Sample viewer

vx.netlux.org/Virus.DOS.Halka.1000.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:17.708845957Z 42 PC: 12b46 | Get date 0x12b46: cmp dh, 0xc
0x12b49: jne 0x12b5e
0x12b4b: cmp dl, 0x1f
0x12b4e: jne 0x12b5e
0x12b50: mov ax, 0x900
0x12b53: lea dx, word ptr [bp + 0x165]
0x12b57: int 0x21
0x12b59: mov ax, 0x4c00
0x12b5c: int 0x21
0x12b5e: cld
0x12b5f: mov cx, 4
0x12b62: mov di, 0x100
0x12b65: lea si, word ptr [bp + 0x15b]
0x12b69: rep movsb byte ptr es:[di], byte ptr [si]
0x12b6b: mov ax, 0x4e00
0x12b6e: mov cx, 0
0x12b71: lea dx, word ptr [bp + 0x15f]
0x12b75: int 0x21
0x12b77: jae 0x12b8b
0x12b79: mov cx, 0x2b
2018-12-17T23:09:17.711570433Z 78 PC: 12b77 | Find first file
2018-12-17T23:09:17.717330286Z 61 PC: 12b93 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:17.723645167Z 63 PC: 12ba2 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:09:17.730521683Z 66 PC: 12bc8 | Move file pointer
2018-12-17T23:09:17.731833682Z 64 PC: 12bd5 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:09:17.734345956Z 64 PC: 12bf4 | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:09:17.737000001Z 64 PC: 12c01 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:09:17.747069824Z 66 PC: 12c0e | Move file pointer
2018-12-17T23:09:17.748451807Z 64 PC: 12c34 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T23:09:17.763843732Z 62 PC: 12c39 | Close file
2018-12-17T23:09:17.777732544Z 76 PC: 12a4a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16479,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:04.017268024Z 42 PC: 12b46 | Get date 0x12b46: cmp dh, 0xc
0x12b49: jne 0x12b5e
0x12b4b: cmp dl, 0x1f
0x12b4e: jne 0x12b5e
0x12b50: mov ax, 0x900
0x12b53: lea dx, word ptr [bp + 0x165]
0x12b57: int 0x21
0x12b59: mov ax, 0x4c00
0x12b5c: int 0x21
0x12b5e: cld
0x12b5f: mov cx, 4
0x12b62: mov di, 0x100
0x12b65: lea si, word ptr [bp + 0x15b]
0x12b69: rep movsb byte ptr es:[di], byte ptr [si]
0x12b6b: mov ax, 0x4e00
0x12b6e: mov cx, 0
0x12b71: lea dx, word ptr [bp + 0x15f]
0x12b75: int 0x21
0x12b77: jae 0x12b8b
0x12b79: mov cx, 0x2b
2018-12-25T12:53:04.020097816Z 78 PC: 12b77 | Find first file
2018-12-25T12:53:04.024308886Z 61 PC: 12b93 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:04.02837239Z 63 PC: 12ba2 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:04.032628052Z 66 PC: 12bc8 | Move file pointer
2018-12-25T12:53:04.034031873Z 64 PC: 12bd5 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:53:04.035774295Z 64 PC: 12bf4 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:53:04.037471068Z 64 PC: 12c01 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:53:04.039341066Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:53:04.040375548Z 64 PC: 12c34 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:53:04.144732011Z 62 PC: 12c39 | Close file
2018-12-25T12:53:04.162760424Z 76 PC: 12a4a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16479,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:04.291807312Z 42 PC: 12b46 | Get date 0x12b46: cmp dh, 0xc
0x12b49: jne 0x12b5e
0x12b4b: cmp dl, 0x1f
0x12b4e: jne 0x12b5e
0x12b50: mov ax, 0x900
0x12b53: lea dx, word ptr [bp + 0x165]
0x12b57: int 0x21
0x12b59: mov ax, 0x4c00
0x12b5c: int 0x21
0x12b5e: cld
0x12b5f: mov cx, 4
0x12b62: mov di, 0x100
0x12b65: lea si, word ptr [bp + 0x15b]
0x12b69: rep movsb byte ptr es:[di], byte ptr [si]
0x12b6b: mov ax, 0x4e00
0x12b6e: mov cx, 0
0x12b71: lea dx, word ptr [bp + 0x15f]
0x12b75: int 0x21
0x12b77: jae 0x12b8b
0x12b79: mov cx, 0x2b
2018-12-25T12:53:04.300081494Z 9 PC: 12b59 | Display string (String= ' Este es el virus 786 Version 1 Echo por --> ��x�� [�x�]/A.H.D. HALKA/. Industria Argentina Quemen al mu�eco del `94! ')
2018-12-25T12:53:04.312147191Z 76 PC: 12b5e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16479,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:04.294828826Z 42 PC: 12b46 | Get date 0x12b46: cmp dh, 0xc
0x12b49: jne 0x12b5e
0x12b4b: cmp dl, 0x1f
0x12b4e: jne 0x12b5e
0x12b50: mov ax, 0x900
0x12b53: lea dx, word ptr [bp + 0x165]
0x12b57: int 0x21
0x12b59: mov ax, 0x4c00
0x12b5c: int 0x21
0x12b5e: cld
0x12b5f: mov cx, 4
0x12b62: mov di, 0x100
0x12b65: lea si, word ptr [bp + 0x15b]
0x12b69: rep movsb byte ptr es:[di], byte ptr [si]
0x12b6b: mov ax, 0x4e00
0x12b6e: mov cx, 0
0x12b71: lea dx, word ptr [bp + 0x15f]
0x12b75: int 0x21
0x12b77: jae 0x12b8b
0x12b79: mov cx, 0x2b
2018-12-25T12:53:04.296482691Z 78 PC: 12b77 | Find first file
2018-12-25T12:53:04.300073898Z 61 PC: 12b93 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:04.303884083Z 63 PC: 12ba2 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:53:04.307864604Z 66 PC: 12bc8 | Move file pointer
2018-12-25T12:53:04.308760078Z 64 PC: 12bd5 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:53:04.310338056Z 64 PC: 12bf4 | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:53:04.312200971Z 64 PC: 12c01 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:53:04.313789275Z 66 PC: 12c0e | Move file pointer
2018-12-25T12:53:04.314666904Z 64 PC: 12c34 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:53:05.001640099Z 62 PC: 12c39 | Close file
2018-12-25T12:53:05.010588551Z 76 PC: 12a4a | Terminate with return code (Return code = '0')