Sample viewer

vx.netlux.org/Virus.DOS.Nady.493

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:35.420074693Z	26	PC: 12e4f \| Set disk transfer address
2018-12-17T22:31:35.421622511Z	71	PC: 12e5a \| Get current directory
2018-12-17T22:31:35.423569316Z	44	PC: 12e5e \| Get time 0x12e5e: cmp dh, 0xd 0x12e61: je 0x12e66 0x12e63: jmp 0x12e72 0x12e65: nop 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x292] 0x12e6c: int 0x21 0x12e6e: mov ah, 0 0x12e70: int 0x21 0x12e72: lea dx, word ptr [bp + 0x273] 0x12e76: call 0x12ecf 0x12e79: call 0x12ea5 0x12e7c: jae 0x12e72 0x12e7e: mov si, bp 0x12e80: add si, 0x105 0x12e84: push sp 0x12e85: pop sp 0x12e86: mov di, 0x100 0x12e89: movsw word ptr es:[di], word ptr [si] 0x12e8a: movsw word ptr es:[di], word ptr [si]
2018-12-17T22:31:35.425098847Z	78	PC: 12ed6 \| Find first file
2018-12-17T22:31:35.429450569Z	61	PC: 12eb7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:31:35.436445689Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:35.440826663Z	66	PC: 12ece \| Move file pointer
2018-12-17T22:31:35.442526323Z	87	PC: 12f3f \| Get or set file date and time
2018-12-17T22:31:35.443631379Z	62	PC: 12f43 \| Close file
2018-12-17T22:31:35.457150458Z	79	PC: 12ed6 \| Find next file
2018-12-17T22:31:35.459783569Z	61	PC: 12eb7 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:31:35.467227578Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:35.471492017Z	66	PC: 12ece \| Move file pointer
2018-12-17T22:31:35.472604554Z	87	PC: 12f3f \| Get or set file date and time
2018-12-17T22:31:35.474328902Z	62	PC: 12f43 \| Close file
2018-12-17T22:31:35.478903944Z	79	PC: 12ed6 \| Find next file
2018-12-17T22:31:35.480797701Z	61	PC: 12eb7 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:31:35.485546825Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:35.489745297Z	66	PC: 12ece \| Move file pointer
2018-12-17T22:31:35.490784238Z	87	PC: 12f3f \| Get or set file date and time
2018-12-17T22:31:35.492506308Z	62	PC: 12f43 \| Close file
2018-12-17T22:31:35.497301277Z	79	PC: 12ed6 \| Find next file
2018-12-17T22:31:35.49914396Z	61	PC: 12eb7 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:31:35.503889291Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:35.508625693Z	66	PC: 12ece \| Move file pointer
2018-12-17T22:31:35.509886987Z	87	PC: 12f3f \| Get or set file date and time
2018-12-17T22:31:35.511698518Z	62	PC: 12f43 \| Close file
2018-12-17T22:31:35.518162053Z	79	PC: 12ed6 \| Find next file
2018-12-17T22:31:35.520410965Z	61	PC: 12eb7 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:31:35.528416742Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:35.53285733Z	66	PC: 12ece \| Move file pointer
2018-12-17T22:31:35.534185205Z	87	PC: 12f3f \| Get or set file date and time
2018-12-17T22:31:35.536242913Z	62	PC: 12f43 \| Close file
2018-12-17T22:31:35.543967626Z	79	PC: 12ed6 \| Find next file
2018-12-17T22:31:35.546291856Z	61	PC: 12eb7 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:31:35.559614711Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:35.566900954Z	66	PC: 12ece \| Move file pointer
2018-12-17T22:31:35.568746145Z	64	PC: 12ee9 \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:35.572980517Z	64	PC: 12f02 \| Write file or device (Write 488 bytes on handle 5)
2018-12-17T22:31:35.581536611Z	66	PC: 12f0e \| Move file pointer
2018-12-17T22:31:35.583174502Z	64	PC: 12f2d \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:31:35.590259269Z	87	PC: 12f3f \| Get or set file date and time
2018-12-17T22:31:35.591757101Z	62	PC: 12f43 \| Close file
2018-12-17T22:31:35.599450614Z	79	PC: 12ed6 \| Find next file
2018-12-17T22:31:35.602480975Z	61	PC: 12eb7 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:31:35.609359136Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:31:35.615858915Z	66	PC: 12ece \| Move file pointer
2018-12-17T22:31:35.618605553Z	87	PC: 12f3f \| Get or set file date and time
2018-12-17T22:31:35.620020254Z	62	PC: 12f43 \| Close file
2018-12-17T22:31:35.63321836Z	79	PC: 12ed6 \| Find next file
2018-12-17T22:31:35.636649262Z	59	PC: 12ead \| Change current directory
2018-12-17T22:31:35.640692524Z	59	PC: 12e9d \| Change current directory
2018-12-17T22:31:35.644627913Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5640,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:03.335395572Z	26	PC: 12e4f \| Set disk transfer address
2018-12-25T11:55:03.338780564Z	71	PC: 12e5a \| Get current directory
2018-12-25T11:55:03.342081542Z	44	PC: 12e5e \| Get time 0x12e5e: cmp dh, 0xd 0x12e61: je 0x12e66 0x12e63: jmp 0x12e72 0x12e65: nop 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x292] 0x12e6c: int 0x21 0x12e6e: mov ah, 0 0x12e70: int 0x21 0x12e72: lea dx, word ptr [bp + 0x273] 0x12e76: call 0x12ecf 0x12e79: call 0x12ea5 0x12e7c: jae 0x12e72 0x12e7e: mov si, bp 0x12e80: add si, 0x105 0x12e84: push sp 0x12e85: pop sp 0x12e86: mov di, 0x100 0x12e89: movsw word ptr es:[di], word ptr [si] 0x12e8a: movsw word ptr es:[di], word ptr [si]
2018-12-25T11:55:03.344587395Z	78	PC: 12ed6 \| Find first file
2018-12-25T11:55:03.352880625Z	61	PC: 12eb7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:03.362991152Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:03.369540282Z	66	PC: 12ece \| Move file pointer
2018-12-25T11:55:03.3715892Z	87	PC: 12f3f \| Get or set file date and time
2018-12-25T11:55:03.372994031Z	62	PC: 12f43 \| Close file
2018-12-25T11:55:03.385226457Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.396741861Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.409239295Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.416251107Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.41759144Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.427142785Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.434430932Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.437633891Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.444525795Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.450700372Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.452427687Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.460843836Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.468035922Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.470755789Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.4779235Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.48433342Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.485705426Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.487501846Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.494423724Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.496897119Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.504143272Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.510586434Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.511830534Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.514428873Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.524629731Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.527032022Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.5335127Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.540980117Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.543066296Z	64	PC: 12ee9 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:03.545970583Z	64	PC: 12f02 \| Write file or device (Write 488 bytes on handle 5)
2018-12-25T11:55:03.554575311Z	66	PC: 12f0e \| Move file pointer
2018-12-25T11:55:03.555862359Z	64	PC: 12f2d \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:03.562343278Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.564231096Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.571675708Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.574590807Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.581587323Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.587919518Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.589942188Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.591374565Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.598195741Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.600817336Z	59	PC: 12ead \| Change current directory
2018-12-25T11:55:03.604832703Z	59	PC: 12e9d \| Change current directory
2018-12-25T11:55:03.613593704Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":13,"TimeBased":true,"OriginalID":5640,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:03.488639238Z	26	PC: 12e4f \| Set disk transfer address
2018-12-25T11:55:03.490068056Z	71	PC: 12e5a \| Get current directory
2018-12-25T11:55:03.491949843Z	44	PC: 12e5e \| Get time 0x12e5e: cmp dh, 0xd 0x12e61: je 0x12e66 0x12e63: jmp 0x12e72 0x12e65: nop 0x12e66: mov ah, 9 0x12e68: lea dx, word ptr [bp + 0x292] 0x12e6c: int 0x21 0x12e6e: mov ah, 0 0x12e70: int 0x21 0x12e72: lea dx, word ptr [bp + 0x273] 0x12e76: call 0x12ecf 0x12e79: call 0x12ea5 0x12e7c: jae 0x12e72 0x12e7e: mov si, bp 0x12e80: add si, 0x105 0x12e84: push sp 0x12e85: pop sp 0x12e86: mov di, 0x100 0x12e89: movsw word ptr es:[di], word ptr [si] 0x12e8a: movsw word ptr es:[di], word ptr [si]
2018-12-25T11:55:03.493833243Z	78	PC: 12ed6 \| Find first file
2018-12-25T11:55:03.499885257Z	61	PC: 12eb7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:03.506792184Z	63	PC: 12ec5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:55:03.512749719Z	66	PC: 12ece \| Move file pointer
2018-12-25T11:55:03.514368158Z	87	PC: 12f3f \| Get or set file date and time
2018-12-25T11:55:03.515448559Z	62	PC: 12f43 \| Close file
2018-12-25T11:55:03.525006979Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.527019025Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.530907371Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.534767052Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.536036746Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.537044827Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.54158259Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.543505096Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.547431703Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.55183184Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.553236355Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.554290135Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.559861185Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.561911147Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.568966708Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.573289425Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.574721786Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.575868072Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.582825614Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.585741402Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.595567751Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.601604265Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.603235118Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.604613055Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.611375144Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.61461146Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.621484916Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.627515909Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.628971257Z	64	PC: 12ee9 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:03.631852797Z	64	PC: 12f02 \| Write file or device (Write 488 bytes on handle 5)
2018-12-25T11:55:03.640086935Z	66	PC: 12f0e \| Move file pointer
2018-12-25T11:55:03.641274954Z	64	PC: 12f2d \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:55:03.647651156Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.648921397Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.656382304Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.658880342Z	61	PC: 12eb7 \| Open file (See above)
2018-12-25T11:55:03.665112535Z	63	PC: 12ec5 \| Read file or device (See above)
2018-12-25T11:55:03.671439909Z	66	PC: 12ece \| Move file pointer (See above)
2018-12-25T11:55:03.67302446Z	87	PC: 12f3f \| Get or set file date and time (See above)
2018-12-25T11:55:03.674379061Z	62	PC: 12f43 \| Close file (See above)
2018-12-25T11:55:03.68110954Z	79	PC: 12ed6 \| Find next file (See above)
2018-12-25T11:55:03.684196713Z	59	PC: 12ead \| Change current directory
2018-12-25T11:55:03.688125059Z	59	PC: 12e9d \| Change current directory
2018-12-25T11:55:03.696416252Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')