Sample viewer

vx.netlux.org/Virus.DOS.Vnu.535

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:27:25.277191978Z	78	PC: 12b2a \| Find first file
2018-12-17T22:27:25.28323118Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:27:25.290731748Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.297308819Z	66	PC: 12b7e \| Move file pointer
2018-12-17T22:27:25.299125815Z	66	PC: 12b9f \| Move file pointer
2018-12-17T22:27:25.303478079Z	64	PC: 12baa \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:27:25.306856511Z	66	PC: 12bb3 \| Move file pointer
2018-12-17T22:27:25.308241522Z	64	PC: 12bbe \| Write file or device (Write 31 bytes on handle 5)
2018-12-17T22:27:25.312626896Z	64	PC: 12be3 \| Write file or device (Write 504 bytes on handle 5)
2018-12-17T22:27:25.326931532Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.334877729Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.338467087Z	61	PC: 12b4e \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:27:25.345184597Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.351764533Z	66	PC: 12b7e \| Move file pointer
2018-12-17T22:27:25.354517697Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.356714157Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.359627974Z	61	PC: 12b4e \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:27:25.369382293Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.376218858Z	66	PC: 12b7e \| Move file pointer
2018-12-17T22:27:25.377750435Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.382924433Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.385605543Z	61	PC: 12b4e \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:27:25.392439111Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.399274876Z	66	PC: 12b7e \| Move file pointer
2018-12-17T22:27:25.400715685Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.402513493Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.406803292Z	61	PC: 12b4e \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:27:25.41387087Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.417964699Z	66	PC: 12b7e \| Move file pointer
2018-12-17T22:27:25.419635229Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.423437566Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.425182698Z	61	PC: 12b4e \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:27:25.43254997Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.439238861Z	66	PC: 12b7e \| Move file pointer
2018-12-17T22:27:25.440596867Z	66	PC: 12b9f \| Move file pointer
2018-12-17T22:27:25.442202544Z	64	PC: 12baa \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:27:25.445660701Z	66	PC: 12bb3 \| Move file pointer
2018-12-17T22:27:25.447059077Z	64	PC: 12bbe \| Write file or device (Write 31 bytes on handle 5)
2018-12-17T22:27:25.453162129Z	64	PC: 12be3 \| Write file or device (Write 504 bytes on handle 5)
2018-12-17T22:27:25.459561231Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.469119378Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.471226419Z	61	PC: 12b4e \| Open file (Filename = 'PAH.COM')
2018-12-17T22:27:25.475715908Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.480124088Z	66	PC: 12b7e \| Move file pointer
2018-12-17T22:27:25.48118937Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.482971592Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.484663493Z	61	PC: 12b4e \| Open file (Filename = 'TEST.COM')
2018-12-17T22:27:25.488817371Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:27:25.492340355Z	62	PC: 12be7 \| Close file
2018-12-17T22:27:25.494073411Z	79	PC: 12b2a \| Find next file
2018-12-17T22:27:25.496720183Z	44	PC: 12bfb \| Get time 0x12bfb: cmp ch, 9 0x12bfe: je 0x12c05 0x12c00: mov ax, 0x100 0x12c03: jmp ax 0x12c05: mov ah, 0x3c 0x12c07: mov cx, 0x20 0x12c0a: lea dx, word ptr [bp + 0x2fe] 0x12c0e: int 0x21 0x12c10: jb 0x12c15 0x12c12: jmp 0x12c1f 0x12c15: mov al, byte ptr [0x2fe] 0x12c18: inc al 0x12c1a: mov byte ptr [0x2fe], al 0x12c1d: jmp 0x12c05 0x12c1f: xchg ax, bx 0x12c20: mov ah, 0x40 0x12c22: lea dx, word ptr [bp + 0x19b] 0x12c26: mov cx, 0x2d 0x12c29: int 0x21 0x12c2b: mov ah, 0x3d

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4876,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:10.849566696Z	78	PC: 12b2a \| Find first file
2018-12-25T11:53:10.856227702Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:10.865316532Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:53:10.872265072Z	66	PC: 12b7e \| Move file pointer
2018-12-25T11:53:10.884573139Z	66	PC: 12b9f \| Move file pointer
2018-12-25T11:53:10.886519039Z	64	PC: 12baa \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:53:10.892570831Z	66	PC: 12bb3 \| Move file pointer
2018-12-25T11:53:10.894473883Z	64	PC: 12bbe \| Write file or device (Write 31 bytes on handle 5)
2018-12-25T11:53:10.899404885Z	64	PC: 12be3 \| Write file or device (Write 504 bytes on handle 5)
2018-12-25T11:53:10.921458091Z	62	PC: 12be7 \| Close file
2018-12-25T11:53:10.931055687Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:10.933979098Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:10.941452628Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:10.948529935Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:10.949969591Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:10.95671267Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:10.960083159Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:10.968331967Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:10.976723476Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:10.978399657Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:10.980425216Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:10.984868805Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:10.992197017Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:10.99967329Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.002027214Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.005298492Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.00845594Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.01581906Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.023343656Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.024878312Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.02742191Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.031743436Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.039511218Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.046486149Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.049490099Z	66	PC: 12b9f \| Move file pointer (See above)
2018-12-25T11:53:11.051064056Z	64	PC: 12baa \| Write file or device (See above)
2018-12-25T11:53:11.054679541Z	66	PC: 12bb3 \| Move file pointer (See above)
2018-12-25T11:53:11.057143533Z	64	PC: 12bbe \| Write file or device (See above)
2018-12-25T11:53:11.067990866Z	64	PC: 12be3 \| Write file or device (See above)
2018-12-25T11:53:11.077650616Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.087457654Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.090416448Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.094797867Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.099842197Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.101059529Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.102421714Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.105832801Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.113224426Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.115875192Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.118748849Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.121945737Z	44	PC: 12bfb \| Get time 0x12bfb: cmp ch, 9 0x12bfe: je 0x12c05 0x12c00: mov ax, 0x100 0x12c03: jmp ax 0x12c05: mov ah, 0x3c 0x12c07: mov cx, 0x20 0x12c0a: lea dx, word ptr [bp + 0x2fe] 0x12c0e: int 0x21 0x12c10: jb 0x12c15 0x12c12: jmp 0x12c1f 0x12c15: mov al, byte ptr [0x2fe] 0x12c18: inc al 0x12c1a: mov byte ptr [0x2fe], al 0x12c1d: jmp 0x12c05 0x12c1f: xchg ax, bx 0x12c20: mov ah, 0x40 0x12c22: lea dx, word ptr [bp + 0x19b] 0x12c26: mov cx, 0x2d 0x12c29: int 0x21 0x12c2b: mov ah, 0x3d

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":9,"Min":0,"Second":0,"TimeBased":true,"OriginalID":4876,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:10.975385062Z	78	PC: 12b2a \| Find first file
2018-12-25T11:53:10.982470192Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:10.987007793Z	63	PC: 12b66 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:53:10.991100848Z	66	PC: 12b7e \| Move file pointer
2018-12-25T11:53:10.99259956Z	66	PC: 12b9f \| Move file pointer
2018-12-25T11:53:10.994156005Z	64	PC: 12baa \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:53:10.996777003Z	66	PC: 12bb3 \| Move file pointer
2018-12-25T11:53:10.999168129Z	64	PC: 12bbe \| Write file or device (Write 31 bytes on handle 5)
2018-12-25T11:53:11.002831927Z	64	PC: 12be3 \| Write file or device (Write 504 bytes on handle 5)
2018-12-25T11:53:11.018890864Z	62	PC: 12be7 \| Close file
2018-12-25T11:53:11.02782687Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.031452141Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.03964146Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.04667275Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.048921997Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.051158423Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.054337196Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.062703582Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.070172206Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.071757771Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.07458538Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.07777494Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.085588885Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.092920112Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.094430909Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.096235838Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.099025085Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.108372349Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.115567713Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.117065127Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.119994832Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.122065656Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.126376794Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.134001608Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.135722161Z	66	PC: 12b9f \| Move file pointer (See above)
2018-12-25T11:53:11.137557946Z	64	PC: 12baa \| Write file or device (See above)
2018-12-25T11:53:11.141767078Z	66	PC: 12bb3 \| Move file pointer (See above)
2018-12-25T11:53:11.14323713Z	64	PC: 12bbe \| Write file or device (See above)
2018-12-25T11:53:11.14918584Z	64	PC: 12be3 \| Write file or device (See above)
2018-12-25T11:53:11.155392354Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.165126854Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.168129737Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.176353893Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.188478765Z	66	PC: 12b7e \| Move file pointer (See above)
2018-12-25T11:53:11.190426526Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.192315151Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.195766682Z	61	PC: 12b4e \| Open file (See above)
2018-12-25T11:53:11.203564641Z	63	PC: 12b66 \| Read file or device (See above)
2018-12-25T11:53:11.207040603Z	62	PC: 12be7 \| Close file (See above)
2018-12-25T11:53:11.210461963Z	79	PC: 12b2a \| Find next file (See above)
2018-12-25T11:53:11.213883078Z	44	PC: 12bfb \| Get time 0x12bfb: cmp ch, 9 0x12bfe: je 0x12c05 0x12c00: mov ax, 0x100 0x12c03: jmp ax 0x12c05: mov ah, 0x3c 0x12c07: mov cx, 0x20 0x12c0a: lea dx, word ptr [bp + 0x2fe] 0x12c0e: int 0x21 0x12c10: jb 0x12c15 0x12c12: jmp 0x12c1f 0x12c15: mov al, byte ptr [0x2fe] 0x12c18: inc al 0x12c1a: mov byte ptr [0x2fe], al 0x12c1d: jmp 0x12c05 0x12c1f: xchg ax, bx 0x12c20: mov ah, 0x40 0x12c22: lea dx, word ptr [bp + 0x19b] 0x12c26: mov cx, 0x2d 0x12c29: int 0x21 0x12c2b: mov ah, 0x3d
2018-12-25T11:53:11.216459162Z	60	PC: 12c10 \| Create or truncate file
2018-12-25T11:53:11.569787008Z	64	PC: 12c2b \| Write file or device (Write 45 bytes on handle 5)
2018-12-25T11:53:11.578797459Z	61	PC: 12c2f \| Open file (Filename = 'Dedicated to the memory of Kurt Donald Cobain��')