Sample viewer

vx.netlux.org/Virus.DOS.Dolphin.573

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:52:07.254674535Z 26 PC: 12aaa | Set disk transfer address
2018-12-17T21:52:07.257018482Z 78 PC: 12ab5 | Find first file
2018-12-17T21:52:07.262871673Z 44 PC: 12abb | Get time 0x12abb: cmp cl, 0
0x12abe: jne 0x12ace
0x12ac0: mov ah, 0x40
0x12ac2: mov bx, 1
0x12ac5: mov cx, 0x22
0x12ac8: lea dx, word ptr [bp + 0x312]
0x12acc: int 0x21
0x12ace: pop word ptr [bp + 0x33f]
0x12ad2: pop word ptr [bp + 0x33d]
0x12ad6: pop word ptr [bp + 0x33b]
0x12ada: pop word ptr [bp + 0x339]
0x12ade: mov ah, 0x1a
0x12ae0: mov dx, 0x80
0x12ae3: int 0x21
0x12ae5: pop ds
0x12ae6: pop es
0x12ae7: mov ax, es
0x12ae9: add ax, 0x10
0x12aec: add word ptr [bp + 0x1d5], ax
0x12af0: mov bx, word ptr [bp + 0x33d]
2018-12-17T21:52:07.265001325Z 26 PC: 12ae5 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":208,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:22.330170877Z 42 PC: 12e39 | Get date 0x12e39: cmp dh, 1
0x12e3c: jne 0x12e65
0x12e3e: cmp dl, 7
0x12e41: jae 0x12e65
0x12e43: mov di, 0x310
0x12e46: add di, si
0x12e48: mov al, 0x99
0x12e4a: mov cx, 0x71
0x12e4d: mov ah, byte ptr [di]
0x12e4f: mov dl, ah
0x12e51: xor ah, al
0x12e53: mov byte ptr [di], ah
0x12e55: mov al, dl
0x12e57: inc di
0x12e58: loop 0x12e4d
0x12e5a: mov ah, 9
0x12e5c: mov dx, 0x310
0x12e5f: add dx, si
0x12e61: int 0x21
0x12e63: jmp 0x12e63
2018-12-25T11:40:22.332732544Z 255 PC: 12e79 | UNKNOWN!
2018-12-25T11:40:22.334021421Z 49 PC: 12ebe | Terminate and stay resident (Return code = '0' | Memory size = '68')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":208,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:22.43624547Z 26 PC: 12aaa | Set disk transfer address
2018-12-25T11:40:22.437821786Z 78 PC: 12ab5 | Find first file
2018-12-25T11:40:22.443536394Z 44 PC: 12abb | Get time 0x12abb: cmp cl, 0
0x12abe: jne 0x12ace
0x12ac0: mov ah, 0x40
0x12ac2: mov bx, 1
0x12ac5: mov cx, 0x22
0x12ac8: lea dx, word ptr [bp + 0x312]
0x12acc: int 0x21
0x12ace: pop word ptr [bp + 0x33f]
0x12ad2: pop word ptr [bp + 0x33d]
0x12ad6: pop word ptr [bp + 0x33b]
0x12ada: pop word ptr [bp + 0x339]
0x12ade: mov ah, 0x1a
0x12ae0: mov dx, 0x80
0x12ae3: int 0x21
0x12ae5: pop ds
0x12ae6: pop es
0x12ae7: mov ax, es
0x12ae9: add ax, 0x10
0x12aec: add word ptr [bp + 0x1d5], ax
0x12af0: mov bx, word ptr [bp + 0x33d]
2018-12-25T11:40:22.445484796Z 26 PC: 12ae5 | Set disk transfer address