Sample viewer

vx.netlux.org/Virus.DOS.Morad.1164

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:56.793195481Z 26 PC: 13e84 | Set disk transfer address
2018-12-17T22:25:56.794791516Z 25 PC: 13e88 | Get default drive
2018-12-17T22:25:56.795955745Z 71 PC: 13ea7 | Get current directory
2018-12-17T22:25:56.799122682Z 59 PC: 13eb6 | Change current directory
2018-12-17T22:25:56.804852836Z 78 PC: 13f0f | Find first file
2018-12-17T22:25:56.81673298Z 79 PC: 13f43 | Find next file
2018-12-17T22:25:56.819485467Z 79 PC: 13f43 | Find next file
2018-12-17T22:25:56.822232172Z 79 PC: 13f43 | Find next file
2018-12-17T22:25:56.826076882Z 79 PC: 13f43 | Find next file
2018-12-17T22:25:56.828714883Z 79 PC: 13f43 | Find next file
2018-12-17T22:25:56.831430061Z 79 PC: 13f43 | Find next file
2018-12-17T22:25:56.834886121Z 79 PC: 13f43 | Find next file
2018-12-17T22:25:56.837462922Z 78 PC: 14052 | Find first file
2018-12-17T22:25:56.843878116Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.847077031Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.849743368Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.852478214Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.854855951Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.861388218Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.864141864Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.868121891Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.871989812Z 79 PC: 140a0 | Find next file
2018-12-17T22:25:56.875326845Z 71 PC: 14124 | Get current directory
2018-12-17T22:25:56.881614537Z 42 PC: 14162 | Get date 0x14162: cmp cx, 0x7d0
0x14166: je 0x1416b
0x14168: ja 0x14175
0x1416a: ret
0x1416b: cmp dh, 0xc
0x1416e: jne 0x141a4
0x14170: cmp dl, 0xb
0x14173: jb 0x141a4
0x14175: mov ax, 0x600
0x14178: mov bh, 7
0x1417a: mov cx, 0
0x1417d: mov dx, 0x184f
0x14180: int 0x10
0x14182: mov ah, 2
0x14184: mov bh, 0
0x14186: mov dh, 8
0x14188: mov dl, 0
0x1418a: int 0x10
0x1418c: mov ah, 0x40
0x1418e: mov bx, 1
2018-12-17T22:25:56.891586739Z 64 PC: 141a0 | Write file or device (Write 256 bytes on handle 1)
2018-12-17T22:25:56.899073569Z 7 PC: 141a4 | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4592,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:17.89652593Z 26 PC: 13e84 | Set disk transfer address
2018-12-25T11:52:17.898842474Z 25 PC: 13e88 | Get default drive
2018-12-25T11:52:17.899929231Z 71 PC: 13ea7 | Get current directory
2018-12-25T11:52:17.90268359Z 59 PC: 13eb6 | Change current directory
2018-12-25T11:52:17.907545234Z 78 PC: 13f0f | Find first file
2018-12-25T11:52:17.918186039Z 79 PC: 13f43 | Find next file
2018-12-25T11:52:17.920815801Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:17.924166825Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:17.926893281Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:17.929458136Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:17.932190851Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:17.938736556Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:17.941126806Z 78 PC: 14052 | Find first file
2018-12-25T11:52:17.945218188Z 79 PC: 140a0 | Find next file
2018-12-25T11:52:17.947793208Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.949902767Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.952810844Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.956959035Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.959960383Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.962606972Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.965890047Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.968786031Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:17.971387375Z 71 PC: 14124 | Get current directory
2018-12-25T11:52:17.975332485Z 42 PC: 14162 | Get date 0x14162: cmp cx, 0x7d0
0x14166: je 0x1416b
0x14168: ja 0x14175
0x1416a: ret
0x1416b: cmp dh, 0xc
0x1416e: jne 0x141a4
0x14170: cmp dl, 0xb
0x14173: jb 0x141a4
0x14175: mov ax, 0x600
0x14178: mov bh, 7
0x1417a: mov cx, 0
0x1417d: mov dx, 0x184f
0x14180: int 0x10
0x14182: mov ah, 2
0x14184: mov bh, 0
0x14186: mov dh, 8
0x14188: mov dl, 0
0x1418a: int 0x10
0x1418c: mov ah, 0x40
0x1418e: mov bx, 1
2018-12-25T11:52:17.97772371Z 59 PC: 141ac | Change current directory
2018-12-25T11:52:17.98191013Z 9 PC: 12a85 | Display string (String= ' ')
2018-12-25T11:52:17.988121237Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":12,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4592,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:18.404284665Z 26 PC: 13e84 | Set disk transfer address
2018-12-25T11:52:18.406008989Z 25 PC: 13e88 | Get default drive
2018-12-25T11:52:18.407200785Z 71 PC: 13ea7 | Get current directory
2018-12-25T11:52:18.410004702Z 59 PC: 13eb6 | Change current directory
2018-12-25T11:52:18.415206877Z 78 PC: 13f0f | Find first file
2018-12-25T11:52:18.42190882Z 79 PC: 13f43 | Find next file
2018-12-25T11:52:18.424866752Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.428400335Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.431102544Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.433697821Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.436301228Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.439584103Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.441929612Z 78 PC: 14052 | Find first file
2018-12-25T11:52:18.447920413Z 79 PC: 140a0 | Find next file
2018-12-25T11:52:18.45132752Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.453762975Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.455362984Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.459762719Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.461555377Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.463733Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.466212764Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.468147545Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.469976079Z 71 PC: 14124 | Get current directory
2018-12-25T11:52:18.473198472Z 42 PC: 14162 | Get date 0x14162: cmp cx, 0x7d0
0x14166: je 0x1416b
0x14168: ja 0x14175
0x1416a: ret
0x1416b: cmp dh, 0xc
0x1416e: jne 0x141a4
0x14170: cmp dl, 0xb
0x14173: jb 0x141a4
0x14175: mov ax, 0x600
0x14178: mov bh, 7
0x1417a: mov cx, 0
0x1417d: mov dx, 0x184f
0x14180: int 0x10
0x14182: mov ah, 2
0x14184: mov bh, 0
0x14186: mov dh, 8
0x14188: mov dl, 0
0x1418a: int 0x10
0x1418c: mov ah, 0x40
0x1418e: mov bx, 1
2018-12-25T11:52:18.475325174Z 59 PC: 141ac | Change current directory
2018-12-25T11:52:18.478009733Z 9 PC: 12a85 | Display string (String= ' ')
2018-12-25T11:52:18.482036243Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":11,"Month":12,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4592,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:18.556749469Z 26 PC: 13e84 | Set disk transfer address
2018-12-25T11:52:18.559199564Z 25 PC: 13e88 | Get default drive
2018-12-25T11:52:18.560980146Z 71 PC: 13ea7 | Get current directory
2018-12-25T11:52:18.564518423Z 59 PC: 13eb6 | Change current directory
2018-12-25T11:52:18.569883491Z 78 PC: 13f0f | Find first file
2018-12-25T11:52:18.576440991Z 79 PC: 13f43 | Find next file
2018-12-25T11:52:18.579311475Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.582452843Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.586530368Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.589679216Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.592684025Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.596507614Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:18.599482948Z 78 PC: 14052 | Find first file
2018-12-25T11:52:18.606458849Z 79 PC: 140a0 | Find next file
2018-12-25T11:52:18.610598433Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.613507726Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.61741556Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.620893954Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.623919727Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.627065722Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.630812949Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.633935997Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:18.63685092Z 71 PC: 14124 | Get current directory
2018-12-25T11:52:18.64070848Z 42 PC: 14162 | Get date 0x14162: cmp cx, 0x7d0
0x14166: je 0x1416b
0x14168: ja 0x14175
0x1416a: ret
0x1416b: cmp dh, 0xc
0x1416e: jne 0x141a4
0x14170: cmp dl, 0xb
0x14173: jb 0x141a4
0x14175: mov ax, 0x600
0x14178: mov bh, 7
0x1417a: mov cx, 0
0x1417d: mov dx, 0x184f
0x14180: int 0x10
0x14182: mov ah, 2
0x14184: mov bh, 0
0x14186: mov dh, 8
0x14188: mov dl, 0
0x1418a: int 0x10
0x1418c: mov ah, 0x40
0x1418e: mov bx, 1
2018-12-25T11:52:18.651874568Z 64 PC: 141a0 | Write file or device (Write 256 bytes on handle 1)
2018-12-25T11:52:18.659062168Z 7 PC: 141a4 | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":2001,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4592,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:19.013529801Z 26 PC: 13e84 | Set disk transfer address
2018-12-25T11:52:19.015721302Z 25 PC: 13e88 | Get default drive
2018-12-25T11:52:19.017054304Z 71 PC: 13ea7 | Get current directory
2018-12-25T11:52:19.020221876Z 59 PC: 13eb6 | Change current directory
2018-12-25T11:52:19.028749664Z 78 PC: 13f0f | Find first file
2018-12-25T11:52:19.043753585Z 79 PC: 13f43 | Find next file
2018-12-25T11:52:19.046640741Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.050194148Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.053408411Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.056294851Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.059825742Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.063079006Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.066060779Z 78 PC: 14052 | Find first file
2018-12-25T11:52:19.073288379Z 79 PC: 140a0 | Find next file
2018-12-25T11:52:19.085046831Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.087892186Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.090875639Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.094952175Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.098179043Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.101221404Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.104936272Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.108470898Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.111495721Z 71 PC: 14124 | Get current directory
2018-12-25T11:52:19.115215117Z 42 PC: 14162 | Get date 0x14162: cmp cx, 0x7d0
0x14166: je 0x1416b
0x14168: ja 0x14175
0x1416a: ret
0x1416b: cmp dh, 0xc
0x1416e: jne 0x141a4
0x14170: cmp dl, 0xb
0x14173: jb 0x141a4
0x14175: mov ax, 0x600
0x14178: mov bh, 7
0x1417a: mov cx, 0
0x1417d: mov dx, 0x184f
0x14180: int 0x10
0x14182: mov ah, 2
0x14184: mov bh, 0
0x14186: mov dh, 8
0x14188: mov dl, 0
0x1418a: int 0x10
0x1418c: mov ah, 0x40
0x1418e: mov bx, 1
2018-12-25T11:52:19.120015068Z 64 PC: 141a0 | Write file or device (Write 256 bytes on handle 1)
2018-12-25T11:52:19.126861726Z 7 PC: 141a4 | Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4592,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:19.307294998Z 26 PC: 13e84 | Set disk transfer address
2018-12-25T11:52:19.309316164Z 25 PC: 13e88 | Get default drive
2018-12-25T11:52:19.311188938Z 71 PC: 13ea7 | Get current directory
2018-12-25T11:52:19.314942946Z 59 PC: 13eb6 | Change current directory
2018-12-25T11:52:19.320057606Z 78 PC: 13f0f | Find first file
2018-12-25T11:52:19.334263041Z 79 PC: 13f43 | Find next file
2018-12-25T11:52:19.337551283Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.340830939Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.344423983Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.347609882Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.350704798Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.358685993Z 79 PC: 13f43 | Find next file (See above)
2018-12-25T11:52:19.361400019Z 78 PC: 14052 | Find first file
2018-12-25T11:52:19.367987863Z 79 PC: 140a0 | Find next file
2018-12-25T11:52:19.371699798Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.374587472Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.377463624Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.381207625Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.384712175Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.388002784Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.393365637Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.396900545Z 79 PC: 140a0 | Find next file (See above)
2018-12-25T11:52:19.399817288Z 71 PC: 14124 | Get current directory
2018-12-25T11:52:19.403307139Z 42 PC: 14162 | Get date 0x14162: cmp cx, 0x7d0
0x14166: je 0x1416b
0x14168: ja 0x14175
0x1416a: ret
0x1416b: cmp dh, 0xc
0x1416e: jne 0x141a4
0x14170: cmp dl, 0xb
0x14173: jb 0x141a4
0x14175: mov ax, 0x600
0x14178: mov bh, 7
0x1417a: mov cx, 0
0x1417d: mov dx, 0x184f
0x14180: int 0x10
0x14182: mov ah, 2
0x14184: mov bh, 0
0x14186: mov dh, 8
0x14188: mov dl, 0
0x1418a: int 0x10
0x1418c: mov ah, 0x40
0x1418e: mov bx, 1
2018-12-25T11:52:19.4071914Z 59 PC: 141ac | Change current directory
2018-12-25T11:52:19.412700173Z 9 PC: 12a85 | Display string (String= ' ')
2018-12-25T11:52:19.418936865Z 0 PC: 12a89 | Program terminate