Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.540

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:34.264049953Z 26 PC: 14a84 | Set disk transfer address
2018-12-17T23:10:34.265674098Z 71 PC: 14a8e | Get current directory
2018-12-17T23:10:34.26845609Z 78 PC: 14a99 | Find first file
2018-12-17T23:10:34.272432917Z 59 PC: 14aaa | Change current directory
2018-12-17T23:10:34.277700256Z 59 PC: 14ab4 | Change current directory
2018-12-17T23:10:34.279831589Z 44 PC: 14ab8 | Get time 0x14ab8: cmp dh, 0x32
0x14abb: jl 0x14adf
0x14abd: lea dx, word ptr [bp + 0x2c2]
0x14ac1: call 0x154d1
0x14ac4: add byte ptr [di - 0x2c6a], cl
0x14ac8: add ch, al
0x14aca: add ax, word ptr [bx + si]
0x14acc: jmp 0x14ae0
0x14ace: nop
0x14acf: mov ah, 9
0x14ad1: int 0x21
0x14ad3: mov cx, 0xea60
0x14ad6: push cx
0x14ad7: mov cx, 0x19
0x14ada: loop 0x14ada
0x14adc: pop cx
0x14add: loop 0x14ad6
0x14adf: ret
0x14ae0: call 0x14c04
0x14ae3: mov ah, 0x1a
2018-12-17T23:10:34.282166597Z 19 PC: 178ae | Delete file
2018-12-17T23:10:34.284130737Z 89 PC: 15fa8 | Get extended error info
2018-12-17T23:10:34.286340441Z 59 PC: 1676b | Change current directory
2018-12-17T23:10:34.29248701Z 64 PC: 19838 | Write file or device (Write 54 bytes on handle 2)
2018-12-17T23:10:34.295846882Z 64 PC: 19838 | Write file or device (Write 2 bytes on handle 2)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16902,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:11.995505178Z 26 PC: 14a84 | Set disk transfer address
2018-12-25T12:54:11.996714976Z 71 PC: 14a8e | Get current directory
2018-12-25T12:54:11.998509731Z 78 PC: 14a99 | Find first file
2018-12-25T12:54:12.002724463Z 59 PC: 14aaa | Change current directory
2018-12-25T12:54:12.005837142Z 59 PC: 14ab4 | Change current directory
2018-12-25T12:54:12.006960354Z 44 PC: 14ab8 | Get time 0x14ab8: cmp dh, 0x32
0x14abb: jl 0x14adf
0x14abd: lea dx, word ptr [bp + 0x2c2]
0x14ac1: call 0x154d1
0x14ac4: add byte ptr [di - 0x2c6a], cl
0x14ac8: add ch, al
0x14aca: add ax, word ptr [bx + si]
0x14acc: jmp 0x14ae0
0x14ace: nop
0x14acf: mov ah, 9
0x14ad1: int 0x21
0x14ad3: mov cx, 0xea60
0x14ad6: push cx
0x14ad7: mov cx, 0x19
0x14ada: loop 0x14ada
0x14adc: pop cx
0x14add: loop 0x14ad6
0x14adf: ret
0x14ae0: call 0x14c04
0x14ae3: mov ah, 0x1a
2018-12-25T12:54:12.008266572Z 19 PC: 178ae | Delete file
2018-12-25T12:54:12.009664569Z 89 PC: 15fa8 | Get extended error info
2018-12-25T12:54:12.010599453Z 59 PC: 1676b | Change current directory
2018-12-25T12:54:12.014415493Z 64 PC: 19838 | Write file or device (Write 54 bytes on handle 2)
2018-12-25T12:54:12.017629486Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:54:12.047339501Z 26 PC: 14a84 | Set disk transfer address (See above)
2018-12-25T12:54:12.048188482Z 71 PC: 14a8e | Get current directory (See above)
2018-12-25T12:54:12.05113608Z 78 PC: 14a99 | Find first file (See above)
2018-12-25T12:54:12.055178222Z 59 PC: 14aaa | Change current directory (See above)
2018-12-25T12:54:12.059101786Z 59 PC: 14ab4 | Change current directory (See above)
2018-12-25T12:54:12.060765645Z 44 PC: 14ab8 | Get time (See above)
2018-12-25T12:54:12.104596272Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:54:12.110339282Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:54:12.116262927Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:54:12.120020349Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:54:12.122826672Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:54:12.124758679Z 26 PC: 14a84 | Set disk transfer address (See above)
2018-12-25T12:54:12.125837886Z 71 PC: 14a8e | Get current directory (See above)
2018-12-25T12:54:12.127561332Z 78 PC: 14a99 | Find first file (See above)
2018-12-25T12:54:12.130307293Z 59 PC: 14aaa | Change current directory (See above)
2018-12-25T12:54:12.133181006Z 59 PC: 14ab4 | Change current directory (See above)
2018-12-25T12:54:12.134256854Z 44 PC: 14ab8 | Get time (See above)
2018-12-25T12:54:12.13590175Z 26 PC: 14a84 | Set disk transfer address (See above)
2018-12-25T12:54:12.136948374Z 71 PC: 14a8e | Get current directory (See above)
2018-12-25T12:54:12.138754339Z 78 PC: 14a99 | Find first file (See above)
2018-12-25T12:54:12.14198162Z 59 PC: 14aaa | Change current directory (See above)
2018-12-25T12:54:12.145173736Z 59 PC: 14ab4 | Change current directory (See above)
2018-12-25T12:54:12.146338471Z 44 PC: 14ab8 | Get time (See above)
2018-12-25T12:54:12.167124694Z 99 PC: 193d0 | Get DBCS lead byte table pointer

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":50,"TimeBased":true,"OriginalID":16902,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:12.299484393Z 26 PC: 14a84 | Set disk transfer address
2018-12-25T12:54:12.301474599Z 71 PC: 14a8e | Get current directory
2018-12-25T12:54:12.304670615Z 78 PC: 14a99 | Find first file
2018-12-25T12:54:12.308353962Z 59 PC: 14aaa | Change current directory
2018-12-25T12:54:12.312177242Z 59 PC: 14ab4 | Change current directory
2018-12-25T12:54:12.314943456Z 44 PC: 14ab8 | Get time 0x14ab8: cmp dh, 0x32
0x14abb: jl 0x14adf
0x14abd: lea dx, word ptr [bp + 0x2c2]
0x14ac1: call 0x154d1
0x14ac4: add byte ptr [di - 0x2c6a], cl
0x14ac8: add ch, al
0x14aca: add ax, word ptr [bx + si]
0x14acc: jmp 0x14ae0
0x14ace: nop
0x14acf: mov ah, 9
0x14ad1: int 0x21
0x14ad3: mov cx, 0xea60
0x14ad6: push cx
0x14ad7: mov cx, 0x19
0x14ada: loop 0x14ada
0x14adc: pop cx
0x14add: loop 0x14ad6
0x14adf: ret
0x14ae0: call 0x14c04
0x14ae3: mov ah, 0x1a
2018-12-25T12:54:12.317377125Z 19 PC: 178ae | Delete file
2018-12-25T12:54:12.319105997Z 89 PC: 15fa8 | Get extended error info
2018-12-25T12:54:12.32087731Z 59 PC: 1676b | Change current directory
2018-12-25T12:54:12.326968944Z 64 PC: 19838 | Write file or device (Write 54 bytes on handle 2)
2018-12-25T12:54:12.331368811Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:54:12.36725905Z 99 PC: 193d0 | Get DBCS lead byte table pointer