Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Elben.301.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:00.072802554Z	78	PC: 12a74 \| Find first file
2018-12-17T22:33:00.079881015Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.082901307Z	61	PC: 12a54 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:33:00.08953704Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.098698074Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.114271686Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.116990206Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.119482161Z	61	PC: 12a54 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:33:00.127309999Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.134014246Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.142008931Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.146179169Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.148999707Z	61	PC: 12a54 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:33:00.155587826Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.16340961Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.171358296Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.173944246Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.17682257Z	61	PC: 12a54 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:33:00.183955198Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.191156314Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.200156051Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.207885471Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.210080096Z	61	PC: 12a54 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:33:00.217216101Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.224102967Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.231866456Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.234771487Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.23783956Z	61	PC: 12a54 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:33:00.244193379Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.250594432Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.258506053Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.261065782Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.263345947Z	61	PC: 12a54 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:33:00.270124098Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.276528291Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.284578379Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.288021646Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-17T22:33:00.290225019Z	61	PC: 12a54 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:33:00.296586935Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-17T22:33:00.300322683Z	62	PC: 12a67 \| Close file
2018-12-17T22:33:00.308310524Z	79	PC: 12a82 \| Find next file
2018-12-17T22:33:00.310504631Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dh, 0x8d 0x12a8f: jne 0x12a9d 0x12a91: cmp dl, 0x1f 0x12a94: jne 0x12a9d 0x12a96: mov ah, 9 0x12a98: mov dx, 0x15f 0x12a9b: int 0x21 0x12a9d: int 0x20 0x12a9f: or ax, 0x460a 0x12aa2: sub ax, 0x5250 0x12aa5: dec di 0x12aa6: push sp 0x12aa7: and byte ptr [bp + di + 0x55], dl 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax 0x12ab0: pop ax

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5900,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:08.241731069Z	78	PC: 12a74 \| Find first file
2018-12-25T11:58:08.248112614Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-25T11:58:08.252090828Z	61	PC: 12a54 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:08.259396944Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-25T11:58:08.266888982Z	62	PC: 12a67 \| Close file
2018-12-25T11:58:08.870575039Z	79	PC: 12a82 \| Find next file
2018-12-25T11:58:08.872429915Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:08.874100952Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:08.87966542Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:08.919122537Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:08.948472247Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:08.951896374Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:08.953575272Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:08.958381533Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:08.963323851Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:08.994461822Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:08.997830017Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.001802818Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.008689095Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.016194009Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:09.048512559Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:09.051209275Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.05278113Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.061234962Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.065580825Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:09.097963764Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:09.102883845Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.105314709Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.111969624Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.127852835Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:09.15523754Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:09.158307707Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.162138376Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.169129641Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.175740362Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:09.221490164Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:09.224198093Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.227372127Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.234654905Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.241543631Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:09.288124779Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:09.290812793Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dh, 0x8d 0x12a8f: jne 0x12a9d 0x12a91: cmp dl, 0x1f 0x12a94: jne 0x12a9d 0x12a96: mov ah, 9 0x12a98: mov dx, 0x15f 0x12a9b: int 0x21 0x12a9d: int 0x20 0x12a9f: or ax, 0x460a 0x12aa2: sub ax, 0x5250 0x12aa5: dec di 0x12aa6: push sp 0x12aa7: and byte ptr [bp + di + 0x55], dl 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax 0x12ab0: pop ax

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":5900,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:08.477254682Z	78	PC: 12a74 \| Find first file
2018-12-25T11:58:08.48197783Z	44	PC: 12b0d \| Get time 0x12b0d: cmp dh, 0 0x12b10: je 0x12b09 0x12b12: mov byte ptr [0x1af], dh 0x12b16: ret 0x12b17: pop bx 0x12b18: inc bp 0x12b19: insb byte ptr es:[di], dx 0x12b1a: and byte ptr [bp + si + 0x65], ah 0x12b1d: outsb dx, byte ptr [si] 0x12b1e: popaw 0x12b20: outsw dx, word ptr fs:[si] 0x12b22: jb 0x12b44 0x12b24: jne 0x12b9a 0x12b27: je 0x12b92 0x12b29: arpl word ptr [bx + di + 0x65], bp 0x12b2c: jb 0x12b9d 0x12b2e: and byte ptr [bx + di + 0x20], bh 0x12b31: jae 0x12ba8 0x12b33: and byte ptr [bx + si + 0x61], dh 0x12b36: jae 0x12bac
2018-12-25T11:58:08.483601475Z	61	PC: 12a54 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:08.487969407Z	64	PC: 12a63 \| Write file or device (Write 301 bytes on handle 5)
2018-12-25T11:58:08.514479954Z	62	PC: 12a67 \| Close file
2018-12-25T11:58:09.580300152Z	79	PC: 12a82 \| Find next file
2018-12-25T11:58:09.58401946Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.588511077Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.594969926Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.599782057Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:09.706324986Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:09.711542834Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.714860412Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.721827358Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.730516692Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:09.825077685Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:09.827898049Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:09.831195589Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:09.838923511Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:09.845428762Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:10.01455689Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:10.017674537Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:10.020894661Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:10.028244244Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:10.034763269Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:10.134779789Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:10.144194519Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:10.14690456Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:10.153698651Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:10.161440676Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:10.374483557Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:10.377351075Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:10.38005683Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:10.387748318Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:10.394482814Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:10.758263346Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:10.760897541Z	44	PC: 12b0d \| Get time (See above)
2018-12-25T11:58:10.763119174Z	61	PC: 12a54 \| Open file (See above)
2018-12-25T11:58:10.767546572Z	64	PC: 12a63 \| Write file or device (See above)
2018-12-25T11:58:10.773505904Z	62	PC: 12a67 \| Close file (See above)
2018-12-25T11:58:11.055732896Z	79	PC: 12a82 \| Find next file (See above)
2018-12-25T11:58:11.058446338Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dh, 0x8d 0x12a8f: jne 0x12a9d 0x12a91: cmp dl, 0x1f 0x12a94: jne 0x12a9d 0x12a96: mov ah, 9 0x12a98: mov dx, 0x15f 0x12a9b: int 0x21 0x12a9d: int 0x20 0x12a9f: or ax, 0x460a 0x12aa2: sub ax, 0x5250 0x12aa5: dec di 0x12aa6: push sp 0x12aa7: and byte ptr [bp + di + 0x55], dl 0x12aaa: pop ax 0x12aab: pop ax 0x12aac: pop ax 0x12aad: pop ax 0x12aae: pop ax 0x12aaf: pop ax 0x12ab0: pop ax