Sample viewer

vx.netlux.org/Virus.DOS.Dolphin.595

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:01.454722338Z 26 PC: 12aaa | Set disk transfer address
2018-12-17T23:09:01.45794244Z 71 PC: 12ab4 | Get current directory
2018-12-17T23:09:01.461787747Z 78 PC: 12acb | Find first file
2018-12-17T23:09:01.468476699Z 59 PC: 12ad5 | Change current directory
2018-12-17T23:09:01.473246634Z 59 PC: 12adf | Change current directory
2018-12-17T23:09:01.476449644Z 44 PC: 12ae3 | Get time 0x12ae3: cmp cl, 0
0x12ae6: jne 0x12af5
0x12ae8: mov bx, 1
0x12aeb: mov cx, 0x22
0x12aee: lea dx, word ptr [bp + 0x326]
0x12af2: call 0x12c61
0x12af5: pop word ptr [bp + 0x353]
0x12af9: pop word ptr [bp + 0x351]
0x12afd: pop word ptr [bp + 0x34f]
0x12b01: pop word ptr [bp + 0x34d]
0x12b05: mov ah, 0x1a
0x12b07: mov dx, 0x80
0x12b0a: int 0x21
0x12b0c: pop ds
0x12b0d: pop es
0x12b0e: mov ax, es
0x12b10: add ax, 0x10
0x12b13: add word ptr [bp + 0x1fc], ax
0x12b17: mov bx, word ptr [bp + 0x351]
0x12b1b: mov word ptr [bp + 0x1fa], bx
2018-12-17T23:09:01.480133828Z 26 PC: 12b0c | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16391,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:44.07452785Z 26 PC: 12aaa | Set disk transfer address
2018-12-25T12:52:44.090823191Z 71 PC: 12ab4 | Get current directory
2018-12-25T12:52:44.093729079Z 78 PC: 12acb | Find first file
2018-12-25T12:52:44.099589281Z 59 PC: 12ad5 | Change current directory
2018-12-25T12:52:44.104444482Z 59 PC: 12adf | Change current directory
2018-12-25T12:52:44.106054742Z 44 PC: 12ae3 | Get time 0x12ae3: cmp cl, 0
0x12ae6: jne 0x12af5
0x12ae8: mov bx, 1
0x12aeb: mov cx, 0x22
0x12aee: lea dx, word ptr [bp + 0x326]
0x12af2: call 0x12c61
0x12af5: pop word ptr [bp + 0x353]
0x12af9: pop word ptr [bp + 0x351]
0x12afd: pop word ptr [bp + 0x34f]
0x12b01: pop word ptr [bp + 0x34d]
0x12b05: mov ah, 0x1a
0x12b07: mov dx, 0x80
0x12b0a: int 0x21
0x12b0c: pop ds
0x12b0d: pop es
0x12b0e: mov ax, es
0x12b10: add ax, 0x10
0x12b13: add word ptr [bp + 0x1fc], ax
0x12b17: mov bx, word ptr [bp + 0x351]
0x12b1b: mov word ptr [bp + 0x1fa], bx
2018-12-25T12:52:44.108035661Z 64 PC: 12c65 | Write file or device (Write 34 bytes on handle 1)
2018-12-25T12:52:44.111584608Z 26 PC: 12b0c | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":16391,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:44.319502255Z 26 PC: 12aaa | Set disk transfer address
2018-12-25T12:52:44.321072266Z 71 PC: 12ab4 | Get current directory
2018-12-25T12:52:44.323766691Z 78 PC: 12acb | Find first file
2018-12-25T12:52:44.329329459Z 59 PC: 12ad5 | Change current directory
2018-12-25T12:52:44.333678392Z 59 PC: 12adf | Change current directory
2018-12-25T12:52:44.33526332Z 44 PC: 12ae3 | Get time 0x12ae3: cmp cl, 0
0x12ae6: jne 0x12af5
0x12ae8: mov bx, 1
0x12aeb: mov cx, 0x22
0x12aee: lea dx, word ptr [bp + 0x326]
0x12af2: call 0x12c61
0x12af5: pop word ptr [bp + 0x353]
0x12af9: pop word ptr [bp + 0x351]
0x12afd: pop word ptr [bp + 0x34f]
0x12b01: pop word ptr [bp + 0x34d]
0x12b05: mov ah, 0x1a
0x12b07: mov dx, 0x80
0x12b0a: int 0x21
0x12b0c: pop ds
0x12b0d: pop es
0x12b0e: mov ax, es
0x12b10: add ax, 0x10
0x12b13: add word ptr [bp + 0x1fc], ax
0x12b17: mov bx, word ptr [bp + 0x351]
0x12b1b: mov word ptr [bp + 0x1fa], bx
2018-12-25T12:52:44.337177418Z 26 PC: 12b0c | Set disk transfer address