Sample viewer

vx.netlux.org/Virus.DOS.Flow.461

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:27.194309406Z 26 PC: 12a80 | Set disk transfer address
2018-12-17T23:03:27.196825068Z 42 PC: 12a87 | Get date 0x12a87: cmp al, 0
0x12a89: jne 0x12a9a
0x12a8b: lea dx, word ptr [bp + 0x26f]
0x12a8f: push ax
0x12a90: mov ax, 0x900
0x12a93: int 0x21
0x12a95: pop ax
0x12a96: mov ah, 0x4c
0x12a98: int 0x21
0x12a9a: mov byte ptr ds:[bp + 0x268], 0x4f
0x12aa0: mov cx, 0x4e
0x12aa3: xor ah, ah
0x12aa5: inc ah
0x12aa7: dec cx
0x12aa8: cmp cx, 0
0x12aab: jne 0x12aa5
0x12aad: lea dx, word ptr [bp + 0x265]
0x12ab1: mov cx, 0x21
0x12ab4: int 0x21
0x12ab6: jb 0x12b09
2018-12-17T23:03:27.20115094Z 78 PC: 12ab6 | Find first file
2018-12-17T23:03:27.207741694Z 61 PC: 12ac4 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:27.21513179Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.221356491Z 66 PC: 12ae9 | Move file pointer
2018-12-17T23:03:27.2229269Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:27.225610244Z 66 PC: 12b03 | Move file pointer
2018-12-17T23:03:27.230612261Z 66 PC: 12b22 | Move file pointer
2018-12-17T23:03:27.23238893Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:27.235848965Z 66 PC: 12b61 | Move file pointer
2018-12-17T23:03:27.238272021Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-17T23:03:27.241363111Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-17T23:03:27.262973535Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.271427499Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.27388438Z 61 PC: 12ac4 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:27.279782882Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.286175057Z 66 PC: 12ae9 | Move file pointer
2018-12-17T23:03:27.287442956Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:27.290249402Z 66 PC: 12b03 | Move file pointer
2018-12-17T23:03:27.292206349Z 66 PC: 12b22 | Move file pointer
2018-12-17T23:03:27.293459516Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:27.296315169Z 66 PC: 12b61 | Move file pointer
2018-12-17T23:03:27.298243682Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-17T23:03:27.300593176Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-17T23:03:27.303048238Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.310981092Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.3135975Z 61 PC: 12ac4 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:27.320213839Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.331846578Z 66 PC: 12ae9 | Move file pointer
2018-12-17T23:03:27.333094501Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:27.335771977Z 66 PC: 12b03 | Move file pointer
2018-12-17T23:03:27.337476792Z 66 PC: 12b22 | Move file pointer
2018-12-17T23:03:27.339361234Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:27.342346785Z 66 PC: 12b61 | Move file pointer
2018-12-17T23:03:27.34376893Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-17T23:03:27.347459819Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-17T23:03:27.355529041Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.363432089Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.367143845Z 61 PC: 12ac4 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:27.37381874Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.380882746Z 66 PC: 12ae9 | Move file pointer
2018-12-17T23:03:27.383767872Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:27.386355371Z 66 PC: 12b03 | Move file pointer
2018-12-17T23:03:27.38773648Z 66 PC: 12b22 | Move file pointer
2018-12-17T23:03:27.389851121Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:27.392763561Z 66 PC: 12b61 | Move file pointer
2018-12-17T23:03:27.39415846Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-17T23:03:27.397259557Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-17T23:03:27.400146592Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.407574409Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.410566036Z 61 PC: 12ac4 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:27.417322971Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.423728847Z 66 PC: 12ae9 | Move file pointer
2018-12-17T23:03:27.425786314Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:27.428293249Z 66 PC: 12b03 | Move file pointer
2018-12-17T23:03:27.429755057Z 66 PC: 12b22 | Move file pointer
2018-12-17T23:03:27.432237584Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:27.436500139Z 66 PC: 12b61 | Move file pointer
2018-12-17T23:03:27.438412331Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-17T23:03:27.441492429Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-17T23:03:27.444741662Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.452293321Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.454864437Z 61 PC: 12ac4 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:27.46241886Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.46927709Z 66 PC: 12ae9 | Move file pointer
2018-12-17T23:03:27.471285163Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:27.474906637Z 66 PC: 12b03 | Move file pointer
2018-12-17T23:03:27.476471574Z 66 PC: 12b22 | Move file pointer
2018-12-17T23:03:27.478377045Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:27.483131014Z 66 PC: 12b61 | Move file pointer
2018-12-17T23:03:27.484629818Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-17T23:03:27.492524619Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-17T23:03:27.495621104Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.503333967Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.506069208Z 61 PC: 12ac4 | Open file (Filename = 'PAH.COM')
2018-12-17T23:03:27.51386462Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.520290464Z 66 PC: 12ae9 | Move file pointer
2018-12-17T23:03:27.521681728Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:27.52444205Z 66 PC: 12b03 | Move file pointer
2018-12-17T23:03:27.526102332Z 66 PC: 12b22 | Move file pointer
2018-12-17T23:03:27.527786523Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:27.531541174Z 66 PC: 12b61 | Move file pointer
2018-12-17T23:03:27.532934105Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-17T23:03:27.53564882Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-17T23:03:27.539006345Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.546893304Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.550070207Z 61 PC: 12ac4 | Open file (Filename = 'TEST.COM')
2018-12-17T23:03:27.557823573Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:03:27.561028965Z 62 PC: 12b84 | Close file
2018-12-17T23:03:27.562978614Z 79 PC: 12b8b | Find next file
2018-12-17T23:03:27.566255575Z 26 PC: 12b9b | Set disk transfer address
2018-12-17T23:03:27.567783434Z 26 PC: 12a80 | Set disk transfer address
2018-12-17T23:03:27.56899187Z 42 PC: 12a87 | Get date 0x12a87: cmp al, 0
0x12a89: jne 0x12a9a
0x12a8b: lea dx, word ptr [bp + 0x26f]
0x12a8f: push ax
0x12a90: mov ax, 0x900
0x12a93: int 0x21
0x12a95: pop ax
0x12a96: mov ah, 0x4c
0x12a98: int 0x21
0x12a9a: mov byte ptr ds:[bp + 0x268], 0x4f
0x12aa0: mov cx, 0x4e
0x12aa3: xor ah, ah
0x12aa5: inc ah
0x12aa7: dec cx
0x12aa8: cmp cx, 0
0x12aab: jne 0x12aa5
0x12aad: lea dx, word ptr [bp + 0x265]
0x12ab1: mov cx, 0x21
0x12ab4: int 0x21
0x12ab6: jb 0x12b09
2018-12-17T23:03:27.57254233Z 78 PC: 12ab6 | Find first file
2018-12-17T23:03:27.578491199Z 26 PC: 12b9b | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14545,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:52.598577868Z 26 PC: 12a80 | Set disk transfer address
2018-12-25T12:40:52.600102447Z 42 PC: 12a87 | Get date 0x12a87: cmp al, 0
0x12a89: jne 0x12a9a
0x12a8b: lea dx, word ptr [bp + 0x26f]
0x12a8f: push ax
0x12a90: mov ax, 0x900
0x12a93: int 0x21
0x12a95: pop ax
0x12a96: mov ah, 0x4c
0x12a98: int 0x21
0x12a9a: mov byte ptr ds:[bp + 0x268], 0x4f
0x12aa0: mov cx, 0x4e
0x12aa3: xor ah, ah
0x12aa5: inc ah
0x12aa7: dec cx
0x12aa8: cmp cx, 0
0x12aab: jne 0x12aa5
0x12aad: lea dx, word ptr [bp + 0x265]
0x12ab1: mov cx, 0x21
0x12ab4: int 0x21
0x12ab6: jb 0x12b09
2018-12-25T12:40:52.601990411Z 78 PC: 12ab6 | Find first file
2018-12-25T12:40:52.607600558Z 61 PC: 12ac4 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:52.613973663Z 63 PC: 12ad4 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:40:52.620064388Z 66 PC: 12ae9 | Move file pointer
2018-12-25T12:40:52.621162133Z 63 PC: 12af7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:40:52.62403783Z 66 PC: 12b03 | Move file pointer
2018-12-25T12:40:52.625266948Z 66 PC: 12b22 | Move file pointer
2018-12-25T12:40:52.626395556Z 64 PC: 12b30 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:40:52.633541498Z 66 PC: 12b61 | Move file pointer
2018-12-25T12:40:52.634778323Z 64 PC: 12b6f | Write file or device (Write 38 bytes on handle 5)
2018-12-25T12:40:52.63709316Z 64 PC: 12b7d | Write file or device (Write 423 bytes on handle 5)
2018-12-25T12:40:52.650573522Z 62 PC: 12b84 | Close file
2018-12-25T12:40:52.657989348Z 79 PC: 12b8b | Find next file
2018-12-25T12:40:52.660372094Z 61 PC: 12ac4 | Open file (See above)
2018-12-25T12:40:52.666815558Z 63 PC: 12ad4 | Read file or device (See above)
2018-12-25T12:40:52.672822984Z 66 PC: 12ae9 | Move file pointer (See above)
2018-12-25T12:40:52.674067048Z 63 PC: 12af7 | Read file or device (See above)
2018-12-25T12:40:52.677277328Z 66 PC: 12b03 | Move file pointer (See above)
2018-12-25T12:40:52.678999164Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:40:52.680552747Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T12:40:52.683621486Z 66 PC: 12b61 | Move file pointer (See above)
2018-12-25T12:40:52.685427935Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:40:52.687953945Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T12:40:52.690802762Z 62 PC: 12b84 | Close file (See above)
2018-12-25T12:40:52.698977301Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T12:40:52.701497548Z 61 PC: 12ac4 | Open file (See above)
2018-12-25T12:40:52.707815548Z 63 PC: 12ad4 | Read file or device (See above)
2018-12-25T12:40:52.714357958Z 66 PC: 12ae9 | Move file pointer (See above)
2018-12-25T12:40:52.715565354Z 63 PC: 12af7 | Read file or device (See above)
2018-12-25T12:40:52.717790232Z 66 PC: 12b03 | Move file pointer (See above)
2018-12-25T12:40:52.719803504Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:40:52.721027255Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T12:40:52.724382977Z 66 PC: 12b61 | Move file pointer (See above)
2018-12-25T12:40:52.726273554Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:40:52.728979105Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T12:40:52.736700131Z 62 PC: 12b84 | Close file (See above)
2018-12-25T12:40:52.745948533Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T12:40:52.748545491Z 61 PC: 12ac4 | Open file (See above)
2018-12-25T12:40:52.754746138Z 63 PC: 12ad4 | Read file or device (See above)
2018-12-25T12:40:52.761951469Z 66 PC: 12ae9 | Move file pointer (See above)
2018-12-25T12:40:52.763166939Z 63 PC: 12af7 | Read file or device (See above)
2018-12-25T12:40:52.765397627Z 66 PC: 12b03 | Move file pointer (See above)
2018-12-25T12:40:52.769280263Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:40:52.770666704Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T12:40:52.773567994Z 66 PC: 12b61 | Move file pointer (See above)
2018-12-25T12:40:52.775881819Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:40:52.778660207Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T12:40:52.781212947Z 62 PC: 12b84 | Close file (See above)
2018-12-25T12:40:52.789445807Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T12:40:52.799020419Z 61 PC: 12ac4 | Open file (See above)
2018-12-25T12:40:52.805473161Z 63 PC: 12ad4 | Read file or device (See above)
2018-12-25T12:40:52.812437784Z 66 PC: 12ae9 | Move file pointer (See above)
2018-12-25T12:40:52.814144395Z 63 PC: 12af7 | Read file or device (See above)
2018-12-25T12:40:52.816427929Z 66 PC: 12b03 | Move file pointer (See above)
2018-12-25T12:40:52.820558406Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:40:52.821826007Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T12:40:52.824580935Z 66 PC: 12b61 | Move file pointer (See above)
2018-12-25T12:40:52.82603683Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:40:52.829498252Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T12:40:52.832930487Z 62 PC: 12b84 | Close file (See above)
2018-12-25T12:40:52.840783409Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T12:40:52.845528963Z 61 PC: 12ac4 | Open file (See above)
2018-12-25T12:40:52.852214392Z 63 PC: 12ad4 | Read file or device (See above)
2018-12-25T12:40:52.858733324Z 66 PC: 12ae9 | Move file pointer (See above)
2018-12-25T12:40:52.861534617Z 63 PC: 12af7 | Read file or device (See above)
2018-12-25T12:40:52.864314761Z 66 PC: 12b03 | Move file pointer (See above)
2018-12-25T12:40:52.866040525Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:40:52.868249881Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T12:40:52.871260301Z 66 PC: 12b61 | Move file pointer (See above)
2018-12-25T12:40:52.872858437Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:40:52.881254324Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T12:40:52.884019879Z 62 PC: 12b84 | Close file (See above)
2018-12-25T12:40:52.898848686Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T12:40:52.902171177Z 61 PC: 12ac4 | Open file (See above)
2018-12-25T12:40:52.908399649Z 63 PC: 12ad4 | Read file or device (See above)
2018-12-25T12:40:52.914395176Z 66 PC: 12ae9 | Move file pointer (See above)
2018-12-25T12:40:52.916599015Z 63 PC: 12af7 | Read file or device (See above)
2018-12-25T12:40:52.918867481Z 66 PC: 12b03 | Move file pointer (See above)
2018-12-25T12:40:52.920181341Z 66 PC: 12b22 | Move file pointer (See above)
2018-12-25T12:40:52.922549251Z 64 PC: 12b30 | Write file or device (See above)
2018-12-25T12:40:52.925527745Z 66 PC: 12b61 | Move file pointer (See above)
2018-12-25T12:40:52.926622678Z 64 PC: 12b6f | Write file or device (See above)
2018-12-25T12:40:52.928684593Z 64 PC: 12b7d | Write file or device (See above)
2018-12-25T12:40:52.930993178Z 62 PC: 12b84 | Close file (See above)
2018-12-25T12:40:52.939165285Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T12:40:52.942738852Z 61 PC: 12ac4 | Open file (See above)
2018-12-25T12:40:52.949502149Z 63 PC: 12ad4 | Read file or device (See above)
2018-12-25T12:40:52.952377535Z 62 PC: 12b84 | Close file (See above)
2018-12-25T12:40:52.955224686Z 79 PC: 12b8b | Find next file (See above)
2018-12-25T12:40:52.958367002Z 26 PC: 12b9b | Set disk transfer address
2018-12-25T12:40:52.959613249Z 26 PC: 12a80 | Set disk transfer address (See above)
2018-12-25T12:40:52.960884558Z 42 PC: 12a87 | Get date (See above)
2018-12-25T12:40:52.963748965Z 78 PC: 12ab6 | Find first file (See above)
2018-12-25T12:40:52.969939369Z 26 PC: 12b9b | Set disk transfer address (See above)

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14545,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:53.650839586Z 26 PC: 12a80 | Set disk transfer address
2018-12-25T12:40:53.652021081Z 42 PC: 12a87 | Get date 0x12a87: cmp al, 0
0x12a89: jne 0x12a9a
0x12a8b: lea dx, word ptr [bp + 0x26f]
0x12a8f: push ax
0x12a90: mov ax, 0x900
0x12a93: int 0x21
0x12a95: pop ax
0x12a96: mov ah, 0x4c
0x12a98: int 0x21
0x12a9a: mov byte ptr ds:[bp + 0x268], 0x4f
0x12aa0: mov cx, 0x4e
0x12aa3: xor ah, ah
0x12aa5: inc ah
0x12aa7: dec cx
0x12aa8: cmp cx, 0
0x12aab: jne 0x12aa5
0x12aad: lea dx, word ptr [bp + 0x265]
0x12ab1: mov cx, 0x21
0x12ab4: int 0x21
0x12ab6: jb 0x12b09
2018-12-25T12:40:53.654640701Z 9 PC: 12a95 | Display string (String= 'Je suis votre ordinateur, il est dimanche je refuse donc de travailler !')
2018-12-25T12:40:53.658631611Z 76 PC: 12a9a | Terminate with return code (Return code = '0')