Sample viewer

vx.netlux.org/Virus.DOS.Dolphin.594

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:46.552742396Z 26 PC: 12aa9 | Set disk transfer address
2018-12-17T22:44:46.556495254Z 71 PC: 12ab3 | Get current directory
2018-12-17T22:44:46.559624661Z 78 PC: 12aca | Find first file
2018-12-17T22:44:46.566191335Z 59 PC: 12ad4 | Change current directory
2018-12-17T22:44:46.571302604Z 59 PC: 12ade | Change current directory
2018-12-17T22:44:46.573494922Z 44 PC: 12ae2 | Get time 0x12ae2: cmp cl, 0
0x12ae5: jne 0x12af4
0x12ae7: mov bx, 1
0x12aea: mov cx, 0x22
0x12aed: lea dx, word ptr [bp + 0x324]
0x12af1: call 0x12c5f
0x12af4: pop word ptr [bp + 0x351]
0x12af8: pop word ptr [bp + 0x34f]
0x12afc: pop word ptr [bp + 0x34d]
0x12b00: pop word ptr [bp + 0x34b]
0x12b04: mov ah, 0x1a
0x12b06: mov dx, 0x80
0x12b09: int 0x21
0x12b0b: pop ds
0x12b0c: pop es
0x12b0d: mov ax, es
0x12b0f: add ax, 0x10
0x12b12: add word ptr [bp + 0x1fb], ax
0x12b16: mov bx, word ptr [bp + 0x34f]
0x12b1a: mov word ptr [bp + 0x1f9], bx
2018-12-17T22:44:46.575821211Z 26 PC: 12b0b | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8322,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:21.922592674Z 26 PC: 12aa9 | Set disk transfer address
2018-12-25T12:04:21.924173274Z 71 PC: 12ab3 | Get current directory
2018-12-25T12:04:21.926844447Z 78 PC: 12aca | Find first file
2018-12-25T12:04:21.932355966Z 59 PC: 12ad4 | Change current directory
2018-12-25T12:04:21.93659701Z 59 PC: 12ade | Change current directory
2018-12-25T12:04:21.938134524Z 44 PC: 12ae2 | Get time 0x12ae2: cmp cl, 0
0x12ae5: jne 0x12af4
0x12ae7: mov bx, 1
0x12aea: mov cx, 0x22
0x12aed: lea dx, word ptr [bp + 0x324]
0x12af1: call 0x12c5f
0x12af4: pop word ptr [bp + 0x351]
0x12af8: pop word ptr [bp + 0x34f]
0x12afc: pop word ptr [bp + 0x34d]
0x12b00: pop word ptr [bp + 0x34b]
0x12b04: mov ah, 0x1a
0x12b06: mov dx, 0x80
0x12b09: int 0x21
0x12b0b: pop ds
0x12b0c: pop es
0x12b0d: mov ax, es
0x12b0f: add ax, 0x10
0x12b12: add word ptr [bp + 0x1fb], ax
0x12b16: mov bx, word ptr [bp + 0x34f]
0x12b1a: mov word ptr [bp + 0x1f9], bx
2018-12-25T12:04:21.940054854Z 64 PC: 12c63 | Write file or device (Write 34 bytes on handle 1)
2018-12-25T12:04:21.943121051Z 26 PC: 12b0b | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":8322,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:04:22.354720944Z 26 PC: 12aa9 | Set disk transfer address
2018-12-25T12:04:22.356035204Z 71 PC: 12ab3 | Get current directory
2018-12-25T12:04:22.358662187Z 78 PC: 12aca | Find first file
2018-12-25T12:04:22.364168457Z 59 PC: 12ad4 | Change current directory
2018-12-25T12:04:22.368382809Z 59 PC: 12ade | Change current directory
2018-12-25T12:04:22.369938919Z 44 PC: 12ae2 | Get time 0x12ae2: cmp cl, 0
0x12ae5: jne 0x12af4
0x12ae7: mov bx, 1
0x12aea: mov cx, 0x22
0x12aed: lea dx, word ptr [bp + 0x324]
0x12af1: call 0x12c5f
0x12af4: pop word ptr [bp + 0x351]
0x12af8: pop word ptr [bp + 0x34f]
0x12afc: pop word ptr [bp + 0x34d]
0x12b00: pop word ptr [bp + 0x34b]
0x12b04: mov ah, 0x1a
0x12b06: mov dx, 0x80
0x12b09: int 0x21
0x12b0b: pop ds
0x12b0c: pop es
0x12b0d: mov ax, es
0x12b0f: add ax, 0x10
0x12b12: add word ptr [bp + 0x1fb], ax
0x12b16: mov bx, word ptr [bp + 0x34f]
0x12b1a: mov word ptr [bp + 0x1f9], bx
2018-12-25T12:04:22.371859762Z 26 PC: 12b0b | Set disk transfer address