Sample viewer

vx.netlux.org/Virus.DOS.Amber.Trivial.1408

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:08.02583102Z	78	PC: 12a6d \| Find first file
2018-12-17T22:16:08.031717771Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.034428277Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.036766599Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.039598826Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.042654413Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.045257252Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.047903535Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.05144469Z	61	PC: 12aa3 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:16:08.057751538Z	63	PC: 12ab2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:16:08.060098265Z	66	PC: 12ad3 \| Move file pointer
2018-12-17T22:16:08.083401591Z	64	PC: 12b0f \| Write file or device (Write 1536 bytes on handle 5)
2018-12-17T22:16:08.099258428Z	66	PC: 12b1a \| Move file pointer
2018-12-17T22:16:08.101076041Z	64	PC: 12b28 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:16:08.105762372Z	87	PC: 12b3f \| Get or set file date and time
2018-12-17T22:16:08.106807567Z	62	PC: 12ac6 \| Close file
2018-12-17T22:16:08.112336914Z	79	PC: 12a6d \| Find next file
2018-12-17T22:16:08.114993627Z	42	PC: 12b59 \| Get date 0x12b59: cmp dh, dl 0x12b5b: jne 0x12b66 0x12b5d: mov dx, 0x13a 0x12b60: add dx, bp 0x12b62: mov ah, 9 0x12b64: int 0x21 0x12b66: xor ax, ax 0x12b68: xor bx, bx 0x12b6a: mov cx, 0xff 0x12b6d: mov bp, sp 0x12b6f: mov si, 0x100 0x12b72: jmp si 0x12b74: sub ch, byte ptr [0x6f63] 0x12b78: insw word ptr es:[di], dx 0x12b79: add byte ptr [bp + di + 0x54], bl 0x12b7c: jb 0x12be7 0x12b7e: jbe 0x12be9 0x12b80: popaw 0x12b81: insb byte ptr es:[di], dx 0x12b82: pop bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2904,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:42.831168024Z	78	PC: 12a6d \| Find first file
2018-12-25T11:47:42.836172441Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.837990579Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.839947766Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.843176517Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.845304145Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.847329588Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.84939942Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.851688308Z	61	PC: 12aa3 \| Open file (Filename = 'TEST.COM')
2018-12-25T11:47:42.857415044Z	63	PC: 12ab2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:42.860300427Z	66	PC: 12ad3 \| Move file pointer
2018-12-25T11:47:42.870605003Z	64	PC: 12b0f \| Write file or device (Write 1519 bytes on handle 5)
2018-12-25T11:47:42.884773458Z	66	PC: 12b1a \| Move file pointer
2018-12-25T11:47:42.886095874Z	64	PC: 12b28 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:42.888887907Z	87	PC: 12b3f \| Get or set file date and time
2018-12-25T11:47:42.890012738Z	62	PC: 12ac6 \| Close file
2018-12-25T11:47:42.895292395Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:42.899077827Z	42	PC: 12b59 \| Get date 0x12b59: cmp dh, dl 0x12b5b: jne 0x12b66 0x12b5d: mov dx, 0x13a 0x12b60: add dx, bp 0x12b62: mov ah, 9 0x12b64: int 0x21 0x12b66: xor ax, ax 0x12b68: xor bx, bx 0x12b6a: mov cx, 0xff 0x12b6d: mov bp, sp 0x12b6f: mov si, 0x100 0x12b72: jmp si 0x12b74: sub ch, byte ptr [0x6f63] 0x12b78: insw word ptr es:[di], dx 0x12b79: add byte ptr [bp + di + 0x54], bl 0x12b7c: jb 0x12be7 0x12b7e: jbe 0x12be9 0x12b80: popaw 0x12b81: insb byte ptr es:[di], dx 0x12b82: pop bp
2018-12-25T11:47:42.901492523Z	9	PC: 12b66 \| Display string (String= '[Trivial] ��}�]�M�]��[AMBER1.07@beta]X�o%�G�G�G�G')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2904,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:43.127887191Z	78	PC: 12a6d \| Find first file
2018-12-25T11:47:43.134194503Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.137720528Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.141576588Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.144569456Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.147355306Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.149725658Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.152017446Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.154805887Z	61	PC: 12aa3 \| Open file (Filename = 'TEST.COM')
2018-12-25T11:47:43.161137966Z	63	PC: 12ab2 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:47:43.16351847Z	66	PC: 12ad3 \| Move file pointer
2018-12-25T11:47:43.185496166Z	64	PC: 12b0f \| Write file or device (Write 1537 bytes on handle 5)
2018-12-25T11:47:43.201242706Z	66	PC: 12b1a \| Move file pointer
2018-12-25T11:47:43.202504223Z	64	PC: 12b28 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:43.206187238Z	87	PC: 12b3f \| Get or set file date and time
2018-12-25T11:47:43.207658308Z	62	PC: 12ac6 \| Close file
2018-12-25T11:47:43.215150161Z	79	PC: 12a6d \| Find next file (See above)
2018-12-25T11:47:43.229433544Z	42	PC: 12b59 \| Get date 0x12b59: cmp dh, dl 0x12b5b: jne 0x12b66 0x12b5d: mov dx, 0x13a 0x12b60: add dx, bp 0x12b62: mov ah, 9 0x12b64: int 0x21 0x12b66: xor ax, ax 0x12b68: xor bx, bx 0x12b6a: mov cx, 0xff 0x12b6d: mov bp, sp 0x12b6f: mov si, 0x100 0x12b72: jmp si 0x12b74: sub ch, byte ptr [0x6f63] 0x12b78: insw word ptr es:[di], dx 0x12b79: add byte ptr [bp + di + 0x54], bl 0x12b7c: jb 0x12be7 0x12b7e: jbe 0x12be9 0x12b80: popaw 0x12b81: insb byte ptr es:[di], dx 0x12b82: pop bp