Sample viewer

vx.netlux.org/Virus.DOS.Yerk.375

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:07.320448675Z	26	PC: 13617 \| Set disk transfer address
2018-12-17T22:30:07.323648759Z	25	PC: 1361b \| Get default drive
2018-12-17T22:30:07.325061544Z	14	PC: 13626 \| Set default drive (Drive = 'C')
2018-12-17T22:30:07.326511595Z	71	PC: 13631 \| Get current directory
2018-12-17T22:30:07.329295358Z	78	PC: 13646 \| Find first file
2018-12-17T22:30:07.336125522Z	67	PC: 13671 \| Get or set file attributes
2018-12-17T22:30:07.677085278Z	61	PC: 13676 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:30:07.684677637Z	63	PC: 13685 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:30:07.689791868Z	66	PC: 1368e \| Move file pointer
2018-12-17T22:30:07.691093843Z	64	PC: 1369b \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:30:07.69350825Z	64	PC: 136a4 \| Write file or device (Write 370 bytes on handle 5)
2018-12-17T22:30:07.700138442Z	66	PC: 136b7 \| Move file pointer
2018-12-17T22:30:07.7014952Z	64	PC: 136c1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:30:07.703703189Z	87	PC: 136d2 \| Get or set file date and time
2018-12-17T22:30:07.705685122Z	62	PC: 136d6 \| Close file
2018-12-17T22:30:07.710859216Z	67	PC: 136e4 \| Get or set file attributes
2018-12-17T22:30:07.726638371Z	79	PC: 1364c \| Find next file
2018-12-17T22:30:07.730955843Z	59	PC: 136ff \| Change current directory
2018-12-17T22:30:07.734545718Z	14	PC: 13705 \| Set default drive (Drive = 'C')
2018-12-17T22:30:07.738269527Z	78	PC: 13646 \| Find first file
2018-12-17T22:30:07.744200689Z	79	PC: 1364c \| Find next file
2018-12-17T22:30:07.746797375Z	59	PC: 13716 \| Change current directory
2018-12-17T22:30:07.748360613Z	14	PC: 13728 \| Set default drive (Drive = 'A')
2018-12-17T22:30:07.750020831Z	42	PC: 1372c \| Get date 0x1372c: nop 0x1372d: cmp dx, 0x101 0x13731: je 0x1373b 0x13733: cmp dx, 0xc1f 0x13737: je 0x1373b 0x13739: jmp 0x13751 0x1373b: mov cx, 0x19 0x1373e: push si 0x1373f: add si, 0x158 0x13743: add si, cx 0x13745: mov dl, byte ptr [si] 0x13747: add dl, 0x40 0x1374a: mov ah, 2 0x1374c: int 0x21 0x1374e: pop si 0x1374f: loop 0x1373e 0x13751: mov di, 0x100 0x13754: push di 0x13755: ret 0x13756: loope 0x13738
2018-12-17T22:30:07.753008915Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5386,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:23.486807456Z	26	PC: 13617 \| Set disk transfer address
2018-12-25T11:54:23.502770706Z	25	PC: 1361b \| Get default drive
2018-12-25T11:54:23.504182794Z	14	PC: 13626 \| Set default drive (Drive = 'C')
2018-12-25T11:54:23.505721933Z	71	PC: 13631 \| Get current directory
2018-12-25T11:54:23.509492982Z	78	PC: 13646 \| Find first file
2018-12-25T11:54:23.515229795Z	67	PC: 13671 \| Get or set file attributes
2018-12-25T11:54:24.206773031Z	61	PC: 13676 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T11:54:24.215085367Z	63	PC: 13685 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:54:24.217588399Z	66	PC: 1368e \| Move file pointer
2018-12-25T11:54:24.218763377Z	64	PC: 1369b \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:54:24.22083887Z	64	PC: 136a4 \| Write file or device (Write 370 bytes on handle 5)
2018-12-25T11:54:24.227672745Z	66	PC: 136b7 \| Move file pointer
2018-12-25T11:54:24.229437952Z	64	PC: 136c1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:54:24.231447707Z	87	PC: 136d2 \| Get or set file date and time
2018-12-25T11:54:24.232940876Z	62	PC: 136d6 \| Close file
2018-12-25T11:54:24.237165311Z	67	PC: 136e4 \| Get or set file attributes
2018-12-25T11:54:24.243861709Z	79	PC: 1364c \| Find next file
2018-12-25T11:54:24.245859092Z	59	PC: 136ff \| Change current directory
2018-12-25T11:54:24.248112703Z	14	PC: 13705 \| Set default drive (Drive = 'C')
2018-12-25T11:54:24.249234939Z	78	PC: 13646 \| Find first file (See above)
2018-12-25T11:54:24.253136782Z	79	PC: 1364c \| Find next file (See above)
2018-12-25T11:54:24.254855888Z	59	PC: 13716 \| Change current directory
2018-12-25T11:54:24.256073393Z	14	PC: 13728 \| Set default drive (Drive = 'A')
2018-12-25T11:54:24.257414561Z	42	PC: 1372c \| Get date 0x1372c: nop 0x1372d: cmp dx, 0x101 0x13731: je 0x1373b 0x13733: cmp dx, 0xc1f 0x13737: je 0x1373b 0x13739: jmp 0x13751 0x1373b: mov cx, 0x19 0x1373e: push si 0x1373f: add si, 0x158 0x13743: add si, cx 0x13745: mov dl, byte ptr [si] 0x13747: add dl, 0x40 0x1374a: mov ah, 2 0x1374c: int 0x21 0x1374e: pop si 0x1374f: loop 0x1373e 0x13751: mov di, 0x100 0x13754: push di 0x13755: ret 0x13756: loope 0x13738
2018-12-25T11:54:24.259436111Z	2	PC: 1374e \| Character output (Char = '4c')
2018-12-25T11:54:24.261072622Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.262638117Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.264698501Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.2667177Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.269997517Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.272485674Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.274869444Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.278312338Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.284961351Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.286485026Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.288184318Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.290328605Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.292161039Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.293960863Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.29649229Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.298541088Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.300790891Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.304559593Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.307484003Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.309813126Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.312876051Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.315447452Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.317761958Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.320519057Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:24.322649127Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5386,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:23.692237301Z	26	PC: 13617 \| Set disk transfer address
2018-12-25T11:54:23.694039909Z	25	PC: 1361b \| Get default drive
2018-12-25T11:54:23.695419965Z	14	PC: 13626 \| Set default drive (Drive = 'C')
2018-12-25T11:54:23.696980579Z	71	PC: 13631 \| Get current directory
2018-12-25T11:54:23.70054055Z	78	PC: 13646 \| Find first file
2018-12-25T11:54:23.706383954Z	67	PC: 13671 \| Get or set file attributes
2018-12-25T11:54:24.205793971Z	61	PC: 13676 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T11:54:24.212467042Z	63	PC: 13685 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:54:24.216936235Z	66	PC: 1368e \| Move file pointer
2018-12-25T11:54:24.218207873Z	64	PC: 1369b \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:54:24.221549977Z	64	PC: 136a4 \| Write file or device (Write 370 bytes on handle 5)
2018-12-25T11:54:24.228406899Z	66	PC: 136b7 \| Move file pointer
2018-12-25T11:54:24.229875307Z	64	PC: 136c1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:54:24.232735215Z	87	PC: 136d2 \| Get or set file date and time
2018-12-25T11:54:24.23484277Z	62	PC: 136d6 \| Close file
2018-12-25T11:54:24.241539747Z	67	PC: 136e4 \| Get or set file attributes
2018-12-25T11:54:24.250471801Z	79	PC: 1364c \| Find next file
2018-12-25T11:54:24.254306443Z	59	PC: 136ff \| Change current directory
2018-12-25T11:54:24.258401966Z	14	PC: 13705 \| Set default drive (Drive = 'C')
2018-12-25T11:54:24.259909759Z	78	PC: 13646 \| Find first file (See above)
2018-12-25T11:54:24.2664349Z	79	PC: 1364c \| Find next file (See above)
2018-12-25T11:54:24.269142949Z	59	PC: 13716 \| Change current directory
2018-12-25T11:54:24.271103415Z	14	PC: 13728 \| Set default drive (Drive = 'A')
2018-12-25T11:54:24.272556759Z	42	PC: 1372c \| Get date 0x1372c: nop 0x1372d: cmp dx, 0x101 0x13731: je 0x1373b 0x13733: cmp dx, 0xc1f 0x13737: je 0x1373b 0x13739: jmp 0x13751 0x1373b: mov cx, 0x19 0x1373e: push si 0x1373f: add si, 0x158 0x13743: add si, cx 0x13745: mov dl, byte ptr [si] 0x13747: add dl, 0x40 0x1374a: mov ah, 2 0x1374c: int 0x21 0x1374e: pop si 0x1374f: loop 0x1373e 0x13751: mov di, 0x100 0x13754: push di 0x13755: ret 0x13756: loope 0x13738
2018-12-25T11:54:24.27599581Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5386,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:25.491780733Z	26	PC: 13617 \| Set disk transfer address
2018-12-25T11:54:25.493314369Z	25	PC: 1361b \| Get default drive
2018-12-25T11:54:25.495193686Z	14	PC: 13626 \| Set default drive (Drive = 'C')
2018-12-25T11:54:25.496424895Z	71	PC: 13631 \| Get current directory
2018-12-25T11:54:25.498788849Z	78	PC: 13646 \| Find first file
2018-12-25T11:54:25.50527727Z	67	PC: 13671 \| Get or set file attributes
2018-12-25T11:54:25.845658296Z	61	PC: 13676 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T11:54:25.852477032Z	63	PC: 13685 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:54:25.85499918Z	66	PC: 1368e \| Move file pointer
2018-12-25T11:54:25.857191266Z	64	PC: 1369b \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:54:25.861246741Z	64	PC: 136a4 \| Write file or device (Write 370 bytes on handle 5)
2018-12-25T11:54:25.869733592Z	66	PC: 136b7 \| Move file pointer
2018-12-25T11:54:25.871855543Z	64	PC: 136c1 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:54:25.875352353Z	87	PC: 136d2 \| Get or set file date and time
2018-12-25T11:54:25.877680192Z	62	PC: 136d6 \| Close file
2018-12-25T11:54:25.900807081Z	67	PC: 136e4 \| Get or set file attributes
2018-12-25T11:54:25.9114213Z	79	PC: 1364c \| Find next file
2018-12-25T11:54:25.914901626Z	59	PC: 136ff \| Change current directory
2018-12-25T11:54:25.919026028Z	14	PC: 13705 \| Set default drive (Drive = 'C')
2018-12-25T11:54:25.920357316Z	78	PC: 13646 \| Find first file (See above)
2018-12-25T11:54:25.92660425Z	79	PC: 1364c \| Find next file (See above)
2018-12-25T11:54:25.929837534Z	59	PC: 13716 \| Change current directory
2018-12-25T11:54:25.931795537Z	14	PC: 13728 \| Set default drive (Drive = 'A')
2018-12-25T11:54:25.934183586Z	42	PC: 1372c \| Get date 0x1372c: nop 0x1372d: cmp dx, 0x101 0x13731: je 0x1373b 0x13733: cmp dx, 0xc1f 0x13737: je 0x1373b 0x13739: jmp 0x13751 0x1373b: mov cx, 0x19 0x1373e: push si 0x1373f: add si, 0x158 0x13743: add si, cx 0x13745: mov dl, byte ptr [si] 0x13747: add dl, 0x40 0x1374a: mov ah, 2 0x1374c: int 0x21 0x1374e: pop si 0x1374f: loop 0x1373e 0x13751: mov di, 0x100 0x13754: push di 0x13755: ret 0x13756: loope 0x13738
2018-12-25T11:54:25.937583391Z	2	PC: 1374e \| Character output (Char = '4c')
2018-12-25T11:54:25.94003014Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.942339596Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.945456647Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.94875049Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.952947581Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.956120435Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.958535089Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.960751368Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.963916453Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.967283838Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.969523209Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.97190544Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.974449642Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.977226286Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.979998803Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.987418161Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.98970058Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.992015961Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.995326524Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.997612645Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:25.999856127Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:26.003102787Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:26.005292898Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:26.007449307Z	2	PC: 1374e \| Character output (See above)
2018-12-25T11:54:26.010270588Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')