Sample viewer

vx.netlux.org/Virus.DOS.Gripped.685

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:29.035735604Z 42 PC: 12a94 | Get date 0x12a94: cmp dl, 0xa
0x12a97: jne 0x12a9c
0x12a99: jmp 0x12b4a
0x12a9c: lea dx, word ptr [bp + 0x3b1]
0x12aa0: mov ah, 0x1a
0x12aa2: int 0x21
0x12aa4: mov ah, 0x4e
0x12aa6: mov cx, 7
0x12aa9: lea dx, word ptr [bp + 0x22b]
0x12aad: int 0x21
0x12aaf: jae 0x12ab9
0x12ab1: mov dx, 0x80
0x12ab4: mov ah, 0x1a
0x12ab6: int 0x21
0x12ab8: ret
0x12ab9: lea dx, word ptr [bp + 0x3cf]
0x12abd: mov ax, 0x4301
0x12ac0: xor cx, cx
0x12ac2: int 0x21
0x12ac4: mov ax, 0x3d02
2018-12-17T23:04:29.038685526Z 26 PC: 12aa4 | Set disk transfer address
2018-12-17T23:04:29.042817809Z 78 PC: 12aaf | Find first file
2018-12-17T23:04:29.050041025Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.068972933Z 61 PC: 12ac9 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:29.07777247Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.079690271Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.090425148Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.092732205Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.10301418Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.113949696Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.117204681Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.129694829Z 61 PC: 12ac9 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:04:29.137411166Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.139261188Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.148093939Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.149730859Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.157756051Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.169892129Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.17288226Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.183686903Z 61 PC: 12ac9 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:04:29.193003506Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.195023354Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.202871978Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.205223876Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.214302507Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.225619195Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.228501489Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.240342005Z 61 PC: 12ac9 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:04:29.247995937Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.249981595Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.258927836Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.260908505Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.269121199Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.287133722Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.290363722Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.301314111Z 61 PC: 12ac9 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:04:29.31242849Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.314236153Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.321918055Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.324421846Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.332974255Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.343877451Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.346841538Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.358093017Z 61 PC: 12ac9 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:04:29.365564686Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.367192563Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.375312869Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.377441194Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.38905945Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.401156204Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.404494023Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.415510875Z 61 PC: 12ac9 | Open file (Filename = 'PAH.COM')
2018-12-17T23:04:29.424146536Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.426300842Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.433738051Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.436437771Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.460981046Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.472788394Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.476855732Z 67 PC: 12ac4 | Get or set file attributes
2018-12-17T23:04:29.488680102Z 61 PC: 12ac9 | Open file (Filename = 'TEST.COM')
2018-12-17T23:04:29.496662025Z 87 PC: 12ad1 | Get or set file date and time
2018-12-17T23:04:29.498449022Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:04:29.507087029Z 87 PC: 12b32 | Get or set file date and time
2018-12-17T23:04:29.508820576Z 62 PC: 12b36 | Close file
2018-12-17T23:04:29.517193751Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:04:29.529549637Z 79 PC: 12aaf | Find next file
2018-12-17T23:04:29.532622885Z 26 PC: 12ab8 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14892,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:01.253692091Z 42 PC: 12a94 | Get date 0x12a94: cmp dl, 0xa
0x12a97: jne 0x12a9c
0x12a99: jmp 0x12b4a
0x12a9c: lea dx, word ptr [bp + 0x3b1]
0x12aa0: mov ah, 0x1a
0x12aa2: int 0x21
0x12aa4: mov ah, 0x4e
0x12aa6: mov cx, 7
0x12aa9: lea dx, word ptr [bp + 0x22b]
0x12aad: int 0x21
0x12aaf: jae 0x12ab9
0x12ab1: mov dx, 0x80
0x12ab4: mov ah, 0x1a
0x12ab6: int 0x21
0x12ab8: ret
0x12ab9: lea dx, word ptr [bp + 0x3cf]
0x12abd: mov ax, 0x4301
0x12ac0: xor cx, cx
0x12ac2: int 0x21
0x12ac4: mov ax, 0x3d02
2018-12-25T12:42:01.256687166Z 26 PC: 12aa4 | Set disk transfer address
2018-12-25T12:42:01.258156214Z 78 PC: 12aaf | Find first file
2018-12-25T12:42:01.265023332Z 67 PC: 12ac4 | Get or set file attributes
2018-12-25T12:42:01.289462306Z 61 PC: 12ac9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:01.297006267Z 87 PC: 12ad1 | Get or set file date and time
2018-12-25T12:42:01.298386557Z 63 PC: 12ade | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:42:01.310147036Z 87 PC: 12b32 | Get or set file date and time
2018-12-25T12:42:01.312778811Z 62 PC: 12b36 | Close file
2018-12-25T12:42:01.320862211Z 67 PC: 12b45 | Get or set file attributes
2018-12-25T12:42:01.334143195Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.338494366Z 67 PC: 12ac4 | Get or set file attributes (See above)
2018-12-25T12:42:01.349612053Z 61 PC: 12ac9 | Open file (See above)
2018-12-25T12:42:01.357133072Z 87 PC: 12ad1 | Get or set file date and time (See above)
2018-12-25T12:42:01.360186264Z 63 PC: 12ade | Read file or device (See above)
2018-12-25T12:42:01.367580561Z 87 PC: 12b32 | Get or set file date and time (See above)
2018-12-25T12:42:01.370278432Z 62 PC: 12b36 | Close file (See above)
2018-12-25T12:42:01.379904972Z 67 PC: 12b45 | Get or set file attributes (See above)
2018-12-25T12:42:01.390828897Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.393776044Z 67 PC: 12ac4 | Get or set file attributes (See above)
2018-12-25T12:42:01.404931423Z 61 PC: 12ac9 | Open file (See above)
2018-12-25T12:42:01.413174884Z 87 PC: 12ad1 | Get or set file date and time (See above)
2018-12-25T12:42:01.414942698Z 63 PC: 12ade | Read file or device (See above)
2018-12-25T12:42:01.422268749Z 87 PC: 12b32 | Get or set file date and time (See above)
2018-12-25T12:42:01.42501398Z 62 PC: 12b36 | Close file (See above)
2018-12-25T12:42:01.43296311Z 67 PC: 12b45 | Get or set file attributes (See above)
2018-12-25T12:42:01.446942876Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.450407588Z 67 PC: 12ac4 | Get or set file attributes (See above)
2018-12-25T12:42:01.461461902Z 61 PC: 12ac9 | Open file (See above)
2018-12-25T12:42:01.469118083Z 87 PC: 12ad1 | Get or set file date and time (See above)
2018-12-25T12:42:01.472139403Z 63 PC: 12ade | Read file or device (See above)
2018-12-25T12:42:01.479432457Z 87 PC: 12b32 | Get or set file date and time (See above)
2018-12-25T12:42:01.48115517Z 62 PC: 12b36 | Close file (See above)
2018-12-25T12:42:01.489513855Z 67 PC: 12b45 | Get or set file attributes (See above)
2018-12-25T12:42:01.500248391Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.504071778Z 67 PC: 12ac4 | Get or set file attributes (See above)
2018-12-25T12:42:01.514657559Z 61 PC: 12ac9 | Open file (See above)
2018-12-25T12:42:01.522366261Z 87 PC: 12ad1 | Get or set file date and time (See above)
2018-12-25T12:42:01.524096583Z 63 PC: 12ade | Read file or device (See above)
2018-12-25T12:42:01.531444575Z 87 PC: 12b32 | Get or set file date and time (See above)
2018-12-25T12:42:01.533960223Z 62 PC: 12b36 | Close file (See above)
2018-12-25T12:42:01.54176716Z 67 PC: 12b45 | Get or set file attributes (See above)
2018-12-25T12:42:01.552643845Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.556304671Z 67 PC: 12ac4 | Get or set file attributes (See above)
2018-12-25T12:42:01.568071303Z 61 PC: 12ac9 | Open file (See above)
2018-12-25T12:42:01.575717998Z 87 PC: 12ad1 | Get or set file date and time (See above)
2018-12-25T12:42:01.578016066Z 63 PC: 12ade | Read file or device (See above)
2018-12-25T12:42:01.585069439Z 87 PC: 12b32 | Get or set file date and time (See above)
2018-12-25T12:42:01.586754378Z 62 PC: 12b36 | Close file (See above)
2018-12-25T12:42:01.608231762Z 67 PC: 12b45 | Get or set file attributes (See above)
2018-12-25T12:42:01.619020308Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.621766256Z 67 PC: 12ac4 | Get or set file attributes (See above)
2018-12-25T12:42:01.633113803Z 61 PC: 12ac9 | Open file (See above)
2018-12-25T12:42:01.646738698Z 87 PC: 12ad1 | Get or set file date and time (See above)
2018-12-25T12:42:01.648229207Z 63 PC: 12ade | Read file or device (See above)
2018-12-25T12:42:01.65582986Z 87 PC: 12b32 | Get or set file date and time (See above)
2018-12-25T12:42:01.657517156Z 62 PC: 12b36 | Close file (See above)
2018-12-25T12:42:01.665513614Z 67 PC: 12b45 | Get or set file attributes (See above)
2018-12-25T12:42:01.676858055Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.690298547Z 67 PC: 12ac4 | Get or set file attributes (See above)
2018-12-25T12:42:01.697217446Z 61 PC: 12ac9 | Open file (See above)
2018-12-25T12:42:01.701945291Z 87 PC: 12ad1 | Get or set file date and time (See above)
2018-12-25T12:42:01.703959873Z 63 PC: 12ade | Read file or device (See above)
2018-12-25T12:42:01.708290213Z 87 PC: 12b32 | Get or set file date and time (See above)
2018-12-25T12:42:01.709577673Z 62 PC: 12b36 | Close file (See above)
2018-12-25T12:42:01.716729206Z 67 PC: 12b45 | Get or set file attributes (See above)
2018-12-25T12:42:01.723285343Z 79 PC: 12aaf | Find next file (See above)
2018-12-25T12:42:01.725233792Z 26 PC: 12ab8 | Set disk transfer address

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14892,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:01.539205364Z 42 PC: 12a94 | Get date 0x12a94: cmp dl, 0xa
0x12a97: jne 0x12a9c
0x12a99: jmp 0x12b4a
0x12a9c: lea dx, word ptr [bp + 0x3b1]
0x12aa0: mov ah, 0x1a
0x12aa2: int 0x21
0x12aa4: mov ah, 0x4e
0x12aa6: mov cx, 7
0x12aa9: lea dx, word ptr [bp + 0x22b]
0x12aad: int 0x21
0x12aaf: jae 0x12ab9
0x12ab1: mov dx, 0x80
0x12ab4: mov ah, 0x1a
0x12ab6: int 0x21
0x12ab8: ret
0x12ab9: lea dx, word ptr [bp + 0x3cf]
0x12abd: mov ax, 0x4301
0x12ac0: xor cx, cx
0x12ac2: int 0x21
0x12ac4: mov ax, 0x3d02
2018-12-25T12:42:01.54210655Z 60 PC: 12b54 | Create or truncate file
2018-12-25T12:42:02.340410329Z 64 PC: 12b62 | Write file or device (Write 358 bytes on handle 5)
2018-12-25T12:42:02.348477879Z 62 PC: 12b68 | Close file
2018-12-25T12:42:02.357755843Z 26 PC: 12ab8 | Set disk transfer address