Sample viewer

vx.netlux.org/Virus.DOS.DIW.393

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:02.277033564Z 47 PC: 12aeb | Get disk transfer address
2018-12-17T21:53:02.278878018Z 26 PC: 12af9 | Set disk transfer address
2018-12-17T21:53:02.279853676Z 78 PC: 12b83 | Find first file
2018-12-17T21:53:02.286283448Z 47 PC: 12b89 | Get disk transfer address
2018-12-17T21:53:02.288098977Z 61 PC: 12b24 | Open file (Filename = 'SLEEP.COM')
2018-12-17T21:53:02.294418436Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.300718408Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:53:02.302537202Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:02.305640071Z 66 PC: 12b66 | Move file pointer
2018-12-17T21:53:02.30736474Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-17T21:53:02.321599731Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.329959281Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.332742814Z 61 PC: 12b24 | Open file (Filename = 'PRINT.COM')
2018-12-17T21:53:02.339366998Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.347878268Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:53:02.349119145Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:02.351585614Z 66 PC: 12b66 | Move file pointer
2018-12-17T21:53:02.353624742Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-17T21:53:02.356100655Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.363558546Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.366620801Z 61 PC: 12b24 | Open file (Filename = 'HELLO.COM')
2018-12-17T21:53:02.372963841Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.379105912Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:53:02.381705464Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:02.384332278Z 66 PC: 12b66 | Move file pointer
2018-12-17T21:53:02.386074663Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-17T21:53:02.389842697Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.39979692Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.402760233Z 61 PC: 12b24 | Open file (Filename = 'PHANG.COM')
2018-12-17T21:53:02.410328635Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.421571816Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:53:02.424356296Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:02.428618006Z 66 PC: 12b66 | Move file pointer
2018-12-17T21:53:02.430002394Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-17T21:53:02.432584773Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.441326802Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.444055972Z 61 PC: 12b24 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:53:02.451145459Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.457831227Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:53:02.460788256Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:02.463659476Z 66 PC: 12b66 | Move file pointer
2018-12-17T21:53:02.46528669Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-17T21:53:02.469081659Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.47673583Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.479303282Z 61 PC: 12b24 | Open file (Filename = 'MANDEL.COM')
2018-12-17T21:53:02.487225573Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.49368979Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:53:02.49500526Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:02.49875639Z 66 PC: 12b66 | Move file pointer
2018-12-17T21:53:02.500581915Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-17T21:53:02.508728186Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.517155776Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.520113468Z 61 PC: 12b24 | Open file (Filename = 'PAH.COM')
2018-12-17T21:53:02.526686916Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.533657014Z 66 PC: 12b51 | Move file pointer
2018-12-17T21:53:02.535461983Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T21:53:02.538388937Z 66 PC: 12b66 | Move file pointer
2018-12-17T21:53:02.540744366Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-17T21:53:02.543911729Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.55164938Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.555266439Z 61 PC: 12b24 | Open file (Filename = 'TEST.COM')
2018-12-17T21:53:02.561848591Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T21:53:02.564825345Z 62 PC: 12b79 | Close file
2018-12-17T21:53:02.567062125Z 79 PC: 12b9f | Find next file
2018-12-17T21:53:02.569702578Z 44 PC: 12ba8 | Get time 0x12ba8: cmp ch, 0xc
0x12bab: jge 0x12bcb
0x12bad: mov ah, 9
0x12baf: mov dx, di
0x12bb1: add dx, 0x15
0x12bb4: int 0x21
0x12bb6: mov ah, 9
0x12bb8: mov dx, di
0x12bba: add dx, 0x2f
0x12bbd: int 0x21
0x12bbf: xor ax, ax
0x12bc1: int 0x16
0x12bc3: mov ah, 0x10
0x12bc5: mov al, 1
0x12bc7: mov bh, 5
0x12bc9: int 0x10
0x12bcb: ret
0x12bcc: and byte ptr [bx + si], ah
0x12bce: and byte ptr [bx + si], ah
2018-12-17T21:53:02.57180919Z 9 PC: 12bb6 | Display string (String= ' *** MORNING STAR *** ')
2018-12-17T21:53:02.577282154Z 9 PC: 12bbf | Display string (String= ' Press any key to continue ... ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":314,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:27.866363431Z 47 PC: 12aeb | Get disk transfer address
2018-12-25T11:40:27.867868349Z 26 PC: 12af9 | Set disk transfer address
2018-12-25T11:40:27.868665264Z 78 PC: 12b83 | Find first file
2018-12-25T11:40:27.872169537Z 47 PC: 12b89 | Get disk transfer address
2018-12-25T11:40:27.873112867Z 61 PC: 12b24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:27.879559497Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:40:27.883486693Z 66 PC: 12b51 | Move file pointer
2018-12-25T11:40:27.884389505Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:40:27.886785317Z 66 PC: 12b66 | Move file pointer
2018-12-25T11:40:27.888217803Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-25T11:40:27.899158796Z 62 PC: 12b79 | Close file
2018-12-25T11:40:27.907546961Z 79 PC: 12b9f | Find next file
2018-12-25T11:40:27.909976302Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:27.916111333Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:27.922722523Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:27.923954594Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:27.926357724Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:27.928098912Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:27.930521787Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:27.938346391Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:27.941023192Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:27.94817002Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:27.954308237Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:27.955667892Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:27.958922993Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:27.960307313Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:27.963168357Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:27.97120886Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:27.973673277Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:27.97998452Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:27.988349241Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:27.989999808Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:27.992529962Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.00121677Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.003902659Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.011822328Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.01493224Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.021310994Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.027443178Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.029173161Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.031671527Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.0329398Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.036146834Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.0438359Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.046405998Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.053479186Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.059573843Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.060808647Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.063927316Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.065257916Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.073127619Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.081626638Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.08493232Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.091261805Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.097445555Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.098963417Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.101558435Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.103142452Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.106385158Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.114217882Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.11710341Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.124641023Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.12741091Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.12915344Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.131952483Z 44 PC: 12ba8 | Get time 0x12ba8: cmp ch, 0xc
0x12bab: jge 0x12bcb
0x12bad: mov ah, 9
0x12baf: mov dx, di
0x12bb1: add dx, 0x15
0x12bb4: int 0x21
0x12bb6: mov ah, 9
0x12bb8: mov dx, di
0x12bba: add dx, 0x2f
0x12bbd: int 0x21
0x12bbf: xor ax, ax
0x12bc1: int 0x16
0x12bc3: mov ah, 0x10
0x12bc5: mov al, 1
0x12bc7: mov bh, 5
0x12bc9: int 0x10
0x12bcb: ret
0x12bcc: and byte ptr [bx + si], ah
0x12bce: and byte ptr [bx + si], ah
2018-12-25T11:40:28.134061406Z 26 PC: 12b0b | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":314,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:28.001071475Z 47 PC: 12aeb | Get disk transfer address
2018-12-25T11:40:28.002778046Z 26 PC: 12af9 | Set disk transfer address
2018-12-25T11:40:28.003965259Z 78 PC: 12b83 | Find first file
2018-12-25T11:40:28.009569897Z 47 PC: 12b89 | Get disk transfer address
2018-12-25T11:40:28.010535013Z 61 PC: 12b24 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:28.017257989Z 63 PC: 12b32 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:40:28.023220011Z 66 PC: 12b51 | Move file pointer
2018-12-25T11:40:28.024378918Z 64 PC: 12b5a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:40:28.027146281Z 66 PC: 12b66 | Move file pointer
2018-12-25T11:40:28.028362892Z 64 PC: 12b72 | Write file or device (Write 393 bytes on handle 5)
2018-12-25T11:40:28.04192599Z 62 PC: 12b79 | Close file
2018-12-25T11:40:28.050297383Z 79 PC: 12b9f | Find next file
2018-12-25T11:40:28.052759153Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.059001706Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.066267729Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.068617722Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.071316892Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.077239204Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.079875419Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.087846839Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.091233973Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.097446913Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.103969638Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.105578751Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.108051595Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.109326705Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.11439733Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.1218805Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.124376287Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.131112302Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.137259903Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.139124897Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.14232934Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.143564692Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.145934033Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.153914239Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.156469044Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.162699883Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.168841309Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.170343154Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.172839515Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.17428689Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.177312571Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.184803387Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.187340384Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.192042717Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.198452757Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.199821544Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.202910823Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.204846932Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.212801867Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.221042779Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.222820799Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.226817436Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.23112554Z 66 PC: 12b51 | Move file pointer (See above)
2018-12-25T11:40:28.232011599Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T11:40:28.233634698Z 66 PC: 12b66 | Move file pointer (See above)
2018-12-25T11:40:28.235058313Z 64 PC: 12b72 | Write file or device (See above)
2018-12-25T11:40:28.236705219Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.24145826Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.243575192Z 61 PC: 12b24 | Open file (See above)
2018-12-25T11:40:28.247796868Z 63 PC: 12b32 | Read file or device (See above)
2018-12-25T11:40:28.249433052Z 62 PC: 12b79 | Close file (See above)
2018-12-25T11:40:28.251686335Z 79 PC: 12b9f | Find next file (See above)
2018-12-25T11:40:28.254190213Z 44 PC: 12ba8 | Get time 0x12ba8: cmp ch, 0xc
0x12bab: jge 0x12bcb
0x12bad: mov ah, 9
0x12baf: mov dx, di
0x12bb1: add dx, 0x15
0x12bb4: int 0x21
0x12bb6: mov ah, 9
0x12bb8: mov dx, di
0x12bba: add dx, 0x2f
0x12bbd: int 0x21
0x12bbf: xor ax, ax
0x12bc1: int 0x16
0x12bc3: mov ah, 0x10
0x12bc5: mov al, 1
0x12bc7: mov bh, 5
0x12bc9: int 0x10
0x12bcb: ret
0x12bcc: and byte ptr [bx + si], ah
0x12bce: and byte ptr [bx + si], ah
2018-12-25T11:40:28.256189605Z 9 PC: 12bb6 | Display string (String= ' *** MORNING STAR *** ')
2018-12-25T11:40:28.261672725Z 9 PC: 12bbf | Display string (String= ' Press any key to continue ... ')