Sample viewer

vx.netlux.org/Virus.DOS.DIW.389

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:54.74490272Z 47 PC: 133a2 | Get disk transfer address
2018-12-17T22:58:54.746613946Z 26 PC: 133b0 | Set disk transfer address
2018-12-17T22:58:54.748003184Z 78 PC: 13447 | Find first file
2018-12-17T22:58:54.753836279Z 47 PC: 1344d | Get disk transfer address
2018-12-17T22:58:54.755345283Z 61 PC: 133e1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:54.761918739Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:54.768241398Z 66 PC: 13415 | Move file pointer
2018-12-17T22:58:54.769814941Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:54.772912869Z 66 PC: 1342a | Move file pointer
2018-12-17T22:58:54.774277896Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-17T22:58:54.788796892Z 62 PC: 1343d | Close file
2018-12-17T22:58:54.797623387Z 79 PC: 13463 | Find next file
2018-12-17T22:58:54.800189724Z 61 PC: 133e1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:54.807076123Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:54.815321816Z 66 PC: 13415 | Move file pointer
2018-12-17T22:58:54.817180745Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:54.8207729Z 66 PC: 1342a | Move file pointer
2018-12-17T22:58:54.823793049Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-17T22:58:54.827174053Z 62 PC: 1343d | Close file
2018-12-17T22:58:54.835015995Z 79 PC: 13463 | Find next file
2018-12-17T22:58:54.838792962Z 61 PC: 133e1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:54.845796285Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:54.85195718Z 66 PC: 13415 | Move file pointer
2018-12-17T22:58:54.853509191Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:54.856375494Z 66 PC: 1342a | Move file pointer
2018-12-17T22:58:54.857783612Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-17T22:58:54.861382047Z 62 PC: 1343d | Close file
2018-12-17T22:58:54.869733302Z 79 PC: 13463 | Find next file
2018-12-17T22:58:54.87270899Z 61 PC: 133e1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:54.882082357Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:54.88951839Z 66 PC: 13415 | Move file pointer
2018-12-17T22:58:54.891128236Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:54.89506366Z 66 PC: 1342a | Move file pointer
2018-12-17T22:58:54.897450689Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-17T22:58:54.900450862Z 62 PC: 1343d | Close file
2018-12-17T22:58:54.908448257Z 79 PC: 13463 | Find next file
2018-12-17T22:58:54.911974547Z 61 PC: 133e1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:54.918811494Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:54.925301363Z 66 PC: 13415 | Move file pointer
2018-12-17T22:58:54.928197226Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:54.930970917Z 66 PC: 1342a | Move file pointer
2018-12-17T22:58:54.932360925Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-17T22:58:54.935610017Z 62 PC: 1343d | Close file
2018-12-17T22:58:54.943276426Z 79 PC: 13463 | Find next file
2018-12-17T22:58:54.946203916Z 61 PC: 133e1 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:54.95376115Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:54.960042673Z 66 PC: 13415 | Move file pointer
2018-12-17T22:58:54.961441605Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:54.965222589Z 66 PC: 1342a | Move file pointer
2018-12-17T22:58:54.966617911Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-17T22:58:54.974483522Z 62 PC: 1343d | Close file
2018-12-17T22:58:54.983683943Z 79 PC: 13463 | Find next file
2018-12-17T22:58:54.986666856Z 61 PC: 133e1 | Open file (Filename = 'PAH.COM')
2018-12-17T22:58:54.993388446Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:55.000836741Z 66 PC: 13415 | Move file pointer
2018-12-17T22:58:55.002335192Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:55.005172667Z 66 PC: 1342a | Move file pointer
2018-12-17T22:58:55.008011906Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-17T22:58:55.010842766Z 62 PC: 1343d | Close file
2018-12-17T22:58:55.018782498Z 79 PC: 13463 | Find next file
2018-12-17T22:58:55.022171588Z 61 PC: 133e1 | Open file (Filename = 'TEST.COM')
2018-12-17T22:58:55.029125597Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:55.032160539Z 62 PC: 1343d | Close file
2018-12-17T22:58:55.035652983Z 79 PC: 13463 | Find next file
2018-12-17T22:58:55.038740779Z 42 PC: 1346c | Get date 0x1346c: cmp dh, dl
0x1346e: je 0x13473
0x13470: jmp 0x1347e
0x13472: nop
0x13473: mov ah, 0x2c
0x13475: int 0x21
0x13477: cmp ch, cl
0x13479: jne 0x1347e
0x1347b: call 0x1347f
0x1347e: ret
0x1347f: mov dx, di
0x13481: add dx, 0xe
0x13484: mov ah, 0x4e
0x13486: mov cx, 0xef
0x13489: int 0x21
0x1348b: jb 0x134a8
0x1348d: mov ah, 0x2f
0x1348f: int 0x21
0x13491: mov dx, bx
0x13493: mov bx, dx
2018-12-17T22:58:55.041725287Z 78 PC: 134ce | Find first file
2018-12-17T22:58:55.04921735Z 26 PC: 133c5 | Set disk transfer address
2018-12-17T22:58:55.052503422Z 61 PC: 12a72 | Open file (Filename = 'CATCHER.COM')
2018-12-17T22:58:55.059248418Z 63 PC: 12a7f | Read file or device (Read 256 bytes on handle 2)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13044,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:12.142509184Z 47 PC: 133a2 | Get disk transfer address
2018-12-25T12:37:12.144685095Z 26 PC: 133b0 | Set disk transfer address
2018-12-25T12:37:12.160812335Z 78 PC: 13447 | Find first file
2018-12-25T12:37:12.167321736Z 47 PC: 1344d | Get disk transfer address
2018-12-25T12:37:12.168869652Z 61 PC: 133e1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:12.177013816Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:12.185167524Z 66 PC: 13415 | Move file pointer
2018-12-25T12:37:12.187104686Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:12.191572584Z 66 PC: 1342a | Move file pointer
2018-12-25T12:37:12.193542618Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-25T12:37:12.21026481Z 62 PC: 1343d | Close file
2018-12-25T12:37:12.222974841Z 79 PC: 13463 | Find next file
2018-12-25T12:37:12.226189719Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.23381993Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.242123236Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.243715904Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.24695283Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.249785399Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.253315503Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.263301332Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.267504369Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.275461643Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.283190786Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.285325312Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.289002494Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.291014766Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.294573667Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.304506801Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.307700141Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.315182424Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.323397047Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.325419751Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.328638081Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.331928731Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.335372042Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.344769981Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.348678328Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.356284355Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.363518151Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.365446644Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.3692518Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.370861213Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.373849879Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.383660847Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.387398183Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.39506702Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.403871744Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.405439259Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.40836891Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.411103673Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.419948989Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.429031227Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.432999457Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.440343064Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.447503902Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.449306442Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.453325805Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.455008041Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.457993558Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.468640962Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.472165878Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.479436703Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.483137051Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.485569597Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.488647446Z 42 PC: 1346c | Get date 0x1346c: cmp dh, dl
0x1346e: je 0x13473
0x13470: jmp 0x1347e
0x13472: nop
0x13473: mov ah, 0x2c
0x13475: int 0x21
0x13477: cmp ch, cl
0x13479: jne 0x1347e
0x1347b: call 0x1347f
0x1347e: ret
0x1347f: mov dx, di
0x13481: add dx, 0xe
0x13484: mov ah, 0x4e
0x13486: mov cx, 0xef
0x13489: int 0x21
0x1348b: jb 0x134a8
0x1348d: mov ah, 0x2f
0x1348f: int 0x21
0x13491: mov dx, bx
0x13493: mov bx, dx
2018-12-25T12:37:12.492499872Z 44 PC: 13477 | Get time 0x13477: cmp ch, cl
0x13479: jne 0x1347e
0x1347b: call 0x1347f
0x1347e: ret
0x1347f: mov dx, di
0x13481: add dx, 0xe
0x13484: mov ah, 0x4e
0x13486: mov cx, 0xef
0x13489: int 0x21
0x1348b: jb 0x134a8
0x1348d: mov ah, 0x2f
0x1348f: int 0x21
0x13491: mov dx, bx
0x13493: mov bx, dx
0x13495: push dx
0x13496: add bx, 0x1e
0x13499: mov dx, bx
0x1349b: mov ah, 0x41
0x1349d: int 0x21
0x1349f: pop dx
2018-12-25T12:37:12.495508561Z 78 PC: 134ce | Find first file
2018-12-25T12:37:12.50184148Z 26 PC: 133c5 | Set disk transfer address
2018-12-25T12:37:12.503425572Z 61 PC: 12a72 | Open file (Filename = 'CATCHER.COM')
2018-12-25T12:37:12.507498052Z 63 PC: 12a7f | Read file or device (Read 256 bytes on handle 2)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13044,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:12.71306203Z 47 PC: 133a2 | Get disk transfer address
2018-12-25T12:37:12.714935299Z 26 PC: 133b0 | Set disk transfer address
2018-12-25T12:37:12.720361587Z 78 PC: 13447 | Find first file
2018-12-25T12:37:12.726344244Z 47 PC: 1344d | Get disk transfer address
2018-12-25T12:37:12.742338324Z 61 PC: 133e1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:12.748764928Z 63 PC: 133ef | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:37:12.758097507Z 66 PC: 13415 | Move file pointer
2018-12-25T12:37:12.759903094Z 64 PC: 1341e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:37:12.764263903Z 66 PC: 1342a | Move file pointer
2018-12-25T12:37:12.766901723Z 64 PC: 13436 | Write file or device (Write 389 bytes on handle 5)
2018-12-25T12:37:12.780785517Z 62 PC: 1343d | Close file
2018-12-25T12:37:12.797921798Z 79 PC: 13463 | Find next file
2018-12-25T12:37:12.800929783Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.808260038Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.82669365Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.828163874Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.831110865Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.833453842Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.836158697Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.843993317Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.862629573Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.878877091Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.900571321Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.902703695Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.905314407Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.90669791Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.909843081Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.92580325Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.928901507Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.936795456Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.943389874Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.945015306Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.948123201Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.950185032Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.953071079Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.961566281Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:12.964665141Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:12.971127084Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:12.977584766Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:12.982907665Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:12.985846912Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:12.987841309Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:12.991019797Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:12.998745218Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:13.001564403Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:13.008505438Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:13.01468574Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:13.016247742Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:13.019580602Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:13.021167757Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:13.033317257Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:13.041599535Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:13.044538255Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:13.051272026Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:13.059533911Z 66 PC: 13415 | Move file pointer (See above)
2018-12-25T12:37:13.061183992Z 64 PC: 1341e | Write file or device (See above)
2018-12-25T12:37:13.063995021Z 66 PC: 1342a | Move file pointer (See above)
2018-12-25T12:37:13.06624405Z 64 PC: 13436 | Write file or device (See above)
2018-12-25T12:37:13.068978517Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:13.076807712Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:13.080311225Z 61 PC: 133e1 | Open file (See above)
2018-12-25T12:37:13.086762247Z 63 PC: 133ef | Read file or device (See above)
2018-12-25T12:37:13.089245909Z 62 PC: 1343d | Close file (See above)
2018-12-25T12:37:13.092550952Z 79 PC: 13463 | Find next file (See above)
2018-12-25T12:37:13.095251338Z 42 PC: 1346c | Get date 0x1346c: cmp dh, dl
0x1346e: je 0x13473
0x13470: jmp 0x1347e
0x13472: nop
0x13473: mov ah, 0x2c
0x13475: int 0x21
0x13477: cmp ch, cl
0x13479: jne 0x1347e
0x1347b: call 0x1347f
0x1347e: ret
0x1347f: mov dx, di
0x13481: add dx, 0xe
0x13484: mov ah, 0x4e
0x13486: mov cx, 0xef
0x13489: int 0x21
0x1348b: jb 0x134a8
0x1348d: mov ah, 0x2f
0x1348f: int 0x21
0x13491: mov dx, bx
0x13493: mov bx, dx
2018-12-25T12:37:13.097437874Z 78 PC: 134ce | Find first file
2018-12-25T12:37:13.103857355Z 26 PC: 133c5 | Set disk transfer address
2018-12-25T12:37:13.106702769Z 61 PC: 12a72 | Open file (Filename = 'CATCHER.COM')
2018-12-25T12:37:13.113800505Z 63 PC: 12a7f | Read file or device (Read 256 bytes on handle 2)