Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.1310.d

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:27.012011229Z	238	PC: 13251 \| UNKNOWN!
2018-12-17T22:29:27.014362237Z	53	PC: 1325d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:29:27.016353838Z	54	PC: 9f771 \| Get free disk space
2018-12-17T22:29:27.054479121Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:29:27.055782309Z	67	PC: 9f7be \| Get or set file attributes
2018-12-17T22:29:27.063159814Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-17T22:29:27.407558322Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-17T22:29:27.415440611Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-17T22:29:27.417803942Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:29:27.419144623Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:29:27.425649663Z	66	PC: 9f828 \| Move file pointer
2018-12-17T22:29:27.42843525Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:29:27.434565987Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:29:27.436225631Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:27.440164768Z	66	PC: 9fa5d \| Move file pointer
2018-12-17T22:29:27.44167849Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-17T22:29:27.451581755Z	66	PC: 9fa4e \| Move file pointer
2018-12-17T22:29:27.455943642Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:29:27.459229174Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-17T22:29:27.460879583Z	62	PC: 9f9f7 \| Close file
2018-12-17T22:29:27.469190179Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-17T22:29:27.478873289Z	42	PC: 132ec \| Get date 0x132ec: cmp dx, 0x714 0x132f0: jne 0x13311 0x132f2: xor ax, ax 0x132f4: mov es, ax 0x132f6: mov dx, 0x49f 0x132f9: mov word ptr es:[0x70], dx 0x132fe: mov word ptr es:[0x72], ds 0x13303: mov bx, bx 0x13305: mov ax, ax 0x13307: mov cx, cx 0x13309: mov bx, bx 0x1330b: mov cx, cx 0x1330d: mov ax, ax 0x1330f: mov ax, ax 0x13311: cmp byte ptr cs:[si + 0x3b], 1 0x13316: je 0x1332a 0x13318: push cs 0x13319: push cs 0x1331a: pop ds 0x1331b: pop es

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5257,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:02.144811257Z	238	PC: 13251 \| UNKNOWN!
2018-12-25T11:54:02.145862071Z	53	PC: 1325d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:02.147136767Z	54	PC: 9f771 \| Get free disk space
2018-12-25T11:54:02.184782057Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:02.186346597Z	67	PC: 9f7be \| Get or set file attributes
2018-12-25T11:54:02.193975059Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-25T11:54:03.698430934Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-25T11:54:03.7027643Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-25T11:54:03.704468566Z	66	PC: 9fa4e \| Move file pointer
2018-12-25T11:54:03.705793009Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:54:03.713085294Z	66	PC: 9f828 \| Move file pointer
2018-12-25T11:54:03.715107679Z	63	PC: 9fa3f \| Read file or device (See above)
2018-12-25T11:54:03.722465919Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T11:54:03.724113615Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:03.727493225Z	66	PC: 9fa5d \| Move file pointer
2018-12-25T11:54:03.728761112Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-25T11:54:03.738932794Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T11:54:03.740793513Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:03.743484153Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-25T11:54:03.744800147Z	62	PC: 9f9f7 \| Close file
2018-12-25T11:54:03.752538886Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-25T11:54:03.761269915Z	42	PC: 132ec \| Get date 0x132ec: cmp dx, 0x714 0x132f0: jne 0x13311 0x132f2: xor ax, ax 0x132f4: mov es, ax 0x132f6: mov dx, 0x49f 0x132f9: mov word ptr es:[0x70], dx 0x132fe: mov word ptr es:[0x72], ds 0x13303: mov bx, bx 0x13305: mov ax, ax 0x13307: mov cx, cx 0x13309: mov bx, bx 0x1330b: mov cx, cx 0x1330d: mov ax, ax 0x1330f: mov ax, ax 0x13311: cmp byte ptr cs:[si + 0x3b], 1 0x13316: je 0x1332a 0x13318: push cs 0x13319: push cs 0x1331a: pop ds 0x1331b: pop es

{"DateBased":true,"Day":20,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5257,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:02.381774913Z	238	PC: 13251 \| UNKNOWN!
2018-12-25T11:54:02.383478647Z	53	PC: 1325d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:02.385999257Z	54	PC: 9f771 \| Get free disk space
2018-12-25T11:54:02.42709315Z	53	PC: 9f793 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:02.428553282Z	67	PC: 9f7be \| Get or set file attributes
2018-12-25T11:54:02.435801264Z	67	PC: 9f7ca \| Get or set file attributes
2018-12-25T11:54:02.785729303Z	61	PC: 9f7d4 \| Open file (Filename = '')
2018-12-25T11:54:02.793162669Z	87	PC: 9f7e4 \| Get or set file date and time
2018-12-25T11:54:02.79645578Z	66	PC: 9fa4e \| Move file pointer
2018-12-25T11:54:02.798504877Z	63	PC: 9fa3f \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:54:02.805122582Z	66	PC: 9f828 \| Move file pointer
2018-12-25T11:54:02.809039605Z	63	PC: 9fa3f \| Read file or device (See above)
2018-12-25T11:54:02.818263277Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T11:54:02.821019251Z	63	PC: 9f864 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:02.824610899Z	66	PC: 9fa5d \| Move file pointer
2018-12-25T11:54:02.827221756Z	64	PC: 9f885 \| Write file or device (Write 1310 bytes on handle 5)
2018-12-25T11:54:02.83879852Z	66	PC: 9fa4e \| Move file pointer (See above)
2018-12-25T11:54:02.840415462Z	64	PC: 9f8ab \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:02.844277323Z	87	PC: 9f9f3 \| Get or set file date and time
2018-12-25T11:54:02.849043773Z	62	PC: 9f9f7 \| Close file
2018-12-25T11:54:02.859027471Z	67	PC: 9fa0b \| Get or set file attributes
2018-12-25T11:54:02.870383834Z	42	PC: 132ec \| Get date 0x132ec: cmp dx, 0x714 0x132f0: jne 0x13311 0x132f2: xor ax, ax 0x132f4: mov es, ax 0x132f6: mov dx, 0x49f 0x132f9: mov word ptr es:[0x70], dx 0x132fe: mov word ptr es:[0x72], ds 0x13303: mov bx, bx 0x13305: mov ax, ax 0x13307: mov cx, cx 0x13309: mov bx, bx 0x1330b: mov cx, cx 0x1330d: mov ax, ax 0x1330f: mov ax, ax 0x13311: cmp byte ptr cs:[si + 0x3b], 1 0x13316: je 0x1332a 0x13318: push cs 0x13319: push cs 0x1331a: pop ds 0x1331b: pop es