Sample viewer

vx.netlux.org/Virus.DOS.YanShort.IRA.1755.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:48.092688764Z 47 PC: 12a67 | Get disk transfer address
2018-12-17T22:59:48.094618585Z 26 PC: 13002 | Set disk transfer address
2018-12-17T22:59:48.096640636Z 78 PC: 13012 | Find first file
2018-12-17T22:59:48.102748429Z 47 PC: 12bc5 | Get disk transfer address
2018-12-17T22:59:48.104049063Z 26 PC: 12bea | Set disk transfer address
2018-12-17T22:59:48.105337134Z 61 PC: 12c37 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:59:48.111516207Z 66 PC: 12c58 | Move file pointer
2018-12-17T22:59:48.113597079Z 66 PC: 12c8b | Move file pointer
2018-12-17T22:59:48.115264547Z 63 PC: 12cb0 | Read file or device (Read 12 bytes on handle 5)
2018-12-17T22:59:48.120350809Z 66 PC: 12d2e | Move file pointer
2018-12-17T22:59:48.122275825Z 63 PC: 12d53 | Read file or device (Read 27 bytes on handle 5)
2018-12-17T22:59:48.126417563Z 87 PC: 12e85 | Get or set file date and time
2018-12-17T22:59:48.129559837Z 66 PC: 12ea3 | Move file pointer
2018-12-17T22:59:48.131482364Z 64 PC: 12eca | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:59:48.135484598Z 66 PC: 12ee9 | Move file pointer
2018-12-17T22:59:48.138224957Z 47 PC: 12f0a | Get disk transfer address
2018-12-17T22:59:48.140274431Z 26 PC: 12f14 | Set disk transfer address
2018-12-17T22:59:48.142112618Z 64 PC: 12f1f | Write file or device (Write 1755 bytes on handle 5)
2018-12-17T22:59:48.159870236Z 26 PC: 12f2d | Set disk transfer address
2018-12-17T22:59:48.169302327Z 87 PC: 12f4a | Get or set file date and time
2018-12-17T22:59:48.172096831Z 62 PC: 12cf0 | Close file
2018-12-17T22:59:48.181538668Z 26 PC: 12fb6 | Set disk transfer address
2018-12-17T22:59:48.183981139Z 42 PC: 12b61 | Get date 0x12b61: pop si
0x12b62: ret
0x12b63: mov si, dx
0x12b65: test byte ptr [si + 0x15], 0x10
0x12b69: jne 0x12b76
0x12b6b: call 0x13016
0x12b6e: jb 0x12b5c
0x12b70: test byte ptr [si + 0x15], 0x10
0x12b74: je 0x12b6b
0x12b76: cmp byte ptr [si + 0x1e], 0x2e
0x12b7a: je 0x12b6b
0x12b7c: call 0x12b98
0x12b7f: push ax
0x12b80: mov ah, 0x1a
0x12b82: int 0x21
0x12b84: pop ax
0x12b85: push si
0x12b86: mov si, 0x77d
0x12b89: add si, bx
0x12b8b: sub si, 0x103
2018-12-17T22:59:48.186660449Z 42 PC: 12aa0 | Get date 0x12aa0: cmp al, 6
0x12aa2: je 0x12aa8
0x12aa4: jne 0x12ab8
0x12aa6: int 0x20
0x12aa8: mov ah, 5
0x12aaa: mov al, 5
0x12aac: mov ch, 0x14
0x12aae: mov cl, 1
0x12ab0: mov dh, 0
0x12ab2: mov dl, 0
0x12ab4: int 0x13
0x12ab6: int 0x19
0x12ab8: mov si, 0xb0b
0x12abb: add si, bx
0x12abd: sub si, 0x103
0x12ac1: mov dx, word ptr [si]
0x12ac3: push ds
0x12ac4: mov ax, word ptr [si + 2]
0x12ac7: mov ds, ax
0x12ac9: push bx
2018-12-17T22:59:48.189397035Z 26 PC: 12acf | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13332,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:05.874902168Z 47 PC: 12a67 | Get disk transfer address
2018-12-25T12:38:05.876585814Z 26 PC: 13002 | Set disk transfer address
2018-12-25T12:38:05.878080262Z 78 PC: 13012 | Find first file
2018-12-25T12:38:05.88509237Z 47 PC: 12bc5 | Get disk transfer address
2018-12-25T12:38:05.886654279Z 26 PC: 12bea | Set disk transfer address
2018-12-25T12:38:05.888844891Z 61 PC: 12c37 | Open file (Filename = '\TEST.EXE')
2018-12-25T12:38:05.89648233Z 66 PC: 12c58 | Move file pointer
2018-12-25T12:38:05.89846609Z 66 PC: 12c8b | Move file pointer
2018-12-25T12:38:05.900980502Z 63 PC: 12cb0 | Read file or device (Read 12 bytes on handle 5)
2018-12-25T12:38:05.904390643Z 66 PC: 12d2e | Move file pointer
2018-12-25T12:38:05.905952884Z 63 PC: 12d53 | Read file or device (Read 27 bytes on handle 5)
2018-12-25T12:38:05.909796061Z 87 PC: 12e85 | Get or set file date and time
2018-12-25T12:38:05.911703434Z 66 PC: 12ea3 | Move file pointer
2018-12-25T12:38:05.913650974Z 64 PC: 12eca | Write file or device (Write 27 bytes on handle 5)
2018-12-25T12:38:05.917429276Z 66 PC: 12ee9 | Move file pointer
2018-12-25T12:38:05.919680249Z 47 PC: 12f0a | Get disk transfer address
2018-12-25T12:38:05.920930903Z 26 PC: 12f14 | Set disk transfer address
2018-12-25T12:38:05.922658929Z 64 PC: 12f1f | Write file or device (Write 1755 bytes on handle 5)
2018-12-25T12:38:05.939293591Z 26 PC: 12f2d | Set disk transfer address
2018-12-25T12:38:05.940419559Z 87 PC: 12f4a | Get or set file date and time
2018-12-25T12:38:05.942139965Z 62 PC: 12cf0 | Close file
2018-12-25T12:38:05.947577068Z 26 PC: 12fb6 | Set disk transfer address
2018-12-25T12:38:05.948649162Z 42 PC: 12b61 | Get date 0x12b61: pop si
0x12b62: ret
0x12b63: mov si, dx
0x12b65: test byte ptr [si + 0x15], 0x10
0x12b69: jne 0x12b76
0x12b6b: call 0x13016
0x12b6e: jb 0x12b5c
0x12b70: test byte ptr [si + 0x15], 0x10
0x12b74: je 0x12b6b
0x12b76: cmp byte ptr [si + 0x1e], 0x2e
0x12b7a: je 0x12b6b
0x12b7c: call 0x12b98
0x12b7f: push ax
0x12b80: mov ah, 0x1a
0x12b82: int 0x21
0x12b84: pop ax
0x12b85: push si
0x12b86: mov si, 0x77d
0x12b89: add si, bx
0x12b8b: sub si, 0x103
2018-12-25T12:38:05.9503756Z 42 PC: 12aa0 | Get date 0x12aa0: cmp al, 6
0x12aa2: je 0x12aa8
0x12aa4: jne 0x12ab8
0x12aa6: int 0x20
0x12aa8: mov ah, 5
0x12aaa: mov al, 5
0x12aac: mov ch, 0x14
0x12aae: mov cl, 1
0x12ab0: mov dh, 0
0x12ab2: mov dl, 0
0x12ab4: int 0x13
0x12ab6: int 0x19
0x12ab8: mov si, 0xb0b
0x12abb: add si, bx
0x12abd: sub si, 0x103
0x12ac1: mov dx, word ptr [si]
0x12ac3: push ds
0x12ac4: mov ax, word ptr [si + 2]
0x12ac7: mov ds, ax
0x12ac9: push bx
2018-12-25T12:38:05.9525095Z 26 PC: 12acf | Set disk transfer address

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13332,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:05.980913273Z 47 PC: 12a67 | Get disk transfer address
2018-12-25T12:38:05.982971377Z 26 PC: 13002 | Set disk transfer address
2018-12-25T12:38:05.985100317Z 78 PC: 13012 | Find first file
2018-12-25T12:38:05.992835471Z 47 PC: 12bc5 | Get disk transfer address
2018-12-25T12:38:05.994644324Z 26 PC: 12bea | Set disk transfer address
2018-12-25T12:38:05.997175743Z 61 PC: 12c37 | Open file (Filename = '\TEST.EXE')
2018-12-25T12:38:06.006046128Z 66 PC: 12c58 | Move file pointer
2018-12-25T12:38:06.007855102Z 66 PC: 12c8b | Move file pointer
2018-12-25T12:38:06.010535971Z 63 PC: 12cb0 | Read file or device (Read 12 bytes on handle 5)
2018-12-25T12:38:06.013848513Z 66 PC: 12d2e | Move file pointer
2018-12-25T12:38:06.015508872Z 63 PC: 12d53 | Read file or device (Read 27 bytes on handle 5)
2018-12-25T12:38:06.01982229Z 87 PC: 12e85 | Get or set file date and time
2018-12-25T12:38:06.021696748Z 66 PC: 12ea3 | Move file pointer
2018-12-25T12:38:06.023492573Z 64 PC: 12eca | Write file or device (Write 27 bytes on handle 5)
2018-12-25T12:38:06.026900815Z 66 PC: 12ee9 | Move file pointer
2018-12-25T12:38:06.028390257Z 47 PC: 12f0a | Get disk transfer address
2018-12-25T12:38:06.029511994Z 26 PC: 12f14 | Set disk transfer address
2018-12-25T12:38:06.03098078Z 64 PC: 12f1f | Write file or device (Write 1755 bytes on handle 5)
2018-12-25T12:38:06.047093224Z 26 PC: 12f2d | Set disk transfer address
2018-12-25T12:38:06.048003892Z 87 PC: 12f4a | Get or set file date and time
2018-12-25T12:38:06.049399147Z 62 PC: 12cf0 | Close file
2018-12-25T12:38:06.054952998Z 26 PC: 12fb6 | Set disk transfer address
2018-12-25T12:38:06.055719278Z 42 PC: 12b61 | Get date 0x12b61: pop si
0x12b62: ret
0x12b63: mov si, dx
0x12b65: test byte ptr [si + 0x15], 0x10
0x12b69: jne 0x12b76
0x12b6b: call 0x13016
0x12b6e: jb 0x12b5c
0x12b70: test byte ptr [si + 0x15], 0x10
0x12b74: je 0x12b6b
0x12b76: cmp byte ptr [si + 0x1e], 0x2e
0x12b7a: je 0x12b6b
0x12b7c: call 0x12b98
0x12b7f: push ax
0x12b80: mov ah, 0x1a
0x12b82: int 0x21
0x12b84: pop ax
0x12b85: push si
0x12b86: mov si, 0x77d
0x12b89: add si, bx
0x12b8b: sub si, 0x103
2018-12-25T12:38:06.057161685Z 42 PC: 12aa0 | Get date 0x12aa0: cmp al, 6
0x12aa2: je 0x12aa8
0x12aa4: jne 0x12ab8
0x12aa6: int 0x20
0x12aa8: mov ah, 5
0x12aaa: mov al, 5
0x12aac: mov ch, 0x14
0x12aae: mov cl, 1
0x12ab0: mov dh, 0
0x12ab2: mov dl, 0
0x12ab4: int 0x13
0x12ab6: int 0x19
0x12ab8: mov si, 0xb0b
0x12abb: add si, bx
0x12abd: sub si, 0x103
0x12ac1: mov dx, word ptr [si]
0x12ac3: push ds
0x12ac4: mov ax, word ptr [si + 2]
0x12ac7: mov ds, ax
0x12ac9: push bx
2018-12-25T12:38:08.134904547Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:38:08.137275991Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:38:08.140229749Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:38:08.144652787Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:38:08.157477692Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:38:08.159131326Z 62 PC: 91fc1 | Close file
2018-12-25T12:38:08.162102078Z 75 PC: 91fe0 | Execute program
2018-12-25T12:38:08.181016768Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:38:08.18253482Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:38:08.193770817Z 48 PC: c609 | Get DOS version
2018-12-25T12:38:08.19803033Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:38:08.202598612Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:38:08.205991175Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:38:08.209898275Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:38:08.218830616Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:38:08.228874003Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:38:08.240667226Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:38:08.242623361Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:38:08.245315399Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:38:08.279555633Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:38:08.284173204Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:38:08.286172604Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:38:08.289050956Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:38:08.290913698Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:38:08.292790136Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:38:08.295242743Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:38:08.307696729Z 62 PC: 8f8eb | Close file
2018-12-25T12:38:08.31038377Z 62 PC: 8f8f2 | Close file
2018-12-25T12:38:08.314063375Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.316273761Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.31841094Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.320551569Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.323698563Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.325826982Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.328269536Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.330500396Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.333006211Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.334666817Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.337205326Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.338881189Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.340530944Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.342845992Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.344707306Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.346386229Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.348546878Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.350629236Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.359937158Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.361932835Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.36399238Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.365613676Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.367162152Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.369443097Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.371077974Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.372709827Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.380368454Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.382165674Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.383901167Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:38:08.386438166Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:38:08.392194209Z 62 PC: 8f90e | Close file
2018-12-25T12:38:08.394459686Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:38:08.397510577Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:38:08.399974174Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:38:08.405193752Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:38:08.407234934Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:38:08.412777797Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:38:08.415497416Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:38:08.417432879Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:38:08.419441006Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:38:08.420918679Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:38:08.422310566Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:38:08.424760489Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:38:08.426659653Z 73 PC: 8fa11 | Release memory
2018-12-25T12:38:08.428434056Z 73 PC: 8efea | Release memory
2018-12-25T12:38:08.430622839Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:38:08.432291542Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:38:08.434181307Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:38:08.436597223Z 73 PC: 8f060 | Release memory
2018-12-25T12:38:08.438439829Z 61 PC: 8f080 | Open file (Filename = 'r,�S�������[�
2018-12-25T12:38:08.448310902Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:38:08.454860746Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:38:08.456621848Z 62 PC: 8f0d1 | Close file
2018-12-25T12:38:08.458651691Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:38:08.499025227Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:38:08.500036121Z 48 PC: 12bee | Get DOS version
2018-12-25T12:38:08.5017188Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:38:08.505355179Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:38:08.50724324Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:38:08.508674341Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:38:08.510562355Z 72 PC: 1355d | Allocate memory
2018-12-25T12:38:08.512757957Z 25 PC: 13596 | Get default drive
2018-12-25T12:38:08.514025812Z 71 PC: 135ad | Get current directory
2018-12-25T12:38:08.516686854Z 59 PC: 135ba | Change current directory
2018-12-25T12:38:08.522899381Z 59 PC: 135c8 | Change current directory
2018-12-25T12:38:08.529334605Z 59 PC: 135d3 | Change current directory
2018-12-25T12:38:08.53322931Z 25 PC: 12d13 | Get default drive
2018-12-25T12:38:08.535173185Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:38:08.537140213Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:38:08.538647503Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:08.541724592Z 80 PC: 1301d | Set current PSP
2018-12-25T12:38:08.542823671Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:38:08.544514539Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:38:08.54686131Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:38:08.548507916Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:38:08.551058409Z 72 PC: 130ec | Allocate memory
2018-12-25T12:38:08.554994412Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:38:08.56273166Z 62 PC: 131ba | Close file
2018-12-25T12:38:08.565557802Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:38:08.568314113Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:38:08.570054559Z 72 PC: 11991 | Allocate memory
2018-12-25T12:38:08.571812825Z 73 PC: 119b2 | Release memory
2018-12-25T12:38:08.57424755Z 72 PC: 119bd | Allocate memory
2018-12-25T12:38:08.57642751Z 73 PC: 119df | Release memory
2018-12-25T12:38:08.5786146Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:38:08.580777866Z 72 PC: 119fd | Allocate memory