Sample viewer

vx.netlux.org/Virus.DOS.Amber.Trivial.1430.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:42.886627074Z	78	PC: 12a6f \| Find first file
2018-12-17T22:29:42.894112002Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:42.898997531Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:42.902048396Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:42.904920542Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:42.908462872Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:42.911300397Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:42.914223141Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:42.919878611Z	61	PC: 12aa5 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:29:42.927536339Z	63	PC: 12ab4 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:42.932722423Z	66	PC: 12ad5 \| Move file pointer
2018-12-17T22:29:42.978317646Z	64	PC: 12b1b \| Write file or device (Write 1588 bytes on handle 5)
2018-12-17T22:29:43.001848613Z	66	PC: 12b26 \| Move file pointer
2018-12-17T22:29:43.003987242Z	64	PC: 12b34 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:29:43.008803262Z	87	PC: 12b4b \| Get or set file date and time
2018-12-17T22:29:43.011937827Z	62	PC: 12ac8 \| Close file
2018-12-17T22:29:43.022642171Z	79	PC: 12a6f \| Find next file
2018-12-17T22:29:43.029376332Z	42	PC: 12b68 \| Get date 0x12b68: cmp dh, dl 0x12b6a: jne 0x12b75 0x12b6c: mov dx, 0x149 0x12b6f: add dx, bp 0x12b71: mov ah, 9 0x12b73: int 0x21 0x12b75: xor ax, ax 0x12b77: xor bx, bx 0x12b79: mov cx, 0xff 0x12b7c: mov bp, sp 0x12b7e: mov si, 0x100 0x12b81: jmp si 0x12b83: sub ch, byte ptr [0x6f63] 0x12b87: insw word ptr es:[di], dx 0x12b88: add byte ptr [bp + di + 0x54], bl 0x12b8b: jb 0x12bf6 0x12b8d: jbe 0x12bf8 0x12b8f: popaw 0x12b90: insb byte ptr es:[di], dx 0x12b91: pop bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5312,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.423616841Z	78	PC: 12a6f \| Find first file
2018-12-25T11:54:12.430152265Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.432573853Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.448241033Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.451832738Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.454479471Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.4571843Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.460179055Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.465081909Z	61	PC: 12aa5 \| Open file (Filename = 'TEST.COM')
2018-12-25T11:54:12.469276301Z	63	PC: 12ab4 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.471125125Z	66	PC: 12ad5 \| Move file pointer
2018-12-25T11:54:12.486569951Z	64	PC: 12b1b \| Write file or device (Write 1533 bytes on handle 5)
2018-12-25T11:54:12.498713134Z	66	PC: 12b26 \| Move file pointer
2018-12-25T11:54:12.49979893Z	64	PC: 12b34 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:12.502685358Z	87	PC: 12b4b \| Get or set file date and time
2018-12-25T11:54:12.503930149Z	62	PC: 12ac8 \| Close file
2018-12-25T11:54:12.511263777Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.51583566Z	42	PC: 12b68 \| Get date 0x12b68: cmp dh, dl 0x12b6a: jne 0x12b75 0x12b6c: mov dx, 0x149 0x12b6f: add dx, bp 0x12b71: mov ah, 9 0x12b73: int 0x21 0x12b75: xor ax, ax 0x12b77: xor bx, bx 0x12b79: mov cx, 0xff 0x12b7c: mov bp, sp 0x12b7e: mov si, 0x100 0x12b81: jmp si 0x12b83: sub ch, byte ptr [0x6f63] 0x12b87: insw word ptr es:[di], dx 0x12b88: add byte ptr [bp + di + 0x54], bl 0x12b8b: jb 0x12bf6 0x12b8d: jbe 0x12bf8 0x12b8f: popaw 0x12b90: insb byte ptr es:[di], dx 0x12b91: pop bp
2018-12-25T11:54:12.517807444Z	9	PC: 12b75 \| Display string (String= '[Trivial]��^�M�]��[AMBER1.07@beta]X�o%�G�G�G�G')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5312,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.426432441Z	78	PC: 12a6f \| Find first file
2018-12-25T11:54:12.431859255Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.438512936Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.441114273Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.443890851Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.447163838Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.449653245Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.452207541Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.455665026Z	61	PC: 12aa5 \| Open file (Filename = 'TEST.COM')
2018-12-25T11:54:12.462231419Z	63	PC: 12ab4 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.464941213Z	66	PC: 12ad5 \| Move file pointer
2018-12-25T11:54:12.502782737Z	64	PC: 12b1b \| Write file or device (Write 1649 bytes on handle 5)
2018-12-25T11:54:12.523995414Z	66	PC: 12b26 \| Move file pointer
2018-12-25T11:54:12.525475459Z	64	PC: 12b34 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:12.529356937Z	87	PC: 12b4b \| Get or set file date and time
2018-12-25T11:54:12.53077819Z	62	PC: 12ac8 \| Close file
2018-12-25T11:54:12.538225729Z	79	PC: 12a6f \| Find next file (See above)
2018-12-25T11:54:12.542389581Z	42	PC: 12b68 \| Get date 0x12b68: cmp dh, dl 0x12b6a: jne 0x12b75 0x12b6c: mov dx, 0x149 0x12b6f: add dx, bp 0x12b71: mov ah, 9 0x12b73: int 0x21 0x12b75: xor ax, ax 0x12b77: xor bx, bx 0x12b79: mov cx, 0xff 0x12b7c: mov bp, sp 0x12b7e: mov si, 0x100 0x12b81: jmp si 0x12b83: sub ch, byte ptr [0x6f63] 0x12b87: insw word ptr es:[di], dx 0x12b88: add byte ptr [bp + di + 0x54], bl 0x12b8b: jb 0x12bf6 0x12b8d: jbe 0x12bf8 0x12b8f: popaw 0x12b90: insb byte ptr es:[di], dx 0x12b91: pop bp