Sample viewer

vx.netlux.org/Virus.DOS.Grasare.684

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:54.263679073Z	42	PC: 12b0c \| Get date 0x12b0c: cmp al, 1 0x12b0e: je 0x12b17 0x12b10: cmp al, 3 0x12b12: je 0x12b17 0x12b14: jmp 0x12bc5 0x12b17: push di 0x12b18: mov dx, di 0x12b1a: add dx, 0x56 0x12b1d: mov ah, 9 0x12b1f: int 0x21 0x12b21: xor ah, ah 0x12b23: int 0x16 0x12b25: cmp al, 0x42 0x12b27: je 0x12b32 0x12b29: cmp al, 0x62 0x12b2b: je 0x12b32 0x12b2d: ljmp ptr cs:[0x1b1] 0x12b32: xor ah, ah 0x12b34: int 0x16 0x12b36: cmp al, 0x45
2018-12-17T22:33:54.266206994Z	9	PC: 12b21 \| Display string (String= ' SOFTWARE PROTEGIDO POR ?? DAME UN BESO :')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6068,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:25.472098982Z	42	PC: 12b0c \| Get date 0x12b0c: cmp al, 1 0x12b0e: je 0x12b17 0x12b10: cmp al, 3 0x12b12: je 0x12b17 0x12b14: jmp 0x12bc5 0x12b17: push di 0x12b18: mov dx, di 0x12b1a: add dx, 0x56 0x12b1d: mov ah, 9 0x12b1f: int 0x21 0x12b21: xor ah, ah 0x12b23: int 0x16 0x12b25: cmp al, 0x42 0x12b27: je 0x12b32 0x12b29: cmp al, 0x62 0x12b2b: je 0x12b32 0x12b2d: ljmp ptr cs:[0x1b1] 0x12b32: xor ah, ah 0x12b34: int 0x16 0x12b36: cmp al, 0x45
2018-12-25T11:58:25.474860365Z	9	PC: 12b21 \| Display string (String= ' SOFTWARE PROTEGIDO POR ?? DAME UN BESO :')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6068,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:25.665772834Z	42	PC: 12b0c \| Get date 0x12b0c: cmp al, 1 0x12b0e: je 0x12b17 0x12b10: cmp al, 3 0x12b12: je 0x12b17 0x12b14: jmp 0x12bc5 0x12b17: push di 0x12b18: mov dx, di 0x12b1a: add dx, 0x56 0x12b1d: mov ah, 9 0x12b1f: int 0x21 0x12b21: xor ah, ah 0x12b23: int 0x16 0x12b25: cmp al, 0x42 0x12b27: je 0x12b32 0x12b29: cmp al, 0x62 0x12b2b: je 0x12b32 0x12b2d: ljmp ptr cs:[0x1b1] 0x12b32: xor ah, ah 0x12b34: int 0x16 0x12b36: cmp al, 0x45
2018-12-25T11:58:25.668246916Z	9	PC: 12b21 \| Display string (String= ' SOFTWARE PROTEGIDO POR ?? DAME UN BESO :')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6068,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:25.813068401Z	42	PC: 12b0c \| Get date 0x12b0c: cmp al, 1 0x12b0e: je 0x12b17 0x12b10: cmp al, 3 0x12b12: je 0x12b17 0x12b14: jmp 0x12bc5 0x12b17: push di 0x12b18: mov dx, di 0x12b1a: add dx, 0x56 0x12b1d: mov ah, 9 0x12b1f: int 0x21 0x12b21: xor ah, ah 0x12b23: int 0x16 0x12b25: cmp al, 0x42 0x12b27: je 0x12b32 0x12b29: cmp al, 0x62 0x12b2b: je 0x12b32 0x12b2d: ljmp ptr cs:[0x1b1] 0x12b32: xor ah, ah 0x12b34: int 0x16 0x12b36: cmp al, 0x45
2018-12-25T11:58:25.815595996Z	26	PC: 12bd0 \| Set disk transfer address
2018-12-25T11:58:25.816866168Z	78	PC: 12bdf \| Find first file
2018-12-25T11:58:25.823894674Z	67	PC: 12c37 \| Get or set file attributes
2018-12-25T11:58:25.830920824Z	67	PC: 12c47 \| Get or set file attributes
2018-12-25T11:58:25.848261744Z	61	PC: 12c51 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:25.85570737Z	87	PC: 12c5d \| Get or set file date and time
2018-12-25T11:58:25.857362537Z	63	PC: 12c6c \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:25.865675027Z	66	PC: 12c7f \| Move file pointer
2018-12-25T11:58:25.867990086Z	64	PC: 12ca6 \| Write file or device (Write 684 bytes on handle 5)
2018-12-25T11:58:25.880108281Z	66	PC: 12cb9 \| Move file pointer
2018-12-25T11:58:25.884770948Z	64	PC: 12cc7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:25.892652899Z	87	PC: 12cd8 \| Get or set file date and time
2018-12-25T11:58:25.894407958Z	62	PC: 12cdc \| Close file
2018-12-25T11:58:25.904480043Z	67	PC: 12ce4 \| Get or set file attributes
2018-12-25T11:58:25.908825481Z	26	PC: 12ceb \| Set disk transfer address