Sample viewer

vx.netlux.org/Virus.DOS.Vampiro.1000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:11:26.584860931Z 250 PC: 15ec4 | UNKNOWN!
2018-12-17T22:11:26.587042099Z 42 PC: 15ec8 | Get date 0x15ec8: cmp dh, 6
0x15ecb: jb 0x15ed9
0x15ecd: mov ah, 0x2c
0x15ecf: int 0x21
0x15ed1: cmp ch, 0x16
0x15ed4: jb 0x15ed9
0x15ed6: jmp 0x160c9
0x15ed9: cld
0x15eda: mov cx, 7
0x15edd: lea si, word ptr [bp + 0x325]
0x15ee1: lea di, word ptr [bp + 0x32c]
0x15ee5: rep movsb byte ptr es:[di], byte ptr [si]
0x15ee7: mov cx, 0x2b
0x15eea: lea di, word ptr [bp + 0x35e]
0x15eee: mov si, 0x80
0x15ef1: rep movsb byte ptr es:[di], byte ptr [si]
0x15ef3: mov ah, 0x47
0x15ef5: mov dl, 0
0x15ef7: lea si, word ptr [bp + 0x392]
0x15efb: int 0x21
2018-12-17T22:11:26.589029552Z 44 PC: 15ed1 | Get time 0x15ed1: cmp ch, 0x16
0x15ed4: jb 0x15ed9
0x15ed6: jmp 0x160c9
0x15ed9: cld
0x15eda: mov cx, 7
0x15edd: lea si, word ptr [bp + 0x325]
0x15ee1: lea di, word ptr [bp + 0x32c]
0x15ee5: rep movsb byte ptr es:[di], byte ptr [si]
0x15ee7: mov cx, 0x2b
0x15eea: lea di, word ptr [bp + 0x35e]
0x15eee: mov si, 0x80
0x15ef1: rep movsb byte ptr es:[di], byte ptr [si]
0x15ef3: mov ah, 0x47
0x15ef5: mov dl, 0
0x15ef7: lea si, word ptr [bp + 0x392]
0x15efb: int 0x21
0x15efd: mov ah, 0x4e
0x15eff: lea dx, word ptr [bp + 0x431]
0x15f03: mov cx, 0x10
0x15f06: int 0x21
2018-12-17T22:11:26.590750529Z 71 PC: 15efd | Get current directory
2018-12-17T22:11:26.593471307Z 78 PC: 15f08 | Find first file
2018-12-17T22:11:26.598551026Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.601008681Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.60469301Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.60759049Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.610409521Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.614573632Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.617586334Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.620435761Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.624277396Z 79 PC: 15f7b | Find next file
2018-12-17T22:11:26.627147076Z 59 PC: 15f65 | Change current directory
2018-12-17T22:11:26.638333959Z 59 PC: 160ac | Change current directory
2018-12-17T22:11:26.644322579Z 26 PC: 12c79 | Set disk transfer address
2018-12-17T22:11:26.646260536Z 99 PC: 146e7 | Get DBCS lead byte table pointer
2018-12-17T22:11:26.647512203Z 68 PC: 14701 | I/O control for devices (Set for = '')
2018-12-17T22:11:26.648722009Z 68 PC: 1470c | I/O control for devices (Set for = '')
2018-12-17T22:11:26.650609939Z 68 PC: 14717 | I/O control for devices (Set for = '')
2018-12-17T22:11:26.651938315Z 68 PC: 1471f | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:11:26.653690966Z 48 PC: 12ec3 | Get DOS version
2018-12-17T22:11:26.655894Z 64 PC: 1483d | Write file or device (Write 23 bytes on handle 2)
2018-12-17T22:11:26.660493184Z 76 PC: 12ccb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2396,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:43.755820083Z 250 PC: 15ec4 | UNKNOWN!
2018-12-25T11:45:43.757557498Z 42 PC: 15ec8 | Get date 0x15ec8: cmp dh, 6
0x15ecb: jb 0x15ed9
0x15ecd: mov ah, 0x2c
0x15ecf: int 0x21
0x15ed1: cmp ch, 0x16
0x15ed4: jb 0x15ed9
0x15ed6: jmp 0x160c9
0x15ed9: cld
0x15eda: mov cx, 7
0x15edd: lea si, word ptr [bp + 0x325]
0x15ee1: lea di, word ptr [bp + 0x32c]
0x15ee5: rep movsb byte ptr es:[di], byte ptr [si]
0x15ee7: mov cx, 0x2b
0x15eea: lea di, word ptr [bp + 0x35e]
0x15eee: mov si, 0x80
0x15ef1: rep movsb byte ptr es:[di], byte ptr [si]
0x15ef3: mov ah, 0x47
0x15ef5: mov dl, 0
0x15ef7: lea si, word ptr [bp + 0x392]
0x15efb: int 0x21
2018-12-25T11:45:43.759684059Z 71 PC: 15efd | Get current directory
2018-12-25T11:45:43.762366538Z 78 PC: 15f08 | Find first file
2018-12-25T11:45:43.768897994Z 79 PC: 15f7b | Find next file
2018-12-25T11:45:43.771254089Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.773548342Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.776214181Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.779238533Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.781978027Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.784914378Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.78738646Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.789761918Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.79287479Z 59 PC: 15f65 | Change current directory
2018-12-25T11:45:43.797095704Z 59 PC: 160ac | Change current directory
2018-12-25T11:45:43.800981175Z 26 PC: 12c79 | Set disk transfer address
2018-12-25T11:45:43.810404993Z 99 PC: 146e7 | Get DBCS lead byte table pointer
2018-12-25T11:45:43.811589908Z 68 PC: 14701 | I/O control for devices (Set for = '')
2018-12-25T11:45:43.812632755Z 68 PC: 1470c | I/O control for devices (Set for = '')
2018-12-25T11:45:43.814150245Z 68 PC: 14717 | I/O control for devices (Set for = '')
2018-12-25T11:45:43.816217659Z 68 PC: 1471f | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:45:43.817806085Z 48 PC: 12ec3 | Get DOS version
2018-12-25T11:45:43.819452993Z 64 PC: 1483d | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:45:43.827276631Z 76 PC: 12ccb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2396,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:43.849367261Z 250 PC: 15ec4 | UNKNOWN!
2018-12-25T11:45:43.850758594Z 42 PC: 15ec8 | Get date 0x15ec8: cmp dh, 6
0x15ecb: jb 0x15ed9
0x15ecd: mov ah, 0x2c
0x15ecf: int 0x21
0x15ed1: cmp ch, 0x16
0x15ed4: jb 0x15ed9
0x15ed6: jmp 0x160c9
0x15ed9: cld
0x15eda: mov cx, 7
0x15edd: lea si, word ptr [bp + 0x325]
0x15ee1: lea di, word ptr [bp + 0x32c]
0x15ee5: rep movsb byte ptr es:[di], byte ptr [si]
0x15ee7: mov cx, 0x2b
0x15eea: lea di, word ptr [bp + 0x35e]
0x15eee: mov si, 0x80
0x15ef1: rep movsb byte ptr es:[di], byte ptr [si]
0x15ef3: mov ah, 0x47
0x15ef5: mov dl, 0
0x15ef7: lea si, word ptr [bp + 0x392]
0x15efb: int 0x21
2018-12-25T11:45:43.853196534Z 71 PC: 15efd | Get current directory
2018-12-25T11:45:43.856169101Z 78 PC: 15f08 | Find first file
2018-12-25T11:45:43.860816003Z 79 PC: 15f7b | Find next file
2018-12-25T11:45:43.863716922Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.866453201Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.869412477Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.872298259Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.874931083Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.877538894Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.887057551Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.889815993Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:43.892157558Z 59 PC: 15f65 | Change current directory
2018-12-25T11:45:43.897131466Z 59 PC: 160ac | Change current directory
2018-12-25T11:45:43.901505509Z 26 PC: 12c79 | Set disk transfer address
2018-12-25T11:45:43.903068408Z 99 PC: 146e7 | Get DBCS lead byte table pointer
2018-12-25T11:45:43.924368025Z 68 PC: 14701 | I/O control for devices (Set for = '')
2018-12-25T11:45:43.926314133Z 68 PC: 1470c | I/O control for devices (Set for = '')
2018-12-25T11:45:43.928486938Z 68 PC: 14717 | I/O control for devices (Set for = '')
2018-12-25T11:45:43.931009023Z 68 PC: 1471f | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:45:43.933303875Z 48 PC: 12ec3 | Get DOS version
2018-12-25T11:45:43.935586752Z 64 PC: 1483d | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:45:43.948389002Z 76 PC: 12ccb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2396,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:43.986724392Z 250 PC: 15ec4 | UNKNOWN!
2018-12-25T11:45:43.988592429Z 42 PC: 15ec8 | Get date 0x15ec8: cmp dh, 6
0x15ecb: jb 0x15ed9
0x15ecd: mov ah, 0x2c
0x15ecf: int 0x21
0x15ed1: cmp ch, 0x16
0x15ed4: jb 0x15ed9
0x15ed6: jmp 0x160c9
0x15ed9: cld
0x15eda: mov cx, 7
0x15edd: lea si, word ptr [bp + 0x325]
0x15ee1: lea di, word ptr [bp + 0x32c]
0x15ee5: rep movsb byte ptr es:[di], byte ptr [si]
0x15ee7: mov cx, 0x2b
0x15eea: lea di, word ptr [bp + 0x35e]
0x15eee: mov si, 0x80
0x15ef1: rep movsb byte ptr es:[di], byte ptr [si]
0x15ef3: mov ah, 0x47
0x15ef5: mov dl, 0
0x15ef7: lea si, word ptr [bp + 0x392]
0x15efb: int 0x21
2018-12-25T11:45:43.9909083Z 71 PC: 15efd | Get current directory
2018-12-25T11:45:43.993476021Z 78 PC: 15f08 | Find first file
2018-12-25T11:45:43.997732991Z 79 PC: 15f7b | Find next file
2018-12-25T11:45:44.000089604Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.002349839Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.00821922Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.010774767Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.012742856Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.015043803Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.016927151Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.018849467Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.020637078Z 59 PC: 15f65 | Change current directory
2018-12-25T11:45:44.028153806Z 59 PC: 160ac | Change current directory
2018-12-25T11:45:44.031208055Z 26 PC: 12c79 | Set disk transfer address
2018-12-25T11:45:44.033265489Z 99 PC: 146e7 | Get DBCS lead byte table pointer
2018-12-25T11:45:44.035204852Z 68 PC: 14701 | I/O control for devices (Set for = '')
2018-12-25T11:45:44.036735934Z 68 PC: 1470c | I/O control for devices (Set for = '')
2018-12-25T11:45:44.038362755Z 68 PC: 14717 | I/O control for devices (Set for = '')
2018-12-25T11:45:44.04109972Z 68 PC: 1471f | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:45:44.042601132Z 48 PC: 12ec3 | Get DOS version
2018-12-25T11:45:44.043909175Z 64 PC: 1483d | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:45:44.047484322Z 76 PC: 12ccb | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2396,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:44.649707527Z 250 PC: 15ec4 | UNKNOWN!
2018-12-25T11:45:44.651319405Z 42 PC: 15ec8 | Get date 0x15ec8: cmp dh, 6
0x15ecb: jb 0x15ed9
0x15ecd: mov ah, 0x2c
0x15ecf: int 0x21
0x15ed1: cmp ch, 0x16
0x15ed4: jb 0x15ed9
0x15ed6: jmp 0x160c9
0x15ed9: cld
0x15eda: mov cx, 7
0x15edd: lea si, word ptr [bp + 0x325]
0x15ee1: lea di, word ptr [bp + 0x32c]
0x15ee5: rep movsb byte ptr es:[di], byte ptr [si]
0x15ee7: mov cx, 0x2b
0x15eea: lea di, word ptr [bp + 0x35e]
0x15eee: mov si, 0x80
0x15ef1: rep movsb byte ptr es:[di], byte ptr [si]
0x15ef3: mov ah, 0x47
0x15ef5: mov dl, 0
0x15ef7: lea si, word ptr [bp + 0x392]
0x15efb: int 0x21
2018-12-25T11:45:44.653813939Z 71 PC: 15efd | Get current directory
2018-12-25T11:45:44.657013489Z 78 PC: 15f08 | Find first file
2018-12-25T11:45:44.66649801Z 79 PC: 15f7b | Find next file
2018-12-25T11:45:44.669385377Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.672119315Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.67529695Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.67818755Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.680887223Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.684778183Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.687675886Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.690341773Z 79 PC: 15f7b | Find next file (See above)
2018-12-25T11:45:44.692766484Z 59 PC: 15f65 | Change current directory
2018-12-25T11:45:44.700774689Z 59 PC: 160ac | Change current directory
2018-12-25T11:45:44.706305139Z 26 PC: 12c79 | Set disk transfer address
2018-12-25T11:45:44.707841038Z 99 PC: 146e7 | Get DBCS lead byte table pointer
2018-12-25T11:45:44.70951449Z 68 PC: 14701 | I/O control for devices (Set for = '')
2018-12-25T11:45:44.710868672Z 68 PC: 1470c | I/O control for devices (Set for = '')
2018-12-25T11:45:44.712396108Z 68 PC: 14717 | I/O control for devices (Set for = '')
2018-12-25T11:45:44.714339577Z 68 PC: 1471f | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:45:44.71675205Z 48 PC: 12ec3 | Get DOS version
2018-12-25T11:45:44.719354735Z 64 PC: 1483d | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:45:44.725967883Z 76 PC: 12ccb | Terminate with return code (Return code = '1')