12-25T12:37:07.503570247Z 9 PC: 12af0 | Display string (Could not find end pointer)
2018-12-25T12:37:07.507882645Z 74 PC: 12b5c | Reallocate memory
2018-12-25T12:37:07.509622077Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:37:07.511415246Z 51 PC: 12dd8 | Get or set Ctrl-Break
2018-12-25T12:37:07.512130379Z 51 PC: 12de3 | Get or set Ctrl-Break
2018-12-25T12:37:07.512840802Z 72 PC: 131cb | Allocate memory
2018-12-25T12:37:07.515161271Z 41 PC: 13246 | Parse filename
2018-12-25T12:37:07.51724502Z 41 PC: 1324f | Parse filename
2018-12-25T12:37:07.519513869Z 75 PC: 13219 | Execute program