Sample viewer

vx.netlux.org/Virus.DOS.Flow.394

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:38.83836621Z	26	PC: 12a7d \| Set disk transfer address
2018-12-17T22:31:38.851781865Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 0 0x12a83: jne 0x12a94 0x12a85: lea dx, word ptr [bp + 0x228] 0x12a89: push ax 0x12a8a: mov ax, 0x900 0x12a8d: int 0x21 0x12a8f: pop ax 0x12a90: mov ah, 0x4c 0x12a92: int 0x21 0x12a94: mov ah, 0x4e 0x12a96: lea dx, word ptr [bp + 0x21e] 0x12a9a: int 0x21 0x12a9c: jb 0x12ae0 0x12a9e: mov ax, 0x3d02 0x12aa1: lea dx, word ptr [bp + 0x40f] 0x12aa5: int 0x21 0x12aa7: mov bx, ax 0x12aa9: mov ah, 0x3f 0x12aab: mov cx, 1 0x12aae: lea dx, word ptr [bp + 0x227]
2018-12-17T22:31:38.854403893Z	78	PC: 12a9c \| Find first file
2018-12-17T22:31:38.860268938Z	61	PC: 12aa7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:31:38.871183858Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:38.891383884Z	66	PC: 12ac6 \| Move file pointer
2018-12-17T22:31:38.892724221Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:31:38.895095008Z	66	PC: 12ada \| Move file pointer
2018-12-17T22:31:38.901933421Z	66	PC: 12af6 \| Move file pointer
2018-12-17T22:31:38.903789092Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:31:38.907543505Z	66	PC: 12b2f \| Move file pointer
2018-12-17T22:31:38.909803049Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:31:38.915204048Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:31:38.928786094Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:38.937596684Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:38.940195861Z	61	PC: 12aa7 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:31:38.946579098Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:38.95379294Z	66	PC: 12ac6 \| Move file pointer
2018-12-17T22:31:38.955429311Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:31:38.957851347Z	66	PC: 12ada \| Move file pointer
2018-12-17T22:31:38.959733364Z	66	PC: 12af6 \| Move file pointer
2018-12-17T22:31:38.961067823Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:31:38.963917794Z	66	PC: 12b2f \| Move file pointer
2018-12-17T22:31:38.971362663Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:31:38.974280972Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:31:38.980021903Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:39.003724699Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:39.006760572Z	61	PC: 12aa7 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:31:39.025939706Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:39.032426274Z	66	PC: 12ac6 \| Move file pointer
2018-12-17T22:31:39.034203042Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:31:39.042657627Z	66	PC: 12ada \| Move file pointer
2018-12-17T22:31:39.055187731Z	66	PC: 12af6 \| Move file pointer
2018-12-17T22:31:39.05745439Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:31:39.060288098Z	66	PC: 12b2f \| Move file pointer
2018-12-17T22:31:39.061598842Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:31:39.085750477Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:31:39.088665518Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:39.101827666Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:39.105452025Z	61	PC: 12aa7 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:31:39.111817414Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:39.125545038Z	66	PC: 12ac6 \| Move file pointer
2018-12-17T22:31:39.127589837Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:31:39.130024901Z	66	PC: 12ada \| Move file pointer
2018-12-17T22:31:39.131430595Z	66	PC: 12af6 \| Move file pointer
2018-12-17T22:31:39.13370987Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:31:39.136666062Z	66	PC: 12b2f \| Move file pointer
2018-12-17T22:31:39.138003905Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:31:39.141376377Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:31:39.144749828Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:39.348555186Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:39.352468984Z	61	PC: 12aa7 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:31:39.358936948Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:39.365059616Z	66	PC: 12ac6 \| Move file pointer
2018-12-17T22:31:39.366357944Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:31:39.369027766Z	66	PC: 12ada \| Move file pointer
2018-12-17T22:31:39.370299405Z	66	PC: 12af6 \| Move file pointer
2018-12-17T22:31:39.371561878Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:31:39.375216678Z	66	PC: 12b2f \| Move file pointer
2018-12-17T22:31:39.376531979Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:31:39.379641158Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:31:39.383560459Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:39.471629727Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:39.475321635Z	61	PC: 12aa7 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:31:39.483074663Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:39.48986953Z	66	PC: 12ac6 \| Move file pointer
2018-12-17T22:31:39.491254842Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:31:39.494189149Z	66	PC: 12ada \| Move file pointer
2018-12-17T22:31:39.495743139Z	66	PC: 12af6 \| Move file pointer
2018-12-17T22:31:39.497166946Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:31:39.500781261Z	66	PC: 12b2f \| Move file pointer
2018-12-17T22:31:39.502204152Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:31:39.51011849Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:31:39.513499184Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:39.521344242Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:39.523989013Z	61	PC: 12aa7 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:31:39.532096689Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:39.538177624Z	66	PC: 12ac6 \| Move file pointer
2018-12-17T22:31:39.539383745Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:31:39.543625218Z	66	PC: 12ada \| Move file pointer
2018-12-17T22:31:39.54490208Z	66	PC: 12af6 \| Move file pointer
2018-12-17T22:31:39.546088115Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:31:39.549661024Z	66	PC: 12b2f \| Move file pointer
2018-12-17T22:31:39.551350781Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-17T22:31:39.554350982Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-17T22:31:39.561799947Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:39.570183184Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:39.57327413Z	61	PC: 12aa7 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:31:39.580375986Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:31:39.585318445Z	62	PC: 12b49 \| Close file
2018-12-17T22:31:39.58719879Z	79	PC: 12b4d \| Find next file
2018-12-17T22:31:39.591068864Z	26	PC: 12b56 \| Set disk transfer address
2018-12-17T22:31:39.592444227Z	26	PC: 12a7d \| Set disk transfer address
2018-12-17T22:31:39.593401669Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 0 0x12a83: jne 0x12a94 0x12a85: lea dx, word ptr [bp + 0x228] 0x12a89: push ax 0x12a8a: mov ax, 0x900 0x12a8d: int 0x21 0x12a8f: pop ax 0x12a90: mov ah, 0x4c 0x12a92: int 0x21 0x12a94: mov ah, 0x4e 0x12a96: lea dx, word ptr [bp + 0x21e] 0x12a9a: int 0x21 0x12a9c: jb 0x12ae0 0x12a9e: mov ax, 0x3d02 0x12aa1: lea dx, word ptr [bp + 0x40f] 0x12aa5: int 0x21 0x12aa7: mov bx, ax 0x12aa9: mov ah, 0x3f 0x12aab: mov cx, 1 0x12aae: lea dx, word ptr [bp + 0x227]
2018-12-17T22:31:39.59610359Z	78	PC: 12a9c \| Find first file
2018-12-17T22:31:39.60083568Z	26	PC: 12b56 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5654,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:10.060271579Z	26	PC: 12a7d \| Set disk transfer address
2018-12-25T11:55:10.062073506Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 0 0x12a83: jne 0x12a94 0x12a85: lea dx, word ptr [bp + 0x228] 0x12a89: push ax 0x12a8a: mov ax, 0x900 0x12a8d: int 0x21 0x12a8f: pop ax 0x12a90: mov ah, 0x4c 0x12a92: int 0x21 0x12a94: mov ah, 0x4e 0x12a96: lea dx, word ptr [bp + 0x21e] 0x12a9a: int 0x21 0x12a9c: jb 0x12ae0 0x12a9e: mov ax, 0x3d02 0x12aa1: lea dx, word ptr [bp + 0x40f] 0x12aa5: int 0x21 0x12aa7: mov bx, ax 0x12aa9: mov ah, 0x3f 0x12aab: mov cx, 1 0x12aae: lea dx, word ptr [bp + 0x227]
2018-12-25T11:55:10.064346069Z	9	PC: 12a8f \| Display string (String= 'Je suis votre ordinateur, il est dimanche je refuse donc de travailler !')
2018-12-25T11:55:10.068153188Z	76	PC: 12a94 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5654,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:10.092003162Z	26	PC: 12a7d \| Set disk transfer address
2018-12-25T11:55:10.093972318Z	42	PC: 12a81 \| Get date 0x12a81: cmp al, 0 0x12a83: jne 0x12a94 0x12a85: lea dx, word ptr [bp + 0x228] 0x12a89: push ax 0x12a8a: mov ax, 0x900 0x12a8d: int 0x21 0x12a8f: pop ax 0x12a90: mov ah, 0x4c 0x12a92: int 0x21 0x12a94: mov ah, 0x4e 0x12a96: lea dx, word ptr [bp + 0x21e] 0x12a9a: int 0x21 0x12a9c: jb 0x12ae0 0x12a9e: mov ax, 0x3d02 0x12aa1: lea dx, word ptr [bp + 0x40f] 0x12aa5: int 0x21 0x12aa7: mov bx, ax 0x12aa9: mov ah, 0x3f 0x12aab: mov cx, 1 0x12aae: lea dx, word ptr [bp + 0x227]
2018-12-25T11:55:10.097018386Z	78	PC: 12a9c \| Find first file
2018-12-25T11:55:10.103456431Z	61	PC: 12aa7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:10.11053892Z	63	PC: 12ab4 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:55:10.120075504Z	66	PC: 12ac6 \| Move file pointer
2018-12-25T11:55:10.122622547Z	63	PC: 12ad1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:55:10.125815305Z	66	PC: 12ada \| Move file pointer
2018-12-25T11:55:10.129340467Z	66	PC: 12af6 \| Move file pointer
2018-12-25T11:55:10.131110999Z	64	PC: 12b01 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:10.134664289Z	66	PC: 12b2f \| Move file pointer
2018-12-25T11:55:10.136837541Z	64	PC: 12b3a \| Write file or device (Write 38 bytes on handle 5)
2018-12-25T11:55:10.139820177Z	64	PC: 12b45 \| Write file or device (Write 356 bytes on handle 5)
2018-12-25T11:55:10.154920985Z	62	PC: 12b49 \| Close file
2018-12-25T11:55:10.164677901Z	79	PC: 12b4d \| Find next file
2018-12-25T11:55:10.168749559Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T11:55:10.176103782Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T11:55:10.183548742Z	66	PC: 12ac6 \| Move file pointer (See above)
2018-12-25T11:55:10.185693065Z	63	PC: 12ad1 \| Read file or device (See above)
2018-12-25T11:55:10.189377691Z	66	PC: 12ada \| Move file pointer (See above)
2018-12-25T11:55:10.191739635Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T11:55:10.194687602Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T11:55:10.198199357Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T11:55:10.200064922Z	64	PC: 12b3a \| Write file or device (See above)
2018-12-25T11:55:10.203675565Z	64	PC: 12b45 \| Write file or device (See above)
2018-12-25T11:55:10.206500015Z	62	PC: 12b49 \| Close file (See above)
2018-12-25T11:55:10.215231652Z	79	PC: 12b4d \| Find next file (See above)
2018-12-25T11:55:10.218793958Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T11:55:10.226627617Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T11:55:10.23430794Z	66	PC: 12ac6 \| Move file pointer (See above)
2018-12-25T11:55:10.236396472Z	63	PC: 12ad1 \| Read file or device (See above)
2018-12-25T11:55:10.239141926Z	66	PC: 12ada \| Move file pointer (See above)
2018-12-25T11:55:10.241042097Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T11:55:10.243988799Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T11:55:10.247415646Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T11:55:10.249005226Z	64	PC: 12b3a \| Write file or device (See above)
2018-12-25T11:55:10.252196443Z	64	PC: 12b45 \| Write file or device (See above)
2018-12-25T11:55:10.262437417Z	62	PC: 12b49 \| Close file (See above)
2018-12-25T11:55:10.271911392Z	79	PC: 12b4d \| Find next file (See above)
2018-12-25T11:55:10.275525796Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T11:55:10.284258752Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T11:55:10.29236702Z	66	PC: 12ac6 \| Move file pointer (See above)
2018-12-25T11:55:10.294531619Z	63	PC: 12ad1 \| Read file or device (See above)
2018-12-25T11:55:10.29900974Z	66	PC: 12ada \| Move file pointer (See above)
2018-12-25T11:55:10.301377581Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T11:55:10.303563666Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T11:55:10.308522393Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T11:55:10.31101518Z	64	PC: 12b3a \| Write file or device (See above)
2018-12-25T11:55:10.314596458Z	64	PC: 12b45 \| Write file or device (See above)
2018-12-25T11:55:10.319896296Z	62	PC: 12b49 \| Close file (See above)
2018-12-25T11:55:10.329535638Z	79	PC: 12b4d \| Find next file (See above)
2018-12-25T11:55:10.332650871Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T11:55:10.340197873Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T11:55:10.348047581Z	66	PC: 12ac6 \| Move file pointer (See above)
2018-12-25T11:55:10.350096006Z	63	PC: 12ad1 \| Read file or device (See above)
2018-12-25T11:55:10.353351746Z	66	PC: 12ada \| Move file pointer (See above)
2018-12-25T11:55:10.35574723Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T11:55:10.357767303Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T11:55:10.361770953Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T11:55:10.36481178Z	64	PC: 12b3a \| Write file or device (See above)
2018-12-25T11:55:10.368313282Z	64	PC: 12b45 \| Write file or device (See above)
2018-12-25T11:55:10.371756218Z	62	PC: 12b49 \| Close file (See above)
2018-12-25T11:55:10.381238611Z	79	PC: 12b4d \| Find next file (See above)
2018-12-25T11:55:10.38450451Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T11:55:10.393042176Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T11:55:10.403764753Z	66	PC: 12ac6 \| Move file pointer (See above)
2018-12-25T11:55:10.405856025Z	63	PC: 12ad1 \| Read file or device (See above)
2018-12-25T11:55:10.409120743Z	66	PC: 12ada \| Move file pointer (See above)
2018-12-25T11:55:10.412315927Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T11:55:10.41467375Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T11:55:10.418503251Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T11:55:10.420493328Z	64	PC: 12b3a \| Write file or device (See above)
2018-12-25T11:55:10.431024831Z	64	PC: 12b45 \| Write file or device (See above)
2018-12-25T11:55:10.434446947Z	62	PC: 12b49 \| Close file (See above)
2018-12-25T11:55:10.443874412Z	79	PC: 12b4d \| Find next file (See above)
2018-12-25T11:55:10.448289291Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T11:55:10.456066577Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T11:55:10.464114444Z	66	PC: 12ac6 \| Move file pointer (See above)
2018-12-25T11:55:10.466964519Z	63	PC: 12ad1 \| Read file or device (See above)
2018-12-25T11:55:10.470576325Z	66	PC: 12ada \| Move file pointer (See above)
2018-12-25T11:55:10.47256894Z	66	PC: 12af6 \| Move file pointer (See above)
2018-12-25T11:55:10.47520308Z	64	PC: 12b01 \| Write file or device (See above)
2018-12-25T11:55:10.479197124Z	66	PC: 12b2f \| Move file pointer (See above)
2018-12-25T11:55:10.481232197Z	64	PC: 12b3a \| Write file or device (See above)
2018-12-25T11:55:10.488363699Z	64	PC: 12b45 \| Write file or device (See above)
2018-12-25T11:55:10.495903029Z	62	PC: 12b49 \| Close file (See above)
2018-12-25T11:55:10.505156945Z	79	PC: 12b4d \| Find next file (See above)
2018-12-25T11:55:10.508362532Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T11:55:10.516561349Z	63	PC: 12ab4 \| Read file or device (See above)
2018-12-25T11:55:10.519386157Z	62	PC: 12b49 \| Close file (See above)
2018-12-25T11:55:10.521786529Z	79	PC: 12b4d \| Find next file (See above)
2018-12-25T11:55:10.525180431Z	26	PC: 12b56 \| Set disk transfer address
2018-12-25T11:55:10.52665514Z	26	PC: 12a7d \| Set disk transfer address (See above)
2018-12-25T11:55:10.527865005Z	42	PC: 12a81 \| Get date (See above)
2018-12-25T11:55:10.531123225Z	78	PC: 12a9c \| Find first file (See above)
2018-12-25T11:55:10.536534673Z	26	PC: 12b56 \| Set disk transfer address (See above)