Sample viewer

vx.netlux.org/Virus.DOS.SSR.736

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:30:30.150154423Z 47 PC: 133ff | Get disk transfer address
2018-12-17T22:30:30.152658168Z 26 PC: 1340f | Set disk transfer address
2018-12-17T22:30:30.153819937Z 42 PC: 132b7 | Get date 0x132b7: cmp cx, 0x7ca
0x132bb: jne 0x132c3
0x132bd: call 0x13426
0x132c0: jmp 0x133a2
0x132c3: lea dx, word ptr [si + 0x36f]
0x132c7: mov cx, 1
0x132ca: mov ah, 0x4e
0x132cc: int 0x21
0x132ce: jae 0x132d9
0x132d0: jmp 0x133a2
0x132d3: call 0x13421
0x132d6: call 0x133ed
0x132d9: mov word ptr [si + 0x386], 0xffff
0x132df: mov ah, 0x4f
0x132e1: int 0x21
0x132e3: jae 0x132e8
0x132e5: jmp 0x133a2
0x132e8: push si
0x132e9: lea di, word ptr [si + 0x375]
0x132ed: lea si, word ptr [si + 0x3b2]
2018-12-17T22:30:30.155913077Z 78 PC: 132ce | Find first file
2018-12-17T22:30:30.163055067Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.165484655Z 67 PC: 133e1 | Get or set file attributes
2018-12-17T22:30:30.171029038Z 67 PC: 133ec | Get or set file attributes
2018-12-17T22:30:30.187394349Z 61 PC: 13303 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:30:30.194192784Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:30.200394541Z 66 PC: 13336 | Move file pointer
2018-12-17T22:30:30.202009455Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.203814164Z 67 PC: 133fa | Get or set file attributes
2018-12-17T22:30:30.216080508Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.218645928Z 67 PC: 133e1 | Get or set file attributes
2018-12-17T22:30:30.224506441Z 67 PC: 133ec | Get or set file attributes
2018-12-17T22:30:30.441936404Z 61 PC: 13303 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:30:30.445994902Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:30.450257963Z 66 PC: 13336 | Move file pointer
2018-12-17T22:30:30.451550261Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.453198015Z 67 PC: 133fa | Get or set file attributes
2018-12-17T22:30:30.556813657Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.559430065Z 67 PC: 133e1 | Get or set file attributes
2018-12-17T22:30:30.570326359Z 67 PC: 133ec | Get or set file attributes
2018-12-17T22:30:30.583241584Z 61 PC: 13303 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:30:30.589791742Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:30.595955094Z 66 PC: 13336 | Move file pointer
2018-12-17T22:30:30.597647886Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.599247838Z 67 PC: 133fa | Get or set file attributes
2018-12-17T22:30:30.608921449Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.611724106Z 67 PC: 133e1 | Get or set file attributes
2018-12-17T22:30:30.617178125Z 67 PC: 133ec | Get or set file attributes
2018-12-17T22:30:30.626704968Z 61 PC: 13303 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:30:30.634496509Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:30.639590567Z 66 PC: 13336 | Move file pointer
2018-12-17T22:30:30.640691351Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.642598072Z 67 PC: 133fa | Get or set file attributes
2018-12-17T22:30:30.649059346Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.650896338Z 67 PC: 133e1 | Get or set file attributes
2018-12-17T22:30:30.65542657Z 67 PC: 133ec | Get or set file attributes
2018-12-17T22:30:30.664955872Z 61 PC: 13303 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:30:30.671485764Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:30.679218531Z 66 PC: 13336 | Move file pointer
2018-12-17T22:30:30.681515197Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.683608385Z 67 PC: 133fa | Get or set file attributes
2018-12-17T22:30:30.694578103Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.697321643Z 67 PC: 133e1 | Get or set file attributes
2018-12-17T22:30:30.708035414Z 67 PC: 133ec | Get or set file attributes
2018-12-17T22:30:30.719188575Z 61 PC: 13303 | Open file (Filename = 'PAH.COM')
2018-12-17T22:30:30.725654423Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:30.732018383Z 66 PC: 13336 | Move file pointer
2018-12-17T22:30:30.733739583Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.738072111Z 67 PC: 133fa | Get or set file attributes
2018-12-17T22:30:30.748560589Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.751543332Z 67 PC: 133e1 | Get or set file attributes
2018-12-17T22:30:30.757905188Z 67 PC: 133ec | Get or set file attributes
2018-12-17T22:30:30.769755989Z 61 PC: 13303 | Open file (Filename = 'TEST.COM')
2018-12-17T22:30:30.777257707Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:30:30.784301617Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.786039411Z 67 PC: 133fa | Get or set file attributes
2018-12-17T22:30:30.795826574Z 79 PC: 132e3 | Find next file
2018-12-17T22:30:30.798831833Z 62 PC: 13425 | Close file
2018-12-17T22:30:30.80023572Z 26 PC: 1341f | Set disk transfer address
2018-12-17T22:30:30.801239169Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2100, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-17T22:30:30.812988582Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:32.35475692Z 47 PC: 133ff | Get disk transfer address
2018-12-25T11:54:32.356295687Z 26 PC: 1340f | Set disk transfer address
2018-12-25T11:54:32.357256675Z 42 PC: 132b7 | Get date 0x132b7: cmp cx, 0x7ca
0x132bb: jne 0x132c3
0x132bd: call 0x13426
0x132c0: jmp 0x133a2
0x132c3: lea dx, word ptr [si + 0x36f]
0x132c7: mov cx, 1
0x132ca: mov ah, 0x4e
0x132cc: int 0x21
0x132ce: jae 0x132d9
0x132d0: jmp 0x133a2
0x132d3: call 0x13421
0x132d6: call 0x133ed
0x132d9: mov word ptr [si + 0x386], 0xffff
0x132df: mov ah, 0x4f
0x132e1: int 0x21
0x132e3: jae 0x132e8
0x132e5: jmp 0x133a2
0x132e8: push si
0x132e9: lea di, word ptr [si + 0x375]
0x132ed: lea si, word ptr [si + 0x3b2]
2018-12-25T11:54:32.359159132Z 78 PC: 132ce | Find first file
2018-12-25T11:54:32.365099456Z 79 PC: 132e3 | Find next file
2018-12-25T11:54:32.366779769Z 67 PC: 133e1 | Get or set file attributes
2018-12-25T11:54:32.370091444Z 67 PC: 133ec | Get or set file attributes
2018-12-25T11:54:33.008658429Z 61 PC: 13303 | Open file (Filename = 'PRINT.COM')
2018-12-25T11:54:33.015555745Z 63 PC: 13319 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:54:33.022045378Z 66 PC: 13336 | Move file pointer
2018-12-25T11:54:33.02362428Z 62 PC: 13425 | Close file
2018-12-25T11:54:33.026130992Z 67 PC: 133fa | Get or set file attributes
2018-12-25T11:54:33.036505311Z 79 PC: 132e3 | Find next file (See above)
2018-12-25T11:54:33.039072756Z 67 PC: 133e1 | Get or set file attributes (See above)
2018-12-25T11:54:33.045728282Z 67 PC: 133ec | Get or set file attributes (See above)
2018-12-25T11:54:33.057607807Z 61 PC: 13303 | Open file (See above)
2018-12-25T11:54:33.063981662Z 63 PC: 13319 | Read file or device (See above)
2018-12-25T11:54:33.070955627Z 66 PC: 13336 | Move file pointer (See above)
2018-12-25T11:54:33.073741001Z 62 PC: 13425 | Close file (See above)
2018-12-25T11:54:33.075471972Z 67 PC: 133fa | Get or set file attributes (See above)
2018-12-25T11:54:33.087619668Z 79 PC: 132e3 | Find next file (See above)
2018-12-25T11:54:33.090378576Z 67 PC: 133e1 | Get or set file attributes (See above)
2018-12-25T11:54:33.096217607Z 67 PC: 133ec | Get or set file attributes (See above)
2018-12-25T11:54:33.105533879Z 61 PC: 13303 | Open file (See above)
2018-12-25T11:54:33.112052559Z 63 PC: 13319 | Read file or device (See above)
2018-12-25T11:54:33.118272024Z 66 PC: 13336 | Move file pointer (See above)
2018-12-25T11:54:33.120410501Z 62 PC: 13425 | Close file (See above)
2018-12-25T11:54:33.122144441Z 67 PC: 133fa | Get or set file attributes (See above)
2018-12-25T11:54:33.131740815Z 79 PC: 132e3 | Find next file (See above)
2018-12-25T11:54:33.135609385Z 67 PC: 133e1 | Get or set file attributes (See above)
2018-12-25T11:54:33.141178962Z 67 PC: 133ec | Get or set file attributes (See above)
2018-12-25T11:54:33.150796806Z 61 PC: 13303 | Open file (See above)
2018-12-25T11:54:33.162535453Z 63 PC: 13319 | Read file or device (See above)
2018-12-25T11:54:33.169087978Z 66 PC: 13336 | Move file pointer (See above)
2018-12-25T11:54:33.17059894Z 62 PC: 13425 | Close file (See above)
2018-12-25T11:54:33.172736143Z 67 PC: 133fa | Get or set file attributes (See above)
2018-12-25T11:54:33.18252068Z 79 PC: 132e3 | Find next file (See above)
2018-12-25T11:54:33.185021171Z 67 PC: 133e1 | Get or set file attributes (See above)
2018-12-25T11:54:33.19084274Z 67 PC: 133ec | Get or set file attributes (See above)
2018-12-25T11:54:33.200168465Z 61 PC: 13303 | Open file (See above)
2018-12-25T11:54:33.204217184Z 63 PC: 13319 | Read file or device (See above)
2018-12-25T11:54:33.208807481Z 66 PC: 13336 | Move file pointer (See above)
2018-12-25T11:54:33.209778009Z 62 PC: 13425 | Close file (See above)
2018-12-25T11:54:33.211028762Z 67 PC: 133fa | Get or set file attributes (See above)
2018-12-25T11:54:33.21940151Z 79 PC: 132e3 | Find next file (See above)
2018-12-25T11:54:33.22148933Z 67 PC: 133e1 | Get or set file attributes (See above)
2018-12-25T11:54:33.231715149Z 67 PC: 133ec | Get or set file attributes (See above)
2018-12-25T11:54:33.238117846Z 61 PC: 13303 | Open file (See above)
2018-12-25T11:54:33.242416028Z 63 PC: 13319 | Read file or device (See above)
2018-12-25T11:54:33.246906781Z 66 PC: 13336 | Move file pointer (See above)
2018-12-25T11:54:33.248089418Z 62 PC: 13425 | Close file (See above)
2018-12-25T11:54:33.249441822Z 67 PC: 133fa | Get or set file attributes (See above)
2018-12-25T11:54:33.255427842Z 79 PC: 132e3 | Find next file (See above)
2018-12-25T11:54:33.257180638Z 67 PC: 133e1 | Get or set file attributes (See above)
2018-12-25T11:54:33.260923403Z 67 PC: 133ec | Get or set file attributes (See above)
2018-12-25T11:54:33.2727308Z 61 PC: 13303 | Open file (See above)
2018-12-25T11:54:33.283776385Z 63 PC: 13319 | Read file or device (See above)
2018-12-25T11:54:33.288077719Z 62 PC: 13425 | Close file (See above)
2018-12-25T11:54:33.28963947Z 67 PC: 133fa | Get or set file attributes (See above)
2018-12-25T11:54:33.301940104Z 79 PC: 132e3 | Find next file (See above)
2018-12-25T11:54:33.304327814Z 62 PC: 13425 | Close file (See above)
2018-12-25T11:54:33.305613318Z 26 PC: 1341f | Set disk transfer address
2018-12-25T11:54:33.306693952Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=2100, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T11:54:33.317179744Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5449,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:32.329504667Z 47 PC: 133ff | Get disk transfer address
2018-12-25T11:54:32.330994729Z 26 PC: 1340f | Set disk transfer address
2018-12-25T11:54:32.331924685Z 42 PC: 132b7 | Get date 0x132b7: cmp cx, 0x7ca
0x132bb: jne 0x132c3
0x132bd: call 0x13426
0x132c0: jmp 0x133a2
0x132c3: lea dx, word ptr [si + 0x36f]
0x132c7: mov cx, 1
0x132ca: mov ah, 0x4e
0x132cc: int 0x21
0x132ce: jae 0x132d9
0x132d0: jmp 0x133a2
0x132d3: call 0x13421
0x132d6: call 0x133ed
0x132d9: mov word ptr [si + 0x386], 0xffff
0x132df: mov ah, 0x4f
0x132e1: int 0x21
0x132e3: jae 0x132e8
0x132e5: jmp 0x133a2
0x132e8: push si
0x132e9: lea di, word ptr [si + 0x375]
0x132ed: lea si, word ptr [si + 0x3b2]
2018-12-25T11:54:32.333902166Z 61 PC: 1342f | Open file (Filename = 'FILE0002.COM')
2018-12-25T11:54:32.340173487Z 87 PC: 133c1 | Get or set file date and time
2018-12-25T11:54:32.341098822Z 63 PC: 13443 | Read file or device (Read 4 bytes on handle 2)