Sample viewer

vx.netlux.org/Virus.DOS.DeathPas.825

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:31.735128388Z	42	PC: 12d08 \| Get date 0x12d08: cmp cx, 0x7c5 0x12d0c: je 0x12d5f 0x12d0e: mov ah, 0x4a 0x12d10: mov bx, 0x1000 0x12d13: int 0x21 0x12d15: mov ah, 0x48 0x12d17: mov bx, 0x1000 0x12d1a: int 0x21 0x12d1c: mov word ptr cs:[0x12b], ax 0x12d20: mov es, ax 0x12d22: mov si, 0x100 0x12d25: xor di, di 0x12d27: mov cx, 0x32f 0x12d2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12d2c: mov word ptr cs:[0x12d], di 0x12d31: push cs 0x12d32: pop es 0x12d33: mov cx, word ptr cs:[0x106] 0x12d38: mov si, 0x108 0x12d3b: mov al, byte ptr [si]
2018-12-17T23:06:31.737524513Z	74	PC: 12d15 \| Reallocate memory
2018-12-17T23:06:31.740046535Z	72	PC: 12d1c \| Allocate memory
2018-12-17T23:06:31.741765937Z	26	PC: 12d4b \| Set disk transfer address
2018-12-17T23:06:31.743281647Z	61	PC: 12b1f \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:06:31.756908305Z	66	PC: 12b77 \| Move file pointer
2018-12-17T23:06:31.766065121Z	63	PC: 12b37 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:06:31.769448612Z	66	PC: 12b77 \| Move file pointer
2018-12-17T23:06:31.772207027Z	64	PC: 12b5c \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:06:31.77778759Z	62	PC: 12b65 \| Close file
2018-12-17T23:06:31.792315072Z	78	PC: 12acc \| Find first file
2018-12-17T23:06:31.805931632Z	61	PC: 12bac \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:31.811426933Z	66	PC: 12bc1 \| Move file pointer
2018-12-17T23:06:31.813207681Z	63	PC: 12bdc \| Read file or device (Read 10 bytes on handle 5)
2018-12-17T23:06:31.82185022Z	62	PC: 12bed \| Close file
2018-12-17T23:06:31.826175351Z	67	PC: 12bfa \| Get or set file attributes
2018-12-17T23:06:31.833527423Z	67	PC: 12c06 \| Get or set file attributes
2018-12-17T23:06:31.848980916Z	61	PC: 12c0e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:31.858053894Z	87	PC: 12c19 \| Get or set file date and time
2018-12-17T23:06:31.860566227Z	66	PC: 12caa \| Move file pointer
2018-12-17T23:06:31.862411607Z	63	PC: 12c3e \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T23:06:31.868237079Z	66	PC: 12caa \| Move file pointer
2018-12-17T23:06:31.870555468Z	64	PC: 12c73 \| Write file or device (Write 1232 bytes on handle 5)
2018-12-17T23:06:31.881364509Z	87	PC: 12c82 \| Get or set file date and time
2018-12-17T23:06:31.884555588Z	62	PC: 12c8b \| Close file
2018-12-17T23:06:31.894692406Z	67	PC: 12c9a \| Get or set file attributes
2018-12-17T23:06:31.908841928Z	73	PC: 12d5d \| Release memory
2018-12-17T23:06:31.912062142Z	9	PC: 13a3b \| Display string (String= 'Infected file. Original length = 4096 bytes. ')
2018-12-17T23:06:31.9178374Z	76	PC: 13a40 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15564,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:51.853349588Z	42	PC: 12d08 \| Get date 0x12d08: cmp cx, 0x7c5 0x12d0c: je 0x12d5f 0x12d0e: mov ah, 0x4a 0x12d10: mov bx, 0x1000 0x12d13: int 0x21 0x12d15: mov ah, 0x48 0x12d17: mov bx, 0x1000 0x12d1a: int 0x21 0x12d1c: mov word ptr cs:[0x12b], ax 0x12d20: mov es, ax 0x12d22: mov si, 0x100 0x12d25: xor di, di 0x12d27: mov cx, 0x32f 0x12d2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12d2c: mov word ptr cs:[0x12d], di 0x12d31: push cs 0x12d32: pop es 0x12d33: mov cx, word ptr cs:[0x106] 0x12d38: mov si, 0x108 0x12d3b: mov al, byte ptr [si]
2018-12-25T12:43:51.856507806Z	74	PC: 12d15 \| Reallocate memory
2018-12-25T12:43:51.858193289Z	72	PC: 12d1c \| Allocate memory
2018-12-25T12:43:51.86011486Z	26	PC: 12d4b \| Set disk transfer address
2018-12-25T12:43:51.861641127Z	61	PC: 12b1f \| Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:43:51.86867868Z	66	PC: 12b77 \| Move file pointer
2018-12-25T12:43:51.870143383Z	63	PC: 12b37 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:43:51.872529259Z	66	PC: 12b77 \| Move file pointer (See above)
2018-12-25T12:43:51.874372093Z	64	PC: 12b5c \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:43:51.877088986Z	62	PC: 12b65 \| Close file
2018-12-25T12:43:51.888209745Z	78	PC: 12acc \| Find first file
2018-12-25T12:43:51.907318714Z	61	PC: 12bac \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:51.913646835Z	66	PC: 12bc1 \| Move file pointer
2018-12-25T12:43:51.914961406Z	63	PC: 12bdc \| Read file or device (Read 10 bytes on handle 5)
2018-12-25T12:43:51.921637887Z	62	PC: 12bed \| Close file
2018-12-25T12:43:51.923554353Z	67	PC: 12bfa \| Get or set file attributes
2018-12-25T12:43:51.929433073Z	67	PC: 12c06 \| Get or set file attributes
2018-12-25T12:43:51.939937764Z	61	PC: 12c0e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:51.946493663Z	87	PC: 12c19 \| Get or set file date and time
2018-12-25T12:43:51.947821269Z	66	PC: 12caa \| Move file pointer
2018-12-25T12:43:51.949769014Z	63	PC: 12c3e \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:43:51.95252268Z	66	PC: 12caa \| Move file pointer (See above)
2018-12-25T12:43:51.954130738Z	64	PC: 12c73 \| Write file or device (Write 1232 bytes on handle 5)
2018-12-25T12:43:51.963650619Z	87	PC: 12c82 \| Get or set file date and time
2018-12-25T12:43:51.965732206Z	62	PC: 12c8b \| Close file
2018-12-25T12:43:51.973369163Z	67	PC: 12c9a \| Get or set file attributes
2018-12-25T12:43:51.983939394Z	73	PC: 12d5d \| Release memory
2018-12-25T12:43:51.999801889Z	9	PC: 13a3b \| Display string (String= 'Infected file. Original length = 4096 bytes. ')
2018-12-25T12:43:52.003870628Z	76	PC: 13a40 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15564,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:52.025548831Z	42	PC: 12d08 \| Get date 0x12d08: cmp cx, 0x7c5 0x12d0c: je 0x12d5f 0x12d0e: mov ah, 0x4a 0x12d10: mov bx, 0x1000 0x12d13: int 0x21 0x12d15: mov ah, 0x48 0x12d17: mov bx, 0x1000 0x12d1a: int 0x21 0x12d1c: mov word ptr cs:[0x12b], ax 0x12d20: mov es, ax 0x12d22: mov si, 0x100 0x12d25: xor di, di 0x12d27: mov cx, 0x32f 0x12d2a: rep movsb byte ptr es:[di], byte ptr [si] 0x12d2c: mov word ptr cs:[0x12d], di 0x12d31: push cs 0x12d32: pop es 0x12d33: mov cx, word ptr cs:[0x106] 0x12d38: mov si, 0x108 0x12d3b: mov al, byte ptr [si]
2018-12-25T12:43:52.034546204Z	9	PC: 13a3b \| Display string (String= 'Infected file. Original length = 4096 bytes. ')
2018-12-25T12:43:52.040920842Z	76	PC: 13a40 \| Terminate with return code (Return code = '0')