Sample viewer

vx.netlux.org/Virus.DOS.VirDem.833

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:31.937201542Z 71 PC: 12ad7 | Get current directory
2018-12-17T22:16:31.940266048Z 59 PC: 12adf | Change current directory
2018-12-17T22:16:31.944417024Z 78 PC: 12b44 | Find first file
2018-12-17T22:16:31.950105359Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:16:31.956841451Z 63 PC: 12b75 | Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:16:31.964479339Z 62 PC: 12b7b | Close file
2018-12-17T22:16:31.966616412Z 53 PC: 12bb6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:31.97545184Z 37 PC: 12bc8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:31.976800953Z 67 PC: 12bda | Get or set file attributes
2018-12-17T22:16:31.987201769Z 67 PC: 12be4 | Get or set file attributes
2018-12-17T22:16:32.007602034Z 61 PC: 12bec | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:16:32.014240822Z 87 PC: 12bfc | Get or set file date and time
2018-12-17T22:16:32.0157473Z 66 PC: 12c11 | Move file pointer
2018-12-17T22:16:32.017257708Z 66 PC: 12c1f | Move file pointer
2018-12-17T22:16:32.019462037Z 63 PC: 12c3c | Read file or device (Read 807 bytes on handle 5)
2018-12-17T22:16:32.025720925Z 66 PC: 12c63 | Move file pointer
2018-12-17T22:16:32.027404106Z 64 PC: 12c76 | Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:16:32.036925674Z 64 PC: 12c85 | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:16:32.039894974Z 66 PC: 12c8e | Move file pointer
2018-12-17T22:16:32.041257168Z 64 PC: 12c99 | Write file or device (Write 807 bytes on handle 5)
2018-12-17T22:16:32.048662374Z 87 PC: 12ca7 | Get or set file date and time
2018-12-17T22:16:32.05182465Z 62 PC: 12caf | Close file
2018-12-17T22:16:32.059170552Z 37 PC: 12cb9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:32.060644037Z 59 PC: 12cd2 | Change current directory
2018-12-17T22:16:32.065469114Z 42 PC: 12d42 | Get date 0x12d42: cmp cx, 0x7c9
0x12d46: jl 0x12d59
0x12d48: cmp al, 1
0x12d4a: jne 0x12d59
0x12d4c: push ds
0x12d4d: push bp
0x12d4e: push es
0x12d4f: push di
0x12d50: push si
0x12d51: call 0x22d02
0x12d54: pop si
0x12d55: pop di
0x12d56: pop es
0x12d57: pop bp
0x12d58: pop ds
0x12d59: mov bx, word ptr [0x108]
0x12d5d: add bx, 0x100
0x12d61: add bx, word ptr [0x110]
0x12d65: jmp bx
0x12d67: int 0x20

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2949,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:50.64924781Z 71 PC: 12ad7 | Get current directory
2018-12-25T11:47:50.652951195Z 59 PC: 12adf | Change current directory
2018-12-25T11:47:50.656977937Z 78 PC: 12b44 | Find first file
2018-12-25T11:47:50.667377068Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:50.678611055Z 63 PC: 12b75 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:47:50.685220305Z 62 PC: 12b7b | Close file
2018-12-25T11:47:50.687123974Z 53 PC: 12bb6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:50.688930051Z 37 PC: 12bc8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:50.690242539Z 67 PC: 12bda | Get or set file attributes
2018-12-25T11:47:50.695670825Z 67 PC: 12be4 | Get or set file attributes
2018-12-25T11:47:50.709689151Z 61 PC: 12bec | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:50.716878289Z 87 PC: 12bfc | Get or set file date and time
2018-12-25T11:47:50.718550898Z 66 PC: 12c11 | Move file pointer
2018-12-25T11:47:50.72016426Z 66 PC: 12c1f | Move file pointer
2018-12-25T11:47:50.72264464Z 63 PC: 12c3c | Read file or device (Read 807 bytes on handle 5)
2018-12-25T11:47:50.725403835Z 66 PC: 12c63 | Move file pointer
2018-12-25T11:47:50.726988836Z 64 PC: 12c76 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:47:50.735705714Z 64 PC: 12c85 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:47:50.738451068Z 66 PC: 12c8e | Move file pointer
2018-12-25T11:47:50.739990403Z 64 PC: 12c99 | Write file or device (Write 807 bytes on handle 5)
2018-12-25T11:47:50.760631393Z 87 PC: 12ca7 | Get or set file date and time
2018-12-25T11:47:50.763071235Z 62 PC: 12caf | Close file
2018-12-25T11:47:50.771059392Z 37 PC: 12cb9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:50.77356888Z 59 PC: 12cd2 | Change current directory
2018-12-25T11:47:50.777797424Z 42 PC: 12d42 | Get date 0x12d42: cmp cx, 0x7c9
0x12d46: jl 0x12d59
0x12d48: cmp al, 1
0x12d4a: jne 0x12d59
0x12d4c: push ds
0x12d4d: push bp
0x12d4e: push es
0x12d4f: push di
0x12d50: push si
0x12d51: call 0x22d02
0x12d54: pop si
0x12d55: pop di
0x12d56: pop es
0x12d57: pop bp
0x12d58: pop ds
0x12d59: mov bx, word ptr [0x108]
0x12d5d: add bx, 0x100
0x12d61: add bx, word ptr [0x110]
0x12d65: jmp bx
0x12d67: int 0x20

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2949,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:51.067853454Z 71 PC: 12ad7 | Get current directory
2018-12-25T11:47:51.072034648Z 59 PC: 12adf | Change current directory
2018-12-25T11:47:51.077112097Z 78 PC: 12b44 | Find first file
2018-12-25T11:47:51.083763922Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:51.091439879Z 63 PC: 12b75 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:47:51.09887057Z 62 PC: 12b7b | Close file
2018-12-25T11:47:51.10129445Z 53 PC: 12bb6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.103221333Z 37 PC: 12bc8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.104790775Z 67 PC: 12bda | Get or set file attributes
2018-12-25T11:47:51.126593971Z 67 PC: 12be4 | Get or set file attributes
2018-12-25T11:47:51.144284338Z 61 PC: 12bec | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:51.15186119Z 87 PC: 12bfc | Get or set file date and time
2018-12-25T11:47:51.153229026Z 66 PC: 12c11 | Move file pointer
2018-12-25T11:47:51.154494558Z 66 PC: 12c1f | Move file pointer
2018-12-25T11:47:51.160211701Z 63 PC: 12c3c | Read file or device (Read 807 bytes on handle 5)
2018-12-25T11:47:51.168217748Z 66 PC: 12c63 | Move file pointer
2018-12-25T11:47:51.17027098Z 64 PC: 12c76 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:47:51.180570044Z 64 PC: 12c85 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:47:51.184531723Z 66 PC: 12c8e | Move file pointer
2018-12-25T11:47:51.186196075Z 64 PC: 12c99 | Write file or device (Write 807 bytes on handle 5)
2018-12-25T11:47:51.19629299Z 87 PC: 12ca7 | Get or set file date and time
2018-12-25T11:47:51.198163624Z 62 PC: 12caf | Close file
2018-12-25T11:47:51.208205202Z 37 PC: 12cb9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.210005721Z 59 PC: 12cd2 | Change current directory
2018-12-25T11:47:51.215638411Z 42 PC: 12d42 | Get date 0x12d42: cmp cx, 0x7c9
0x12d46: jl 0x12d59
0x12d48: cmp al, 1
0x12d4a: jne 0x12d59
0x12d4c: push ds
0x12d4d: push bp
0x12d4e: push es
0x12d4f: push di
0x12d50: push si
0x12d51: call 0x22d02
0x12d54: pop si
0x12d55: pop di
0x12d56: pop es
0x12d57: pop bp
0x12d58: pop ds
0x12d59: mov bx, word ptr [0x108]
0x12d5d: add bx, 0x100
0x12d61: add bx, word ptr [0x110]
0x12d65: jmp bx
0x12d67: int 0x20

{"DateBased":true,"Day":4,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2949,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:51.094103596Z 71 PC: 12ad7 | Get current directory
2018-12-25T11:47:51.098199283Z 59 PC: 12adf | Change current directory
2018-12-25T11:47:51.102751548Z 78 PC: 12b44 | Find first file
2018-12-25T11:47:51.10936034Z 61 PC: 12b67 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:51.117035338Z 63 PC: 12b75 | Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:47:51.1267141Z 62 PC: 12b7b | Close file
2018-12-25T11:47:51.129067719Z 53 PC: 12bb6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.130776041Z 37 PC: 12bc8 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.132759247Z 67 PC: 12bda | Get or set file attributes
2018-12-25T11:47:51.140512559Z 67 PC: 12be4 | Get or set file attributes
2018-12-25T11:47:51.157719752Z 61 PC: 12bec | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:51.166643487Z 87 PC: 12bfc | Get or set file date and time
2018-12-25T11:47:51.168530424Z 66 PC: 12c11 | Move file pointer
2018-12-25T11:47:51.17045977Z 66 PC: 12c1f | Move file pointer
2018-12-25T11:47:51.175357768Z 63 PC: 12c3c | Read file or device (Read 807 bytes on handle 5)
2018-12-25T11:47:51.1788446Z 66 PC: 12c63 | Move file pointer
2018-12-25T11:47:51.180396313Z 64 PC: 12c76 | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:47:51.190016841Z 64 PC: 12c85 | Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:47:51.192884022Z 66 PC: 12c8e | Move file pointer
2018-12-25T11:47:51.194434899Z 64 PC: 12c99 | Write file or device (Write 807 bytes on handle 5)
2018-12-25T11:47:51.202298005Z 87 PC: 12ca7 | Get or set file date and time
2018-12-25T11:47:51.203837447Z 62 PC: 12caf | Close file
2018-12-25T11:47:51.209214736Z 37 PC: 12cb9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:51.210765411Z 59 PC: 12cd2 | Change current directory
2018-12-25T11:47:51.214412203Z 42 PC: 12d42 | Get date 0x12d42: cmp cx, 0x7c9
0x12d46: jl 0x12d59
0x12d48: cmp al, 1
0x12d4a: jne 0x12d59
0x12d4c: push ds
0x12d4d: push bp
0x12d4e: push es
0x12d4f: push di
0x12d50: push si
0x12d51: call 0x22d02
0x12d54: pop si
0x12d55: pop di
0x12d56: pop es
0x12d57: pop bp
0x12d58: pop ds
0x12d59: mov bx, word ptr [0x108]
0x12d5d: add bx, 0x100
0x12d61: add bx, word ptr [0x110]
0x12d65: jmp bx
0x12d67: int 0x20