Sample viewer

vx.netlux.org/Virus.DOS.Bryansk.673

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:16:48.77947331Z	53	PC: 12a4e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:48.780855555Z	37	PC: 12a61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:48.78225249Z	48	PC: 12a65 \| Get DOS version
2018-12-17T22:16:48.783367695Z	26	PC: 12a73 \| Set disk transfer address
2018-12-17T22:16:48.784947922Z	71	PC: 12a80 \| Get current directory
2018-12-17T22:16:48.792586541Z	42	PC: 12a93 \| Get date 0x12a93: cmp al, 5 0x12a95: jne 0x12ad2 0x12a97: mov ah, 0x2c 0x12a99: int 0x21 0x12a9b: cmp ch, 0xf 0x12a9e: jge 0x12ad2 0x12aa0: mov si, di 0x12aa2: add si, 0x1e 0x12aa5: mov word ptr [si], 0x2e2a 0x12aa9: mov word ptr [si + 2], 0x2a 0x12aae: mov dx, si 0x12ab0: mov cx, 0x20 0x12ab3: mov ah, 0x4e 0x12ab5: int 0x21 0x12ab7: cmp ax, 2 0x12aba: je 0x12acf 0x12abc: cmp ax, 0x12 0x12abf: je 0x12acf 0x12ac1: mov ax, 0x4301 0x12ac4: mov cx, 0x21
2018-12-17T22:16:48.794592103Z	78	PC: 12aee \| Find first file
2018-12-17T22:16:48.800350106Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.816712649Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.819171Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.828557758Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.83172484Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.841434204Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.844216965Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.854937258Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.857811893Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.867678206Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.870763992Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.880459344Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.883371109Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.894542561Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.897442317Z	67	PC: 12c21 \| Get or set file attributes
2018-12-17T22:16:48.907031562Z	79	PC: 12c27 \| Find next file
2018-12-17T22:16:48.910203513Z	59	PC: 12c95 \| Change current directory
2018-12-17T22:16:48.91406188Z	37	PC: 12c9c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:16:48.915226912Z	26	PC: 12ca5 \| Set disk transfer address

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2979,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:56.065357764Z	53	PC: 12a4e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:56.067309379Z	37	PC: 12a61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:56.06891595Z	48	PC: 12a65 \| Get DOS version
2018-12-25T11:47:56.069988038Z	26	PC: 12a73 \| Set disk transfer address
2018-12-25T11:47:56.071555183Z	71	PC: 12a80 \| Get current directory
2018-12-25T11:47:56.074655495Z	42	PC: 12a93 \| Get date 0x12a93: cmp al, 5 0x12a95: jne 0x12ad2 0x12a97: mov ah, 0x2c 0x12a99: int 0x21 0x12a9b: cmp ch, 0xf 0x12a9e: jge 0x12ad2 0x12aa0: mov si, di 0x12aa2: add si, 0x1e 0x12aa5: mov word ptr [si], 0x2e2a 0x12aa9: mov word ptr [si + 2], 0x2a 0x12aae: mov dx, si 0x12ab0: mov cx, 0x20 0x12ab3: mov ah, 0x4e 0x12ab5: int 0x21 0x12ab7: cmp ax, 2 0x12aba: je 0x12acf 0x12abc: cmp ax, 0x12 0x12abf: je 0x12acf 0x12ac1: mov ax, 0x4301 0x12ac4: mov cx, 0x21
2018-12-25T11:47:56.077031303Z	44	PC: 12a9b \| Get time 0x12a9b: cmp ch, 0xf 0x12a9e: jge 0x12ad2 0x12aa0: mov si, di 0x12aa2: add si, 0x1e 0x12aa5: mov word ptr [si], 0x2e2a 0x12aa9: mov word ptr [si + 2], 0x2a 0x12aae: mov dx, si 0x12ab0: mov cx, 0x20 0x12ab3: mov ah, 0x4e 0x12ab5: int 0x21 0x12ab7: cmp ax, 2 0x12aba: je 0x12acf 0x12abc: cmp ax, 0x12 0x12abf: je 0x12acf 0x12ac1: mov ax, 0x4301 0x12ac4: mov cx, 0x21 0x12ac7: int 0x21 0x12ac9: mov ah, 0x4f 0x12acb: int 0x21 0x12acd: jmp 0x12abc
2018-12-25T11:47:56.079762607Z	78	PC: 12ab7 \| Find first file
2018-12-25T11:47:56.085442578Z	67	PC: 12ac9 \| Get or set file attributes
2018-12-25T11:47:56.102154066Z	79	PC: 12acd \| Find next file
2018-12-25T11:47:56.104975997Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.114687782Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.117164226Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.129328597Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.132079711Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.141456473Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.144236652Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.154883797Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.157499285Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.167005329Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.17612389Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.186072925Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.18924853Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.203911341Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.206795051Z	67	PC: 12ac9 \| Get or set file attributes (See above)
2018-12-25T11:47:56.216668788Z	79	PC: 12acd \| Find next file (See above)
2018-12-25T11:47:56.221207452Z	59	PC: 12c95 \| Change current directory
2018-12-25T11:47:56.225319659Z	37	PC: 12c9c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:56.226433005Z	26	PC: 12ca5 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2979,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:56.262939738Z	53	PC: 12a4e \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:56.270531764Z	37	PC: 12a61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:56.271955661Z	48	PC: 12a65 \| Get DOS version
2018-12-25T11:47:56.273610179Z	26	PC: 12a73 \| Set disk transfer address
2018-12-25T11:47:56.275105242Z	71	PC: 12a80 \| Get current directory
2018-12-25T11:47:56.278102047Z	42	PC: 12a93 \| Get date 0x12a93: cmp al, 5 0x12a95: jne 0x12ad2 0x12a97: mov ah, 0x2c 0x12a99: int 0x21 0x12a9b: cmp ch, 0xf 0x12a9e: jge 0x12ad2 0x12aa0: mov si, di 0x12aa2: add si, 0x1e 0x12aa5: mov word ptr [si], 0x2e2a 0x12aa9: mov word ptr [si + 2], 0x2a 0x12aae: mov dx, si 0x12ab0: mov cx, 0x20 0x12ab3: mov ah, 0x4e 0x12ab5: int 0x21 0x12ab7: cmp ax, 2 0x12aba: je 0x12acf 0x12abc: cmp ax, 0x12 0x12abf: je 0x12acf 0x12ac1: mov ax, 0x4301 0x12ac4: mov cx, 0x21
2018-12-25T11:47:56.280187492Z	78	PC: 12aee \| Find first file
2018-12-25T11:47:56.286559202Z	67	PC: 12c21 \| Get or set file attributes
2018-12-25T11:47:56.304154604Z	79	PC: 12c27 \| Find next file
2018-12-25T11:47:56.30691473Z	67	PC: 12c21 \| Get or set file attributes (See above)
2018-12-25T11:47:56.319895436Z	79	PC: 12c27 \| Find next file (See above)
2018-12-25T11:47:56.330860801Z	67	PC: 12c21 \| Get or set file attributes (See above)
2018-12-25T11:47:56.340931255Z	79	PC: 12c27 \| Find next file (See above)
2018-12-25T11:47:56.34387267Z	67	PC: 12c21 \| Get or set file attributes (See above)
2018-12-25T11:47:56.365046294Z	79	PC: 12c27 \| Find next file (See above)
2018-12-25T11:47:56.368345383Z	67	PC: 12c21 \| Get or set file attributes (See above)
2018-12-25T11:47:56.37935539Z	79	PC: 12c27 \| Find next file (See above)
2018-12-25T11:47:56.382579734Z	67	PC: 12c21 \| Get or set file attributes (See above)
2018-12-25T11:47:56.39276327Z	79	PC: 12c27 \| Find next file (See above)
2018-12-25T11:47:56.395267269Z	67	PC: 12c21 \| Get or set file attributes (See above)
2018-12-25T11:47:56.405211957Z	79	PC: 12c27 \| Find next file (See above)
2018-12-25T11:47:56.407884489Z	67	PC: 12c21 \| Get or set file attributes (See above)
2018-12-25T11:47:56.417415536Z	79	PC: 12c27 \| Find next file (See above)
2018-12-25T11:47:56.419941568Z	59	PC: 12c95 \| Change current directory
2018-12-25T11:47:56.423925852Z	37	PC: 12c9c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:56.424945234Z	26	PC: 12ca5 \| Set disk transfer address