Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.840

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:29.925623259Z	255	PC: 1309e \| UNKNOWN!
2018-12-17T22:35:29.931463072Z	53	PC: 130ab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:29.933449708Z	54	PC: 9f74e \| Get free disk space
2018-12-17T22:35:29.980228683Z	53	PC: 9f770 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:29.981722084Z	67	PC: 9f79b \| Get or set file attributes
2018-12-17T22:35:29.99127388Z	67	PC: 9f7a7 \| Get or set file attributes
2018-12-17T22:35:30.405037285Z	61	PC: 9f7b1 \| Open file (Filename = '')
2018-12-17T22:35:30.409255254Z	87	PC: 9f7c1 \| Get or set file date and time
2018-12-17T22:35:30.411113795Z	66	PC: 9f7db \| Move file pointer
2018-12-17T22:35:30.412462252Z	63	PC: 9f7eb \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:35:30.418298222Z	66	PC: 9f80c \| Move file pointer
2018-12-17T22:35:30.420352315Z	63	PC: 9f819 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:35:30.437242812Z	66	PC: 9f832 \| Move file pointer
2018-12-17T22:35:30.439484449Z	63	PC: 9f83f \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:30.44400191Z	66	PC: 9f84f \| Move file pointer
2018-12-17T22:35:30.446292955Z	64	PC: 9f860 \| Write file or device (Write 840 bytes on handle 5)
2018-12-17T22:35:30.4572094Z	66	PC: 9f87e \| Move file pointer
2018-12-17T22:35:30.459667121Z	64	PC: 9f88b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:30.463528982Z	87	PC: 9f89f \| Get or set file date and time
2018-12-17T22:35:30.465194792Z	62	PC: 9f8a3 \| Close file
2018-12-17T22:35:30.473148442Z	67	PC: 9f8b7 \| Get or set file attributes
2018-12-17T22:35:30.485130116Z	42	PC: 13137 \| Get date 0x13137: cmp dx, 0x105 0x1313b: jne 0x1315c 0x1313d: xor ax, ax 0x1313f: mov es, ax 0x13141: mov dx, 0x320 0x13144: mov word ptr es:[0x70], dx 0x13149: mov word ptr es:[0x72], ds 0x1314e: mov dx, 0x80 0x13151: mov cx, 1 0x13154: mov ax, 0x301 0x13157: mov bx, 0x100 0x1315a: int 0x13 0x1315c: push cs 0x1315d: push cs 0x1315e: pop ds 0x1315f: pop es 0x13160: add si, 4 0x13163: mov di, 0x100 0x13166: push di 0x13167: cld
2018-12-17T22:35:30.487655312Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6395,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:17.588280755Z	255	PC: 1309e \| UNKNOWN!
2018-12-25T11:59:17.589411137Z	53	PC: 130ab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:17.590645894Z	54	PC: 9f74e \| Get free disk space
2018-12-25T11:59:17.650226408Z	53	PC: 9f770 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:17.656227124Z	67	PC: 9f79b \| Get or set file attributes
2018-12-25T11:59:17.663912309Z	67	PC: 9f7a7 \| Get or set file attributes
2018-12-25T11:59:18.329139946Z	61	PC: 9f7b1 \| Open file (Filename = '')
2018-12-25T11:59:18.336411768Z	87	PC: 9f7c1 \| Get or set file date and time
2018-12-25T11:59:18.338254633Z	66	PC: 9f7db \| Move file pointer
2018-12-25T11:59:18.339824854Z	63	PC: 9f7eb \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:18.343592881Z	66	PC: 9f80c \| Move file pointer
2018-12-25T11:59:18.348577437Z	63	PC: 9f819 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:18.354231337Z	66	PC: 9f832 \| Move file pointer
2018-12-25T11:59:18.355648023Z	63	PC: 9f83f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:18.360104288Z	66	PC: 9f84f \| Move file pointer
2018-12-25T11:59:18.361323503Z	64	PC: 9f860 \| Write file or device (Write 840 bytes on handle 5)
2018-12-25T11:59:18.370516572Z	66	PC: 9f87e \| Move file pointer
2018-12-25T11:59:18.372427241Z	64	PC: 9f88b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:18.374387755Z	87	PC: 9f89f \| Get or set file date and time
2018-12-25T11:59:18.375512558Z	62	PC: 9f8a3 \| Close file
2018-12-25T11:59:18.381182483Z	67	PC: 9f8b7 \| Get or set file attributes
2018-12-25T11:59:18.389991151Z	42	PC: 13137 \| Get date 0x13137: cmp dx, 0x105 0x1313b: jne 0x1315c 0x1313d: xor ax, ax 0x1313f: mov es, ax 0x13141: mov dx, 0x320 0x13144: mov word ptr es:[0x70], dx 0x13149: mov word ptr es:[0x72], ds 0x1314e: mov dx, 0x80 0x13151: mov cx, 1 0x13154: mov ax, 0x301 0x13157: mov bx, 0x100 0x1315a: int 0x13 0x1315c: push cs 0x1315d: push cs 0x1315e: pop ds 0x1315f: pop es 0x13160: add si, 4 0x13163: mov di, 0x100 0x13166: push di 0x13167: cld
2018-12-25T11:59:18.392426898Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6395,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:17.584907486Z	255	PC: 1309e \| UNKNOWN!
2018-12-25T11:59:17.585808365Z	53	PC: 130ab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:17.58787957Z	54	PC: 9f74e \| Get free disk space
2018-12-25T11:59:17.648802553Z	53	PC: 9f770 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:17.650073701Z	67	PC: 9f79b \| Get or set file attributes
2018-12-25T11:59:17.659811065Z	67	PC: 9f7a7 \| Get or set file attributes
2018-12-25T11:59:18.010670953Z	61	PC: 9f7b1 \| Open file (Filename = '')
2018-12-25T11:59:18.018285301Z	87	PC: 9f7c1 \| Get or set file date and time
2018-12-25T11:59:18.021032183Z	66	PC: 9f7db \| Move file pointer
2018-12-25T11:59:18.023137582Z	63	PC: 9f7eb \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:18.029971265Z	66	PC: 9f80c \| Move file pointer
2018-12-25T11:59:18.032317432Z	63	PC: 9f819 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:18.039923257Z	66	PC: 9f832 \| Move file pointer
2018-12-25T11:59:18.041344349Z	63	PC: 9f83f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:18.044796041Z	66	PC: 9f84f \| Move file pointer
2018-12-25T11:59:18.047085105Z	64	PC: 9f860 \| Write file or device (Write 840 bytes on handle 5)
2018-12-25T11:59:18.058261943Z	66	PC: 9f87e \| Move file pointer
2018-12-25T11:59:18.060194626Z	64	PC: 9f88b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:18.064262589Z	87	PC: 9f89f \| Get or set file date and time
2018-12-25T11:59:18.065754404Z	62	PC: 9f8a3 \| Close file
2018-12-25T11:59:18.07340617Z	67	PC: 9f8b7 \| Get or set file attributes
2018-12-25T11:59:18.088531901Z	42	PC: 13137 \| Get date 0x13137: cmp dx, 0x105 0x1313b: jne 0x1315c 0x1313d: xor ax, ax 0x1313f: mov es, ax 0x13141: mov dx, 0x320 0x13144: mov word ptr es:[0x70], dx 0x13149: mov word ptr es:[0x72], ds 0x1314e: mov dx, 0x80 0x13151: mov cx, 1 0x13154: mov ax, 0x301 0x13157: mov bx, 0x100 0x1315a: int 0x13 0x1315c: push cs 0x1315d: push cs 0x1315e: pop ds 0x1315f: pop es 0x13160: add si, 4 0x13163: mov di, 0x100 0x13166: push di 0x13167: cld
2018-12-25T11:59:18.093105969Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')