Sample viewer

vx.netlux.org/Virus.DOS.DeadHead.992

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:38:00.008580384Z	42	PC: 12a90 \| Get date 0x12a90: cmp al, 0 0x12a92: jne 0x12ae3 0x12a94: mov ah, 9 0x12a96: mov dx, 0x4a7 0x12a99: int 0x21 0x12a9b: mov ax, 0x201 0x12a9e: mov dx, 0x80 0x12aa1: mov cx, 1 0x12aa4: push cs 0x12aa5: pop es 0x12aa6: mov bx, 0x7e8 0x12aa9: int 0x13 0x12aab: jae 0x12aaf 0x12aad: jmp 0x12ae3 0x12aaf: add bx, 0x1be 0x12ab3: cmp byte ptr [bx], 0x80 0x12ab6: jne 0x12ae3 0x12ab8: mov ax, 0x201 0x12abb: mov dl, 0x80 0x12abd: mov dh, byte ptr [bx + 1]
2018-12-17T22:38:00.013313404Z	26	PC: 12b7b \| Set disk transfer address
2018-12-17T22:38:00.014932473Z	78	PC: 12b8d \| Find first file
2018-12-17T22:38:00.021699864Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.025603248Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.028536707Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-17T22:38:00.033961092Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.037938253Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-17T22:38:00.043448061Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.046655522Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-17T22:38:00.053349095Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.056542048Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-17T22:38:00.062151432Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.065328455Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-17T22:38:00.071572485Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.07689032Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-17T22:38:00.082713236Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.086726303Z	79	PC: 12b9e \| Find next file
2018-12-17T22:38:00.089989674Z	26	PC: 12b7b \| Set disk transfer address
2018-12-17T22:38:00.091644446Z	78	PC: 12b8d \| Find first file
2018-12-17T22:38:00.0978222Z	26	PC: 12b7b \| Set disk transfer address
2018-12-17T22:38:00.105623133Z	78	PC: 12b8d \| Find first file
2018-12-17T22:38:00.11008723Z	26	PC: 12b7b \| Set disk transfer address
2018-12-17T22:38:00.11199748Z	78	PC: 12b8d \| Find first file
2018-12-17T22:38:00.115584841Z	26	PC: 12b7b \| Set disk transfer address
2018-12-17T22:38:00.116534931Z	78	PC: 12b8d \| Find first file
2018-12-17T22:38:00.122164838Z	26	PC: 12b7b \| Set disk transfer address
2018-12-17T22:38:00.123964374Z	78	PC: 12b8d \| Find first file
2018-12-17T22:38:00.128869865Z	9	PC: 12b66 \| Display string (Could not find end pointer)
2018-12-17T22:38:00.132536992Z	76	PC: 12b6d \| Terminate with return code (Return code = '9')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6549,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:46.997587322Z	42	PC: 12a90 \| Get date 0x12a90: cmp al, 0 0x12a92: jne 0x12ae3 0x12a94: mov ah, 9 0x12a96: mov dx, 0x4a7 0x12a99: int 0x21 0x12a9b: mov ax, 0x201 0x12a9e: mov dx, 0x80 0x12aa1: mov cx, 1 0x12aa4: push cs 0x12aa5: pop es 0x12aa6: mov bx, 0x7e8 0x12aa9: int 0x13 0x12aab: jae 0x12aaf 0x12aad: jmp 0x12ae3 0x12aaf: add bx, 0x1be 0x12ab3: cmp byte ptr [bx], 0x80 0x12ab6: jne 0x12ae3 0x12ab8: mov ax, 0x201 0x12abb: mov dl, 0x80 0x12abd: mov dh, byte ptr [bx + 1]
2018-12-25T11:59:47.000538847Z	26	PC: 12b7b \| Set disk transfer address
2018-12-25T11:59:47.001632739Z	78	PC: 12b8d \| Find first file
2018-12-25T11:59:47.009189936Z	79	PC: 12b9e \| Find next file
2018-12-25T11:59:47.012393501Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.015976498Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-25T11:59:47.021560453Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.028744328Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:47.034154893Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.03689373Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:47.042679349Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.045536748Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:47.051403213Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.055881478Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:47.061213557Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.063962882Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:47.079084644Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.082960673Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:47.08648017Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:47.087522055Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:47.093169484Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:47.094718943Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:47.099518491Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:47.101763712Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:47.106929948Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:47.108543734Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:47.116466197Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:47.118091368Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:47.124259743Z	9	PC: 12b66 \| Display string (Could not find end pointer)
2018-12-25T11:59:47.129146555Z	76	PC: 12b6d \| Terminate with return code (Return code = '9')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6549,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:47.83535502Z	42	PC: 12a90 \| Get date 0x12a90: cmp al, 0 0x12a92: jne 0x12ae3 0x12a94: mov ah, 9 0x12a96: mov dx, 0x4a7 0x12a99: int 0x21 0x12a9b: mov ax, 0x201 0x12a9e: mov dx, 0x80 0x12aa1: mov cx, 1 0x12aa4: push cs 0x12aa5: pop es 0x12aa6: mov bx, 0x7e8 0x12aa9: int 0x13 0x12aab: jae 0x12aaf 0x12aad: jmp 0x12ae3 0x12aaf: add bx, 0x1be 0x12ab3: cmp byte ptr [bx], 0x80 0x12ab6: jne 0x12ae3 0x12ab8: mov ax, 0x201 0x12abb: mov dl, 0x80 0x12abd: mov dh, byte ptr [bx + 1]
2018-12-25T11:59:47.837750544Z	9	PC: 12a9b \| Display string (String= '[XtZ] by dEAdhEAd (StupidVir). ')
2018-12-25T11:59:49.174207012Z	26	PC: 12b7b \| Set disk transfer address
2018-12-25T11:59:49.17526355Z	78	PC: 12b8d \| Find first file
2018-12-25T11:59:49.186042065Z	79	PC: 12b9e \| Find next file
2018-12-25T11:59:49.189395657Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.192825743Z	61	PC: 12be7 \| Open file (Filename = '\.')
2018-12-25T11:59:49.202381839Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.206370861Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:49.21278486Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.218614779Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:49.224534251Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.22749568Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:49.233466951Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.236617166Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:49.242419604Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.246374181Z	61	PC: 12be7 \| Open file (See above)
2018-12-25T11:59:49.251831265Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.25357092Z	79	PC: 12b9e \| Find next file (See above)
2018-12-25T11:59:49.255587379Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:49.256422699Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:49.259239384Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:49.260842635Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:49.264014948Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:49.26516647Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:49.270011929Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:49.271951883Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:49.280133872Z	26	PC: 12b7b \| Set disk transfer address (See above)
2018-12-25T11:59:49.281356637Z	78	PC: 12b8d \| Find first file (See above)
2018-12-25T11:59:49.288427793Z	9	PC: 12b66 \| Display string (Could not find end pointer)
2018-12-25T11:59:49.294359182Z	76	PC: 12b6d \| Terminate with return code (Return code = '9')