Sample viewer

vx.netlux.org/Virus.DOS.Hermetica.975

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:57:05.892969687Z 53 PC: 14aec | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T21:57:05.895698742Z 53 PC: 14afc | Get interrupt vector (Interrupt = '25' AKA 'Get default drive')
2018-12-17T21:57:05.896895272Z 37 PC: 14b07 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T21:57:05.898864866Z 53 PC: 14b11 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:05.901576966Z 37 PC: 14b22 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:05.903558404Z 26 PC: 14b34 | Set disk transfer address
2018-12-17T21:57:05.905306207Z 71 PC: 14b74 | Get current directory
2018-12-17T21:57:05.909482015Z 78 PC: 14c22 | Find first file
2018-12-17T21:57:05.917349692Z 67 PC: 14c30 | Get or set file attributes
2018-12-17T21:57:05.928209775Z 67 PC: 14c3c | Get or set file attributes
2018-12-17T21:57:05.944449158Z 61 PC: 14c41 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:57:05.953839387Z 63 PC: 14c4d | Read file or device (Read 26 bytes on handle 5)
2018-12-17T21:57:05.975434393Z 62 PC: 14d44 | Close file
2018-12-17T21:57:05.9772433Z 67 PC: 14d51 | Get or set file attributes
2018-12-17T21:57:05.996550491Z 79 PC: 14d55 | Find next file
2018-12-17T21:57:05.999867997Z 59 PC: 14b7f | Change current directory
2018-12-17T21:57:06.004682983Z 42 PC: 14b85 | Get date 0x14b85: cmp al, 2
0x14b87: jne 0x14bc8
0x14b89: push ds
0x14b8a: mov ax, 0x70
0x14b8d: mov ds, ax
0x14b8f: mov bx, 0x774
0x14b92: cmp byte ptr [bx], 0x2e
0x14b95: jne 0x14bc7
0x14b97: cmp word ptr [bx + 1], 0x3e80
0x14b9c: jne 0x14bc7
0x14b9e: cmp word ptr [bx + 3], 0xd
0x14ba2: jne 0x14bc7
0x14ba4: cmp word ptr [bx + 5], 0x7400
0x14ba9: jne 0x14bc7
0x14bab: cmp word ptr [bx + 7], 0xe808
0x14bb0: jne 0x14bc7
0x14bb2: cmp word ptr [bx + 9], 0x56
0x14bb6: jne 0x14bc7
0x14bb8: cmp word ptr [bx + 0xb], 0x375
0x14bbd: jne 0x14bc7
2018-12-17T21:57:06.008333742Z 59 PC: 14bd0 | Change current directory
2018-12-17T21:57:06.01075065Z 37 PC: 14bd9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T21:57:06.012497608Z 37 PC: 14be4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:06.015302017Z 26 PC: 14bee | Set disk transfer address
2018-12-17T21:57:06.046355704Z 53 PC: 12fa3 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T21:57:06.04805431Z 37 PC: 12fb7 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":776,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:06:45.074308963Z 53 PC: 14aec | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T13:06:45.075858852Z 53 PC: 14afc | Get interrupt vector (Interrupt = '25' AKA 'Get default drive')
2018-12-25T13:06:45.076849924Z 37 PC: 14b07 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T13:06:45.078213201Z 53 PC: 14b11 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:06:45.079666196Z 37 PC: 14b22 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:06:45.080890163Z 26 PC: 14b34 | Set disk transfer address
2018-12-25T13:06:45.081912315Z 71 PC: 14b74 | Get current directory
2018-12-25T13:06:45.083904442Z 78 PC: 14c22 | Find first file
2018-12-25T13:06:45.088070979Z 67 PC: 14c30 | Get or set file attributes
2018-12-25T13:06:45.092266666Z 67 PC: 14c3c | Get or set file attributes
2018-12-25T13:06:45.336862938Z 61 PC: 14c41 | Open file (Filename = 'TEST.EXE')
2018-12-25T13:06:45.344777825Z 63 PC: 14c4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T13:06:45.347522041Z 62 PC: 14d44 | Close file
2018-12-25T13:06:45.349568679Z 67 PC: 14d51 | Get or set file attributes
2018-12-25T13:06:45.360791949Z 79 PC: 14d55 | Find next file
2018-12-25T13:06:45.363332953Z 59 PC: 14b7f | Change current directory
2018-12-25T13:06:45.36780724Z 42 PC: 14b85 | Get date 0x14b85: cmp al, 2
0x14b87: jne 0x14bc8
0x14b89: push ds
0x14b8a: mov ax, 0x70
0x14b8d: mov ds, ax
0x14b8f: mov bx, 0x774
0x14b92: cmp byte ptr [bx], 0x2e
0x14b95: jne 0x14bc7
0x14b97: cmp word ptr [bx + 1], 0x3e80
0x14b9c: jne 0x14bc7
0x14b9e: cmp word ptr [bx + 3], 0xd
0x14ba2: jne 0x14bc7
0x14ba4: cmp word ptr [bx + 5], 0x7400
0x14ba9: jne 0x14bc7
0x14bab: cmp word ptr [bx + 7], 0xe808
0x14bb0: jne 0x14bc7
0x14bb2: cmp word ptr [bx + 9], 0x56
0x14bb6: jne 0x14bc7
0x14bb8: cmp word ptr [bx + 0xb], 0x375
0x14bbd: jne 0x14bc7
2018-12-25T13:06:45.370642778Z 59 PC: 14bd0 | Change current directory
2018-12-25T13:06:45.372601438Z 37 PC: 14bd9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T13:06:45.373842091Z 37 PC: 14be4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:06:45.375667713Z 26 PC: 14bee | Set disk transfer address
2018-12-25T13:06:45.41211144Z 53 PC: 12fa3 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:06:45.413334681Z 37 PC: 12fb7 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":776,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:53.931469561Z 53 PC: 14aec | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:41:53.933133591Z 53 PC: 14afc | Get interrupt vector (Interrupt = '25' AKA 'Get default drive')
2018-12-25T11:41:53.934243778Z 37 PC: 14b07 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:41:53.935302273Z 53 PC: 14b11 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:53.936786675Z 37 PC: 14b22 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:53.938462259Z 26 PC: 14b34 | Set disk transfer address
2018-12-25T11:41:53.939666291Z 71 PC: 14b74 | Get current directory
2018-12-25T11:41:53.942532739Z 78 PC: 14c22 | Find first file
2018-12-25T11:41:53.94740435Z 67 PC: 14c30 | Get or set file attributes
2018-12-25T11:41:53.951216922Z 67 PC: 14c3c | Get or set file attributes
2018-12-25T11:41:53.964128192Z 61 PC: 14c41 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:41:53.971399439Z 63 PC: 14c4d | Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:41:53.97389714Z 62 PC: 14d44 | Close file
2018-12-25T11:41:53.976108292Z 67 PC: 14d51 | Get or set file attributes
2018-12-25T11:41:53.983544701Z 79 PC: 14d55 | Find next file
2018-12-25T11:41:53.985588096Z 59 PC: 14b7f | Change current directory
2018-12-25T11:41:53.989347693Z 42 PC: 14b85 | Get date 0x14b85: cmp al, 2
0x14b87: jne 0x14bc8
0x14b89: push ds
0x14b8a: mov ax, 0x70
0x14b8d: mov ds, ax
0x14b8f: mov bx, 0x774
0x14b92: cmp byte ptr [bx], 0x2e
0x14b95: jne 0x14bc7
0x14b97: cmp word ptr [bx + 1], 0x3e80
0x14b9c: jne 0x14bc7
0x14b9e: cmp word ptr [bx + 3], 0xd
0x14ba2: jne 0x14bc7
0x14ba4: cmp word ptr [bx + 5], 0x7400
0x14ba9: jne 0x14bc7
0x14bab: cmp word ptr [bx + 7], 0xe808
0x14bb0: jne 0x14bc7
0x14bb2: cmp word ptr [bx + 9], 0x56
0x14bb6: jne 0x14bc7
0x14bb8: cmp word ptr [bx + 0xb], 0x375
0x14bbd: jne 0x14bc7
2018-12-25T11:41:53.992856634Z 37 PC: 14bc7 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:41:53.994185517Z 59 PC: 14bd0 | Change current directory
2018-12-25T11:41:53.996414317Z 37 PC: 14bd9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:41:53.99832294Z 37 PC: 14be4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:53.999558765Z 26 PC: 14bee | Set disk transfer address
2018-12-25T11:41:54.043446676Z 53 PC: 12fa3 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:41:54.046446065Z 37 PC: 12fb7 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')