Sample viewer

vx.netlux.org/Virus.DOS.7son.344

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:45:35.634308044Z 51 PC: 12a5b | Get or set Ctrl-Break
2018-12-17T22:45:35.636389479Z 51 PC: 12a63 | Get or set Ctrl-Break
2018-12-17T22:45:35.637790597Z 53 PC: 12a68 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:35.639568334Z 37 PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:35.641267083Z 26 PC: 12a7c | Set disk transfer address
2018-12-17T22:45:35.643209526Z 78 PC: 12a9f | Find first file
2018-12-17T22:45:35.645080698Z 67 PC: 12ac8 | Get or set file attributes
2018-12-17T22:45:35.649829955Z 67 PC: 12b73 | Get or set file attributes
2018-12-17T22:45:35.661089355Z 42 PC: 12b46 | Get date 0x12b46: cmp dl, 1
0x12b49: je 0x12b4d
0x12b4b: jmp 0x12b6a
0x12b4d: cli
0x12b4e: mov ah, 2
0x12b50: cdq
0x12b51: mov cx, 0x100
0x12b54: int 0x26
0x12b56: jmp 0x12b58
0x12b58: mov al, 3
0x12b5a: mov cx, 0x700
0x12b5d: mov dx, 0
0x12b60: mov ds, word ptr [di + 0x99]
0x12b64: mov bx, word ptr [di + 0x55]
0x12b67: call 0x22b4d
0x12b6a: mov dx, word ptr [bp + 0x24a]
0x12b6e: mov ax, 0x4301
0x12b71: int 0x21
0x12b73: ret
0x12b74: mov ax, 0x4200
2018-12-17T22:45:35.664196518Z 67 PC: 12b73 | Get or set file attributes
2018-12-17T22:45:35.669643008Z 79 PC: 12aaa | Find next file
2018-12-17T22:45:35.672835659Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:45:35.67405853Z 51 PC: 12ab9 | Get or set Ctrl-Break

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8598,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:34.804116343Z 51 PC: 12a5b | Get or set Ctrl-Break
2018-12-25T12:21:34.80543897Z 51 PC: 12a63 | Get or set Ctrl-Break
2018-12-25T12:21:34.806877571Z 53 PC: 12a68 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:34.808373853Z 37 PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:34.810964126Z 26 PC: 12a7c | Set disk transfer address
2018-12-25T12:21:34.812943468Z 78 PC: 12a9f | Find first file
2018-12-25T12:21:34.814594603Z 67 PC: 12ac8 | Get or set file attributes
2018-12-25T12:21:34.819897791Z 67 PC: 12b73 | Get or set file attributes
2018-12-25T12:21:34.82556262Z 42 PC: 12b46 | Get date 0x12b46: cmp dl, 1
0x12b49: je 0x12b4d
0x12b4b: jmp 0x12b6a
0x12b4d: cli
0x12b4e: mov ah, 2
0x12b50: cdq
0x12b51: mov cx, 0x100
0x12b54: int 0x26
0x12b56: jmp 0x12b58
0x12b58: mov al, 3
0x12b5a: mov cx, 0x700
0x12b5d: mov dx, 0
0x12b60: mov ds, word ptr [di + 0x99]
0x12b64: mov bx, word ptr [di + 0x55]
0x12b67: call 0x22b4d
0x12b6a: mov dx, word ptr [bp + 0x24a]
0x12b6e: mov ax, 0x4301
0x12b71: int 0x21
0x12b73: ret
0x12b74: mov ax, 0x4200
2018-12-25T12:21:36.099290986Z 78 PC: 12a9f | Find first file (See above)
2018-12-25T12:21:36.105339705Z 67 PC: 12ac8 | Get or set file attributes (See above)
2018-12-25T12:21:36.110294422Z 64 PC: 12b29 | Write file or device (Write 0 bytes on handle 1264)
2018-12-25T12:21:36.815834807Z 64 PC: 12b29 | Write file or device (See above)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8598,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:35.019304796Z 51 PC: 12a5b | Get or set Ctrl-Break
2018-12-25T12:21:35.02082884Z 51 PC: 12a63 | Get or set Ctrl-Break
2018-12-25T12:21:35.021648767Z 53 PC: 12a68 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:35.022611176Z 37 PC: 12a74 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:35.0239752Z 26 PC: 12a7c | Set disk transfer address
2018-12-25T12:21:35.024915174Z 78 PC: 12a9f | Find first file
2018-12-25T12:21:35.026191085Z 67 PC: 12ac8 | Get or set file attributes
2018-12-25T12:21:35.029337671Z 67 PC: 12b73 | Get or set file attributes
2018-12-25T12:21:35.032040265Z 42 PC: 12b46 | Get date 0x12b46: cmp dl, 1
0x12b49: je 0x12b4d
0x12b4b: jmp 0x12b6a
0x12b4d: cli
0x12b4e: mov ah, 2
0x12b50: cdq
0x12b51: mov cx, 0x100
0x12b54: int 0x26
0x12b56: jmp 0x12b58
0x12b58: mov al, 3
0x12b5a: mov cx, 0x700
0x12b5d: mov dx, 0
0x12b60: mov ds, word ptr [di + 0x99]
0x12b64: mov bx, word ptr [di + 0x55]
0x12b67: call 0x22b4d
0x12b6a: mov dx, word ptr [bp + 0x24a]
0x12b6e: mov ax, 0x4301
0x12b71: int 0x21
0x12b73: ret
0x12b74: mov ax, 0x4200
2018-12-25T12:21:35.033377453Z 67 PC: 12b73 | Get or set file attributes (See above)
2018-12-25T12:21:35.039347462Z 79 PC: 12aaa | Find next file
2018-12-25T12:21:35.040693822Z 37 PC: 12ab3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:21:35.04163378Z 51 PC: 12ab9 | Get or set Ctrl-Break