Sample viewer

vx.netlux.org/Virus.DOS.Cantando.857

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:30.432722142Z 47 PC: 13009 | Get disk transfer address
2018-12-17T22:41:30.435160976Z 26 PC: 13026 | Set disk transfer address
2018-12-17T22:41:30.441146245Z 25 PC: 1302f | Get default drive
2018-12-17T22:41:30.442635603Z 71 PC: 13043 | Get current directory
2018-12-17T22:41:30.446337419Z 78 PC: 12f3c | Find first file
2018-12-17T22:41:30.448617684Z 78 PC: 12f3c | Find first file
2018-12-17T22:41:30.454576436Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.457823145Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.460686475Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.463552128Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.467155291Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.469659253Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.472174182Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.475512553Z 78 PC: 12f3c | Find first file
2018-12-17T22:41:30.486082025Z 79 PC: 12fff | Find next file
2018-12-17T22:41:30.489392316Z 67 PC: 12f97 | Get or set file attributes
2018-12-17T22:41:30.498748458Z 61 PC: 12fc8 | Open file (Filename = '')
2018-12-17T22:41:30.50625109Z 63 PC: 12fd6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:41:30.511916204Z 63 PC: 12eae | Read file or device (Read 817 bytes on handle 5)
2018-12-17T22:41:30.51766068Z 66 PC: 12eb7 | Move file pointer
2018-12-17T22:41:30.520063097Z 64 PC: 12ef5 | Write file or device (Write 817 bytes on handle 5)
2018-12-17T22:41:30.867483901Z 64 PC: 12f02 | Write file or device (Write 40 bytes on handle 5)
2018-12-17T22:41:30.870575929Z 66 PC: 12f0b | Move file pointer
2018-12-17T22:41:30.872772647Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:41:30.878581892Z 87 PC: 12ff4 | Get or set file date and time
2018-12-17T22:41:30.8872609Z 62 PC: 12e88 | Close file
2018-12-17T22:41:30.901710716Z 26 PC: 13117 | Set disk transfer address
2018-12-17T22:41:30.90340726Z 42 PC: 1312e | Get date 0x1312e: cmp dx, 0xc18
0x13132: jne 0x13153
0x13134: mov dx, 0xb800
0x13137: mov es, dx
0x13139: mov cx, 0x7d0
0x1313c: mov ax, 0x1f20
0x1313f: xor di, di
0x13141: rep stosd dword ptr es:[di], eax
0x13143: mov di, 0x79a
0x13146: lea si, word ptr [bp + 0x1b]
0x13149: mov cx, 0x36
0x1314c: lodsb al, byte ptr [si]
0x1314d: stosw word ptr es:[di], ax
0x1314e: loop 0x1314c
0x13150: hlt
0x13151: jmp 0x13150
0x13153: pop es
0x13154: pop ds
0x13155: push 0x100
0x13158: ret

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7231,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:13.446224028Z 47 PC: 13009 | Get disk transfer address
2018-12-25T12:01:13.448332431Z 26 PC: 13026 | Set disk transfer address
2018-12-25T12:01:13.449404673Z 25 PC: 1302f | Get default drive
2018-12-25T12:01:13.450443635Z 71 PC: 13043 | Get current directory
2018-12-25T12:01:13.454251661Z 78 PC: 12f3c | Find first file
2018-12-25T12:01:13.456724834Z 78 PC: 12f3c | Find first file (See above)
2018-12-25T12:01:13.463051175Z 79 PC: 12fff | Find next file
2018-12-25T12:01:13.465916867Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.469817173Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.472254384Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.474689678Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.477810458Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.48073814Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.483701165Z 78 PC: 12f3c | Find first file (See above)
2018-12-25T12:01:13.493852729Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.497328663Z 67 PC: 12f97 | Get or set file attributes
2018-12-25T12:01:13.50645682Z 61 PC: 12fc8 | Open file (Filename = '')
2018-12-25T12:01:13.514346572Z 63 PC: 12fd6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:13.526362757Z 63 PC: 12eae | Read file or device (Read 817 bytes on handle 5)
2018-12-25T12:01:13.532017234Z 66 PC: 12eb7 | Move file pointer
2018-12-25T12:01:13.535443979Z 64 PC: 12ef5 | Write file or device (Write 817 bytes on handle 5)
2018-12-25T12:01:13.884094995Z 64 PC: 12f02 | Write file or device (Write 40 bytes on handle 5)
2018-12-25T12:01:13.887161618Z 66 PC: 12f0b | Move file pointer
2018-12-25T12:01:13.889193351Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:13.901558719Z 87 PC: 12ff4 | Get or set file date and time
2018-12-25T12:01:13.903451811Z 62 PC: 12e88 | Close file
2018-12-25T12:01:13.90890945Z 26 PC: 13117 | Set disk transfer address
2018-12-25T12:01:13.911563163Z 42 PC: 1312e | Get date 0x1312e: cmp dx, 0xc18
0x13132: jne 0x13153
0x13134: mov dx, 0xb800
0x13137: mov es, dx
0x13139: mov cx, 0x7d0
0x1313c: mov ax, 0x1f20
0x1313f: xor di, di
0x13141: rep stosd dword ptr es:[di], eax
0x13143: mov di, 0x79a
0x13146: lea si, word ptr [bp + 0x1b]
0x13149: mov cx, 0x36
0x1314c: lodsb al, byte ptr [si]
0x1314d: stosw word ptr es:[di], ax
0x1314e: loop 0x1314c
0x13150: hlt
0x13151: jmp 0x13150
0x13153: pop es
0x13154: pop ds
0x13155: push 0x100
0x13158: ret

{"DateBased":true,"Day":24,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7231,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:13.578184957Z 47 PC: 13009 | Get disk transfer address
2018-12-25T12:01:13.579907716Z 26 PC: 13026 | Set disk transfer address
2018-12-25T12:01:13.581309141Z 25 PC: 1302f | Get default drive
2018-12-25T12:01:13.582531124Z 71 PC: 13043 | Get current directory
2018-12-25T12:01:13.5859682Z 78 PC: 12f3c | Find first file
2018-12-25T12:01:13.588768121Z 78 PC: 12f3c | Find first file (See above)
2018-12-25T12:01:13.595465247Z 79 PC: 12fff | Find next file
2018-12-25T12:01:13.598402474Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.601870362Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.605024109Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.608176859Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.612088969Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.616326464Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.619982973Z 78 PC: 12f3c | Find first file (See above)
2018-12-25T12:01:13.631077083Z 79 PC: 12fff | Find next file (See above)
2018-12-25T12:01:13.634786852Z 67 PC: 12f97 | Get or set file attributes
2018-12-25T12:01:13.644778314Z 61 PC: 12fc8 | Open file (Filename = '')
2018-12-25T12:01:13.652712451Z 63 PC: 12fd6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:01:13.659600775Z 63 PC: 12eae | Read file or device (Read 817 bytes on handle 5)
2018-12-25T12:01:13.665855343Z 66 PC: 12eb7 | Move file pointer
2018-12-25T12:01:13.668030287Z 64 PC: 12ef5 | Write file or device (Write 817 bytes on handle 5)
2018-12-25T12:01:14.025428287Z 64 PC: 12f02 | Write file or device (Write 40 bytes on handle 5)
2018-12-25T12:01:14.028830917Z 66 PC: 12f0b | Move file pointer
2018-12-25T12:01:14.031537222Z 64 PC: 12f15 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:01:14.038690017Z 87 PC: 12ff4 | Get or set file date and time
2018-12-25T12:01:14.040857214Z 62 PC: 12e88 | Close file
2018-12-25T12:01:14.048316227Z 26 PC: 13117 | Set disk transfer address
2018-12-25T12:01:14.054790807Z 42 PC: 1312e | Get date 0x1312e: cmp dx, 0xc18
0x13132: jne 0x13153
0x13134: mov dx, 0xb800
0x13137: mov es, dx
0x13139: mov cx, 0x7d0
0x1313c: mov ax, 0x1f20
0x1313f: xor di, di
0x13141: rep stosd dword ptr es:[di], eax
0x13143: mov di, 0x79a
0x13146: lea si, word ptr [bp + 0x1b]
0x13149: mov cx, 0x36
0x1314c: lodsb al, byte ptr [si]
0x1314d: stosw word ptr es:[di], ax
0x1314e: loop 0x1314c
0x13150: hlt
0x13151: jmp 0x13150
0x13153: pop es
0x13154: pop ds
0x13155: push 0x100
0x13158: ret