Sample viewer

vx.netlux.org/Virus.DOS.Rat.848

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:40.721576087Z	47	PC: 12ae0 \| Get disk transfer address
2018-12-17T22:35:40.723155642Z	26	PC: 12ae9 \| Set disk transfer address
2018-12-17T22:35:40.724359315Z	78	PC: 12aca \| Find first file
2018-12-17T22:35:40.729635614Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.733827258Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.736582184Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.73972395Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.75085761Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.753711124Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.756538982Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.761720481Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.764230294Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.766546287Z	78	PC: 12aca \| Find first file
2018-12-17T22:35:40.772772052Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.776434566Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.779270276Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.782656434Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.785304709Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.787769377Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.790509472Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.793719475Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.796283956Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.798501635Z	78	PC: 12aca \| Find first file
2018-12-17T22:35:40.804829729Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.807282342Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.809711362Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.813303342Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.815714566Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.819603065Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.823259802Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.825922309Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.828551091Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.831859706Z	78	PC: 12aca \| Find first file
2018-12-17T22:35:40.837811143Z	79	PC: 12ad1 \| Find next file
2018-12-17T22:35:40.840239951Z	44	PC: 12a5c \| Get time 0x12a5c: mov cx, bx 0x12a5e: mov al, dh 0x12a60: mov ah, 0 0x12a62: mov bl, 0x64 0x12a64: mul bl 0x12a66: mov dh, 0 0x12a68: add ax, dx 0x12a6a: xor dx, dx 0x12a6c: div cx 0x12a6e: inc dx 0x12a6f: mov bx, dx 0x12a71: ret 0x12a72: mov ah, 0x4e 0x12a74: mov dx, 0x2bd 0x12a77: int 0x21 0x12a79: jmp 0x12a7f 0x12a7b: mov ah, 0x4f 0x12a7d: int 0x21 0x12a7f: cmp byte ptr [0x29e], cl 0x12a83: jne 0x12a7b
2018-12-17T22:35:40.84399664Z	78	PC: 12a79 \| Find first file
2018-12-17T22:35:40.85087418Z	61	PC: 12b5c \| Open file (Filename = 'TEST.EXE')
2018-12-17T22:35:40.857820484Z	66	PC: 12ab1 \| Move file pointer
2018-12-17T22:35:40.85967261Z	66	PC: 12b77 \| Move file pointer
2018-12-17T22:35:40.862647793Z	63	PC: 12b81 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:40.866012076Z	62	PC: 12c75 \| Close file
2018-12-17T22:35:40.868174153Z	44	PC: 12a5c \| Get time 0x12a5c: mov cx, bx 0x12a5e: mov al, dh 0x12a60: mov ah, 0 0x12a62: mov bl, 0x64 0x12a64: mul bl 0x12a66: mov dh, 0 0x12a68: add ax, dx 0x12a6a: xor dx, dx 0x12a6c: div cx 0x12a6e: inc dx 0x12a6f: mov bx, dx 0x12a71: ret 0x12a72: mov ah, 0x4e 0x12a74: mov dx, 0x2bd 0x12a77: int 0x21 0x12a79: jmp 0x12a7f 0x12a7b: mov ah, 0x4f 0x12a7d: int 0x21 0x12a7f: cmp byte ptr [0x29e], cl 0x12a83: jne 0x12a7b
2018-12-17T22:35:40.871823924Z	44	PC: 12a5c \| Get time 0x12a5c: mov cx, bx 0x12a5e: mov al, dh 0x12a60: mov ah, 0 0x12a62: mov bl, 0x64 0x12a64: mul bl 0x12a66: mov dh, 0 0x12a68: add ax, dx 0x12a6a: xor dx, dx 0x12a6c: div cx 0x12a6e: inc dx 0x12a6f: mov bx, dx 0x12a71: ret 0x12a72: mov ah, 0x4e 0x12a74: mov dx, 0x2bd 0x12a77: int 0x21 0x12a79: jmp 0x12a7f 0x12a7b: mov ah, 0x4f 0x12a7d: int 0x21 0x12a7f: cmp byte ptr [0x29e], cl 0x12a83: jne 0x12a7b
2018-12-17T22:35:40.874308988Z	26	PC: 12ca4 \| Set disk transfer address
2018-12-17T22:35:40.875755529Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')