Sample viewer

vx.netlux.org/Virus.DOS.Evasor.426

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:09:25.876242878Z	26	PC: 13267 \| Set disk transfer address
2018-12-17T22:09:25.877694432Z	78	PC: 13272 \| Find first file
2018-12-17T22:09:25.883546915Z	67	PC: 132bd \| Get or set file attributes
2018-12-17T22:09:25.901178073Z	61	PC: 132c3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:09:25.908528804Z	87	PC: 132c9 \| Get or set file date and time
2018-12-17T22:09:25.909886675Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:25.915788995Z	87	PC: 1333f \| Get or set file date and time
2018-12-17T22:09:25.917481767Z	62	PC: 13343 \| Close file
2018-12-17T22:09:25.924458106Z	79	PC: 13272 \| Find next file
2018-12-17T22:09:25.927192476Z	67	PC: 132bd \| Get or set file attributes
2018-12-17T22:09:25.937363497Z	61	PC: 132c3 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:09:25.944061017Z	87	PC: 132c9 \| Get or set file date and time
2018-12-17T22:09:25.945719974Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:25.952520279Z	87	PC: 1333f \| Get or set file date and time
2018-12-17T22:09:25.953960434Z	62	PC: 13343 \| Close file
2018-12-17T22:09:25.961175701Z	79	PC: 13272 \| Find next file
2018-12-17T22:09:25.964412904Z	67	PC: 132bd \| Get or set file attributes
2018-12-17T22:09:25.982717492Z	61	PC: 132c3 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:09:25.988877046Z	87	PC: 132c9 \| Get or set file date and time
2018-12-17T22:09:25.990091215Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:25.996563605Z	87	PC: 1333f \| Get or set file date and time
2018-12-17T22:09:25.997952605Z	62	PC: 13343 \| Close file
2018-12-17T22:09:26.007414386Z	79	PC: 13272 \| Find next file
2018-12-17T22:09:26.013544246Z	67	PC: 132bd \| Get or set file attributes
2018-12-17T22:09:26.022698967Z	61	PC: 132c3 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:09:26.028871594Z	87	PC: 132c9 \| Get or set file date and time
2018-12-17T22:09:26.030585034Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:26.036466181Z	87	PC: 1333f \| Get or set file date and time
2018-12-17T22:09:26.037733679Z	62	PC: 13343 \| Close file
2018-12-17T22:09:26.045500058Z	79	PC: 13272 \| Find next file
2018-12-17T22:09:26.048328467Z	67	PC: 132bd \| Get or set file attributes
2018-12-17T22:09:26.059412492Z	61	PC: 132c3 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:09:26.078452204Z	87	PC: 132c9 \| Get or set file date and time
2018-12-17T22:09:26.079845363Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:26.086928956Z	87	PC: 1333f \| Get or set file date and time
2018-12-17T22:09:26.08958533Z	62	PC: 13343 \| Close file
2018-12-17T22:09:26.096451918Z	79	PC: 13272 \| Find next file
2018-12-17T22:09:26.099171416Z	67	PC: 132bd \| Get or set file attributes
2018-12-17T22:09:26.109564742Z	61	PC: 132c3 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:09:26.116356255Z	87	PC: 132c9 \| Get or set file date and time
2018-12-17T22:09:26.117744598Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:26.124448926Z	87	PC: 1333f \| Get or set file date and time
2018-12-17T22:09:26.12572695Z	62	PC: 13343 \| Close file
2018-12-17T22:09:26.132918592Z	79	PC: 13272 \| Find next file
2018-12-17T22:09:26.136393387Z	67	PC: 132bd \| Get or set file attributes
2018-12-17T22:09:26.148889475Z	61	PC: 132c3 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:09:26.155487282Z	87	PC: 132c9 \| Get or set file date and time
2018-12-17T22:09:26.1580164Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:09:26.16434875Z	87	PC: 1333f \| Get or set file date and time
2018-12-17T22:09:26.165692467Z	62	PC: 13343 \| Close file
2018-12-17T22:09:26.173997042Z	79	PC: 13272 \| Find next file
2018-12-17T22:09:26.176725814Z	59	PC: 1327c \| Change current directory
2018-12-17T22:09:26.180597843Z	42	PC: 13282 \| Get date 0x13282: cmp dh, 7 0x13285: je 0x1328f 0x13287: mov dx, 0x80 0x1328a: mov ah, 0x1a 0x1328c: int 0x21 0x1328e: ret 0x1328f: mov ah, 9 0x13291: lea dx, word ptr [bp + 0x24c] 0x13295: int 0x21 0x13297: jmp 0x13287 0x13299: lea dx, word ptr [bp + 0x2a0] 0x1329d: mov di, dx 0x1329f: mov cx, 0x40 0x132a2: mov al, 0x2e 0x132a4: cld 0x132a5: repne scasb al, byte ptr es:[di] 0x132a7: cmp word ptr [di + 1], 0x4d4f 0x132ac: je 0x132b1 0x132ae: jmp 0x1333f 0x132b1: lea dx, word ptr [bp + 0x2a0]
2018-12-17T22:09:26.183020547Z	26	PC: 1328e \| Set disk transfer address
2018-12-17T22:09:26.184446922Z	9	PC: 12a47 \| Display string (String= 'Soy un COM infectado!! ')
2018-12-17T22:09:26.188330783Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2171,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:02.897833867Z	26	PC: 13267 \| Set disk transfer address
2018-12-25T11:45:02.899723215Z	78	PC: 13272 \| Find first file
2018-12-25T11:45:02.906634245Z	67	PC: 132bd \| Get or set file attributes
2018-12-25T11:45:02.927232934Z	61	PC: 132c3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:02.934509238Z	87	PC: 132c9 \| Get or set file date and time
2018-12-25T11:45:02.936623234Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:02.943526133Z	87	PC: 1333f \| Get or set file date and time
2018-12-25T11:45:02.945383546Z	62	PC: 13343 \| Close file
2018-12-25T11:45:02.95283373Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:02.955725608Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:02.962435044Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:02.969707764Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:02.971240418Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:02.977804288Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:02.979823297Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:02.987530554Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:02.990644513Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.000904754Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.007066995Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.008587497Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.015259653Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.01677913Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.026065877Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.029325852Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.038052296Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.043928064Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.045357524Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.053284921Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.054527682Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.060836178Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.063000475Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.071732175Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.082987075Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.0850643Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.090972905Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.095279203Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.103634932Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.106208876Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.116977866Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.123514712Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.125154404Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.131344505Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.133420852Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.14040583Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.143288577Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.157264248Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.182722962Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.184337865Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.191185769Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.19259428Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.199509771Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.203220397Z	59	PC: 1327c \| Change current directory
2018-12-25T11:45:03.207616516Z	42	PC: 13282 \| Get date 0x13282: cmp dh, 7 0x13285: je 0x1328f 0x13287: mov dx, 0x80 0x1328a: mov ah, 0x1a 0x1328c: int 0x21 0x1328e: ret 0x1328f: mov ah, 9 0x13291: lea dx, word ptr [bp + 0x24c] 0x13295: int 0x21 0x13297: jmp 0x13287 0x13299: lea dx, word ptr [bp + 0x2a0] 0x1329d: mov di, dx 0x1329f: mov cx, 0x40 0x132a2: mov al, 0x2e 0x132a4: cld 0x132a5: repne scasb al, byte ptr es:[di] 0x132a7: cmp word ptr [di + 1], 0x4d4f 0x132ac: je 0x132b1 0x132ae: jmp 0x1333f 0x132b1: lea dx, word ptr [bp + 0x2a0]
2018-12-25T11:45:03.209981927Z	26	PC: 1328e \| Set disk transfer address
2018-12-25T11:45:03.211927848Z	9	PC: 12a47 \| Display string (String= 'Soy un COM infectado!! ')
2018-12-25T11:45:03.216986002Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2171,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:02.974898484Z	26	PC: 13267 \| Set disk transfer address
2018-12-25T11:45:02.986673666Z	78	PC: 13272 \| Find first file
2018-12-25T11:45:02.99306478Z	67	PC: 132bd \| Get or set file attributes
2018-12-25T11:45:03.008378028Z	61	PC: 132c3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:03.015645426Z	87	PC: 132c9 \| Get or set file date and time
2018-12-25T11:45:03.0171181Z	63	PC: 132d6 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:03.023416726Z	87	PC: 1333f \| Get or set file date and time
2018-12-25T11:45:03.024798848Z	62	PC: 13343 \| Close file
2018-12-25T11:45:03.032648344Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.035387914Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.051081303Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.055918925Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.05705681Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.061689687Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.063605372Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.070544336Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.073241475Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.094563429Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.098870353Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.10029514Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.107501328Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.10934806Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.119019794Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.125204422Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.14067613Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.146775689Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.148728321Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.154211218Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.155338813Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.160187119Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.163002608Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.172370296Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.184610967Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.185931053Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.19316023Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.195593442Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.202736035Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.206871203Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.21725635Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.225680324Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.228237627Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.243846894Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.246517379Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.255286922Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.25822384Z	67	PC: 132bd \| Get or set file attributes (See above)
2018-12-25T11:45:03.268468Z	61	PC: 132c3 \| Open file (See above)
2018-12-25T11:45:03.274971487Z	87	PC: 132c9 \| Get or set file date and time (See above)
2018-12-25T11:45:03.276363946Z	63	PC: 132d6 \| Read file or device (See above)
2018-12-25T11:45:03.283320327Z	87	PC: 1333f \| Get or set file date and time (See above)
2018-12-25T11:45:03.284759737Z	62	PC: 13343 \| Close file (See above)
2018-12-25T11:45:03.293712661Z	79	PC: 13272 \| Find next file (See above)
2018-12-25T11:45:03.297659514Z	59	PC: 1327c \| Change current directory
2018-12-25T11:45:03.302353897Z	42	PC: 13282 \| Get date 0x13282: cmp dh, 7 0x13285: je 0x1328f 0x13287: mov dx, 0x80 0x1328a: mov ah, 0x1a 0x1328c: int 0x21 0x1328e: ret 0x1328f: mov ah, 9 0x13291: lea dx, word ptr [bp + 0x24c] 0x13295: int 0x21 0x13297: jmp 0x13287 0x13299: lea dx, word ptr [bp + 0x2a0] 0x1329d: mov di, dx 0x1329f: mov cx, 0x40 0x132a2: mov al, 0x2e 0x132a4: cld 0x132a5: repne scasb al, byte ptr es:[di] 0x132a7: cmp word ptr [di + 1], 0x4d4f 0x132ac: je 0x132b1 0x132ae: jmp 0x1333f 0x132b1: lea dx, word ptr [bp + 0x2a0]
2018-12-25T11:45:03.306145011Z	9	PC: 13297 \| Display string (String= 'Evasor v2.1 Pruslas [Los Sicarios de Midas] ')
2018-12-25T11:45:03.314910562Z	26	PC: 1328e \| Set disk transfer address
2018-12-25T11:45:03.31584836Z	9	PC: 12a47 \| Display string (String= 'Soy un COM infectado!! ')
2018-12-25T11:45:03.31878054Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')