Sample viewer

vx.netlux.org/Virus.DOS.Yanush.491

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:06.634644488Z 26 PC: 12a6c | Set disk transfer address
2018-12-17T22:23:06.636362967Z 71 PC: 12a77 | Get current directory
2018-12-17T22:23:06.638449336Z 44 PC: 12a7b | Get time 0x12a7b: cmp dh, 0xd
0x12a7e: je 0x12a82
0x12a80: jmp 0x12a8e
0x12a82: mov ah, 9
0x12a84: lea dx, word ptr [bp + 0x290]
0x12a88: int 0x21
0x12a8a: mov ah, 0
0x12a8c: int 0x21
0x12a8e: lea dx, word ptr [bp + 0x271]
0x12a92: call 0x12aeb
0x12a95: call 0x12ac1
0x12a98: jae 0x12a8e
0x12a9a: mov si, bp
0x12a9c: add si, 0x105
0x12aa0: push sp
0x12aa1: pop sp
0x12aa2: mov di, 0x100
0x12aa5: movsw word ptr es:[di], word ptr [si]
0x12aa6: movsw word ptr es:[di], word ptr [si]
0x12aa7: nop
2018-12-17T22:23:06.640075068Z 78 PC: 12af2 | Find first file
2018-12-17T22:23:06.644494588Z 61 PC: 12ad3 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:23:06.649102439Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.653228127Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.655002509Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.656643359Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.667702433Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.66991188Z 61 PC: 12ad3 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:23:06.677589649Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.684719875Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.686482753Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.68940309Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.696393932Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.698880807Z 61 PC: 12ad3 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:23:06.704228506Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.710645545Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.711992151Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.714020312Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.725490399Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.728270736Z 61 PC: 12ad3 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:23:06.745412685Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.751741907Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.75320073Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.755734281Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.76374269Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.767041145Z 61 PC: 12ad3 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:23:06.774482823Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.781489384Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.782902647Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.784778022Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.792553079Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.795273736Z 61 PC: 12ad3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:23:06.802475633Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.809026109Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.810572605Z 64 PC: 12b05 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:23:06.813670942Z 64 PC: 12b1e | Write file or device (Write 486 bytes on handle 5)
2018-12-17T22:23:06.822617719Z 66 PC: 12b2a | Move file pointer
2018-12-17T22:23:06.824374676Z 64 PC: 12b49 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:23:06.831211951Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.833951043Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.841941212Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.847895402Z 61 PC: 12ad3 | Open file (Filename = 'PAH.COM')
2018-12-17T22:23:06.854890379Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.86126617Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.862599916Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.864474763Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.869848426Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.871923095Z 61 PC: 12ad3 | Open file (Filename = 'TEST.COM')
2018-12-17T22:23:06.877234344Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:23:06.881460687Z 66 PC: 12aea | Move file pointer
2018-12-17T22:23:06.882961386Z 87 PC: 12b5b | Get or set file date and time
2018-12-17T22:23:06.885214029Z 62 PC: 12b5f | Close file
2018-12-17T22:23:06.892342045Z 79 PC: 12af2 | Find next file
2018-12-17T22:23:06.894823719Z 59 PC: 12ac9 | Change current directory
2018-12-17T22:23:06.899462705Z 59 PC: 12ab9 | Change current directory
2018-12-17T22:23:06.903406637Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4048,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:51.578394093Z 26 PC: 12a6c | Set disk transfer address
2018-12-25T11:50:51.580063478Z 71 PC: 12a77 | Get current directory
2018-12-25T11:50:51.582658751Z 44 PC: 12a7b | Get time 0x12a7b: cmp dh, 0xd
0x12a7e: je 0x12a82
0x12a80: jmp 0x12a8e
0x12a82: mov ah, 9
0x12a84: lea dx, word ptr [bp + 0x290]
0x12a88: int 0x21
0x12a8a: mov ah, 0
0x12a8c: int 0x21
0x12a8e: lea dx, word ptr [bp + 0x271]
0x12a92: call 0x12aeb
0x12a95: call 0x12ac1
0x12a98: jae 0x12a8e
0x12a9a: mov si, bp
0x12a9c: add si, 0x105
0x12aa0: push sp
0x12aa1: pop sp
0x12aa2: mov di, 0x100
0x12aa5: movsw word ptr es:[di], word ptr [si]
0x12aa6: movsw word ptr es:[di], word ptr [si]
0x12aa7: nop
2018-12-25T11:50:51.584534896Z 78 PC: 12af2 | Find first file
2018-12-25T11:50:51.589007653Z 61 PC: 12ad3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:51.593014462Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:51.59671584Z 66 PC: 12aea | Move file pointer
2018-12-25T11:50:51.598116904Z 87 PC: 12b5b | Get or set file date and time
2018-12-25T11:50:51.599217468Z 62 PC: 12b5f | Close file
2018-12-25T11:50:51.674483045Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.677431905Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:51.689036681Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:51.695475938Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:51.697139349Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:51.699507991Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:51.708765239Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.711186456Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:51.717816348Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:51.723854966Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:51.725115976Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:51.728306797Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:51.73524147Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.738012852Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:51.745250968Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:51.751200066Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:51.752260847Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:51.753952276Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:51.759212908Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.761162993Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:51.768919153Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:51.773092956Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:51.774346966Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:51.77589858Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:51.780423494Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.782151901Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:51.789366934Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:51.795990412Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:51.79761997Z 64 PC: 12b05 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:50:51.801550842Z 64 PC: 12b1e | Write file or device (Write 486 bytes on handle 5)
2018-12-25T11:50:51.810115917Z 66 PC: 12b2a | Move file pointer
2018-12-25T11:50:51.811326011Z 64 PC: 12b49 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:50:51.817792591Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:51.819316932Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:51.827085374Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.837167558Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:51.84371985Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:51.850338845Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:51.852904905Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:51.854774665Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:51.861872661Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.864906607Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:51.872065396Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:51.878723337Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:51.880256205Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:51.882957942Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:51.890120571Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:51.892732031Z 59 PC: 12ac9 | Change current directory
2018-12-25T11:50:51.89748603Z 59 PC: 12ab9 | Change current directory
2018-12-25T11:50:51.906186548Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":13,"TimeBased":true,"OriginalID":4048,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:51.797099381Z 26 PC: 12a6c | Set disk transfer address
2018-12-25T11:50:51.798490379Z 71 PC: 12a77 | Get current directory
2018-12-25T11:50:51.801504473Z 44 PC: 12a7b | Get time 0x12a7b: cmp dh, 0xd
0x12a7e: je 0x12a82
0x12a80: jmp 0x12a8e
0x12a82: mov ah, 9
0x12a84: lea dx, word ptr [bp + 0x290]
0x12a88: int 0x21
0x12a8a: mov ah, 0
0x12a8c: int 0x21
0x12a8e: lea dx, word ptr [bp + 0x271]
0x12a92: call 0x12aeb
0x12a95: call 0x12ac1
0x12a98: jae 0x12a8e
0x12a9a: mov si, bp
0x12a9c: add si, 0x105
0x12aa0: push sp
0x12aa1: pop sp
0x12aa2: mov di, 0x100
0x12aa5: movsw word ptr es:[di], word ptr [si]
0x12aa6: movsw word ptr es:[di], word ptr [si]
0x12aa7: nop
2018-12-25T11:50:51.803611843Z 78 PC: 12af2 | Find first file
2018-12-25T11:50:51.810160223Z 61 PC: 12ad3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:51.817281545Z 63 PC: 12ae1 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:50:51.824010145Z 66 PC: 12aea | Move file pointer
2018-12-25T11:50:51.825300382Z 87 PC: 12b5b | Get or set file date and time
2018-12-25T11:50:51.82683803Z 62 PC: 12b5f | Close file
2018-12-25T11:50:55.271126641Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:55.274649536Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:55.288259406Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:55.295650094Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:55.297228948Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:55.299315638Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:55.307031195Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:55.310030906Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:55.318390827Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:55.325826916Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:55.327595458Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:55.331567805Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:55.340238709Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:55.343331187Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:55.351980257Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:55.359319433Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:55.361093101Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:55.362878231Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:55.427529732Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:55.430476019Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:55.437949069Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:55.445054045Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:55.447348176Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:55.449532791Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:56.115754589Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:56.121385312Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:56.129167336Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:56.138664181Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:56.14078074Z 64 PC: 12b05 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:50:56.146142301Z 64 PC: 12b1e | Write file or device (Write 486 bytes on handle 5)
2018-12-25T11:50:56.165481191Z 66 PC: 12b2a | Move file pointer
2018-12-25T11:50:56.167478723Z 64 PC: 12b49 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:50:56.176906366Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:56.179172745Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:56.186624464Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:56.191821766Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:56.202404513Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:56.211887859Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:56.21404492Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:56.216233656Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:56.22565078Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:56.228842418Z 61 PC: 12ad3 | Open file (See above)
2018-12-25T11:50:56.236622162Z 63 PC: 12ae1 | Read file or device (See above)
2018-12-25T11:50:56.245448357Z 66 PC: 12aea | Move file pointer (See above)
2018-12-25T11:50:56.247585114Z 87 PC: 12b5b | Get or set file date and time (See above)
2018-12-25T11:50:56.249606552Z 62 PC: 12b5f | Close file (See above)
2018-12-25T11:50:56.258758176Z 79 PC: 12af2 | Find next file (See above)
2018-12-25T11:50:56.262392945Z 59 PC: 12ac9 | Change current directory
2018-12-25T11:50:56.267523438Z 59 PC: 12ab9 | Change current directory
2018-12-25T11:50:56.278416339Z 76 PC: 12a45 | Terminate with return code (Return code = '0')