Sample viewer

vx.netlux.org/Virus.DOS.Doperland.490

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:43.247339319Z 253 PC: 12a68 | UNKNOWN!
2018-12-17T23:01:43.249372322Z 42 PC: 381 | Get date 0x381: cmp dx, 0x119
0x385: jne 0x3c9
0x387: nop
0x388: nop
0x389: jmp 0x3b7
0x38b: nop
0x38c: dec ax
0x38d: popaw
0x38e: jo 0x400
0x390: jns 0x3b2
0x392: inc dx
0x393: imul si, word ptr [bp + si + 0x74], 0x6468
0x398: popaw
0x399: jns 0x3bb
0x39b: inc sp
0x39c: outsw dx, word ptr [si]
0x39d: jo 0x404
0x39f: jb 0x40d
0x3a1: popaw
0x3a2: outsb dx, byte ptr [si]
2018-12-17T23:01:43.251533984Z 61 PC: 29a | Open file (Filename = '�ظB3�3����')
2018-12-17T23:01:43.258285787Z 66 PC: 2ab | Move file pointer
2018-12-17T23:01:43.261243263Z 66 PC: 2c6 | Move file pointer
2018-12-17T23:01:43.262499906Z 63 PC: 2d6 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:01:43.265237562Z 66 PC: 2eb | Move file pointer
2018-12-17T23:01:43.26642504Z 63 PC: 2f7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:01:43.269065814Z 87 PC: 304 | Get or set file date and time
2018-12-17T23:01:43.270270895Z 66 PC: 31d | Move file pointer
2018-12-17T23:01:43.271555214Z 64 PC: 32b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:43.275003069Z 64 PC: 33d | Write file or device (Write 487 bytes on handle 5)
2018-12-17T23:01:43.615926597Z 66 PC: 346 | Move file pointer
2018-12-17T23:01:43.617317689Z 64 PC: 35c | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:01:43.620409762Z 87 PC: 363 | Get or set file date and time
2018-12-17T23:01:43.621789777Z 62 PC: 367 | Close file
2018-12-17T23:01:43.628326565Z 76 PC: 12a45 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13962,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:38.71564191Z 253 PC: 12a68 | UNKNOWN!
2018-12-25T12:39:38.717717008Z 42 PC: 381 | Get date 0x381: cmp dx, 0x119
0x385: jne 0x3c9
0x387: nop
0x388: nop
0x389: jmp 0x3b7
0x38b: nop
0x38c: dec ax
0x38d: popaw
0x38e: jo 0x400
0x390: jns 0x3b2
0x392: inc dx
0x393: imul si, word ptr [bp + si + 0x74], 0x6468
0x398: popaw
0x399: jns 0x3bb
0x39b: inc sp
0x39c: outsw dx, word ptr [si]
0x39d: jo 0x404
0x39f: jb 0x40d
0x3a1: popaw
0x3a2: outsb dx, byte ptr [si]
2018-12-25T12:39:38.720433035Z 61 PC: 29a | Open file (Filename = '�ظB3�3����')
2018-12-25T12:39:38.726382268Z 66 PC: 2ab | Move file pointer
2018-12-25T12:39:38.728144435Z 66 PC: 2c6 | Move file pointer
2018-12-25T12:39:38.729426017Z 63 PC: 2d6 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:39:38.732205697Z 66 PC: 2eb | Move file pointer
2018-12-25T12:39:38.733630159Z 63 PC: 2f7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:38.737259345Z 87 PC: 304 | Get or set file date and time
2018-12-25T12:39:38.739464653Z 66 PC: 31d | Move file pointer
2018-12-25T12:39:38.741102013Z 64 PC: 32b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:38.744814529Z 64 PC: 33d | Write file or device (Write 487 bytes on handle 5)
2018-12-25T12:39:39.080861082Z 66 PC: 346 | Move file pointer
2018-12-25T12:39:39.082343219Z 64 PC: 35c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:39.085805906Z 87 PC: 363 | Get or set file date and time
2018-12-25T12:39:39.087557673Z 62 PC: 367 | Close file
2018-12-25T12:39:39.094042726Z 76 PC: 12a45 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13962,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:39.408146144Z 253 PC: 12a68 | UNKNOWN!
2018-12-25T12:39:39.411893651Z 42 PC: 381 | Get date 0x381: cmp dx, 0x119
0x385: jne 0x3c9
0x387: nop
0x388: nop
0x389: jmp 0x3b7
0x38b: nop
0x38c: dec ax
0x38d: popaw
0x38e: jo 0x400
0x390: jns 0x3b2
0x392: inc dx
0x393: imul si, word ptr [bp + si + 0x74], 0x6468
0x398: popaw
0x399: jns 0x3bb
0x39b: inc sp
0x39c: outsw dx, word ptr [si]
0x39d: jo 0x404
0x39f: jb 0x40d
0x3a1: popaw
0x3a2: outsb dx, byte ptr [si]
2018-12-25T12:39:39.4148522Z 9 PC: 3c8 | Display string (Could not find end pointer)
2018-12-25T12:39:39.417075971Z 61 PC: 29a | Open file (Filename = '�ظB3�3����')
2018-12-25T12:39:39.423369458Z 66 PC: 2ab | Move file pointer
2018-12-25T12:39:39.425190231Z 66 PC: 2c6 | Move file pointer
2018-12-25T12:39:39.426710968Z 63 PC: 2d6 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:39:39.430249237Z 66 PC: 2eb | Move file pointer
2018-12-25T12:39:39.44470774Z 63 PC: 2f7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:39:39.4471843Z 87 PC: 304 | Get or set file date and time
2018-12-25T12:39:39.448475696Z 66 PC: 31d | Move file pointer
2018-12-25T12:39:39.450717696Z 64 PC: 32b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:39.453908595Z 64 PC: 33d | Write file or device (Write 487 bytes on handle 5)
2018-12-25T12:39:39.782098243Z 66 PC: 346 | Move file pointer
2018-12-25T12:39:39.784483345Z 64 PC: 35c | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:39:39.787597213Z 87 PC: 363 | Get or set file date and time
2018-12-25T12:39:39.789378048Z 62 PC: 367 | Close file
2018-12-25T12:39:39.796995434Z 76 PC: 12a45 | Terminate with return code (Return code = '76')