Sample viewer

vx.netlux.org/Virus.DOS.Dolphin.547

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:57.412552284Z 26 PC: 12aaa | Set disk transfer address
2018-12-17T22:19:57.414121151Z 78 PC: 12ab5 | Find first file
2018-12-17T22:19:57.422794376Z 44 PC: 12abb | Get time 0x12abb: cmp cl, 0
0x12abe: jne 0x12acd
0x12ac0: mov bx, 1
0x12ac3: mov cx, 0x22
0x12ac6: lea dx, word ptr [bp + 0x2f9]
0x12aca: call 0x12c34
0x12acd: pop word ptr [bp + 0x326]
0x12ad1: pop word ptr [bp + 0x324]
0x12ad5: pop word ptr [bp + 0x322]
0x12ad9: pop word ptr [bp + 0x320]
0x12add: mov ah, 0x1a
0x12adf: mov dx, 0x80
0x12ae2: int 0x21
0x12ae4: pop ds
0x12ae5: pop es
0x12ae6: mov ax, es
0x12ae8: add ax, 0x10
0x12aeb: add word ptr [bp + 0x1d4], ax
0x12aef: mov bx, word ptr [bp + 0x324]
0x12af3: mov word ptr [bp + 0x1d2], bx
2018-12-17T22:19:57.425157835Z 26 PC: 12ae4 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:13.821390611Z 26 PC: 12aaa | Set disk transfer address
2018-12-25T11:49:13.823697946Z 78 PC: 12ab5 | Find first file
2018-12-25T11:49:13.830267052Z 44 PC: 12abb | Get time 0x12abb: cmp cl, 0
0x12abe: jne 0x12acd
0x12ac0: mov bx, 1
0x12ac3: mov cx, 0x22
0x12ac6: lea dx, word ptr [bp + 0x2f9]
0x12aca: call 0x12c34
0x12acd: pop word ptr [bp + 0x326]
0x12ad1: pop word ptr [bp + 0x324]
0x12ad5: pop word ptr [bp + 0x322]
0x12ad9: pop word ptr [bp + 0x320]
0x12add: mov ah, 0x1a
0x12adf: mov dx, 0x80
0x12ae2: int 0x21
0x12ae4: pop ds
0x12ae5: pop es
0x12ae6: mov ax, es
0x12ae8: add ax, 0x10
0x12aeb: add word ptr [bp + 0x1d4], ax
0x12aef: mov bx, word ptr [bp + 0x324]
0x12af3: mov word ptr [bp + 0x1d2], bx
2018-12-25T11:49:13.83263401Z 64 PC: 12c38 | Write file or device (Write 34 bytes on handle 1)
2018-12-25T11:49:13.836474119Z 26 PC: 12ae4 | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":3449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:14.006970927Z 26 PC: 12aaa | Set disk transfer address
2018-12-25T11:49:14.008543453Z 78 PC: 12ab5 | Find first file
2018-12-25T11:49:14.014645711Z 44 PC: 12abb | Get time 0x12abb: cmp cl, 0
0x12abe: jne 0x12acd
0x12ac0: mov bx, 1
0x12ac3: mov cx, 0x22
0x12ac6: lea dx, word ptr [bp + 0x2f9]
0x12aca: call 0x12c34
0x12acd: pop word ptr [bp + 0x326]
0x12ad1: pop word ptr [bp + 0x324]
0x12ad5: pop word ptr [bp + 0x322]
0x12ad9: pop word ptr [bp + 0x320]
0x12add: mov ah, 0x1a
0x12adf: mov dx, 0x80
0x12ae2: int 0x21
0x12ae4: pop ds
0x12ae5: pop es
0x12ae6: mov ax, es
0x12ae8: add ax, 0x10
0x12aeb: add word ptr [bp + 0x1d4], ax
0x12aef: mov bx, word ptr [bp + 0x324]
0x12af3: mov word ptr [bp + 0x1d2], bx
2018-12-25T11:49:14.017081152Z 26 PC: 12ae4 | Set disk transfer address