Sample viewer

vx.netlux.org/Virus.DOS.Gome.1203

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:55.666918707Z	26	PC: 12a59 \| Set disk transfer address
2018-12-17T22:32:55.668400762Z	25	PC: 12a5d \| Get default drive
2018-12-17T22:32:55.669370889Z	71	PC: 12a68 \| Get current directory
2018-12-17T22:32:55.671925123Z	59	PC: 12a6f \| Change current directory
2018-12-17T22:32:55.676088591Z	78	PC: 12a79 \| Find first file
2018-12-17T22:32:55.681616952Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-17T22:32:55.682957762Z	67	PC: 12cc5 \| Get or set file attributes
2018-12-17T22:32:55.685256853Z	59	PC: 12ccc \| Change current directory
2018-12-17T22:32:55.689014773Z	59	PC: 12cd3 \| Change current directory
2018-12-17T22:32:55.690587217Z	42	PC: 12cd7 \| Get date 0x12cd7: cmp cx, 0x7d0 0x12cdb: jb 0x12cfd 0x12cdd: cmp dl, 0x1f 0x12ce0: jne 0x12d00 0x12ce2: cmp dl, 0x1e 0x12ce5: je 0x12d3d 0x12ce7: cmp dl, 0x1d 0x12cea: je 0x12d1b 0x12cec: mov dx, 0x4b8 0x12cef: mov ah, 0x1a 0x12cf1: int 0x21 0x12cf3: mov ah, 0x4e 0x12cf5: mov cx, 7 0x12cf8: mov dx, 0x472 0x12cfb: jmp 0x12d03 0x12cfd: call 0x12d8b 0x12d00: call 0x12d8b 0x12d03: int 0x21 0x12d05: jb 0x12d00 0x12d07: mov ax, 0x4301
2018-12-17T22:32:55.693056192Z	76	PC: 12d90 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5885,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:37.653730049Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T11:55:37.655520638Z	25	PC: 12a5d \| Get default drive
2018-12-25T11:55:37.656956896Z	71	PC: 12a68 \| Get current directory
2018-12-25T11:55:37.6602576Z	59	PC: 12a6f \| Change current directory
2018-12-25T11:55:37.665195841Z	78	PC: 12a79 \| Find first file
2018-12-25T11:55:37.672824218Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-25T11:55:37.674824123Z	67	PC: 12cc5 \| Get or set file attributes
2018-12-25T11:55:37.677103661Z	59	PC: 12ccc \| Change current directory
2018-12-25T11:55:37.683026235Z	59	PC: 12cd3 \| Change current directory
2018-12-25T11:55:37.685418987Z	42	PC: 12cd7 \| Get date 0x12cd7: cmp cx, 0x7d0 0x12cdb: jb 0x12cfd 0x12cdd: cmp dl, 0x1f 0x12ce0: jne 0x12d00 0x12ce2: cmp dl, 0x1e 0x12ce5: je 0x12d3d 0x12ce7: cmp dl, 0x1d 0x12cea: je 0x12d1b 0x12cec: mov dx, 0x4b8 0x12cef: mov ah, 0x1a 0x12cf1: int 0x21 0x12cf3: mov ah, 0x4e 0x12cf5: mov cx, 7 0x12cf8: mov dx, 0x472 0x12cfb: jmp 0x12d03 0x12cfd: call 0x12d8b 0x12d00: call 0x12d8b 0x12d03: int 0x21 0x12d05: jb 0x12d00 0x12d07: mov ax, 0x4301
2018-12-25T11:55:37.688252096Z	76	PC: 12d90 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5885,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:37.681247418Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T11:55:37.683751388Z	25	PC: 12a5d \| Get default drive
2018-12-25T11:55:37.685720847Z	71	PC: 12a68 \| Get current directory
2018-12-25T11:55:37.689958177Z	59	PC: 12a6f \| Change current directory
2018-12-25T11:55:37.695575724Z	78	PC: 12a79 \| Find first file
2018-12-25T11:55:37.702518492Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-25T11:55:37.704690302Z	67	PC: 12cc5 \| Get or set file attributes
2018-12-25T11:55:37.707125325Z	59	PC: 12ccc \| Change current directory
2018-12-25T11:55:37.714819014Z	59	PC: 12cd3 \| Change current directory
2018-12-25T11:55:37.716739083Z	42	PC: 12cd7 \| Get date 0x12cd7: cmp cx, 0x7d0 0x12cdb: jb 0x12cfd 0x12cdd: cmp dl, 0x1f 0x12ce0: jne 0x12d00 0x12ce2: cmp dl, 0x1e 0x12ce5: je 0x12d3d 0x12ce7: cmp dl, 0x1d 0x12cea: je 0x12d1b 0x12cec: mov dx, 0x4b8 0x12cef: mov ah, 0x1a 0x12cf1: int 0x21 0x12cf3: mov ah, 0x4e 0x12cf5: mov cx, 7 0x12cf8: mov dx, 0x472 0x12cfb: jmp 0x12d03 0x12cfd: call 0x12d8b 0x12d00: call 0x12d8b 0x12d03: int 0x21 0x12d05: jb 0x12d00 0x12d07: mov ax, 0x4301
2018-12-25T11:55:37.719421428Z	76	PC: 12d90 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5885,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:37.684714696Z	26	PC: 12a59 \| Set disk transfer address
2018-12-25T11:55:37.686360396Z	25	PC: 12a5d \| Get default drive
2018-12-25T11:55:37.687251668Z	71	PC: 12a68 \| Get current directory
2018-12-25T11:55:37.689906178Z	59	PC: 12a6f \| Change current directory
2018-12-25T11:55:37.694313535Z	78	PC: 12a79 \| Find first file
2018-12-25T11:55:37.704439925Z	87	PC: 12cb9 \| Get or set file date and time
2018-12-25T11:55:37.70571411Z	67	PC: 12cc5 \| Get or set file attributes
2018-12-25T11:55:37.707914849Z	59	PC: 12ccc \| Change current directory
2018-12-25T11:55:37.716301443Z	59	PC: 12cd3 \| Change current directory
2018-12-25T11:55:37.718638332Z	42	PC: 12cd7 \| Get date 0x12cd7: cmp cx, 0x7d0 0x12cdb: jb 0x12cfd 0x12cdd: cmp dl, 0x1f 0x12ce0: jne 0x12d00 0x12ce2: cmp dl, 0x1e 0x12ce5: je 0x12d3d 0x12ce7: cmp dl, 0x1d 0x12cea: je 0x12d1b 0x12cec: mov dx, 0x4b8 0x12cef: mov ah, 0x1a 0x12cf1: int 0x21 0x12cf3: mov ah, 0x4e 0x12cf5: mov cx, 7 0x12cf8: mov dx, 0x472 0x12cfb: jmp 0x12d03 0x12cfd: call 0x12d8b 0x12d00: call 0x12d8b 0x12d03: int 0x21 0x12d05: jb 0x12d00 0x12d07: mov ax, 0x4301
2018-12-25T11:55:37.720655241Z	26	PC: 12cf3 \| Set disk transfer address
2018-12-25T11:55:37.722231424Z	78	PC: 12d05 \| Find first file
2018-12-25T11:55:37.731659281Z	67	PC: 12d0e \| Get or set file attributes
2018-12-25T11:55:37.736311849Z	60	PC: 12d15 \| Create or truncate file
2018-12-25T11:55:38.240117617Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.243007883Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.252606764Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.265192189Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.267806778Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.281054691Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.296682768Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.299512908Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.30904996Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.321676767Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.324860668Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.334964161Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.347925973Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.350630315Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.360515169Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.373334124Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.377112626Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.39096431Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.406092858Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.409982666Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.42011475Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.432519091Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.438794219Z	67	PC: 12d0e \| Get or set file attributes (See above)
2018-12-25T11:55:38.448474365Z	60	PC: 12d15 \| Create or truncate file (See above)
2018-12-25T11:55:38.460578807Z	79	PC: 12d05 \| Find next file (See above)
2018-12-25T11:55:38.463913031Z	76	PC: 12d90 \| Terminate with return code (Return code = '0')