Sample viewer

vx.netlux.org/Virus.DOS.Shire.149

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:22:20.103939073Z 26 PC: 12aae | Set disk transfer address
2018-12-17T22:22:20.105584868Z 78 PC: 12ac2 | Find first file
2018-12-17T22:22:20.113630411Z 79 PC: 12ac2 | Find next file
2018-12-17T22:22:20.116855866Z 79 PC: 12ac2 | Find next file
2018-12-17T22:22:20.119788964Z 61 PC: 12ad4 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:22:20.12919302Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:20.136199921Z 66 PC: 12b25 | Move file pointer
2018-12-17T22:22:20.138055264Z 64 PC: 12b25 | Write file or device (Write 149 bytes on handle 5)
2018-12-17T22:22:20.141962071Z 66 PC: 12b25 | Move file pointer
2018-12-17T22:22:20.144158745Z 64 PC: 12b25 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:20.14681033Z 62 PC: 12b25 | Close file
2018-12-17T22:22:20.15894042Z 42 PC: 12b0b | Get date 0x12b0b: cmp al, 4
0x12b0d: jne 0x12b17
0x12b0f: lea dx, word ptr [di + 0x8c]
0x12b13: mov ah, 9
0x12b15: int 0x21
0x12b17: mov ah, 0x1a
0x12b19: mov dx, 0x80
0x12b1c: jmp 0x12b22
0x12b1e: mov ah, 0x40
0x12b20: mov dx, di
0x12b22: push di
0x12b23: int 0x21
0x12b25: pop di
0x12b26: cdq
0x12b27: mov cx, dx
0x12b29: ret
0x12b2a: sub ch, byte ptr [0x4f43]
0x12b2e: dec bp
0x12b2f: add byte ptr [bp + si], ch
0x12b31: dec sp
2018-12-17T22:22:20.161222624Z 26 PC: 12b25 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3906,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:21.070125102Z 26 PC: 12aae | Set disk transfer address
2018-12-25T11:50:21.072085334Z 78 PC: 12ac2 | Find first file
2018-12-25T11:50:21.080110928Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:50:21.082983576Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:50:21.086032583Z 61 PC: 12ad4 | Open file (Filename = 'HELLO.COM')
2018-12-25T11:50:21.099606518Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:21.106976342Z 66 PC: 12b25 | Move file pointer (See above)
2018-12-25T11:50:21.108582913Z 64 PC: 12b25 | Write file or device (See above)
2018-12-25T11:50:21.111899499Z 66 PC: 12b25 | Move file pointer (See above)
2018-12-25T11:50:21.113817537Z 64 PC: 12b25 | Write file or device (See above)
2018-12-25T11:50:21.117701013Z 62 PC: 12b25 | Close file (See above)
2018-12-25T11:50:21.133927557Z 42 PC: 12b0b | Get date 0x12b0b: cmp al, 4
0x12b0d: jne 0x12b17
0x12b0f: lea dx, word ptr [di + 0x8c]
0x12b13: mov ah, 9
0x12b15: int 0x21
0x12b17: mov ah, 0x1a
0x12b19: mov dx, 0x80
0x12b1c: jmp 0x12b22
0x12b1e: mov ah, 0x40
0x12b20: mov dx, di
0x12b22: push di
0x12b23: int 0x21
0x12b25: pop di
0x12b26: cdq
0x12b27: mov cx, dx
0x12b29: ret
0x12b2a: sub ch, byte ptr [0x4f43]
0x12b2e: dec bp
0x12b2f: add byte ptr [bp + si], ch
0x12b31: dec sp
2018-12-25T11:50:21.136539018Z 26 PC: 12b25 | Set disk transfer address (See above)

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3906,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:21.324080581Z 26 PC: 12aae | Set disk transfer address
2018-12-25T11:50:21.329112918Z 78 PC: 12ac2 | Find first file
2018-12-25T11:50:21.335298673Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:50:21.337576628Z 79 PC: 12ac2 | Find next file (See above)
2018-12-25T11:50:21.340923533Z 61 PC: 12ad4 | Open file (Filename = 'HELLO.COM')
2018-12-25T11:50:21.347031823Z 63 PC: 12b25 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:21.353097415Z 66 PC: 12b25 | Move file pointer (See above)
2018-12-25T11:50:21.355166277Z 64 PC: 12b25 | Write file or device (See above)
2018-12-25T11:50:21.357766569Z 66 PC: 12b25 | Move file pointer (See above)
2018-12-25T11:50:21.359169708Z 64 PC: 12b25 | Write file or device (See above)
2018-12-25T11:50:21.362133366Z 62 PC: 12b25 | Close file (See above)
2018-12-25T11:50:22.404274494Z 42 PC: 12b0b | Get date 0x12b0b: cmp al, 4
0x12b0d: jne 0x12b17
0x12b0f: lea dx, word ptr [di + 0x8c]
0x12b13: mov ah, 9
0x12b15: int 0x21
0x12b17: mov ah, 0x1a
0x12b19: mov dx, 0x80
0x12b1c: jmp 0x12b22
0x12b1e: mov ah, 0x40
0x12b20: mov dx, di
0x12b22: push di
0x12b23: int 0x21
0x12b25: pop di
0x12b26: cdq
0x12b27: mov cx, dx
0x12b29: ret
0x12b2a: sub ch, byte ptr [0x4f43]
0x12b2e: dec bp
0x12b2f: add byte ptr [bp + si], ch
0x12b31: dec sp
2018-12-25T11:50:22.407424984Z 9 PC: 12b17 | Display string (String= '*LAVA* ')
2018-12-25T11:50:22.410351506Z 26 PC: 12b25 | Set disk transfer address (See above)