Sample viewer

vx.netlux.org/Virus.DOS.BetaBoys.459

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:45.265536174Z	26	PC: 12abb \| Set disk transfer address
2018-12-17T22:22:45.266975973Z	78	PC: 12ac6 \| Find first file
2018-12-17T22:22:45.272547465Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-17T22:22:45.278543438Z	66	PC: 12afa \| Move file pointer
2018-12-17T22:22:45.280630778Z	66	PC: 12b09 \| Move file pointer
2018-12-17T22:22:45.281825892Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:22:45.28455341Z	66	PC: 12b2e \| Move file pointer
2018-12-17T22:22:45.286621582Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:45.289022029Z	66	PC: 12b48 \| Move file pointer
2018-12-17T22:22:45.290179089Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:45.293767364Z	66	PC: 12b6a \| Move file pointer
2018-12-17T22:22:45.295228681Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-17T22:22:45.650221056Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:45.653232058Z	62	PC: 12b8c \| Close file
2018-12-17T22:22:45.660832525Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-17T22:22:45.666770615Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21

{"DateBased":true,"Day":25,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3983,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:34.968505167Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T11:50:34.969947949Z	78	PC: 12ac6 \| Find first file
2018-12-25T11:50:34.975991461Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T11:50:34.982394493Z	66	PC: 12afa \| Move file pointer
2018-12-25T11:50:34.984539066Z	66	PC: 12b09 \| Move file pointer
2018-12-25T11:50:34.985930877Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:50:34.988635586Z	66	PC: 12b2e \| Move file pointer
2018-12-25T11:50:34.990040842Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:34.993232175Z	66	PC: 12b48 \| Move file pointer
2018-12-25T11:50:34.994555931Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:34.997039052Z	66	PC: 12b6a \| Move file pointer
2018-12-25T11:50:34.998774026Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T11:50:36.413823039Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:36.416669192Z	62	PC: 12b8c \| Close file
2018-12-25T11:50:36.669406254Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T11:50:36.675233841Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21
2018-12-25T11:50:36.736218085Z	2	PC: 12b85 \| Character output (See above)
2018-12-25T11:50:36.739828009Z	62	PC: 12b8c \| Close file (See above)
2018-12-25T11:50:36.741416986Z	65	PC: 12b94 \| Delete file (See above)
2018-12-25T11:50:36.747580321Z	42	PC: 12b98 \| Get date (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3983,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:35.264582659Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T11:50:35.266191432Z	78	PC: 12ac6 \| Find first file
2018-12-25T11:50:35.272217354Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T11:50:35.278704554Z	66	PC: 12afa \| Move file pointer
2018-12-25T11:50:35.294567151Z	66	PC: 12b09 \| Move file pointer
2018-12-25T11:50:35.295845623Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:50:35.298596323Z	66	PC: 12b2e \| Move file pointer
2018-12-25T11:50:35.300677672Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:35.303228382Z	66	PC: 12b48 \| Move file pointer
2018-12-25T11:50:35.304571958Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:35.308535978Z	66	PC: 12b6a \| Move file pointer
2018-12-25T11:50:35.309911741Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T11:50:36.41404279Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:36.416932013Z	62	PC: 12b8c \| Close file
2018-12-25T11:50:36.669191378Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T11:50:36.675468097Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3983,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:35.595017888Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T11:50:35.596816348Z	78	PC: 12ac6 \| Find first file
2018-12-25T11:50:35.602688222Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T11:50:35.608612568Z	66	PC: 12afa \| Move file pointer
2018-12-25T11:50:35.610657414Z	66	PC: 12b09 \| Move file pointer
2018-12-25T11:50:35.612031659Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:50:35.615118799Z	66	PC: 12b2e \| Move file pointer
2018-12-25T11:50:35.622844729Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:35.625440092Z	66	PC: 12b48 \| Move file pointer
2018-12-25T11:50:35.626824868Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:35.638415791Z	66	PC: 12b6a \| Move file pointer
2018-12-25T11:50:35.639698631Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T11:50:36.9685567Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:36.974416105Z	62	PC: 12b8c \| Close file
2018-12-25T11:50:36.981652464Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T11:50:36.988589336Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21

{"DateBased":true,"Day":23,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3983,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:35.894957425Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T11:50:35.896697162Z	78	PC: 12ac6 \| Find first file
2018-12-25T11:50:35.902423864Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T11:50:35.908277696Z	66	PC: 12afa \| Move file pointer
2018-12-25T11:50:35.909835565Z	66	PC: 12b09 \| Move file pointer
2018-12-25T11:50:35.911043842Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:50:35.913679058Z	66	PC: 12b2e \| Move file pointer
2018-12-25T11:50:35.915337515Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:35.917683978Z	66	PC: 12b48 \| Move file pointer
2018-12-25T11:50:35.918915004Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:35.922615976Z	66	PC: 12b6a \| Move file pointer
2018-12-25T11:50:35.924885446Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T11:50:36.968608572Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:36.97259716Z	62	PC: 12b8c \| Close file
2018-12-25T11:50:36.979718642Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T11:50:36.986757158Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21
2018-12-25T11:50:36.99008539Z	60	PC: 12bba \| Create or truncate file

{"DateBased":true,"Day":24,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3983,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:36.323038095Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T11:50:36.324659901Z	78	PC: 12ac6 \| Find first file
2018-12-25T11:50:36.332189839Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T11:50:36.339235492Z	66	PC: 12afa \| Move file pointer
2018-12-25T11:50:36.341059637Z	66	PC: 12b09 \| Move file pointer
2018-12-25T11:50:36.343588802Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:50:36.346946207Z	66	PC: 12b2e \| Move file pointer
2018-12-25T11:50:36.348761849Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:36.359899393Z	66	PC: 12b48 \| Move file pointer
2018-12-25T11:50:36.361496677Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:36.364487435Z	66	PC: 12b6a \| Move file pointer
2018-12-25T11:50:36.366694429Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T11:50:36.701325867Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:36.70489222Z	62	PC: 12b8c \| Close file
2018-12-25T11:50:36.714486478Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T11:50:36.722573357Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21
2018-12-25T11:50:36.725222023Z	60	PC: 12bc8 \| Create or truncate file