Sample viewer

vx.netlux.org/Virus.DOS.Shatin.1637

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:24.594070296Z	42	PC: 12a53 \| Get date 0x12a53: cmp dl, 1 0x12a56: je 0x12a5b 0x12a58: jmp 0x12c50 0x12a5b: mov ah, 0xf 0x12a5d: int 0x10 0x12a5f: mov byte ptr cs:[0x1f8], bh 0x12a64: mov cx, 0x10 0x12a67: mov si, 0x1f9 0x12a6a: mov dx, 0 0x12a6d: mov ax, word ptr cs:[si] 0x12a70: mov cx, 0x19 0x12a73: push cx 0x12a74: mov cx, 5 0x12a77: push cx 0x12a78: mov ax, word ptr cs:[si] 0x12a7b: mov cx, 0x10 0x12a7e: push cx 0x12a7f: rol ax, 1 0x12a81: push ax 0x12a82: push ax
2018-12-17T22:44:24.597991568Z	74	PC: 12ca3 \| Reallocate memory
2018-12-17T22:44:24.600591682Z	75	PC: 12cc7 \| Execute program
2018-12-17T22:44:24.617233538Z	42	PC: 22ba3 \| Get date 0x22ba3: cmp dl, 1 0x22ba6: je 0x22bab 0x22ba8: jmp 0x22da0 0x22bab: mov ah, 0xf 0x22bad: int 0x10 0x22baf: mov byte ptr cs:[0x1f8], bh 0x22bb4: mov cx, 0x10 0x22bb7: mov si, 0x1f9 0x22bba: mov dx, 0 0x22bbd: mov ax, word ptr cs:[si] 0x22bc0: mov cx, 0x19 0x22bc3: push cx 0x22bc4: mov cx, 5 0x22bc7: push cx 0x22bc8: mov ax, word ptr cs:[si] 0x22bcb: mov cx, 0x10 0x22bce: push cx 0x22bcf: rol ax, 1 0x22bd1: push ax 0x22bd2: push ax
2018-12-17T22:44:24.622247666Z	73	PC: 12ccd \| Release memory
2018-12-17T22:44:24.624796895Z	77	PC: 12cd1 \| Get program return code
2018-12-17T22:44:24.626347743Z	49	PC: 12ce3 \| Terminate and stay resident (Return code = '0' \| Memory size = '390')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8204,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:44.431961913Z	42	PC: 12a53 \| Get date 0x12a53: cmp dl, 1 0x12a56: je 0x12a5b 0x12a58: jmp 0x12c50 0x12a5b: mov ah, 0xf 0x12a5d: int 0x10 0x12a5f: mov byte ptr cs:[0x1f8], bh 0x12a64: mov cx, 0x10 0x12a67: mov si, 0x1f9 0x12a6a: mov dx, 0 0x12a6d: mov ax, word ptr cs:[si] 0x12a70: mov cx, 0x19 0x12a73: push cx 0x12a74: mov cx, 5 0x12a77: push cx 0x12a78: mov ax, word ptr cs:[si] 0x12a7b: mov cx, 0x10 0x12a7e: push cx 0x12a7f: rol ax, 1 0x12a81: push ax 0x12a82: push ax
2018-12-25T12:03:44.445511965Z	60	PC: 12b26 \| Create or truncate file
2018-12-25T12:03:44.773620895Z	64	PC: 12b32 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-25T12:03:44.78730643Z	62	PC: 12b36 \| Close file

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8204,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:46.573622221Z	42	PC: 12a53 \| Get date 0x12a53: cmp dl, 1 0x12a56: je 0x12a5b 0x12a58: jmp 0x12c50 0x12a5b: mov ah, 0xf 0x12a5d: int 0x10 0x12a5f: mov byte ptr cs:[0x1f8], bh 0x12a64: mov cx, 0x10 0x12a67: mov si, 0x1f9 0x12a6a: mov dx, 0 0x12a6d: mov ax, word ptr cs:[si] 0x12a70: mov cx, 0x19 0x12a73: push cx 0x12a74: mov cx, 5 0x12a77: push cx 0x12a78: mov ax, word ptr cs:[si] 0x12a7b: mov cx, 0x10 0x12a7e: push cx 0x12a7f: rol ax, 1 0x12a81: push ax 0x12a82: push ax
2018-12-25T12:03:46.575464277Z	74	PC: 12ca3 \| Reallocate memory
2018-12-25T12:03:46.576645351Z	75	PC: 12cc7 \| Execute program
2018-12-25T12:03:46.5862439Z	42	PC: 22ba3 \| Get date 0x22ba3: cmp dl, 1 0x22ba6: je 0x22bab 0x22ba8: jmp 0x22da0 0x22bab: mov ah, 0xf 0x22bad: int 0x10 0x22baf: mov byte ptr cs:[0x1f8], bh 0x22bb4: mov cx, 0x10 0x22bb7: mov si, 0x1f9 0x22bba: mov dx, 0 0x22bbd: mov ax, word ptr cs:[si] 0x22bc0: mov cx, 0x19 0x22bc3: push cx 0x22bc4: mov cx, 5 0x22bc7: push cx 0x22bc8: mov ax, word ptr cs:[si] 0x22bcb: mov cx, 0x10 0x22bce: push cx 0x22bcf: rol ax, 1 0x22bd1: push ax 0x22bd2: push ax
2018-12-25T12:03:46.589452828Z	73	PC: 12ccd \| Release memory
2018-12-25T12:03:46.590911323Z	77	PC: 12cd1 \| Get program return code
2018-12-25T12:03:46.591794355Z	49	PC: 12ce3 \| Terminate and stay resident (Return code = '0' \| Memory size = '390')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8204,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:46.73811274Z	42	PC: 12a53 \| Get date 0x12a53: cmp dl, 1 0x12a56: je 0x12a5b 0x12a58: jmp 0x12c50 0x12a5b: mov ah, 0xf 0x12a5d: int 0x10 0x12a5f: mov byte ptr cs:[0x1f8], bh 0x12a64: mov cx, 0x10 0x12a67: mov si, 0x1f9 0x12a6a: mov dx, 0 0x12a6d: mov ax, word ptr cs:[si] 0x12a70: mov cx, 0x19 0x12a73: push cx 0x12a74: mov cx, 5 0x12a77: push cx 0x12a78: mov ax, word ptr cs:[si] 0x12a7b: mov cx, 0x10 0x12a7e: push cx 0x12a7f: rol ax, 1 0x12a81: push ax 0x12a82: push ax
2018-12-25T12:03:46.750137959Z	60	PC: 12b26 \| Create or truncate file
2018-12-25T12:03:47.992600938Z	64	PC: 12b32 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-25T12:03:48.012900258Z	62	PC: 12b36 \| Close file

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8204,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:48.154548912Z	42	PC: 12a53 \| Get date 0x12a53: cmp dl, 1 0x12a56: je 0x12a5b 0x12a58: jmp 0x12c50 0x12a5b: mov ah, 0xf 0x12a5d: int 0x10 0x12a5f: mov byte ptr cs:[0x1f8], bh 0x12a64: mov cx, 0x10 0x12a67: mov si, 0x1f9 0x12a6a: mov dx, 0 0x12a6d: mov ax, word ptr cs:[si] 0x12a70: mov cx, 0x19 0x12a73: push cx 0x12a74: mov cx, 5 0x12a77: push cx 0x12a78: mov ax, word ptr cs:[si] 0x12a7b: mov cx, 0x10 0x12a7e: push cx 0x12a7f: rol ax, 1 0x12a81: push ax 0x12a82: push ax
2018-12-25T12:03:48.157518329Z	74	PC: 12ca3 \| Reallocate memory
2018-12-25T12:03:48.159685743Z	75	PC: 12cc7 \| Execute program
2018-12-25T12:03:48.173710034Z	42	PC: 22ba3 \| Get date 0x22ba3: cmp dl, 1 0x22ba6: je 0x22bab 0x22ba8: jmp 0x22da0 0x22bab: mov ah, 0xf 0x22bad: int 0x10 0x22baf: mov byte ptr cs:[0x1f8], bh 0x22bb4: mov cx, 0x10 0x22bb7: mov si, 0x1f9 0x22bba: mov dx, 0 0x22bbd: mov ax, word ptr cs:[si] 0x22bc0: mov cx, 0x19 0x22bc3: push cx 0x22bc4: mov cx, 5 0x22bc7: push cx 0x22bc8: mov ax, word ptr cs:[si] 0x22bcb: mov cx, 0x10 0x22bce: push cx 0x22bcf: rol ax, 1 0x22bd1: push ax 0x22bd2: push ax
2018-12-25T12:03:48.180026262Z	73	PC: 12ccd \| Release memory
2018-12-25T12:03:48.181504783Z	77	PC: 12cd1 \| Get program return code
2018-12-25T12:03:48.182567738Z	49	PC: 12ce3 \| Terminate and stay resident (Return code = '0' \| Memory size = '390')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8204,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:48.135643368Z	42	PC: 12a53 \| Get date 0x12a53: cmp dl, 1 0x12a56: je 0x12a5b 0x12a58: jmp 0x12c50 0x12a5b: mov ah, 0xf 0x12a5d: int 0x10 0x12a5f: mov byte ptr cs:[0x1f8], bh 0x12a64: mov cx, 0x10 0x12a67: mov si, 0x1f9 0x12a6a: mov dx, 0 0x12a6d: mov ax, word ptr cs:[si] 0x12a70: mov cx, 0x19 0x12a73: push cx 0x12a74: mov cx, 5 0x12a77: push cx 0x12a78: mov ax, word ptr cs:[si] 0x12a7b: mov cx, 0x10 0x12a7e: push cx 0x12a7f: rol ax, 1 0x12a81: push ax 0x12a82: push ax
2018-12-25T12:03:48.149211037Z	60	PC: 12b26 \| Create or truncate file
2018-12-25T12:03:48.577182234Z	64	PC: 12b32 \| Write file or device (Write 4000 bytes on handle 5)
2018-12-25T12:03:48.583702751Z	62	PC: 12b36 \| Close file

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8204,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:50.08913306Z	42	PC: 12a53 \| Get date 0x12a53: cmp dl, 1 0x12a56: je 0x12a5b 0x12a58: jmp 0x12c50 0x12a5b: mov ah, 0xf 0x12a5d: int 0x10 0x12a5f: mov byte ptr cs:[0x1f8], bh 0x12a64: mov cx, 0x10 0x12a67: mov si, 0x1f9 0x12a6a: mov dx, 0 0x12a6d: mov ax, word ptr cs:[si] 0x12a70: mov cx, 0x19 0x12a73: push cx 0x12a74: mov cx, 5 0x12a77: push cx 0x12a78: mov ax, word ptr cs:[si] 0x12a7b: mov cx, 0x10 0x12a7e: push cx 0x12a7f: rol ax, 1 0x12a81: push ax 0x12a82: push ax
2018-12-25T12:03:50.092302457Z	74	PC: 12ca3 \| Reallocate memory
2018-12-25T12:03:50.093730786Z	75	PC: 12cc7 \| Execute program
2018-12-25T12:03:50.107695496Z	42	PC: 22ba3 \| Get date 0x22ba3: cmp dl, 1 0x22ba6: je 0x22bab 0x22ba8: jmp 0x22da0 0x22bab: mov ah, 0xf 0x22bad: int 0x10 0x22baf: mov byte ptr cs:[0x1f8], bh 0x22bb4: mov cx, 0x10 0x22bb7: mov si, 0x1f9 0x22bba: mov dx, 0 0x22bbd: mov ax, word ptr cs:[si] 0x22bc0: mov cx, 0x19 0x22bc3: push cx 0x22bc4: mov cx, 5 0x22bc7: push cx 0x22bc8: mov ax, word ptr cs:[si] 0x22bcb: mov cx, 0x10 0x22bce: push cx 0x22bcf: rol ax, 1 0x22bd1: push ax 0x22bd2: push ax
2018-12-25T12:03:50.11276944Z	73	PC: 12ccd \| Release memory
2018-12-25T12:03:50.114087421Z	77	PC: 12cd1 \| Get program return code
2018-12-25T12:03:50.115181235Z	49	PC: 12ce3 \| Terminate and stay resident (Return code = '0' \| Memory size = '390')