Sample viewer

vx.netlux.org/Virus.DOS.Galicia.840

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:07:18.851399214Z 42 PC: 12a47 | Get date 0x12a47: mov al, dh
0x12a49: and al, 1
0x12a4b: je 0x12a53
0x12a4d: call 0x12ae4
0x12a50: call 0x12b35
0x12a53: push cs
0x12a54: pop ax
0x12a55: add ax, 0x1000
0x12a58: mov es, ax
0x12a5a: mov si, 0
0x12a5d: mov di, 0
0x12a60: mov cx, 0x448
0x12a63: rep movsb byte ptr es:[di], byte ptr [si]
0x12a65: jmp 0x12a70
0x12a67: nop
0x12a68: sub ch, byte ptr [0x4f43]
0x12a6c: dec bp
0x12a6d: add byte ptr [bp + si], al
0x12a6f: add byte ptr [0x1f06], bl
0x12a73: pop es
2018-12-17T22:07:18.855565687Z 78 PC: 12a7e | Find first file
2018-12-17T22:07:18.861481059Z 61 PC: 12b77 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:18.867865109Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:18.874695742Z 66 PC: 12aad | Move file pointer
2018-12-17T22:07:18.876101252Z 64 PC: 12d85 | Write file or device (Write 1247 bytes on handle 5)
2018-12-17T22:07:18.890965368Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:18.89905096Z 79 PC: 12abd | Find next file
2018-12-17T22:07:18.902181552Z 61 PC: 12b77 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:07:18.908452867Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:18.914842853Z 66 PC: 12aad | Move file pointer
2018-12-17T22:07:18.917263273Z 64 PC: 12d85 | Write file or device (Write 867 bytes on handle 5)
2018-12-17T22:07:18.925596963Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:18.933832686Z 79 PC: 12abd | Find next file
2018-12-17T22:07:18.93758236Z 61 PC: 12b77 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:07:18.944290265Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:18.951517025Z 66 PC: 12aad | Move file pointer
2018-12-17T22:07:18.95366853Z 64 PC: 12d85 | Write file or device (Write 932 bytes on handle 5)
2018-12-17T22:07:18.961908273Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:18.970027092Z 79 PC: 12abd | Find next file
2018-12-17T22:07:18.974039097Z 61 PC: 12b77 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:07:18.980427133Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:18.986970359Z 66 PC: 12aad | Move file pointer
2018-12-17T22:07:18.989454029Z 64 PC: 12d85 | Write file or device (Write 869 bytes on handle 5)
2018-12-17T22:07:18.998117704Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:19.006699547Z 79 PC: 12abd | Find next file
2018-12-17T22:07:19.010437582Z 61 PC: 12b77 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:07:19.01831362Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:19.025526957Z 66 PC: 12aad | Move file pointer
2018-12-17T22:07:19.027793225Z 64 PC: 12d85 | Write file or device (Write 869 bytes on handle 5)
2018-12-17T22:07:19.036254545Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:19.044631144Z 79 PC: 12abd | Find next file
2018-12-17T22:07:19.047875481Z 61 PC: 12b77 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:07:19.065280902Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:19.071482907Z 66 PC: 12aad | Move file pointer
2018-12-17T22:07:19.073061085Z 64 PC: 12d85 | Write file or device (Write 1341 bytes on handle 5)
2018-12-17T22:07:19.08183576Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:19.089551723Z 79 PC: 12abd | Find next file
2018-12-17T22:07:19.092108612Z 61 PC: 12b77 | Open file (Filename = 'PAH.COM')
2018-12-17T22:07:19.099811334Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:19.108015008Z 66 PC: 12aad | Move file pointer
2018-12-17T22:07:19.10935287Z 64 PC: 12d85 | Write file or device (Write 869 bytes on handle 5)
2018-12-17T22:07:19.122401656Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:19.130251335Z 79 PC: 12abd | Find next file
2018-12-17T22:07:19.132123443Z 61 PC: 12b77 | Open file (Filename = 'TEST.COM')
2018-12-17T22:07:19.137481393Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-17T22:07:19.141786752Z 62 PC: 12ab9 | Close file
2018-12-17T22:07:19.143119841Z 79 PC: 12abd | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1933,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:33.783801818Z 42 PC: 12a47 | Get date 0x12a47: mov al, dh
0x12a49: and al, 1
0x12a4b: je 0x12a53
0x12a4d: call 0x12ae4
0x12a50: call 0x12b35
0x12a53: push cs
0x12a54: pop ax
0x12a55: add ax, 0x1000
0x12a58: mov es, ax
0x12a5a: mov si, 0
0x12a5d: mov di, 0
0x12a60: mov cx, 0x448
0x12a63: rep movsb byte ptr es:[di], byte ptr [si]
0x12a65: jmp 0x12a70
0x12a67: nop
0x12a68: sub ch, byte ptr [0x4f43]
0x12a6c: dec bp
0x12a6d: add byte ptr [bp + si], al
0x12a6f: add byte ptr [0x1f06], bl
0x12a73: pop es
2018-12-25T11:44:34.117251731Z 78 PC: 12a7e | Find first file
2018-12-25T11:44:34.123921273Z 61 PC: 12b77 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:34.131109867Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-25T11:44:34.139781589Z 66 PC: 12aad | Move file pointer
2018-12-25T11:44:34.141612379Z 64 PC: 12d85 | Write file or device (Write 1247 bytes on handle 5)
2018-12-25T11:44:34.156697584Z 62 PC: 12ab9 | Close file
2018-12-25T11:44:34.165042282Z 79 PC: 12abd | Find next file
2018-12-25T11:44:34.169549286Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.177901525Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.184325561Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.186532529Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.194799953Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.203046416Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.210824956Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.217532625Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.224259112Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.227053918Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.235730959Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.243877458Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.247738731Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.254787699Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.261293429Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.263835319Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.272327304Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.280574549Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.283709582Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.290580439Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.297314962Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.299169503Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.310803481Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.319066311Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.321656439Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.329837816Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.336505208Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.338078633Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.347908097Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.356003478Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.358879162Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.367015284Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.373964435Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.375697207Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.382808415Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.387946973Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.389736161Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.393943464Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.40180355Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.403879114Z 79 PC: 12abd | Find next file (See above)

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1933,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:33.889119651Z 42 PC: 12a47 | Get date 0x12a47: mov al, dh
0x12a49: and al, 1
0x12a4b: je 0x12a53
0x12a4d: call 0x12ae4
0x12a50: call 0x12b35
0x12a53: push cs
0x12a54: pop ax
0x12a55: add ax, 0x1000
0x12a58: mov es, ax
0x12a5a: mov si, 0
0x12a5d: mov di, 0
0x12a60: mov cx, 0x448
0x12a63: rep movsb byte ptr es:[di], byte ptr [si]
0x12a65: jmp 0x12a70
0x12a67: nop
0x12a68: sub ch, byte ptr [0x4f43]
0x12a6c: dec bp
0x12a6d: add byte ptr [bp + si], al
0x12a6f: add byte ptr [0x1f06], bl
0x12a73: pop es
2018-12-25T11:44:33.892486002Z 78 PC: 12a7e | Find first file
2018-12-25T11:44:33.899136452Z 61 PC: 12b77 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:33.90571431Z 63 PC: 12a8f | Read file or device (Read 64255 bytes on handle 5)
2018-12-25T11:44:33.913244299Z 66 PC: 12aad | Move file pointer
2018-12-25T11:44:33.914941359Z 64 PC: 12d85 | Write file or device (Write 1247 bytes on handle 5)
2018-12-25T11:44:34.11674573Z 62 PC: 12ab9 | Close file
2018-12-25T11:44:34.129259242Z 79 PC: 12abd | Find next file
2018-12-25T11:44:34.132078857Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.137155652Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.143481531Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.145838766Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.1571957Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.162730732Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.179700365Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.186996353Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.202930161Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.205567544Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.214153265Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.223084496Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.240858267Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.254640637Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.270801632Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.284853454Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.293007374Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.300918491Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.304377407Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.311009969Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.317314429Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.32004955Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.328144817Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.335564818Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.338293223Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.345250496Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.351301013Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.352711201Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.363397306Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.371242505Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.374019825Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.381124838Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.387996213Z 66 PC: 12aad | Move file pointer (See above)
2018-12-25T11:44:34.389514078Z 64 PC: 12d85 | Write file or device (See above)
2018-12-25T11:44:34.399250317Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.406499307Z 79 PC: 12abd | Find next file (See above)
2018-12-25T11:44:34.40835141Z 61 PC: 12b77 | Open file (See above)
2018-12-25T11:44:34.413391129Z 63 PC: 12a8f | Read file or device (See above)
2018-12-25T11:44:34.42034357Z 62 PC: 12ab9 | Close file (See above)
2018-12-25T11:44:34.42187002Z 79 PC: 12abd | Find next file (See above)