Sample viewer

vx.netlux.org/Virus.DOS.RDAE.864

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:46.336317824Z 53 PC: 12a5e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:46.337918971Z 37 PC: 12a6a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:46.338930055Z 26 PC: 12a73 | Set disk transfer address
2018-12-17T22:02:46.340041233Z 78 PC: 12a7c | Find first file
2018-12-17T22:02:46.347152122Z 61 PC: 12aa3 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:02:46.353752655Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.360220832Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.361958226Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.364537269Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.367258935Z 61 PC: 12aa3 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:02:46.374104348Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.380836193Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.382332528Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.38411776Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.387374034Z 61 PC: 12aa3 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:02:46.395499683Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.402017852Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.404913246Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.407045183Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.409757591Z 61 PC: 12aa3 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:02:46.416885223Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.42359123Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.424893783Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.427562706Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.430528242Z 61 PC: 12aa3 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:02:46.437301612Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.444790888Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.446534295Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.448442806Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.451059151Z 61 PC: 12aa3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:02:46.458066896Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.464279097Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.465669852Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.468001246Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.470832929Z 61 PC: 12aa3 | Open file (Filename = 'PAH.COM')
2018-12-17T22:02:46.478150895Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.485343022Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.486696719Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.488578178Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.491846259Z 61 PC: 12aa3 | Open file (Filename = 'TEST.COM')
2018-12-17T22:02:46.49827401Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:02:46.500692349Z 66 PC: 12aca | Move file pointer
2018-12-17T22:02:46.502544954Z 44 PC: 12ae7 | Get time 0x12ae7: mov al, 1
0x12ae9: cmp ch, 4
0x12aec: jne 0x12af5
0x12aee: inc ax
0x12aef: cmp cl, 0x28
0x12af2: jb 0x12af5
0x12af4: inc ax
0x12af5: push bx
0x12af6: mov cx, 5
0x12af9: call 0x12b33
0x12afc: pop bx
0x12afd: mov ah, 0x40
0x12aff: mov cx, 0x360
0x12b02: mov dx, bp
0x12b04: int 0x21
0x12b06: cmp ax, cx
0x12b08: jne 0x12b1c
0x12b0a: mov ax, 0x4200
0x12b0d: cdq
0x12b0e: mov cx, dx
2018-12-17T22:02:46.508573518Z 64 PC: 12b06 | Write file or device (Write 864 bytes on handle 5)
2018-12-17T22:02:46.523728837Z 66 PC: 12b12 | Move file pointer
2018-12-17T22:02:46.525561344Z 64 PC: 12b1c | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:02:46.528307818Z 87 PC: 12b29 | Get or set file date and time
2018-12-17T22:02:46.529732555Z 62 PC: 12ad8 | Close file
2018-12-17T22:02:46.537782072Z 79 PC: 12a7c | Find next file
2018-12-17T22:02:46.540103219Z 26 PC: 12a85 | Set disk transfer address
2018-12-17T22:02:46.541065138Z 37 PC: 12a8a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":4,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:31.165951825Z 53 PC: 12a5e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.167608687Z 37 PC: 12a6a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.168717455Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T11:43:31.169751462Z 78 PC: 12a7c | Find first file
2018-12-25T11:43:31.183139065Z 61 PC: 12aa3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:31.1903952Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:43:31.197155277Z 66 PC: 12aca | Move file pointer
2018-12-25T11:43:31.19855936Z 62 PC: 12ad8 | Close file
2018-12-25T11:43:31.200542544Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.203323782Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.210323284Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.217604111Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.219065992Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.220905373Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.224131317Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.23200401Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.238908402Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.240729463Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.242525215Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.245304645Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.252854939Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.259758943Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.261030143Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.263027759Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.266490866Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.273611799Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.28056224Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.282324116Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.284657565Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.28759199Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.307010539Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.313832946Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.315263409Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.317552935Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.320296949Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.326657425Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.332004346Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.333235981Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.33547901Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.33883516Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.346204465Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.349019611Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.351490588Z 44 PC: 12ae7 | Get time 0x12ae7: mov al, 1
0x12ae9: cmp ch, 4
0x12aec: jne 0x12af5
0x12aee: inc ax
0x12aef: cmp cl, 0x28
0x12af2: jb 0x12af5
0x12af4: inc ax
0x12af5: push bx
0x12af6: mov cx, 5
0x12af9: call 0x12b33
0x12afc: pop bx
0x12afd: mov ah, 0x40
0x12aff: mov cx, 0x360
0x12b02: mov dx, bp
0x12b04: int 0x21
0x12b06: cmp ax, cx
0x12b08: jne 0x12b1c
0x12b0a: mov ax, 0x4200
0x12b0d: cdq
0x12b0e: mov cx, dx
2018-12-25T11:43:31.360151129Z 64 PC: 12b06 | Write file or device (Write 864 bytes on handle 5)
2018-12-25T11:43:31.376157537Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:43:31.377892525Z 64 PC: 12b1c | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:31.381352575Z 87 PC: 12b29 | Get or set file date and time
2018-12-25T11:43:31.382462267Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.389452542Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.399364274Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T11:43:31.400826495Z 37 PC: 12a8a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":4,"Min":40,"Second":0,"TimeBased":true,"OriginalID":1422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:31.485759159Z 53 PC: 12a5e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.488005589Z 37 PC: 12a6a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.489143131Z 26 PC: 12a73 | Set disk transfer address
2018-12-25T11:43:31.490168383Z 78 PC: 12a7c | Find first file
2018-12-25T11:43:31.502645594Z 61 PC: 12aa3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:31.530176147Z 63 PC: 12ab0 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:43:31.536838528Z 66 PC: 12aca | Move file pointer
2018-12-25T11:43:31.538894133Z 62 PC: 12ad8 | Close file
2018-12-25T11:43:31.540743082Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.543237496Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.553642182Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.56127765Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.562654209Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.567353986Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.569941441Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.577335897Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.581899473Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.58296702Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.584365858Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.587386972Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.591989742Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.596391856Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.597493926Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.59917699Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.600797207Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.604742515Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.60913122Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.610159788Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.611622154Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.614203104Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.618895962Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.623303266Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.624849167Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.626293251Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.628006551Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.632439905Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.636823349Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.637908251Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:31.639611121Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:31.641217775Z 61 PC: 12aa3 | Open file (See above)
2018-12-25T11:43:31.645135106Z 63 PC: 12ab0 | Read file or device (See above)
2018-12-25T11:43:31.647926402Z 66 PC: 12aca | Move file pointer (See above)
2018-12-25T11:43:31.649110329Z 44 PC: 12ae7 | Get time 0x12ae7: mov al, 1
0x12ae9: cmp ch, 4
0x12aec: jne 0x12af5
0x12aee: inc ax
0x12aef: cmp cl, 0x28
0x12af2: jb 0x12af5
0x12af4: inc ax
0x12af5: push bx
0x12af6: mov cx, 5
0x12af9: call 0x12b33
0x12afc: pop bx
0x12afd: mov ah, 0x40
0x12aff: mov cx, 0x360
0x12b02: mov dx, bp
0x12b04: int 0x21
0x12b06: cmp ax, cx
0x12b08: jne 0x12b1c
0x12b0a: mov ax, 0x4200
0x12b0d: cdq
0x12b0e: mov cx, dx
2018-12-25T11:43:31.654936509Z 64 PC: 12b06 | Write file or device (Write 864 bytes on handle 5)
2018-12-25T11:43:32.772781404Z 66 PC: 12b12 | Move file pointer
2018-12-25T11:43:32.774083562Z 64 PC: 12b1c | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:43:32.776020865Z 87 PC: 12b29 | Get or set file date and time
2018-12-25T11:43:32.777673718Z 62 PC: 12ad8 | Close file (See above)
2018-12-25T11:43:33.168452565Z 79 PC: 12a7c | Find next file (See above)
2018-12-25T11:43:33.170980981Z 26 PC: 12a85 | Set disk transfer address
2018-12-25T11:43:33.173342243Z 37 PC: 12a8a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":1422,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:31.548021055Z 9 PC: 12a85 | Display string (String= ' Pengaktif Virus Andry Christian - Drk Lve & Ldy Lve ')