Sample viewer

vx.netlux.org/Virus.DOS.Dolphin.574

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:21.666501971Z 26 PC: 12aab | Set disk transfer address
2018-12-17T22:19:21.669062747Z 78 PC: 12ab6 | Find first file
2018-12-17T22:19:21.676440358Z 44 PC: 12abc | Get time 0x12abc: cmp cl, 0
0x12abf: jne 0x12acf
0x12ac1: mov ah, 0x40
0x12ac3: mov bx, 1
0x12ac6: mov cx, 0x22
0x12ac9: lea dx, word ptr [bp + 0x314]
0x12acd: int 0x21
0x12acf: pop word ptr [bp + 0x341]
0x12ad3: pop word ptr [bp + 0x33f]
0x12ad7: pop word ptr [bp + 0x33d]
0x12adb: pop word ptr [bp + 0x33b]
0x12adf: mov ah, 0x1a
0x12ae1: mov dx, 0x80
0x12ae4: int 0x21
0x12ae6: pop ds
0x12ae7: pop es
0x12ae8: mov ax, es
0x12aea: add ax, 0x10
0x12aed: add word ptr [bp + 0x1d6], ax
0x12af1: mov bx, word ptr [bp + 0x33f]
2018-12-17T22:19:21.678905235Z 26 PC: 12ae6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3330,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:51.178148922Z 26 PC: 12aab | Set disk transfer address
2018-12-25T11:48:51.179904609Z 78 PC: 12ab6 | Find first file
2018-12-25T11:48:51.186026649Z 44 PC: 12abc | Get time 0x12abc: cmp cl, 0
0x12abf: jne 0x12acf
0x12ac1: mov ah, 0x40
0x12ac3: mov bx, 1
0x12ac6: mov cx, 0x22
0x12ac9: lea dx, word ptr [bp + 0x314]
0x12acd: int 0x21
0x12acf: pop word ptr [bp + 0x341]
0x12ad3: pop word ptr [bp + 0x33f]
0x12ad7: pop word ptr [bp + 0x33d]
0x12adb: pop word ptr [bp + 0x33b]
0x12adf: mov ah, 0x1a
0x12ae1: mov dx, 0x80
0x12ae4: int 0x21
0x12ae6: pop ds
0x12ae7: pop es
0x12ae8: mov ax, es
0x12aea: add ax, 0x10
0x12aed: add word ptr [bp + 0x1d6], ax
0x12af1: mov bx, word ptr [bp + 0x33f]
2018-12-25T11:48:51.188497746Z 64 PC: 12acf | Write file or device (Write 34 bytes on handle 1)
2018-12-25T11:48:51.192427871Z 26 PC: 12ae6 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":3330,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:51.509514404Z 26 PC: 12aab | Set disk transfer address
2018-12-25T11:48:51.511954732Z 78 PC: 12ab6 | Find first file
2018-12-25T11:48:51.524219749Z 44 PC: 12abc | Get time 0x12abc: cmp cl, 0
0x12abf: jne 0x12acf
0x12ac1: mov ah, 0x40
0x12ac3: mov bx, 1
0x12ac6: mov cx, 0x22
0x12ac9: lea dx, word ptr [bp + 0x314]
0x12acd: int 0x21
0x12acf: pop word ptr [bp + 0x341]
0x12ad3: pop word ptr [bp + 0x33f]
0x12ad7: pop word ptr [bp + 0x33d]
0x12adb: pop word ptr [bp + 0x33b]
0x12adf: mov ah, 0x1a
0x12ae1: mov dx, 0x80
0x12ae4: int 0x21
0x12ae6: pop ds
0x12ae7: pop es
0x12ae8: mov ax, es
0x12aea: add ax, 0x10
0x12aed: add word ptr [bp + 0x1d6], ax
0x12af1: mov bx, word ptr [bp + 0x33f]
2018-12-25T11:48:51.526560216Z 26 PC: 12ae6 | Set disk transfer address