Sample viewer

vx.netlux.org/Virus.DOS.Xav.Curepa.666

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:38:33.037371703Z 42 PC: 13a03 | Get date 0x13a03: cmp dh, 4
0x13a06: jne 0x13a4c
0x13a08: cmp dl, 2
0x13a0b: jne 0x13a4c
0x13a0d: mov dx, 0x1f6
0x13a10: mov al, 0xa0
0x13a12: out dx, al
0x13a13: mov dx, 0x1f2
0x13a16: mov al, 1
0x13a18: out dx, al
0x13a19: mov dx, 0x1f3
0x13a1c: mov al, 1
0x13a1e: out dx, al
0x13a1f: mov dx, 0x1f4
0x13a22: mov al, 0
0x13a24: out dx, al
0x13a25: mov dx, 0x1f5
0x13a28: mov al, 0
0x13a2a: out dx, al
0x13a2b: mov dx, 0x1f7
2018-12-17T22:38:33.041093525Z 26 PC: 13a54 | Set disk transfer address
2018-12-17T22:38:33.043783477Z 78 PC: 13a5f | Find first file
2018-12-17T22:38:33.05161038Z 61 PC: 13a8c | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:38:33.059853457Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.062670767Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.070159591Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.072391098Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.076101142Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.079464927Z 61 PC: 13a8c | Open file (Filename = '��������ː����')
2018-12-17T22:38:33.087727531Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.094556222Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.116895851Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.11889184Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.122108608Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.125844991Z 61 PC: 13a8c | Open file (Filename = '��������ː����')
2018-12-17T22:38:33.134322315Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.136612983Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.14455578Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.146518571Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.148858172Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.15230684Z 61 PC: 13a8c | Open file (Filename = '��������ː����')
2018-12-17T22:38:33.159986929Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.162106617Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.176675584Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.177848549Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.179259473Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.187001712Z 61 PC: 13a8c | Open file (Filename = '��������ː����')
2018-12-17T22:38:33.195669017Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.197732949Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.206094337Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.20821718Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.210749512Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.215282804Z 61 PC: 13a8c | Open file (Filename = '��������ː����')
2018-12-17T22:38:33.242315297Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.248636013Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.256367154Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.259217296Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.261586839Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.264895435Z 61 PC: 13a8c | Open file (Filename = '��������ː����')
2018-12-17T22:38:33.273115294Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.275097167Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.282623266Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.285475812Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.287561263Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.29053377Z 61 PC: 13a8c | Open file (Filename = '��������ː����')
2018-12-17T22:38:33.299200652Z 87 PC: 13aaa | Get or set file date and time
2018-12-17T22:38:33.30079664Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:38:33.303723341Z 66 PC: 13ad0 | Move file pointer
2018-12-17T22:38:33.306183918Z 64 PC: 13b24 | Write file or device (Write 666 bytes on handle 5)
2018-12-17T22:38:33.321682809Z 64 PC: 13b3d | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:38:33.325452612Z 87 PC: 13b5c | Get or set file date and time
2018-12-17T22:38:33.328126737Z 62 PC: 13b60 | Close file
2018-12-17T22:38:33.337590307Z 79 PC: 13b64 | Find next file
2018-12-17T22:38:33.341102468Z 26 PC: 13a68 | Set disk transfer address
2018-12-17T22:38:33.343539348Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-17T22:38:33.350248559Z 48 PC: 12a8f | Get DOS version
2018-12-17T22:38:33.351654896Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T22:38:33.359491963Z 93 PC: 12afe | File sharing functions
2018-12-17T22:38:33.362812292Z 9 PC: 12a86 | Display string (String= 'Size change=0534h/01332d. ')
2018-12-17T22:38:33.367862449Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6612,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:00.381808423Z 42 PC: 13a03 | Get date 0x13a03: cmp dh, 4
0x13a06: jne 0x13a4c
0x13a08: cmp dl, 2
0x13a0b: jne 0x13a4c
0x13a0d: mov dx, 0x1f6
0x13a10: mov al, 0xa0
0x13a12: out dx, al
0x13a13: mov dx, 0x1f2
0x13a16: mov al, 1
0x13a18: out dx, al
0x13a19: mov dx, 0x1f3
0x13a1c: mov al, 1
0x13a1e: out dx, al
0x13a1f: mov dx, 0x1f4
0x13a22: mov al, 0
0x13a24: out dx, al
0x13a25: mov dx, 0x1f5
0x13a28: mov al, 0
0x13a2a: out dx, al
0x13a2b: mov dx, 0x1f7
2018-12-25T12:00:00.385282291Z 26 PC: 13a54 | Set disk transfer address
2018-12-25T12:00:00.392526595Z 78 PC: 13a5f | Find first file
2018-12-25T12:00:00.399221378Z 61 PC: 13a8c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:00.406536952Z 87 PC: 13aaa | Get or set file date and time
2018-12-25T12:00:00.408618627Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:00.415048264Z 66 PC: 13ad0 | Move file pointer
2018-12-25T12:00:00.416746357Z 62 PC: 13b60 | Close file
2018-12-25T12:00:00.422718211Z 79 PC: 13b64 | Find next file
2018-12-25T12:00:00.425637318Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.432512204Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.435338767Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.441741251Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.443469581Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.447103522Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.449721592Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.456384633Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.458436693Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.46320023Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.464934153Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.468136452Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.471177Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.479357282Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.481830027Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.488664081Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.490365916Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.49261243Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.496187506Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.502944412Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.504574338Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.511788755Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.51343488Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.515395567Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.518855196Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.525302564Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.52657904Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.533489351Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.535226305Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.537257501Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.541000281Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.548356741Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.550022725Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.557329843Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.563256246Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.56528776Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.568853348Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.57573053Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.577364232Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.580433544Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.581664812Z 64 PC: 13b24 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:00:00.592684855Z 64 PC: 13b3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:00.595595977Z 87 PC: 13b5c | Get or set file date and time
2018-12-25T12:00:00.597430564Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.605316164Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.607849983Z 26 PC: 13a68 | Set disk transfer address
2018-12-25T12:00:00.611143732Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-25T12:00:00.619771822Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:00:00.63079497Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:00:00.638803991Z 93 PC: 12afe | File sharing functions
2018-12-25T12:00:00.640782914Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:00:00.644988273Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6612,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:00.513552022Z 42 PC: 13a03 | Get date 0x13a03: cmp dh, 4
0x13a06: jne 0x13a4c
0x13a08: cmp dl, 2
0x13a0b: jne 0x13a4c
0x13a0d: mov dx, 0x1f6
0x13a10: mov al, 0xa0
0x13a12: out dx, al
0x13a13: mov dx, 0x1f2
0x13a16: mov al, 1
0x13a18: out dx, al
0x13a19: mov dx, 0x1f3
0x13a1c: mov al, 1
0x13a1e: out dx, al
0x13a1f: mov dx, 0x1f4
0x13a22: mov al, 0
0x13a24: out dx, al
0x13a25: mov dx, 0x1f5
0x13a28: mov al, 0
0x13a2a: out dx, al
0x13a2b: mov dx, 0x1f7
2018-12-25T12:00:00.516745925Z 26 PC: 13a54 | Set disk transfer address
2018-12-25T12:00:00.518926298Z 78 PC: 13a5f | Find first file
2018-12-25T12:00:00.525045064Z 61 PC: 13a8c | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:00.531781782Z 87 PC: 13aaa | Get or set file date and time
2018-12-25T12:00:00.534539604Z 63 PC: 13abd | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:00.540958331Z 66 PC: 13ad0 | Move file pointer
2018-12-25T12:00:00.542634347Z 62 PC: 13b60 | Close file
2018-12-25T12:00:00.545672434Z 79 PC: 13b64 | Find next file
2018-12-25T12:00:00.548556958Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.560778852Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.562949352Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.569349133Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.571727047Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.574198976Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.57691718Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.583596146Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.585933341Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.592329472Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.593593559Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.594861229Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.598501091Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.603278411Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.604581227Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.609600464Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.611151078Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.612968775Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.620719056Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.627208969Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.628484496Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.635243998Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.636628734Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.638153623Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.640704767Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.644940605Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.646356227Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.651555919Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.654049005Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.655707749Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.659269872Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.666784988Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.668160184Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.675831153Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.677813313Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.679999543Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.682844406Z 61 PC: 13a8c | Open file (See above)
2018-12-25T12:00:00.690909229Z 87 PC: 13aaa | Get or set file date and time (See above)
2018-12-25T12:00:00.692558481Z 63 PC: 13abd | Read file or device (See above)
2018-12-25T12:00:00.69537601Z 66 PC: 13ad0 | Move file pointer (See above)
2018-12-25T12:00:00.698312133Z 64 PC: 13b24 | Write file or device (Write 666 bytes on handle 5)
2018-12-25T12:00:00.712530982Z 64 PC: 13b3d | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:00.715604217Z 87 PC: 13b5c | Get or set file date and time
2018-12-25T12:00:00.718102978Z 62 PC: 13b60 | Close file (See above)
2018-12-25T12:00:00.726522634Z 79 PC: 13b64 | Find next file (See above)
2018-12-25T12:00:00.729133722Z 26 PC: 13a68 | Set disk transfer address
2018-12-25T12:00:00.73152218Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000FA0h/0000004000d bytes. ')
2018-12-25T12:00:00.737097151Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:00:00.738264502Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:00:00.745928317Z 93 PC: 12afe | File sharing functions
2018-12-25T12:00:00.747871119Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:00:00.752353536Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6612,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:01.313989576Z 42 PC: 13a03 | Get date 0x13a03: cmp dh, 4
0x13a06: jne 0x13a4c
0x13a08: cmp dl, 2
0x13a0b: jne 0x13a4c
0x13a0d: mov dx, 0x1f6
0x13a10: mov al, 0xa0
0x13a12: out dx, al
0x13a13: mov dx, 0x1f2
0x13a16: mov al, 1
0x13a18: out dx, al
0x13a19: mov dx, 0x1f3
0x13a1c: mov al, 1
0x13a1e: out dx, al
0x13a1f: mov dx, 0x1f4
0x13a22: mov al, 0
0x13a24: out dx, al
0x13a25: mov dx, 0x1f5
0x13a28: mov al, 0
0x13a2a: out dx, al
0x13a2b: mov dx, 0x1f7
2018-12-25T12:00:02.849311616Z 9 PC: 13a48 | Display string (String= 'AntiCUREPA Virus, escrito en Paraguay por Xavirus Hacker. Dios: tu �nico error fue crear a los inflados porte�os. �Hitler persigui� a los jud�os porque no conoc�a a los porte�os! Las Malvinas son del Reino Unido. �Argentinos cobardes! ')