Sample viewer

vx.netlux.org/Virus.DOS.Fricker.395

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:24:45.856123683Z	26	PC: 15160 \| Set disk transfer address
2018-12-17T22:24:45.857478952Z	67	PC: 151a3 \| Get or set file attributes
2018-12-17T22:24:46.191705127Z	78	PC: 151cb \| Find first file
2018-12-17T22:24:46.198716463Z	67	PC: 151d6 \| Get or set file attributes
2018-12-17T22:24:46.210090075Z	61	PC: 151db \| Open file (Filename = '� ��')
2018-12-17T22:24:46.219196458Z	66	PC: 151f1 \| Move file pointer
2018-12-17T22:24:46.221381995Z	63	PC: 151fb \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:24:46.225205989Z	66	PC: 1524a \| Move file pointer
2018-12-17T22:24:46.228190011Z	63	PC: 15256 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:24:46.231665694Z	66	PC: 1525f \| Move file pointer
2018-12-17T22:24:46.233870819Z	64	PC: 15268 \| Write file or device (Write 395 bytes on handle 5)
2018-12-17T22:24:46.242364897Z	66	PC: 15272 \| Move file pointer
2018-12-17T22:24:46.244355343Z	64	PC: 1527c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:24:46.248001841Z	62	PC: 15280 \| Close file
2018-12-17T22:24:46.259539068Z	26	PC: 1528e \| Set disk transfer address
2018-12-17T22:24:46.261372233Z	44	PC: 15292 \| Get time 0x15292: cmp ch, 8 0x15295: jne 0x152ae 0x15297: mov cx, 0x1e 0x1529a: mov bx, 0x16c 0x1529d: xor byte ptr cs:[bx + si], cl 0x152a0: nop 0x152a1: inc bx 0x152a2: loop 0x1529d 0x152a4: add si, 0x16c 0x152a8: mov dx, si 0x152aa: mov ah, 9 0x152ac: int 0x21 0x152ae: mov word ptr ds:[0x2e], 0x100 0x152b5: jmp word ptr ds:[0x2e] 0x152ba: popaw 0x152bb: popaw 0x152bc: pop ax 0x152bd: dec di 0x152be: push bp 0x152bf: pop ax
2018-12-17T22:24:46.264427503Z	76	PC: 15144 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4374,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:35.126722863Z	26	PC: 15160 \| Set disk transfer address
2018-12-25T11:51:35.129360451Z	67	PC: 151a3 \| Get or set file attributes
2018-12-25T11:51:35.784027269Z	78	PC: 151cb \| Find first file
2018-12-25T11:51:35.79150199Z	67	PC: 151d6 \| Get or set file attributes
2018-12-25T11:51:35.802204186Z	61	PC: 151db \| Open file (Filename = '� ��')
2018-12-25T11:51:35.808536273Z	66	PC: 151f1 \| Move file pointer
2018-12-25T11:51:35.810060542Z	63	PC: 151fb \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:51:35.814439Z	66	PC: 1524a \| Move file pointer
2018-12-25T11:51:35.816625725Z	63	PC: 15256 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:35.819613858Z	66	PC: 1525f \| Move file pointer
2018-12-25T11:51:35.821638123Z	64	PC: 15268 \| Write file or device (Write 395 bytes on handle 5)
2018-12-25T11:51:35.830217898Z	66	PC: 15272 \| Move file pointer
2018-12-25T11:51:35.832239151Z	64	PC: 1527c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:35.836384881Z	62	PC: 15280 \| Close file
2018-12-25T11:51:35.850856965Z	26	PC: 1528e \| Set disk transfer address
2018-12-25T11:51:35.852440388Z	44	PC: 15292 \| Get time 0x15292: cmp ch, 8 0x15295: jne 0x152ae 0x15297: mov cx, 0x1e 0x1529a: mov bx, 0x16c 0x1529d: xor byte ptr cs:[bx + si], cl 0x152a0: nop 0x152a1: inc bx 0x152a2: loop 0x1529d 0x152a4: add si, 0x16c 0x152a8: mov dx, si 0x152aa: mov ah, 9 0x152ac: int 0x21 0x152ae: mov word ptr ds:[0x2e], 0x100 0x152b5: jmp word ptr ds:[0x2e] 0x152ba: popaw 0x152bb: popaw 0x152bc: pop ax 0x152bd: dec di 0x152be: push bp 0x152bf: pop ax
2018-12-25T11:51:35.854935585Z	76	PC: 15144 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":8,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4374,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:35.184305004Z	26	PC: 15160 \| Set disk transfer address
2018-12-25T11:51:35.186591916Z	67	PC: 151a3 \| Get or set file attributes
2018-12-25T11:51:35.791998934Z	78	PC: 151cb \| Find first file
2018-12-25T11:51:35.79786278Z	67	PC: 151d6 \| Get or set file attributes
2018-12-25T11:51:35.807673908Z	61	PC: 151db \| Open file (Filename = '� ��')
2018-12-25T11:51:35.814152192Z	66	PC: 151f1 \| Move file pointer
2018-12-25T11:51:35.815741256Z	63	PC: 151fb \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:51:35.819702782Z	66	PC: 1524a \| Move file pointer
2018-12-25T11:51:35.821426162Z	63	PC: 15256 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:35.824267024Z	66	PC: 1525f \| Move file pointer
2018-12-25T11:51:35.827012586Z	64	PC: 15268 \| Write file or device (Write 395 bytes on handle 5)
2018-12-25T11:51:35.835195662Z	66	PC: 15272 \| Move file pointer
2018-12-25T11:51:35.837779529Z	64	PC: 1527c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:35.841152192Z	62	PC: 15280 \| Close file
2018-12-25T11:51:35.848611013Z	26	PC: 1528e \| Set disk transfer address
2018-12-25T11:51:35.849834389Z	44	PC: 15292 \| Get time 0x15292: cmp ch, 8 0x15295: jne 0x152ae 0x15297: mov cx, 0x1e 0x1529a: mov bx, 0x16c 0x1529d: xor byte ptr cs:[bx + si], cl 0x152a0: nop 0x152a1: inc bx 0x152a2: loop 0x1529d 0x152a4: add si, 0x16c 0x152a8: mov dx, si 0x152aa: mov ah, 9 0x152ac: int 0x21 0x152ae: mov word ptr ds:[0x2e], 0x100 0x152b5: jmp word ptr ds:[0x2e] 0x152ba: popaw 0x152bb: popaw 0x152bc: pop ax 0x152bd: dec di 0x152be: push bp 0x152bf: pop ax
2018-12-25T11:51:35.852207832Z	9	PC: 152ae \| Display string (String= 'FRICKER-1 is glad to meet YOU!')
2018-12-25T11:51:35.855022755Z	76	PC: 15144 \| Terminate with return code (Return code = '36')