Sample viewer

vx.netlux.org/Virus.DOS.Deino.1000.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:54.549922411Z	250	PC: 12abb \| UNKNOWN!
2018-12-17T22:39:54.5517566Z	42	PC: 12a7d \| Get date 0x12a7d: cmp dh, 1 0x12a80: jne 0x12abc 0x12a82: cmp dl, 0x12 0x12a85: jne 0x12abc 0x12a87: mov ax, 0x900 0x12a8a: jmp 0x12a8d 0x12a8c: nop 0x12a8d: lea dx, word ptr [bp + 0x45d] 0x12a91: mov ah, 9 0x12a93: int 0x21 0x12a95: mov ah, 0xd 0x12a97: int 0x21 0x12a99: mov al, 2 0x12a9b: mov cx, 0xffff 0x12a9e: mov dx, 0 0x12aa1: int 0x26 0x12aa3: mov ah, 0xd 0x12aa5: int 0x21 0x12aa7: mov al, 2 0x12aa9: mov cx, 0xffff
2018-12-17T22:39:54.554759105Z	71	PC: 12ad3 \| Get current directory
2018-12-17T22:39:54.558709252Z	78	PC: 12cab \| Find first file
2018-12-17T22:39:54.5653031Z	47	PC: 12caf \| Get disk transfer address
2018-12-17T22:39:54.567715166Z	65	PC: 12cb6 \| Delete file (Filename = '')
2018-12-17T22:39:54.570158961Z	78	PC: 12ae1 \| Find first file
2018-12-17T22:39:54.576843219Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.580332179Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.583140108Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.586223305Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.5899116Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.592988606Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.595975362Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.609881178Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.613724814Z	79	PC: 12b54 \| Find next file
2018-12-17T22:39:54.616602616Z	59	PC: 12b3e \| Change current directory
2018-12-17T22:39:54.621422899Z	59	PC: 12b7a \| Change current directory
2018-12-17T22:39:54.626703378Z	250	PC: 12abb \| UNKNOWN!
2018-12-17T22:39:54.627753993Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6866,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:23.207953404Z	250	PC: 12abb \| UNKNOWN!
2018-12-25T12:00:23.209273984Z	42	PC: 12a7d \| Get date 0x12a7d: cmp dh, 1 0x12a80: jne 0x12abc 0x12a82: cmp dl, 0x12 0x12a85: jne 0x12abc 0x12a87: mov ax, 0x900 0x12a8a: jmp 0x12a8d 0x12a8c: nop 0x12a8d: lea dx, word ptr [bp + 0x45d] 0x12a91: mov ah, 9 0x12a93: int 0x21 0x12a95: mov ah, 0xd 0x12a97: int 0x21 0x12a99: mov al, 2 0x12a9b: mov cx, 0xffff 0x12a9e: mov dx, 0 0x12aa1: int 0x26 0x12aa3: mov ah, 0xd 0x12aa5: int 0x21 0x12aa7: mov al, 2 0x12aa9: mov cx, 0xffff
2018-12-25T12:00:23.211364055Z	71	PC: 12ad3 \| Get current directory
2018-12-25T12:00:23.214072135Z	78	PC: 12cab \| Find first file
2018-12-25T12:00:23.220945117Z	47	PC: 12caf \| Get disk transfer address
2018-12-25T12:00:23.221957697Z	65	PC: 12cb6 \| Delete file (Filename = '')
2018-12-25T12:00:23.223633049Z	78	PC: 12ae1 \| Find first file
2018-12-25T12:00:23.235041675Z	79	PC: 12b54 \| Find next file
2018-12-25T12:00:23.239562611Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.245356661Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.250977193Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.257296625Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.259979442Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.263230233Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.266116451Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.268860093Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.271615318Z	59	PC: 12b3e \| Change current directory
2018-12-25T12:00:23.27668082Z	59	PC: 12b7a \| Change current directory
2018-12-25T12:00:23.280858305Z	250	PC: 12abb \| UNKNOWN! (See above)
2018-12-25T12:00:23.281886982Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6866,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:23.319085051Z	250	PC: 12abb \| UNKNOWN!
2018-12-25T12:00:23.320092221Z	42	PC: 12a7d \| Get date 0x12a7d: cmp dh, 1 0x12a80: jne 0x12abc 0x12a82: cmp dl, 0x12 0x12a85: jne 0x12abc 0x12a87: mov ax, 0x900 0x12a8a: jmp 0x12a8d 0x12a8c: nop 0x12a8d: lea dx, word ptr [bp + 0x45d] 0x12a91: mov ah, 9 0x12a93: int 0x21 0x12a95: mov ah, 0xd 0x12a97: int 0x21 0x12a99: mov al, 2 0x12a9b: mov cx, 0xffff 0x12a9e: mov dx, 0 0x12aa1: int 0x26 0x12aa3: mov ah, 0xd 0x12aa5: int 0x21 0x12aa7: mov al, 2 0x12aa9: mov cx, 0xffff
2018-12-25T12:00:23.323879832Z	71	PC: 12ad3 \| Get current directory
2018-12-25T12:00:23.333355403Z	78	PC: 12cab \| Find first file
2018-12-25T12:00:23.339956939Z	47	PC: 12caf \| Get disk transfer address
2018-12-25T12:00:23.350641749Z	65	PC: 12cb6 \| Delete file (Filename = '')
2018-12-25T12:00:23.353243696Z	78	PC: 12ae1 \| Find first file
2018-12-25T12:00:23.36012166Z	79	PC: 12b54 \| Find next file
2018-12-25T12:00:23.372294247Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.376196866Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.382332504Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.389265794Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.392436837Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.395572502Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.399178895Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.402763169Z	79	PC: 12b54 \| Find next file (See above)
2018-12-25T12:00:23.40574766Z	59	PC: 12b3e \| Change current directory
2018-12-25T12:00:23.41179086Z	59	PC: 12b7a \| Change current directory
2018-12-25T12:00:23.417938601Z	250	PC: 12abb \| UNKNOWN! (See above)
2018-12-25T12:00:23.419596268Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":18,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6866,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:25.420576594Z	250	PC: 12abb \| UNKNOWN!
2018-12-25T12:00:25.421891336Z	42	PC: 12a7d \| Get date 0x12a7d: cmp dh, 1 0x12a80: jne 0x12abc 0x12a82: cmp dl, 0x12 0x12a85: jne 0x12abc 0x12a87: mov ax, 0x900 0x12a8a: jmp 0x12a8d 0x12a8c: nop 0x12a8d: lea dx, word ptr [bp + 0x45d] 0x12a91: mov ah, 9 0x12a93: int 0x21 0x12a95: mov ah, 0xd 0x12a97: int 0x21 0x12a99: mov al, 2 0x12a9b: mov cx, 0xffff 0x12a9e: mov dx, 0 0x12aa1: int 0x26 0x12aa3: mov ah, 0xd 0x12aa5: int 0x21 0x12aa7: mov al, 2 0x12aa9: mov cx, 0xffff
2018-12-25T12:00:25.425071702Z	9	PC: 12a95 \| Display string (String= '--Deinonychus--.')
2018-12-25T12:00:25.427831812Z	13	PC: 12a99 \| Disk reset
2018-12-25T12:00:25.430316931Z	13	PC: 12aa7 \| Disk reset
2018-12-25T12:00:25.433389848Z	250	PC: 12abb \| UNKNOWN! (See above)
2018-12-25T12:00:25.434229901Z	250	PC: 12b8e \| UNKNOWN!
2018-12-25T12:00:25.4351558Z	63	PC: 12b9d \| Read file or device (Read 7 bytes on handle 64000)
2018-12-25T12:00:25.444146229Z	87	PC: 12bc3 \| Get or set file date and time
2018-12-25T12:00:25.454077014Z	66	PC: 12bd8 \| Move file pointer
2018-12-25T12:00:25.456619724Z	64	PC: 12be5 \| Write file or device (Write 1 bytes on handle 64000)
2018-12-25T12:00:25.458945095Z	64	PC: 12c04 \| Write file or device (Write 2 bytes on handle 64000)
2018-12-25T12:00:25.460892998Z	64	PC: 12c11 \| Write file or device (Write 4 bytes on handle 64000)
2018-12-25T12:00:25.462704549Z	66	PC: 12c1e \| Move file pointer
2018-12-25T12:00:25.464743074Z	64	PC: 12c44 \| Write file or device (Write 1000 bytes on handle 64000)
2018-12-25T12:00:25.466728022Z	87	PC: 12c53 \| Get or set file date and time
2018-12-25T12:00:25.468051291Z	62	PC: 12c58 \| Close file
2018-12-25T12:00:25.470152175Z	61	PC: 12c68 \| Open file (Filename = 'chklist.ms')
2018-12-25T12:00:25.47736688Z	64	PC: 12c6d \| Write file or device (Write 0 bytes on handle 64000)
2018-12-25T12:00:25.479002202Z	62	PC: 12c72 \| Close file
2018-12-25T12:00:25.480727512Z	61	PC: 12c82 \| Open file (Filename = 'anti-vir.dat')
2018-12-25T12:00:25.485809711Z	64	PC: 12c87 \| Write file or device (Write 0 bytes on handle 64000)
2018-12-25T12:00:25.488004571Z	62	PC: 12c8c \| Close file
2018-12-25T12:00:25.49104068Z	59	PC: 12c94 \| Change current directory
2018-12-25T12:00:25.496218838Z	250	PC: 12abb \| UNKNOWN! (See above)
2018-12-25T12:00:25.497515414Z	250	PC: 12abb \| UNKNOWN! (See above)
2018-12-25T12:00:25.498345656Z	42	PC: 12a7d \| Get date (See above)
2018-12-25T12:00:25.502047326Z	9	PC: 12a95 \| Display string (See above)
2018-12-25T12:00:25.505403563Z	13	PC: 12a99 \| Disk reset (See above)
2018-12-25T12:00:25.508892741Z	13	PC: 12aa7 \| Disk reset (See above)
2018-12-25T12:00:25.517161881Z	250	PC: 12abb \| UNKNOWN! (See above)
2018-12-25T12:00:25.518507386Z	61	PC: 12b8e \| Open file (See above)
2018-12-25T12:00:25.520882582Z	63	PC: 12b9d \| Read file or device (See above)