Sample viewer

vx.netlux.org/Virus.DOS.Xuxa.1037

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:56.344023847Z 250 PC: 12fa1 | UNKNOWN!
2018-12-17T23:06:56.344618024Z 53 PC: 12fa6 | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T23:06:56.346168679Z 53 PC: 12fd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:56.347153327Z 74 PC: 12ff4 | Reallocate memory
2018-12-17T23:06:56.348265701Z 72 PC: 12ffa | Allocate memory
2018-12-17T23:06:56.350033246Z 37 PC: 13022 | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T23:06:56.35098601Z 37 PC: 1302c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:56.352217488Z 42 PC: 9f622 | Get date 0x9f622: cmp dh, 8
0x9f625: jne 0x9f62a
0x9f627: jmp 0x9f7f2
0x9f62a: pop dx
0x9f62b: mov si, dx
0x9f62d: push cs
0x9f62e: pop es
0x9f62f: mov cx, 0x41
0x9f632: mov al, byte ptr [si]
0x9f634: cmp al, 0
0x9f636: je 0x9f63f
0x9f638: inc si
0x9f639: dec cx
0x9f63a: jne 0x9f632
0x9f63c: jmp 0x9f651
0x9f63e: nop
0x9f63f: mov cx, 0xb
0x9f642: mov di, 0x220
0x9f645: sub si, 0xb
0x9f648: repe cmpsb byte ptr [si], byte ptr es:[di]
2018-12-17T23:06:56.354694839Z 250 PC: 9f659 | UNKNOWN!
2018-12-17T23:06:56.355345057Z 53 PC: 9f65e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:56.356410259Z 37 PC: 9f670 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:56.35772125Z 54 PC: 9f677 | Get free disk space
2018-12-17T23:06:56.366043211Z 67 PC: 9f7e3 | Get or set file attributes
2018-12-17T23:06:56.374106459Z 67 PC: 9f7f0 | Get or set file attributes
2018-12-17T23:06:57.05524249Z 61 PC: 9f695 | Open file (Filename = 'j�W�!/%�')
2018-12-17T23:06:57.061998614Z 87 PC: 9f69c | Get or set file date and time
2018-12-17T23:06:57.063428987Z 63 PC: 9f6b5 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:06:57.069340739Z 66 PC: 9f7db | Move file pointer
2018-12-17T23:06:57.071083803Z 64 PC: 9f706 | Write file or device (Write 1037 bytes on handle 5)
2018-12-17T23:06:57.0788239Z 66 PC: 9f7db | Move file pointer
2018-12-17T23:06:57.080307467Z 64 PC: 9f715 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:06:57.083181858Z 87 PC: 9f72c | Get or set file date and time
2018-12-17T23:06:57.084685169Z 67 PC: 9f7f0 | Get or set file attributes
2018-12-17T23:06:57.093435097Z 65 PC: 9f773 | Delete file (Filename = 'C:\DOS\CHKLIST.MS')
2018-12-17T23:06:57.100642458Z 67 PC: 9f7f0 | Get or set file attributes
2018-12-17T23:06:57.106758779Z 65 PC: 9f773 | Delete file (Filename = 'C:\DOS\ANTI-VIR.DAT')
2018-12-17T23:06:57.113464872Z 62 PC: 9f787 | Close file
2018-12-17T23:06:57.12028472Z 67 PC: 9f7f0 | Get or set file attributes
2018-12-17T23:06:57.130050669Z 37 PC: 9f79d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:57.131224898Z 53 PC: 9f7a2 | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T23:06:57.133187561Z 37 PC: 1303f | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-17T23:06:57.134498906Z 9 PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15689,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:10.115383191Z 250 PC: 12fa1 | UNKNOWN!
2018-12-25T12:44:10.117390359Z 53 PC: 12fa6 | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:44:10.118818473Z 53 PC: 12fd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:10.120195938Z 74 PC: 12ff4 | Reallocate memory
2018-12-25T12:44:10.122789177Z 72 PC: 12ffa | Allocate memory
2018-12-25T12:44:10.124652092Z 37 PC: 13022 | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:44:10.125958545Z 37 PC: 1302c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:10.127366217Z 42 PC: 9f622 | Get date 0x9f622: cmp dh, 8
0x9f625: jne 0x9f62a
0x9f627: jmp 0x9f7f2
0x9f62a: pop dx
0x9f62b: mov si, dx
0x9f62d: push cs
0x9f62e: pop es
0x9f62f: mov cx, 0x41
0x9f632: mov al, byte ptr [si]
0x9f634: cmp al, 0
0x9f636: je 0x9f63f
0x9f638: inc si
0x9f639: dec cx
0x9f63a: jne 0x9f632
0x9f63c: jmp 0x9f651
0x9f63e: nop
0x9f63f: mov cx, 0xb
0x9f642: mov di, 0x220
0x9f645: sub si, 0xb
0x9f648: repe cmpsb byte ptr [si], byte ptr es:[di]
2018-12-25T12:44:10.130487247Z 250 PC: 9f659 | UNKNOWN!
2018-12-25T12:44:10.131224456Z 53 PC: 9f65e | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:10.132330644Z 37 PC: 9f670 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:10.13390621Z 54 PC: 9f677 | Get free disk space
2018-12-25T12:44:10.142527167Z 67 PC: 9f7e3 | Get or set file attributes
2018-12-25T12:44:10.151056723Z 67 PC: 9f7f0 | Get or set file attributes
2018-12-25T12:44:10.492307338Z 61 PC: 9f695 | Open file (Filename = 'j�W�!/%�')
2018-12-25T12:44:10.49924763Z 87 PC: 9f69c | Get or set file date and time
2018-12-25T12:44:10.500304567Z 63 PC: 9f6b5 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:44:10.504722696Z 66 PC: 9f7db | Move file pointer
2018-12-25T12:44:10.506597823Z 64 PC: 9f706 | Write file or device (Write 1037 bytes on handle 5)
2018-12-25T12:44:10.514677263Z 66 PC: 9f7db | Move file pointer (See above)
2018-12-25T12:44:10.516840012Z 64 PC: 9f715 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:44:10.520083483Z 87 PC: 9f72c | Get or set file date and time
2018-12-25T12:44:10.522201664Z 67 PC: 9f7f0 | Get or set file attributes (See above)
2018-12-25T12:44:10.532605099Z 65 PC: 9f773 | Delete file (Filename = 'C:\DOS\CHKLIST.MS')
2018-12-25T12:44:10.539880587Z 67 PC: 9f7f0 | Get or set file attributes (See above)
2018-12-25T12:44:10.54646867Z 65 PC: 9f773 | Delete file (See above)
2018-12-25T12:44:10.553790772Z 62 PC: 9f787 | Close file
2018-12-25T12:44:10.561245756Z 67 PC: 9f7f0 | Get or set file attributes (See above)
2018-12-25T12:44:10.571123144Z 37 PC: 9f79d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:44:10.573421859Z 53 PC: 9f7a2 | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:44:10.574774798Z 37 PC: 1303f | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:44:10.576001037Z 9 PC: 12e26 | Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15689,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:10.163528301Z 250 PC: 12fa1 | UNKNOWN!
2018-12-25T12:44:10.164460636Z 53 PC: 12fa6 | Get interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:44:10.165992192Z 53 PC: 12fd1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:10.167167933Z 74 PC: 12ff4 | Reallocate memory
2018-12-25T12:44:10.168387825Z 72 PC: 12ffa | Allocate memory
2018-12-25T12:44:10.170204498Z 37 PC: 13022 | Set interrupt vector (Interrupt = '75' AKA 'Execute program')
2018-12-25T12:44:10.171135669Z 37 PC: 1302c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:10.172591639Z 42 PC: 9f622 | Get date 0x9f622: cmp dh, 8
0x9f625: jne 0x9f62a
0x9f627: jmp 0x9f7f2
0x9f62a: pop dx
0x9f62b: mov si, dx
0x9f62d: push cs
0x9f62e: pop es
0x9f62f: mov cx, 0x41
0x9f632: mov al, byte ptr [si]
0x9f634: cmp al, 0
0x9f636: je 0x9f63f
0x9f638: inc si
0x9f639: dec cx
0x9f63a: jne 0x9f632
0x9f63c: jmp 0x9f651
0x9f63e: nop
0x9f63f: mov cx, 0xb
0x9f642: mov di, 0x220
0x9f645: sub si, 0xb
0x9f648: repe cmpsb byte ptr [si], byte ptr es:[di]