Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Elben.161.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:50.809067738Z	78	PC: 12a77 \| Find first file
2018-12-17T22:20:50.816631175Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:50.820454004Z	61	PC: 12a5a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:20:50.828046747Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:50.834860262Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:50.848389041Z	79	PC: 12a86 \| Find next file
2018-12-17T22:20:50.850385198Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:50.852213595Z	61	PC: 12a5a \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:20:50.857424303Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:50.862292037Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:50.867940889Z	79	PC: 12a86 \| Find next file
2018-12-17T22:20:50.870398586Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:50.872344665Z	61	PC: 12a5a \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:20:50.876783972Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:50.882297194Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:50.888299963Z	79	PC: 12a86 \| Find next file
2018-12-17T22:20:50.89055894Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:50.892443201Z	61	PC: 12a5a \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:20:50.897569116Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:50.902315653Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:50.907786635Z	79	PC: 12a86 \| Find next file
2018-12-17T22:20:50.911077022Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:50.913461456Z	61	PC: 12a5a \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:20:50.926623071Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:50.934545808Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:50.943036289Z	79	PC: 12a86 \| Find next file
2018-12-17T22:20:50.945966604Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:50.949225821Z	61	PC: 12a5a \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:20:50.956646352Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:50.964659119Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:50.974458366Z	79	PC: 12a86 \| Find next file
2018-12-17T22:20:50.977452291Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:50.980037009Z	61	PC: 12a5a \| Open file (Filename = 'PAH.COM')
2018-12-17T22:20:50.987587281Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:50.996688645Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:51.006230742Z	79	PC: 12a86 \| Find next file
2018-12-17T22:20:51.009597744Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-17T22:20:51.013202385Z	61	PC: 12a5a \| Open file (Filename = 'TEST.COM')
2018-12-17T22:20:51.021230629Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-17T22:20:51.029122803Z	62	PC: 12a6a \| Close file
2018-12-17T22:20:51.039336737Z	79	PC: 12a86 \| Find next file

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":3625,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:51.685491876Z	78	PC: 12a77 \| Find first file
2018-12-25T13:06:51.699036562Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-25T13:06:51.705331107Z	61	PC: 12a5a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:51.71325158Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-25T13:06:51.721274014Z	62	PC: 12a6a \| Close file
2018-12-25T13:06:51.748687458Z	79	PC: 12a86 \| Find next file
2018-12-25T13:06:51.752721949Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T13:06:51.755687144Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T13:06:51.768295207Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T13:06:51.7760682Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T13:06:51.785428797Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T13:06:51.792039195Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T13:06:51.799275078Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T13:06:51.817193245Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T13:06:51.825919761Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T13:06:51.840084184Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T13:06:51.843583916Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T13:06:51.848327648Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T13:06:51.855924842Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T13:06:51.863334891Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T13:06:51.873704664Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T13:06:51.877804614Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T13:06:51.880847108Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T13:06:51.888523631Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T13:06:51.896722599Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T13:06:51.905570582Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T13:06:51.909359638Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T13:06:51.913266475Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T13:06:51.921642252Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T13:06:51.929431354Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T13:06:51.93971218Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T13:06:51.942693837Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T13:06:51.945360805Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T13:06:51.953176152Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T13:06:51.96098098Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T13:06:51.970277642Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T13:06:51.973926705Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T13:06:51.977027805Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T13:06:51.984720292Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T13:06:51.98825656Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T13:06:51.99773658Z	79	PC: 12a86 \| Find next file (See above)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":3625,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:45.643579655Z	78	PC: 12a77 \| Find first file
2018-12-25T11:49:45.65019808Z	44	PC: 12ad7 \| Get time 0x12ad7: cmp dh, 0 0x12ada: je 0x12ad3 0x12adc: mov byte ptr [0x154], dh 0x12ae0: ret 0x12ae1: or dl, dl 0x12ae3: je 0x12aec 0x12ae5: mov ah, 2 0x12ae7: int 0x21 0x12ae9: inc bx 0x12aea: jmp 0x12adf 0x12aec: pop cx 0x12aed: pop bx 0x12aee: ret 0x12aef: push ax 0x12af0: mov ax, 0x1213 0x12af3: int 0x2f 0x12af5: inc sp 0x12af6: inc sp 0x12af7: ret 0x12af8: pop ds
2018-12-25T11:49:45.652467045Z	61	PC: 12a5a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:45.659142837Z	64	PC: 12a66 \| Write file or device (Write 161 bytes on handle 5)
2018-12-25T11:49:45.666172048Z	62	PC: 12a6a \| Close file
2018-12-25T11:49:45.709685063Z	79	PC: 12a86 \| Find next file
2018-12-25T11:49:45.712518244Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T11:49:45.714748854Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T11:49:45.724716038Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T11:49:45.732783694Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T11:49:45.741616407Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T11:49:45.744937858Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T11:49:45.74734079Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T11:49:45.754501594Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T11:49:45.762761948Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T11:49:45.772060874Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T11:49:45.775409826Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T11:49:45.788270186Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T11:49:45.795634275Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T11:49:45.803653912Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T11:49:45.812867618Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T11:49:45.815735099Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T11:49:45.818180894Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T11:49:45.825510369Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T11:49:45.835593673Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T11:49:45.843409629Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T11:49:45.845236045Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T11:49:45.847076648Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T11:49:45.851386276Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T11:49:45.856283063Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T11:49:45.863036208Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T11:49:45.865234193Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T11:49:45.867419834Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T11:49:45.872901701Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T11:49:45.880665602Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T11:49:45.889550419Z	79	PC: 12a86 \| Find next file (See above)
2018-12-25T11:49:45.89791411Z	44	PC: 12ad7 \| Get time (See above)
2018-12-25T11:49:45.899687087Z	61	PC: 12a5a \| Open file (See above)
2018-12-25T11:49:45.906204417Z	64	PC: 12a66 \| Write file or device (See above)
2018-12-25T11:49:45.91066533Z	62	PC: 12a6a \| Close file (See above)
2018-12-25T11:49:45.919403258Z	79	PC: 12a86 \| Find next file (See above)