Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.849

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:43.143042979Z	238	PC: 130a8 \| UNKNOWN!
2018-12-17T22:35:43.144470987Z	53	PC: 130b4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:43.147221215Z	54	PC: 9f748 \| Get free disk space
2018-12-17T22:35:43.187350094Z	53	PC: 9f76a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:35:43.188955515Z	67	PC: 9f795 \| Get or set file attributes
2018-12-17T22:35:43.197993265Z	67	PC: 9f7a1 \| Get or set file attributes
2018-12-17T22:35:43.544134587Z	61	PC: 9f7ab \| Open file (Filename = '')
2018-12-17T22:35:43.551162177Z	87	PC: 9f7bb \| Get or set file date and time
2018-12-17T22:35:43.554153507Z	66	PC: 9f7d5 \| Move file pointer
2018-12-17T22:35:43.556783229Z	63	PC: 9f7e5 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:35:43.563143547Z	66	PC: 9f806 \| Move file pointer
2018-12-17T22:35:43.565362529Z	63	PC: 9f823 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:35:43.573177706Z	66	PC: 9f83c \| Move file pointer
2018-12-17T22:35:43.574990496Z	63	PC: 9f849 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:35:43.578112661Z	66	PC: 9f859 \| Move file pointer
2018-12-17T22:35:43.581187288Z	64	PC: 9f86a \| Write file or device (Write 849 bytes on handle 5)
2018-12-17T22:35:43.59219934Z	66	PC: 9f888 \| Move file pointer
2018-12-17T22:35:43.593798199Z	64	PC: 9f895 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:35:43.598364653Z	87	PC: 9f8a9 \| Get or set file date and time
2018-12-17T22:35:43.600403396Z	62	PC: 9f8ad \| Close file
2018-12-17T22:35:43.608159723Z	67	PC: 9f8c1 \| Get or set file attributes
2018-12-17T22:35:43.618487963Z	42	PC: 13140 \| Get date 0x13140: cmp dx, 0x105 0x13144: jne 0x13165 0x13146: xor ax, ax 0x13148: mov es, ax 0x1314a: mov dx, 0x32a 0x1314d: mov word ptr es:[0x70], dx 0x13152: mov word ptr es:[0x72], ds 0x13157: mov dx, 0x80 0x1315a: mov cx, 1 0x1315d: mov ax, 0x301 0x13160: mov bx, 0x100 0x13163: int 0x13 0x13165: push cs 0x13166: push cs 0x13167: pop ds 0x13168: pop es 0x13169: add si, 4 0x1316c: mov di, 0x100 0x1316f: push di 0x13170: cld
2018-12-17T22:35:43.622311504Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6448,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:22.02746359Z	238	PC: 130a8 \| UNKNOWN!
2018-12-25T11:59:22.028927421Z	53	PC: 130b4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:22.030172325Z	54	PC: 9f748 \| Get free disk space
2018-12-25T11:59:22.054723679Z	53	PC: 9f76a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:22.056536836Z	67	PC: 9f795 \| Get or set file attributes
2018-12-25T11:59:22.066798208Z	67	PC: 9f7a1 \| Get or set file attributes
2018-12-25T11:59:22.798545987Z	61	PC: 9f7ab \| Open file (Filename = '')
2018-12-25T11:59:22.806987291Z	87	PC: 9f7bb \| Get or set file date and time
2018-12-25T11:59:22.810451751Z	66	PC: 9f7d5 \| Move file pointer
2018-12-25T11:59:22.813177663Z	63	PC: 9f7e5 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:22.820423976Z	66	PC: 9f806 \| Move file pointer
2018-12-25T11:59:22.82341537Z	63	PC: 9f823 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:22.831960998Z	66	PC: 9f83c \| Move file pointer
2018-12-25T11:59:22.833804212Z	63	PC: 9f849 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:22.837930108Z	66	PC: 9f859 \| Move file pointer
2018-12-25T11:59:22.839920695Z	64	PC: 9f86a \| Write file or device (Write 849 bytes on handle 5)
2018-12-25T11:59:22.855250585Z	66	PC: 9f888 \| Move file pointer
2018-12-25T11:59:22.857593898Z	64	PC: 9f895 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:22.861386359Z	87	PC: 9f8a9 \| Get or set file date and time
2018-12-25T11:59:22.863441122Z	62	PC: 9f8ad \| Close file
2018-12-25T11:59:22.87149881Z	67	PC: 9f8c1 \| Get or set file attributes
2018-12-25T11:59:22.883532552Z	42	PC: 13140 \| Get date 0x13140: cmp dx, 0x105 0x13144: jne 0x13165 0x13146: xor ax, ax 0x13148: mov es, ax 0x1314a: mov dx, 0x32a 0x1314d: mov word ptr es:[0x70], dx 0x13152: mov word ptr es:[0x72], ds 0x13157: mov dx, 0x80 0x1315a: mov cx, 1 0x1315d: mov ax, 0x301 0x13160: mov bx, 0x100 0x13163: int 0x13 0x13165: push cs 0x13166: push cs 0x13167: pop ds 0x13168: pop es 0x13169: add si, 4 0x1316c: mov di, 0x100 0x1316f: push di 0x13170: cld
2018-12-25T11:59:22.88649151Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6448,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:22.708824638Z	238	PC: 130a8 \| UNKNOWN!
2018-12-25T11:59:22.710213732Z	53	PC: 130b4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:22.711789114Z	54	PC: 9f748 \| Get free disk space
2018-12-25T11:59:22.754969134Z	53	PC: 9f76a \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:59:22.756809831Z	67	PC: 9f795 \| Get or set file attributes
2018-12-25T11:59:22.764812104Z	67	PC: 9f7a1 \| Get or set file attributes
2018-12-25T11:59:23.093569008Z	61	PC: 9f7ab \| Open file (Filename = '')
2018-12-25T11:59:23.100364973Z	87	PC: 9f7bb \| Get or set file date and time
2018-12-25T11:59:23.102202022Z	66	PC: 9f7d5 \| Move file pointer
2018-12-25T11:59:23.103833613Z	63	PC: 9f7e5 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:23.110079571Z	66	PC: 9f806 \| Move file pointer
2018-12-25T11:59:23.112568286Z	63	PC: 9f823 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:59:23.118474786Z	66	PC: 9f83c \| Move file pointer
2018-12-25T11:59:23.119785312Z	63	PC: 9f849 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:59:23.123211019Z	66	PC: 9f859 \| Move file pointer
2018-12-25T11:59:23.12452193Z	64	PC: 9f86a \| Write file or device (Write 849 bytes on handle 5)
2018-12-25T11:59:23.133731438Z	66	PC: 9f888 \| Move file pointer
2018-12-25T11:59:23.142717285Z	64	PC: 9f895 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:59:23.145586975Z	87	PC: 9f8a9 \| Get or set file date and time
2018-12-25T11:59:23.147245126Z	62	PC: 9f8ad \| Close file
2018-12-25T11:59:23.162452982Z	67	PC: 9f8c1 \| Get or set file attributes
2018-12-25T11:59:23.171435928Z	42	PC: 13140 \| Get date 0x13140: cmp dx, 0x105 0x13144: jne 0x13165 0x13146: xor ax, ax 0x13148: mov es, ax 0x1314a: mov dx, 0x32a 0x1314d: mov word ptr es:[0x70], dx 0x13152: mov word ptr es:[0x72], ds 0x13157: mov dx, 0x80 0x1315a: mov cx, 1 0x1315d: mov ax, 0x301 0x13160: mov bx, 0x100 0x13163: int 0x13 0x13165: push cs 0x13166: push cs 0x13167: pop ds 0x13168: pop es 0x13169: add si, 4 0x1316c: mov di, 0x100 0x1316f: push di 0x13170: cld
2018-12-25T11:59:23.175750961Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')