Sample viewer

vx.netlux.org/Virus.DOS.PD.1070

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:23:38.98136342Z 48 PC: 12c67 | Get DOS version
2018-12-17T22:23:38.983429964Z 47 PC: 12cc6 | Get disk transfer address
2018-12-17T22:23:38.985899422Z 26 PC: 12ce1 | Set disk transfer address
2018-12-17T22:23:38.987750541Z 42 PC: 12ce6 | Get date 0x12ce6: cmp al, 0
0x12ce8: je 0x12d13
0x12cea: mov ah, 0x4e
0x12cec: lea dx, word ptr [bp + 0x5d2]
0x12cf0: mov cx, 0x20
0x12cf3: int 0x21
0x12cf5: jb 0x12d18
0x12cf7: push ds
0x12cf8: push dx
0x12cf9: call 0x12d65
0x12cfc: pop dx
0x12cfd: pop ds
0x12cfe: call 0x12e37
0x12d01: cmp cl, 0x37
0x12d04: jne 0x12d18
0x12d06: mov ah, 0x4f
0x12d08: int 0x21
0x12d0a: jb 0x12d18
0x12d0c: push ds
0x12d0d: push dx
2018-12-17T22:23:38.990647308Z 78 PC: 12cf5 | Find first file
2018-12-17T22:23:38.997255898Z 61 PC: 12d71 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:23:39.003625655Z 63 PC: 12d7f | Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:23:39.006205456Z 87 PC: 12c7f | Get or set file date and time
2018-12-17T22:23:39.008199238Z 87 PC: 12c99 | Get or set file date and time
2018-12-17T22:23:39.00986112Z 62 PC: 12e40 | Close file
2018-12-17T22:23:39.02576367Z 79 PC: 12d0a | Find next file
2018-12-17T22:23:39.029151502Z 26 PC: 12d29 | Set disk transfer address
2018-12-17T22:23:39.030249305Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T22:23:39.034127966Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4149,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:03.260780349Z 48 PC: 12c67 | Get DOS version
2018-12-25T11:51:03.262938987Z 47 PC: 12cc6 | Get disk transfer address
2018-12-25T11:51:03.264640301Z 26 PC: 12ce1 | Set disk transfer address
2018-12-25T11:51:03.265941903Z 42 PC: 12ce6 | Get date 0x12ce6: cmp al, 0
0x12ce8: je 0x12d13
0x12cea: mov ah, 0x4e
0x12cec: lea dx, word ptr [bp + 0x5d2]
0x12cf0: mov cx, 0x20
0x12cf3: int 0x21
0x12cf5: jb 0x12d18
0x12cf7: push ds
0x12cf8: push dx
0x12cf9: call 0x12d65
0x12cfc: pop dx
0x12cfd: pop ds
0x12cfe: call 0x12e37
0x12d01: cmp cl, 0x37
0x12d04: jne 0x12d18
0x12d06: mov ah, 0x4f
0x12d08: int 0x21
0x12d0a: jb 0x12d18
0x12d0c: push ds
0x12d0d: push dx
2018-12-25T11:51:03.269123548Z 78 PC: 12cf5 | Find first file
2018-12-25T11:51:03.275541058Z 61 PC: 12d71 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:51:03.282122801Z 63 PC: 12d7f | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:51:03.285111593Z 87 PC: 12c7f | Get or set file date and time
2018-12-25T11:51:03.287674857Z 87 PC: 12c99 | Get or set file date and time
2018-12-25T11:51:03.289358804Z 62 PC: 12e40 | Close file
2018-12-25T11:51:03.304358581Z 79 PC: 12d0a | Find next file
2018-12-25T11:51:03.308749972Z 26 PC: 12d29 | Set disk transfer address
2018-12-25T11:51:03.310116809Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:51:03.315593136Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4149,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:03.357409939Z 48 PC: 12c67 | Get DOS version
2018-12-25T11:51:03.359315932Z 47 PC: 12cc6 | Get disk transfer address
2018-12-25T11:51:03.361559936Z 26 PC: 12ce1 | Set disk transfer address
2018-12-25T11:51:03.363066419Z 42 PC: 12ce6 | Get date 0x12ce6: cmp al, 0
0x12ce8: je 0x12d13
0x12cea: mov ah, 0x4e
0x12cec: lea dx, word ptr [bp + 0x5d2]
0x12cf0: mov cx, 0x20
0x12cf3: int 0x21
0x12cf5: jb 0x12d18
0x12cf7: push ds
0x12cf8: push dx
0x12cf9: call 0x12d65
0x12cfc: pop dx
0x12cfd: pop ds
0x12cfe: call 0x12e37
0x12d01: cmp cl, 0x37
0x12d04: jne 0x12d18
0x12d06: mov ah, 0x4f
0x12d08: int 0x21
0x12d0a: jb 0x12d18
0x12d0c: push ds
0x12d0d: push dx
2018-12-25T11:51:03.365956082Z 61 PC: 12e0c | Open file (Filename = '                                                       Installed A20 handler number 2.                                          ')
2018-12-25T11:51:03.374749444Z 87 PC: 12c7f | Get or set file date and time
2018-12-25T11:51:03.376817159Z 64 PC: 12e4f | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:51:03.381244565Z 66 PC: 12e6f | Move file pointer
2018-12-25T11:51:03.384360779Z 66 PC: 12e61 | Move file pointer
2018-12-25T11:51:03.386204559Z 64 PC: 12e6f | Write file or device (See above)
2018-12-25T11:51:03.402021988Z 87 PC: 12c99 | Get or set file date and time
2018-12-25T11:51:03.40675194Z 62 PC: 12e40 | Close file
2018-12-25T11:51:03.415002964Z 26 PC: 12d29 | Set disk transfer address
2018-12-25T11:51:03.416639402Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:51:03.423562337Z 76 PC: 12c28 | Terminate with return code (Return code = '0')