Sample viewer

vx.netlux.org/Virus.DOS.V.768

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:46.124502785Z 26 PC: 12aa2 | Set disk transfer address
2018-12-17T23:04:46.1270472Z 78 PC: 12aaf | Find first file
2018-12-17T23:04:46.134840096Z 44 PC: 12ace | Get time 0x12ace: mov al, cl
0x12ad0: and al, 0xf
0x12ad2: sub al, 0xf
0x12ad4: je 0x12ae4
0x12ad6: mov al, byte ptr [0x1e]
0x12ad9: sub al, 0x43
0x12adb: jne 0x12ae4
0x12add: mov al, byte ptr [0x24]
0x12ae0: sub al, 0x44
0x12ae2: je 0x12b3c
0x12ae4: mov ax, word ptr [0x16]
0x12ae7: and al, 0x1f
0x12ae9: cmp al, 0x1f
0x12aeb: je 0x12b3c
0x12aed: mov ax, word ptr [0x1a]
0x12af0: cmp ax, 0xea60
0x12af3: jae 0x12b3c
0x12af5: mov word ptr cs:[0xf604], ax
0x12af9: mov ax, word ptr [0x1c]
0x12afc: mov word ptr cs:[0xf606], ax
2018-12-17T23:04:46.137647576Z 67 PC: 12b08 | Get or set file attributes
2018-12-17T23:04:46.143944228Z 67 PC: 12b15 | Get or set file attributes
2018-12-17T23:04:46.162875692Z 61 PC: 12b1a | Open file (Filename = '��������������~���')
2018-12-17T23:04:46.170667275Z 87 PC: 12b27 | Get or set file date and time
2018-12-17T23:04:46.172622142Z 63 PC: 12b56 | Read file or device (Read 407 bytes on handle 5)
2018-12-17T23:04:46.181188462Z 62 PC: 12b61 | Close file
2018-12-17T23:04:46.18480272Z 60 PC: 12bae | Create or truncate file
2018-12-17T23:04:46.199250342Z 64 PC: 12bce | Write file or device (Write 1175 bytes on handle 5)
2018-12-17T23:04:46.208439644Z 87 PC: 12be4 | Get or set file date and time
2018-12-17T23:04:46.211140964Z 62 PC: 12bea | Close file
2018-12-17T23:04:46.220411229Z 67 PC: 12bf7 | Get or set file attributes
2018-12-17T23:04:46.235983776Z 76 PC: 12a45 | Terminate with return code (Return code = '76')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14979,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:16.014910681Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:42:16.024363151Z 78 PC: 12aaf | Find first file
2018-12-25T12:42:16.031290925Z 44 PC: 12ace | Get time 0x12ace: mov al, cl
0x12ad0: and al, 0xf
0x12ad2: sub al, 0xf
0x12ad4: je 0x12ae4
0x12ad6: mov al, byte ptr [0x1e]
0x12ad9: sub al, 0x43
0x12adb: jne 0x12ae4
0x12add: mov al, byte ptr [0x24]
0x12ae0: sub al, 0x44
0x12ae2: je 0x12b3c
0x12ae4: mov ax, word ptr [0x16]
0x12ae7: and al, 0x1f
0x12ae9: cmp al, 0x1f
0x12aeb: je 0x12b3c
0x12aed: mov ax, word ptr [0x1a]
0x12af0: cmp ax, 0xea60
0x12af3: jae 0x12b3c
0x12af5: mov word ptr cs:[0xf604], ax
0x12af9: mov ax, word ptr [0x1c]
0x12afc: mov word ptr cs:[0xf606], ax
2018-12-25T12:42:16.034051719Z 67 PC: 12b08 | Get or set file attributes
2018-12-25T12:42:16.040331443Z 67 PC: 12b15 | Get or set file attributes
2018-12-25T12:42:16.387022745Z 61 PC: 12b1a | Open file (Filename = '��������������~���')
2018-12-25T12:42:16.392111487Z 87 PC: 12b27 | Get or set file date and time
2018-12-25T12:42:16.393564259Z 63 PC: 12b56 | Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:42:16.401027732Z 62 PC: 12b61 | Close file
2018-12-25T12:42:16.402529495Z 60 PC: 12bae | Create or truncate file
2018-12-25T12:42:16.411065988Z 64 PC: 12bce | Write file or device (Write 1175 bytes on handle 5)
2018-12-25T12:42:16.416923822Z 87 PC: 12be4 | Get or set file date and time
2018-12-25T12:42:16.418508114Z 62 PC: 12bea | Close file
2018-12-25T12:42:16.427586456Z 67 PC: 12bf7 | Get or set file attributes
2018-12-25T12:42:16.444373869Z 76 PC: 12a45 | Terminate with return code (Return code = '76')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":15,"Second":0,"TimeBased":true,"OriginalID":14979,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:42:16.047052953Z 26 PC: 12aa2 | Set disk transfer address
2018-12-25T12:42:16.048920573Z 78 PC: 12aaf | Find first file
2018-12-25T12:42:16.054661205Z 44 PC: 12ace | Get time 0x12ace: mov al, cl
0x12ad0: and al, 0xf
0x12ad2: sub al, 0xf
0x12ad4: je 0x12ae4
0x12ad6: mov al, byte ptr [0x1e]
0x12ad9: sub al, 0x43
0x12adb: jne 0x12ae4
0x12add: mov al, byte ptr [0x24]
0x12ae0: sub al, 0x44
0x12ae2: je 0x12b3c
0x12ae4: mov ax, word ptr [0x16]
0x12ae7: and al, 0x1f
0x12ae9: cmp al, 0x1f
0x12aeb: je 0x12b3c
0x12aed: mov ax, word ptr [0x1a]
0x12af0: cmp ax, 0xea60
0x12af3: jae 0x12b3c
0x12af5: mov word ptr cs:[0xf604], ax
0x12af9: mov ax, word ptr [0x1c]
0x12afc: mov word ptr cs:[0xf606], ax
2018-12-25T12:42:16.057673452Z 67 PC: 12b08 | Get or set file attributes
2018-12-25T12:42:16.064264806Z 67 PC: 12b15 | Get or set file attributes
2018-12-25T12:42:16.08579644Z 61 PC: 12b1a | Open file (Filename = '��������������~���')
2018-12-25T12:42:16.092221218Z 87 PC: 12b27 | Get or set file date and time
2018-12-25T12:42:16.094370331Z 63 PC: 12b56 | Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:42:16.101191475Z 62 PC: 12b61 | Close file
2018-12-25T12:42:16.103278687Z 60 PC: 12bae | Create or truncate file
2018-12-25T12:42:16.115862439Z 64 PC: 12bce | Write file or device (Write 1175 bytes on handle 5)
2018-12-25T12:42:16.124122735Z 87 PC: 12be4 | Get or set file date and time
2018-12-25T12:42:16.125544287Z 62 PC: 12bea | Close file
2018-12-25T12:42:16.132913527Z 67 PC: 12bf7 | Get or set file attributes
2018-12-25T12:42:16.15119478Z 76 PC: 12a45 | Terminate with return code (Return code = '76')