Sample viewer

vx.netlux.org/Virus.DOS.92_69.1148

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:22.322713173Z 48 PC: 12c7e | Get DOS version
2018-12-17T22:23:22.324182634Z 74 PC: 12c9c | Reallocate memory
2018-12-17T22:23:22.325353576Z 72 PC: 12ca5 | Allocate memory
2018-12-17T22:23:22.326791759Z 72 PC: 12cc0 | Allocate memory
2018-12-17T22:23:22.328695889Z 42 PC: 12cd1 | Get date 0x12cd1: cmp dl, 7
0x12cd4: jne 0x12d2f
0x12cd6: xor ax, ax
0x12cd8: mov ds, ax
0x12cda: mov al, byte ptr [0x487]
0x12cdd: and al, 0x10
0x12cdf: jne 0x12d2c
0x12ce1: push es
0x12ce2: push ds
0x12ce3: mov bh, 2
0x12ce5: mov ax, 0x1130
0x12ce8: int 0x10
0x12cea: mov di, bp
0x12cec: mov bx, 0x80
0x12cef: mov ah, 0x48
0x12cf1: int 0x21
0x12cf3: jb 0x12d2a
0x12cf5: mov ds, ax
0x12cf7: push ax
0x12cf8: xor si, si
2018-12-17T22:23:22.330748515Z 78 PC: 12d78 | Find first file
2018-12-17T22:23:22.33654999Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.339308918Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.34170158Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.343351913Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.345319028Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.347790965Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.350287466Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.352892804Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.365718905Z 61 PC: 12de6 | Open file (Filename = '\TEST.EXE')
2018-12-17T22:23:22.372035941Z 66 PC: 12dfa | Move file pointer
2018-12-17T22:23:22.372998472Z 87 PC: 12e0d | Get or set file date and time
2018-12-17T22:23:22.374595785Z 66 PC: 12e20 | Move file pointer
2018-12-17T22:23:22.375945922Z 63 PC: 12e2e | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:23:22.378440829Z 66 PC: 12e39 | Move file pointer
2018-12-17T22:23:22.382351121Z 62 PC: 12f7f | Close file
2018-12-17T22:23:22.384024787Z 79 PC: 12d78 | Find next file
2018-12-17T22:23:22.386257212Z 73 PC: 13041 | Release memory
2018-12-17T22:23:22.387885672Z 73 PC: 1305a | Release memory
2018-12-17T22:23:22.389012661Z 74 PC: 13063 | Reallocate memory
2018-12-17T22:23:22.390519467Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T22:23:22.393866547Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4104,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:01.253203497Z 48 PC: 12c7e | Get DOS version
2018-12-25T11:51:01.258550216Z 74 PC: 12c9c | Reallocate memory
2018-12-25T11:51:01.260164531Z 72 PC: 12ca5 | Allocate memory
2018-12-25T11:51:01.261932497Z 72 PC: 12cc0 | Allocate memory
2018-12-25T11:51:01.264280284Z 42 PC: 12cd1 | Get date 0x12cd1: cmp dl, 7
0x12cd4: jne 0x12d2f
0x12cd6: xor ax, ax
0x12cd8: mov ds, ax
0x12cda: mov al, byte ptr [0x487]
0x12cdd: and al, 0x10
0x12cdf: jne 0x12d2c
0x12ce1: push es
0x12ce2: push ds
0x12ce3: mov bh, 2
0x12ce5: mov ax, 0x1130
0x12ce8: int 0x10
0x12cea: mov di, bp
0x12cec: mov bx, 0x80
0x12cef: mov ah, 0x48
0x12cf1: int 0x21
0x12cf3: jb 0x12d2a
0x12cf5: mov ds, ax
0x12cf7: push ax
0x12cf8: xor si, si
2018-12-25T11:51:01.267364728Z 78 PC: 12d78 | Find first file
2018-12-25T11:51:01.274487576Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.278049766Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.281459865Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.28512246Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.288608273Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.291797687Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.295505938Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.298310819Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.301667309Z 61 PC: 12de6 | Open file (Filename = '\TEST.EXE')
2018-12-25T11:51:01.309324188Z 66 PC: 12dfa | Move file pointer
2018-12-25T11:51:01.311253341Z 87 PC: 12e0d | Get or set file date and time
2018-12-25T11:51:01.313885775Z 66 PC: 12e20 | Move file pointer
2018-12-25T11:51:01.315317658Z 63 PC: 12e2e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:51:01.318054828Z 66 PC: 12e39 | Move file pointer
2018-12-25T11:51:01.320339806Z 62 PC: 12f7f | Close file
2018-12-25T11:51:01.322297107Z 79 PC: 12d78 | Find next file (See above)
2018-12-25T11:51:01.32479962Z 73 PC: 13041 | Release memory
2018-12-25T11:51:01.327391541Z 73 PC: 1305a | Release memory
2018-12-25T11:51:01.329451422Z 74 PC: 13063 | Reallocate memory
2018-12-25T11:51:01.332883637Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:51:01.339581593Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4104,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:02.06143163Z 48 PC: 12c7e | Get DOS version
2018-12-25T11:51:02.063285589Z 74 PC: 12c9c | Reallocate memory
2018-12-25T11:51:02.071611931Z 72 PC: 12ca5 | Allocate memory
2018-12-25T11:51:02.073763098Z 72 PC: 12cc0 | Allocate memory
2018-12-25T11:51:02.076591474Z 42 PC: 12cd1 | Get date 0x12cd1: cmp dl, 7
0x12cd4: jne 0x12d2f
0x12cd6: xor ax, ax
0x12cd8: mov ds, ax
0x12cda: mov al, byte ptr [0x487]
0x12cdd: and al, 0x10
0x12cdf: jne 0x12d2c
0x12ce1: push es
0x12ce2: push ds
0x12ce3: mov bh, 2
0x12ce5: mov ax, 0x1130
0x12ce8: int 0x10
0x12cea: mov di, bp
0x12cec: mov bx, 0x80
0x12cef: mov ah, 0x48
0x12cf1: int 0x21
0x12cf3: jb 0x12d2a
0x12cf5: mov ds, ax
0x12cf7: push ax
0x12cf8: xor si, si
2018-12-25T11:51:02.079922972Z 72 PC: 12cf3 | Allocate memory
2018-12-25T11:51:02.083817333Z 73 PC: 12d2a | Release memory
2018-12-25T11:51:02.085979739Z 73 PC: 13041 | Release memory
2018-12-25T11:51:02.097047175Z 73 PC: 1305a | Release memory
2018-12-25T11:51:02.098693461Z 74 PC: 13063 | Reallocate memory
2018-12-25T11:51:02.100963308Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:51:02.108838508Z 76 PC: 12c28 | Terminate with return code (Return code = '0')