Sample viewer

vx.netlux.org/Virus.DOS.Newgen.1054

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:07:31.569544937Z	48	PC: 12ec2 \| Get DOS version
2018-12-17T22:07:31.577215677Z	47	PC: 12ecd \| Get disk transfer address
2018-12-17T22:07:31.578063677Z	26	PC: 12edf \| Set disk transfer address
2018-12-17T22:07:31.578980429Z	78	PC: 12f68 \| Find first file
2018-12-17T22:07:31.586181605Z	67	PC: 12fa0 \| Get or set file attributes
2018-12-17T22:07:31.591252328Z	67	PC: 12fb0 \| Get or set file attributes
2018-12-17T22:07:31.669701905Z	61	PC: 12fb4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:31.675625567Z	87	PC: 12fbf \| Get or set file date and time
2018-12-17T22:07:31.678000089Z	42	PC: 12fd0 \| Get date 0x12fd0: cmp dl, bl 0x12fd2: jne 0x12fd9 0x12fd4: mov ah, 0x3e 0x12fd6: int3 0x12fd7: jmp 0x12f65 0x12fd9: pop bx 0x12fda: mov ax, 0x4202 0x12fdd: xor cx, cx 0x12fdf: xor dx, dx 0x12fe1: int3 0x12fe2: shr ax, 1 0x12fe4: mov dx, si 0x12fe6: add si, 0xf4 0x12fea: mov word ptr [si], ax 0x12fec: mov si, dx 0x12fee: mov dx, ax 0x12ff0: mov ax, 0x4200 0x12ff3: xor cx, cx 0x12ff5: int3 0x12ff6: mov ah, 0x3f
2018-12-17T22:07:31.680160419Z	66	PC: 12fe2 \| Move file pointer
2018-12-17T22:07:31.681837967Z	66	PC: 12ff6 \| Move file pointer
2018-12-17T22:07:31.706078967Z	63	PC: 13006 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:07:31.712377479Z	66	PC: 13012 \| Move file pointer
2018-12-17T22:07:31.713613352Z	64	PC: 13021 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:07:31.717639369Z	66	PC: 13046 \| Move file pointer
2018-12-17T22:07:31.719103545Z	63	PC: 13052 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:07:31.720908289Z	66	PC: 1305d \| Move file pointer
2018-12-17T22:07:31.725967703Z	66	PC: 131c7 \| Move file pointer
2018-12-17T22:07:31.727820848Z	64	PC: 131d3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:07:31.730901606Z	66	PC: 131f1 \| Move file pointer
2018-12-17T22:07:31.734210325Z	64	PC: 13217 \| Write file or device (Write 1054 bytes on handle 5)
2018-12-17T22:07:31.743926103Z	87	PC: 13220 \| Get or set file date and time
2018-12-17T22:07:31.745773295Z	62	PC: 13223 \| Close file
2018-12-17T22:07:31.766564747Z	67	PC: 1322e \| Get or set file attributes
2018-12-17T22:07:31.776918028Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1964,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:37.073964856Z	48	PC: 12ec2 \| Get DOS version
2018-12-25T11:44:37.079886061Z	47	PC: 12ecd \| Get disk transfer address
2018-12-25T11:44:37.083111912Z	26	PC: 12edf \| Set disk transfer address
2018-12-25T11:44:37.084443095Z	78	PC: 12f68 \| Find first file
2018-12-25T11:44:37.091613862Z	67	PC: 12fa0 \| Get or set file attributes
2018-12-25T11:44:37.097704431Z	67	PC: 12fb0 \| Get or set file attributes
2018-12-25T11:44:37.116012039Z	61	PC: 12fb4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:37.131141758Z	87	PC: 12fbf \| Get or set file date and time
2018-12-25T11:44:37.132824711Z	42	PC: 12fd0 \| Get date 0x12fd0: cmp dl, bl 0x12fd2: jne 0x12fd9 0x12fd4: mov ah, 0x3e 0x12fd6: int3 0x12fd7: jmp 0x12f65 0x12fd9: pop bx 0x12fda: mov ax, 0x4202 0x12fdd: xor cx, cx 0x12fdf: xor dx, dx 0x12fe1: int3 0x12fe2: shr ax, 1 0x12fe4: mov dx, si 0x12fe6: add si, 0xf4 0x12fea: mov word ptr [si], ax 0x12fec: mov si, dx 0x12fee: mov dx, ax 0x12ff0: mov ax, 0x4200 0x12ff3: xor cx, cx 0x12ff5: int3 0x12ff6: mov ah, 0x3f
2018-12-25T11:44:37.135327994Z	66	PC: 12fe2 \| Move file pointer
2018-12-25T11:44:37.137051995Z	66	PC: 12ff6 \| Move file pointer
2018-12-25T11:44:37.139287605Z	63	PC: 13006 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:37.145440552Z	66	PC: 13012 \| Move file pointer
2018-12-25T11:44:37.14674044Z	64	PC: 13021 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:37.149968932Z	66	PC: 13046 \| Move file pointer
2018-12-25T11:44:37.151305759Z	63	PC: 13052 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:44:37.153757907Z	66	PC: 1305d \| Move file pointer
2018-12-25T11:44:37.155895824Z	66	PC: 131c7 \| Move file pointer
2018-12-25T11:44:37.157247649Z	64	PC: 131d3 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:44:37.15985998Z	66	PC: 131f1 \| Move file pointer
2018-12-25T11:44:37.162379627Z	64	PC: 13217 \| Write file or device (Write 1054 bytes on handle 5)
2018-12-25T11:44:37.171221521Z	87	PC: 13220 \| Get or set file date and time
2018-12-25T11:44:37.173034531Z	62	PC: 13223 \| Close file
2018-12-25T11:44:37.181574376Z	67	PC: 1322e \| Get or set file attributes
2018-12-25T11:44:37.191953426Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":24,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1964,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:37.150619525Z	48	PC: 12ec2 \| Get DOS version
2018-12-25T11:44:37.152230092Z	47	PC: 12ecd \| Get disk transfer address
2018-12-25T11:44:37.153185824Z	26	PC: 12edf \| Set disk transfer address
2018-12-25T11:44:37.15427173Z	78	PC: 12f68 \| Find first file
2018-12-25T11:44:37.160546049Z	67	PC: 12fa0 \| Get or set file attributes
2018-12-25T11:44:37.16583202Z	67	PC: 12fb0 \| Get or set file attributes
2018-12-25T11:44:37.18045867Z	61	PC: 12fb4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:37.187171359Z	87	PC: 12fbf \| Get or set file date and time
2018-12-25T11:44:37.190080645Z	42	PC: 12fd0 \| Get date 0x12fd0: cmp dl, bl 0x12fd2: jne 0x12fd9 0x12fd4: mov ah, 0x3e 0x12fd6: int3 0x12fd7: jmp 0x12f65 0x12fd9: pop bx 0x12fda: mov ax, 0x4202 0x12fdd: xor cx, cx 0x12fdf: xor dx, dx 0x12fe1: int3 0x12fe2: shr ax, 1 0x12fe4: mov dx, si 0x12fe6: add si, 0xf4 0x12fea: mov word ptr [si], ax 0x12fec: mov si, dx 0x12fee: mov dx, ax 0x12ff0: mov ax, 0x4200 0x12ff3: xor cx, cx 0x12ff5: int3 0x12ff6: mov ah, 0x3f
2018-12-25T11:44:37.192129014Z	62	PC: 12fd7 \| Close file
2018-12-25T11:44:37.193442132Z	79	PC: 12f68 \| Find next file (See above)
2018-12-25T11:44:37.202874256Z	79	PC: 12f68 \| Find next file (See above)
2018-12-25T11:44:37.206306609Z	79	PC: 12f68 \| Find next file (See above)
2018-12-25T11:44:37.209268296Z	79	PC: 12f68 \| Find next file (See above)
2018-12-25T11:44:37.213046192Z	79	PC: 12f68 \| Find next file (See above)
2018-12-25T11:44:37.215335789Z	67	PC: 12fa0 \| Get or set file attributes (See above)
2018-12-25T11:44:37.222714247Z	67	PC: 12fb0 \| Get or set file attributes (See above)
2018-12-25T11:44:37.233888624Z	61	PC: 12fb4 \| Open file (See above)
2018-12-25T11:44:37.238271227Z	87	PC: 12fbf \| Get or set file date and time (See above)
2018-12-25T11:44:37.239476314Z	42	PC: 12fd0 \| Get date (See above)
2018-12-25T11:44:37.244771488Z	66	PC: 12fe2 \| Move file pointer
2018-12-25T11:44:37.246373861Z	66	PC: 12ff6 \| Move file pointer
2018-12-25T11:44:37.248283723Z	63	PC: 13006 \| Read file or device (Read 3 bytes on handle 6)
2018-12-25T11:44:37.254752585Z	66	PC: 13012 \| Move file pointer
2018-12-25T11:44:37.257215704Z	64	PC: 13021 \| Write file or device (Write 3 bytes on handle 6)
2018-12-25T11:44:37.259089811Z	66	PC: 13046 \| Move file pointer
2018-12-25T11:44:37.266560428Z	63	PC: 13052 \| Read file or device (Read 3 bytes on handle 6)
2018-12-25T11:44:37.271087536Z	66	PC: 1305d \| Move file pointer
2018-12-25T11:44:37.274213229Z	66	PC: 131c7 \| Move file pointer
2018-12-25T11:44:37.275573786Z	64	PC: 131d3 \| Write file or device (Write 3 bytes on handle 6)
2018-12-25T11:44:37.279463278Z	66	PC: 131f1 \| Move file pointer
2018-12-25T11:44:37.281643764Z	64	PC: 13217 \| Write file or device (Write 1054 bytes on handle 6)
2018-12-25T11:44:37.291868732Z	87	PC: 13220 \| Get or set file date and time
2018-12-25T11:44:37.294724825Z	62	PC: 13223 \| Close file
2018-12-25T11:44:37.302932844Z	67	PC: 1322e \| Get or set file attributes
2018-12-25T11:44:37.312912656Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')