Sample viewer

vx.netlux.org/Virus.DOS.CLME.Ming.1528

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:05.849752792Z	44	PC: 1d287 \| Get time 0x1d287: cmp dh, 2 0x1d28a: je 0x1d2e2 0x1d28c: mov ah, 0x47 0x1d28e: xor dl, dl 0x1d290: lea si, word ptr [bp + 0x358] 0x1d294: int 0x21 0x1d296: mov ah, 0x1a 0x1d298: lea dx, word ptr [bp + 0x3a0] 0x1d29c: int 0x21 0x1d29e: jmp 0x1d2cd 0x1d2a0: mov ah, 0x3b 0x1d2a2: lea dx, word ptr [bp + 0x398] 0x1d2a6: int 0x21 0x1d2a8: mov ah, 0x4e 0x1d2aa: lea dx, word ptr [bp + 0x356] 0x1d2ae: mov cx, 0x11 0x1d2b1: int 0x21 0x1d2b3: jb 0x1d2df 0x1d2b5: mov bx, word ptr [bp + 0x354] 0x1d2b9: dec bx
2018-12-17T23:08:05.8546016Z	71	PC: 1d296 \| Get current directory
2018-12-17T23:08:05.857687084Z	26	PC: 1d29e \| Set disk transfer address
2018-12-17T23:08:05.867347839Z	78	PC: 1d2d7 \| Find first file
2018-12-17T23:08:05.874699453Z	61	PC: 1d30d \| Open file (Filename = 'BAT ')
2018-12-17T23:08:05.882184338Z	63	PC: 1d319 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T23:08:05.890317021Z	66	PC: 1d386 \| Move file pointer
2018-12-17T23:08:05.89333646Z	64	PC: 1d38c \| Write file or device (Write 2021 bytes on handle 5)
2018-12-17T23:08:05.910373691Z	66	PC: 1d3b5 \| Move file pointer
2018-12-17T23:08:05.911883363Z	64	PC: 1d3bb \| Write file or device (Write 24 bytes on handle 5)
2018-12-17T23:08:05.914868937Z	87	PC: 1d3cb \| Get or set file date and time
2018-12-17T23:08:05.916841588Z	62	PC: 1d3cf \| Close file
2018-12-17T23:08:05.926035543Z	59	PC: 1d3fa \| Change current directory
2018-12-17T23:08:05.930644893Z	59	PC: 1d402 \| Change current directory
2018-12-17T23:08:05.93322166Z	26	PC: 1d40d \| Set disk transfer address
2018-12-17T23:08:05.934938736Z	9	PC: 12a9d \| Display string (Could not find end pointer)
2018-12-17T23:08:05.939838376Z	76	PC: 12aa2 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16084,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:19.708431865Z	44	PC: 1d287 \| Get time 0x1d287: cmp dh, 2 0x1d28a: je 0x1d2e2 0x1d28c: mov ah, 0x47 0x1d28e: xor dl, dl 0x1d290: lea si, word ptr [bp + 0x358] 0x1d294: int 0x21 0x1d296: mov ah, 0x1a 0x1d298: lea dx, word ptr [bp + 0x3a0] 0x1d29c: int 0x21 0x1d29e: jmp 0x1d2cd 0x1d2a0: mov ah, 0x3b 0x1d2a2: lea dx, word ptr [bp + 0x398] 0x1d2a6: int 0x21 0x1d2a8: mov ah, 0x4e 0x1d2aa: lea dx, word ptr [bp + 0x356] 0x1d2ae: mov cx, 0x11 0x1d2b1: int 0x21 0x1d2b3: jb 0x1d2df 0x1d2b5: mov bx, word ptr [bp + 0x354] 0x1d2b9: dec bx
2018-12-25T12:45:19.711960577Z	9	PC: 1d3e8 \| Display string (Could not find end pointer)
2018-12-25T12:45:19.714370974Z	71	PC: 1d296 \| Get current directory
2018-12-25T12:45:19.717151875Z	26	PC: 1d29e \| Set disk transfer address
2018-12-25T12:45:19.71893128Z	78	PC: 1d2d7 \| Find first file
2018-12-25T12:45:19.725021895Z	61	PC: 1d30d \| Open file (Filename = 'BAT ')
2018-12-25T12:45:19.731542052Z	63	PC: 1d319 \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:45:19.739271113Z	66	PC: 1d386 \| Move file pointer
2018-12-25T12:45:19.74065349Z	64	PC: 1d38c \| Write file or device (Write 1979 bytes on handle 5)
2018-12-25T12:45:19.754768762Z	66	PC: 1d3b5 \| Move file pointer
2018-12-25T12:45:19.763444398Z	64	PC: 1d3bb \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:45:19.766368673Z	87	PC: 1d3cb \| Get or set file date and time
2018-12-25T12:45:19.768122001Z	62	PC: 1d3cf \| Close file
2018-12-25T12:45:19.776137039Z	59	PC: 1d3fa \| Change current directory
2018-12-25T12:45:19.779925415Z	59	PC: 1d402 \| Change current directory
2018-12-25T12:45:19.781554394Z	26	PC: 1d40d \| Set disk transfer address
2018-12-25T12:45:19.783158057Z	9	PC: 12a9d \| Display string (Could not find end pointer)
2018-12-25T12:45:19.789240498Z	76	PC: 12aa2 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":2,"TimeBased":true,"OriginalID":16084,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:22.493823453Z	44	PC: 1d287 \| Get time 0x1d287: cmp dh, 2 0x1d28a: je 0x1d2e2 0x1d28c: mov ah, 0x47 0x1d28e: xor dl, dl 0x1d290: lea si, word ptr [bp + 0x358] 0x1d294: int 0x21 0x1d296: mov ah, 0x1a 0x1d298: lea dx, word ptr [bp + 0x3a0] 0x1d29c: int 0x21 0x1d29e: jmp 0x1d2cd 0x1d2a0: mov ah, 0x3b 0x1d2a2: lea dx, word ptr [bp + 0x398] 0x1d2a6: int 0x21 0x1d2a8: mov ah, 0x4e 0x1d2aa: lea dx, word ptr [bp + 0x356] 0x1d2ae: mov cx, 0x11 0x1d2b1: int 0x21 0x1d2b3: jb 0x1d2df 0x1d2b5: mov bx, word ptr [bp + 0x354] 0x1d2b9: dec bx
2018-12-25T12:45:22.496504799Z	71	PC: 1d296 \| Get current directory
2018-12-25T12:45:22.499497136Z	26	PC: 1d29e \| Set disk transfer address
2018-12-25T12:45:22.500432647Z	78	PC: 1d2d7 \| Find first file
2018-12-25T12:45:22.507998971Z	61	PC: 1d30d \| Open file (Filename = 'BAT ')
2018-12-25T12:45:22.51503177Z	63	PC: 1d319 \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T12:45:22.523628463Z	66	PC: 1d386 \| Move file pointer
2018-12-25T12:45:22.526084411Z	64	PC: 1d38c \| Write file or device (Write 2036 bytes on handle 5)
2018-12-25T12:45:22.543460423Z	66	PC: 1d3b5 \| Move file pointer
2018-12-25T12:45:22.544906804Z	64	PC: 1d3bb \| Write file or device (Write 24 bytes on handle 5)
2018-12-25T12:45:22.548339552Z	87	PC: 1d3cb \| Get or set file date and time
2018-12-25T12:45:22.549811167Z	62	PC: 1d3cf \| Close file
2018-12-25T12:45:22.558279556Z	59	PC: 1d3fa \| Change current directory
2018-12-25T12:45:22.562988139Z	59	PC: 1d402 \| Change current directory
2018-12-25T12:45:22.564846247Z	26	PC: 1d40d \| Set disk transfer address
2018-12-25T12:45:22.565970951Z	9	PC: 12a9d \| Display string (Could not find end pointer)
2018-12-25T12:45:22.570757743Z	76	PC: 12aa2 \| Terminate with return code (Return code = '1')