Sample viewer

vx.netlux.org/Virus.DOS.Big.1069

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:23.907410837Z 26 PC: 12c4e | Set disk transfer address
2018-12-17T22:35:23.908738191Z 78 PC: 12c58 | Find first file
2018-12-17T22:35:23.930552373Z 61 PC: 12e54 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:23.937941048Z 66 PC: 12e6a | Move file pointer
2018-12-17T22:35:23.939582733Z 63 PC: 12c92 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:35:23.963176675Z 62 PC: 12e5f | Close file
2018-12-17T22:35:23.965227227Z 67 PC: 12caf | Get or set file attributes
2018-12-17T22:35:23.971921549Z 67 PC: 12cbe | Get or set file attributes
2018-12-17T22:35:23.991653984Z 61 PC: 12e54 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:24.000350966Z 66 PC: 12e6a | Move file pointer
2018-12-17T22:35:24.003643493Z 63 PC: 12cd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:24.010792617Z 62 PC: 12e5f | Close file
2018-12-17T22:35:24.013516955Z 61 PC: 12e54 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:35:24.022636992Z 66 PC: 12e6a | Move file pointer
2018-12-17T22:35:24.024245139Z 64 PC: 12cf1 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:24.028651961Z 66 PC: 12e6a | Move file pointer
2018-12-17T22:35:24.030223338Z 64 PC: 12d0e | Write file or device (Write 1069 bytes on handle 5)
2018-12-17T22:35:24.230600511Z 62 PC: 12e5f | Close file
2018-12-17T22:35:24.405682147Z 67 PC: 12d20 | Get or set file attributes
2018-12-17T22:35:24.417398387Z 44 PC: 12d39 | Get time 0x12d39: cmp dh, 5
0x12d3c: jge 0x12d9d
0x12d3e: mov ax, 0x600
0x12d41: mov bh, 7
0x12d43: mov cx, 0
0x12d46: mov dx, 0x184f
0x12d49: int 0x10
0x12d4b: mov ah, 2
0x12d4d: mov bh, 0
0x12d4f: mov dx, 0x1900
0x12d52: int 0x10
0x12d54: push cs
0x12d55: pop ax
0x12d56: mov ds, ax
0x12d58: mov es, ax
0x12d5a: lea si, word ptr [bp + 0x4b]
0x12d5d: lea di, word ptr [bp + 0x55]
0x12d60: mov cx, 7
0x12d63: push cx
0x12d64: mov cx, 2

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6374,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:16.455879113Z 26 PC: 12c4e | Set disk transfer address
2018-12-25T11:59:16.457372814Z 78 PC: 12c58 | Find first file
2018-12-25T11:59:16.463408396Z 61 PC: 12e54 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:16.469716447Z 66 PC: 12e6a | Move file pointer
2018-12-25T11:59:16.471641895Z 63 PC: 12c92 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:16.478630304Z 62 PC: 12e5f | Close file
2018-12-25T11:59:16.480718525Z 67 PC: 12caf | Get or set file attributes
2018-12-25T11:59:16.487249028Z 67 PC: 12cbe | Get or set file attributes
2018-12-25T11:59:16.502600361Z 61 PC: 12e54 | Open file (See above)
2018-12-25T11:59:16.509131929Z 66 PC: 12e6a | Move file pointer (See above)
2018-12-25T11:59:16.510667667Z 63 PC: 12cd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:16.514082052Z 62 PC: 12e5f | Close file (See above)
2018-12-25T11:59:16.516045816Z 61 PC: 12e54 | Open file (See above)
2018-12-25T11:59:16.522583459Z 66 PC: 12e6a | Move file pointer (See above)
2018-12-25T11:59:16.524532652Z 64 PC: 12cf1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:16.527867632Z 66 PC: 12e6a | Move file pointer (See above)
2018-12-25T11:59:16.529662893Z 64 PC: 12d0e | Write file or device (Write 1069 bytes on handle 5)
2018-12-25T11:59:16.539205177Z 62 PC: 12e5f | Close file (See above)
2018-12-25T11:59:16.547644657Z 67 PC: 12d20 | Get or set file attributes
2018-12-25T11:59:16.557324249Z 44 PC: 12d39 | Get time 0x12d39: cmp dh, 5
0x12d3c: jge 0x12d9d
0x12d3e: mov ax, 0x600
0x12d41: mov bh, 7
0x12d43: mov cx, 0
0x12d46: mov dx, 0x184f
0x12d49: int 0x10
0x12d4b: mov ah, 2
0x12d4d: mov bh, 0
0x12d4f: mov dx, 0x1900
0x12d52: int 0x10
0x12d54: push cs
0x12d55: pop ax
0x12d56: mov ds, ax
0x12d58: mov es, ax
0x12d5a: lea si, word ptr [bp + 0x4b]
0x12d5d: lea di, word ptr [bp + 0x55]
0x12d60: mov cx, 7
0x12d63: push cx
0x12d64: mov cx, 2

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":5,"TimeBased":true,"OriginalID":6374,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:16.851725709Z 26 PC: 12c4e | Set disk transfer address
2018-12-25T11:59:16.860502341Z 78 PC: 12c58 | Find first file
2018-12-25T11:59:16.864198331Z 61 PC: 12e54 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:16.86807877Z 66 PC: 12e6a | Move file pointer
2018-12-25T11:59:16.869495204Z 63 PC: 12c92 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:16.87550746Z 62 PC: 12e5f | Close file
2018-12-25T11:59:16.877089591Z 67 PC: 12caf | Get or set file attributes
2018-12-25T11:59:16.883167641Z 67 PC: 12cbe | Get or set file attributes
2018-12-25T11:59:16.895220551Z 61 PC: 12e54 | Open file (See above)
2018-12-25T11:59:16.902099019Z 66 PC: 12e6a | Move file pointer (See above)
2018-12-25T11:59:16.903750401Z 63 PC: 12cd7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:16.907756411Z 62 PC: 12e5f | Close file (See above)
2018-12-25T11:59:16.90887926Z 61 PC: 12e54 | Open file (See above)
2018-12-25T11:59:16.915766137Z 66 PC: 12e6a | Move file pointer (See above)
2018-12-25T11:59:16.917115108Z 64 PC: 12cf1 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:16.923663405Z 66 PC: 12e6a | Move file pointer (See above)
2018-12-25T11:59:16.924710387Z 64 PC: 12d0e | Write file or device (Write 1069 bytes on handle 5)
2018-12-25T11:59:16.933534931Z 62 PC: 12e5f | Close file (See above)
2018-12-25T11:59:16.941180178Z 67 PC: 12d20 | Get or set file attributes
2018-12-25T11:59:16.950526886Z 44 PC: 12d39 | Get time 0x12d39: cmp dh, 5
0x12d3c: jge 0x12d9d
0x12d3e: mov ax, 0x600
0x12d41: mov bh, 7
0x12d43: mov cx, 0
0x12d46: mov dx, 0x184f
0x12d49: int 0x10
0x12d4b: mov ah, 2
0x12d4d: mov bh, 0
0x12d4f: mov dx, 0x1900
0x12d52: int 0x10
0x12d54: push cs
0x12d55: pop ax
0x12d56: mov ds, ax
0x12d58: mov es, ax
0x12d5a: lea si, word ptr [bp + 0x4b]
0x12d5d: lea di, word ptr [bp + 0x55]
0x12d60: mov cx, 7
0x12d63: push cx
0x12d64: mov cx, 2