Sample viewer

vx.netlux.org/Virus.DOS.Opic.745

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:04.650750804Z	47	PC: 12c84 \| Get disk transfer address
2018-12-17T23:08:04.653128618Z	26	PC: 12c90 \| Set disk transfer address
2018-12-17T23:08:04.654506848Z	14	PC: 12c96 \| Set default drive (Drive = 'C')
2018-12-17T23:08:04.655989853Z	53	PC: 12c38 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:04.657990263Z	37	PC: 12c42 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:04.659690876Z	78	PC: 12c4f \| Find first file
2018-12-17T23:08:04.665271937Z	59	PC: 12c63 \| Change current directory
2018-12-17T23:08:04.669056283Z	25	PC: 12c69 \| Get default drive
2018-12-17T23:08:04.671099637Z	14	PC: 12c76 \| Set default drive (Drive = 'A')
2018-12-17T23:08:04.672222001Z	78	PC: 12c4f \| Find first file
2018-12-17T23:08:04.678854265Z	61	PC: 12b25 \| Open file (Filename = 'TEST.EXE')
2018-12-17T23:08:04.689674634Z	63	PC: 12b32 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:08:04.692558834Z	66	PC: 12b99 \| Move file pointer
2018-12-17T23:08:04.69490187Z	64	PC: 12c0c \| Write file or device (Write 165 bytes on handle 5)
2018-12-17T23:08:04.698873863Z	64	PC: 12c17 \| Write file or device (Write 580 bytes on handle 5)
2018-12-17T23:08:04.713878696Z	66	PC: 12c20 \| Move file pointer
2018-12-17T23:08:04.71590562Z	64	PC: 12c2b \| Write file or device (Write 26 bytes on handle 5)
2018-12-17T23:08:04.720076686Z	62	PC: 12c2f \| Close file
2018-12-17T23:08:04.728963795Z	79	PC: 12c4f \| Find next file
2018-12-17T23:08:04.731667995Z	59	PC: 12c63 \| Change current directory
2018-12-17T23:08:04.736427826Z	25	PC: 12c69 \| Get default drive
2018-12-17T23:08:04.737868091Z	37	PC: 12c7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:04.739295478Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dl, 0xd 0x12aec: je 0x12afc 0x12aee: nop 0x12aef: nop 0x12af0: nop 0x12af1: cmp dl, 6 0x12af4: je 0x12afc 0x12af6: nop 0x12af7: nop 0x12af8: nop 0x12af9: jmp 0x12b0b 0x12afb: nop 0x12afc: mov ah, 0x2c 0x12afe: int 0x21 0x12b00: cmp dh, 0x1e 0x12b03: jae 0x12b0b 0x12b05: nop 0x12b06: nop 0x12b07: nop 0x12b08: call 0x12b0c
2018-12-17T23:08:04.741705382Z	14	PC: 12caf \| Set default drive (Drive = 'C')
2018-12-17T23:08:04.743655847Z	26	PC: 12cb5 \| Set disk transfer address
2018-12-17T23:08:04.745073013Z	76	PC: 13164 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16078,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:17.034389586Z	47	PC: 12c84 \| Get disk transfer address
2018-12-25T12:45:17.036142674Z	26	PC: 12c90 \| Set disk transfer address
2018-12-25T12:45:17.038138912Z	14	PC: 12c96 \| Set default drive (Drive = 'C')
2018-12-25T12:45:17.039449745Z	53	PC: 12c38 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.040731164Z	37	PC: 12c42 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.04192736Z	78	PC: 12c4f \| Find first file
2018-12-25T12:45:17.047729859Z	59	PC: 12c63 \| Change current directory
2018-12-25T12:45:17.051589593Z	25	PC: 12c69 \| Get default drive
2018-12-25T12:45:17.052777644Z	14	PC: 12c76 \| Set default drive (Drive = 'A')
2018-12-25T12:45:17.053710253Z	78	PC: 12c4f \| Find first file (See above)
2018-12-25T12:45:17.057532149Z	61	PC: 12b25 \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:45:17.064820122Z	63	PC: 12b32 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.067491712Z	66	PC: 12b99 \| Move file pointer
2018-12-25T12:45:17.069841373Z	64	PC: 12c0c \| Write file or device (Write 165 bytes on handle 5)
2018-12-25T12:45:17.073614519Z	64	PC: 12c17 \| Write file or device (Write 580 bytes on handle 5)
2018-12-25T12:45:17.453821876Z	66	PC: 12c20 \| Move file pointer
2018-12-25T12:45:17.45538057Z	64	PC: 12c2b \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.458976832Z	62	PC: 12c2f \| Close file
2018-12-25T12:45:17.464962589Z	79	PC: 12c4f \| Find next file (See above)
2018-12-25T12:45:17.46749315Z	59	PC: 12c63 \| Change current directory (See above)
2018-12-25T12:45:17.472378848Z	25	PC: 12c69 \| Get default drive (See above)
2018-12-25T12:45:17.473439938Z	37	PC: 12c7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.475337181Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dl, 0xd 0x12aec: je 0x12afc 0x12aee: nop 0x12aef: nop 0x12af0: nop 0x12af1: cmp dl, 6 0x12af4: je 0x12afc 0x12af6: nop 0x12af7: nop 0x12af8: nop 0x12af9: jmp 0x12b0b 0x12afb: nop 0x12afc: mov ah, 0x2c 0x12afe: int 0x21 0x12b00: cmp dh, 0x1e 0x12b03: jae 0x12b0b 0x12b05: nop 0x12b06: nop 0x12b07: nop 0x12b08: call 0x12b0c
2018-12-25T12:45:17.478112972Z	14	PC: 12caf \| Set default drive (Drive = 'C')
2018-12-25T12:45:17.479367398Z	26	PC: 12cb5 \| Set disk transfer address
2018-12-25T12:45:17.480631171Z	76	PC: 13164 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16078,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:17.293556145Z	47	PC: 12c84 \| Get disk transfer address
2018-12-25T12:45:17.295374949Z	26	PC: 12c90 \| Set disk transfer address
2018-12-25T12:45:17.296415682Z	14	PC: 12c96 \| Set default drive (Drive = 'C')
2018-12-25T12:45:17.297663888Z	53	PC: 12c38 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.314534376Z	37	PC: 12c42 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.315698942Z	78	PC: 12c4f \| Find first file
2018-12-25T12:45:17.320865884Z	59	PC: 12c63 \| Change current directory
2018-12-25T12:45:17.33146798Z	25	PC: 12c69 \| Get default drive
2018-12-25T12:45:17.332492404Z	14	PC: 12c76 \| Set default drive (Drive = 'A')
2018-12-25T12:45:17.333542274Z	78	PC: 12c4f \| Find first file (See above)
2018-12-25T12:45:17.339516694Z	61	PC: 12b25 \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:45:17.346625323Z	63	PC: 12b32 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:17.349004596Z	66	PC: 12b99 \| Move file pointer
2018-12-25T12:45:17.3509746Z	64	PC: 12c0c \| Write file or device (Write 165 bytes on handle 5)
2018-12-25T12:45:17.35427378Z	64	PC: 12c17 \| Write file or device (Write 580 bytes on handle 5)
2018-12-25T12:45:17.514287997Z	66	PC: 12c20 \| Move file pointer
2018-12-25T12:45:17.521058087Z	64	PC: 12c2b \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:17.526197554Z	62	PC: 12c2f \| Close file
2018-12-25T12:45:17.535126718Z	79	PC: 12c4f \| Find next file (See above)
2018-12-25T12:45:17.537769575Z	59	PC: 12c63 \| Change current directory (See above)
2018-12-25T12:45:17.542873332Z	25	PC: 12c69 \| Get default drive (See above)
2018-12-25T12:45:17.543876492Z	37	PC: 12c7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:17.544949719Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dl, 0xd 0x12aec: je 0x12afc 0x12aee: nop 0x12aef: nop 0x12af0: nop 0x12af1: cmp dl, 6 0x12af4: je 0x12afc 0x12af6: nop 0x12af7: nop 0x12af8: nop 0x12af9: jmp 0x12b0b 0x12afb: nop 0x12afc: mov ah, 0x2c 0x12afe: int 0x21 0x12b00: cmp dh, 0x1e 0x12b03: jae 0x12b0b 0x12b05: nop 0x12b06: nop 0x12b07: nop 0x12b08: call 0x12b0c
2018-12-25T12:45:17.547910806Z	44	PC: 12b00 \| Get time 0x12b00: cmp dh, 0x1e 0x12b03: jae 0x12b0b 0x12b05: nop 0x12b06: nop 0x12b07: nop 0x12b08: call 0x12b0c 0x12b0b: ret 0x12b0c: mov ah, 0xe 0x12b0e: mov dl, 2 0x12b10: int 0x21 0x12b12: mov cx, 6 0x12b15: mov al, 7 0x12b17: int 0x29 0x12b19: loop 0x12b15 0x12b1b: ret 0x12b1c: mov ax, 0x3d02 0x12b1f: lea dx, word ptr [bp + 0x307] 0x12b23: int 0x21 0x12b25: mov bx, ax 0x12b27: mov ah, 0x3f
2018-12-25T12:45:17.549963846Z	14	PC: 12b12 \| Set default drive (Drive = 'C')
2018-12-25T12:45:17.551803656Z	14	PC: 12caf \| Set default drive (Drive = 'C')
2018-12-25T12:45:17.553558851Z	26	PC: 12cb5 \| Set disk transfer address
2018-12-25T12:45:17.554895944Z	76	PC: 13164 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16078,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:19.012162997Z	47	PC: 12c84 \| Get disk transfer address
2018-12-25T12:45:19.013752443Z	26	PC: 12c90 \| Set disk transfer address
2018-12-25T12:45:19.014829764Z	14	PC: 12c96 \| Set default drive (Drive = 'C')
2018-12-25T12:45:19.016089652Z	53	PC: 12c38 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:19.018248767Z	37	PC: 12c42 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:19.019353029Z	78	PC: 12c4f \| Find first file
2018-12-25T12:45:19.024465173Z	59	PC: 12c63 \| Change current directory
2018-12-25T12:45:19.028185599Z	25	PC: 12c69 \| Get default drive
2018-12-25T12:45:19.029687487Z	14	PC: 12c76 \| Set default drive (Drive = 'A')
2018-12-25T12:45:19.03115185Z	78	PC: 12c4f \| Find first file (See above)
2018-12-25T12:45:19.037300055Z	61	PC: 12b25 \| Open file (Filename = 'TEST.EXE')
2018-12-25T12:45:19.044737871Z	63	PC: 12b32 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:45:19.047607723Z	66	PC: 12b99 \| Move file pointer
2018-12-25T12:45:19.049906025Z	64	PC: 12c0c \| Write file or device (Write 165 bytes on handle 5)
2018-12-25T12:45:19.055929544Z	64	PC: 12c17 \| Write file or device (Write 580 bytes on handle 5)
2018-12-25T12:45:19.075265496Z	66	PC: 12c20 \| Move file pointer
2018-12-25T12:45:19.076833962Z	64	PC: 12c2b \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:45:19.080496697Z	62	PC: 12c2f \| Close file
2018-12-25T12:45:19.088399655Z	79	PC: 12c4f \| Find next file (See above)
2018-12-25T12:45:19.09070519Z	59	PC: 12c63 \| Change current directory (See above)
2018-12-25T12:45:19.095778441Z	25	PC: 12c69 \| Get default drive (See above)
2018-12-25T12:45:19.09692895Z	37	PC: 12c7f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:45:19.098111943Z	42	PC: 12ae9 \| Get date 0x12ae9: cmp dl, 0xd 0x12aec: je 0x12afc 0x12aee: nop 0x12aef: nop 0x12af0: nop 0x12af1: cmp dl, 6 0x12af4: je 0x12afc 0x12af6: nop 0x12af7: nop 0x12af8: nop 0x12af9: jmp 0x12b0b 0x12afb: nop 0x12afc: mov ah, 0x2c 0x12afe: int 0x21 0x12b00: cmp dh, 0x1e 0x12b03: jae 0x12b0b 0x12b05: nop 0x12b06: nop 0x12b07: nop 0x12b08: call 0x12b0c
2018-12-25T12:45:19.101025919Z	44	PC: 12b00 \| Get time 0x12b00: cmp dh, 0x1e 0x12b03: jae 0x12b0b 0x12b05: nop 0x12b06: nop 0x12b07: nop 0x12b08: call 0x12b0c 0x12b0b: ret 0x12b0c: mov ah, 0xe 0x12b0e: mov dl, 2 0x12b10: int 0x21 0x12b12: mov cx, 6 0x12b15: mov al, 7 0x12b17: int 0x29 0x12b19: loop 0x12b15 0x12b1b: ret 0x12b1c: mov ax, 0x3d02 0x12b1f: lea dx, word ptr [bp + 0x307] 0x12b23: int 0x21 0x12b25: mov bx, ax 0x12b27: mov ah, 0x3f
2018-12-25T12:45:19.103407668Z	14	PC: 12b12 \| Set default drive (Drive = 'C')
2018-12-25T12:45:19.105297671Z	14	PC: 12caf \| Set default drive (Drive = 'C')
2018-12-25T12:45:19.107479011Z	26	PC: 12cb5 \| Set disk transfer address
2018-12-25T12:45:19.108595835Z	76	PC: 13164 \| Terminate with return code (Return code = '0')