Sample viewer

vx.netlux.org/Virus.DOS.Unkm.461

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:47.515764725Z 26 PC: 12a9a | Set disk transfer address
2018-12-17T22:47:47.51827587Z 78 PC: 12aa5 | Find first file
2018-12-17T22:47:47.52732721Z 61 PC: 12ad0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:47:47.534788388Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.537440902Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.541135912Z 61 PC: 12ad0 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:47:47.548408147Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.550361358Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.553627489Z 61 PC: 12ad0 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:47:47.560800021Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.56249729Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.565590599Z 61 PC: 12ad0 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:47:47.583856652Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.586165917Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.590118047Z 61 PC: 12ad0 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:47:47.598190888Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.600541769Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.604901812Z 61 PC: 12ad0 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:47:47.612526206Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.614905397Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.62428045Z 61 PC: 12ad0 | Open file (Filename = 'PAH.COM')
2018-12-17T22:47:47.632970758Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.635081625Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.639030793Z 61 PC: 12ad0 | Open file (Filename = 'TEST.COM')
2018-12-17T22:47:47.6472635Z 62 PC: 12ab0 | Close file
2018-12-17T22:47:47.649154514Z 79 PC: 12ab5 | Find next file
2018-12-17T22:47:47.651662025Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dh, 6
0x12bbc: ja 0x12bc5
0x12bbe: cmp dl, 0xe
0x12bc1: ja 0x12bc5
0x12bc3: jmp 0x12bcd
0x12bc5: mov ah, 9
0x12bc7: lea dx, word ptr [bp + 0x28e]
0x12bcb: int 0x21
0x12bcd: ret
0x12bce: dec byte ptr [di + 0x4a]
0x12bd1: xor word ptr [bp + di], si
2018-12-17T22:47:47.655042282Z 9 PC: 12bcd | Display string (String= '�MJ13� virus by !UNKM� -�� OrD�n�T�Ur S�Us C�NtR�Le ��- ')
2018-12-17T22:47:47.659549017Z 26 PC: 12ac6 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9337,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:54.61001814Z 26 PC: 12a9a | Set disk transfer address
2018-12-25T12:22:54.611354866Z 78 PC: 12aa5 | Find first file
2018-12-25T12:22:54.619214377Z 61 PC: 12ad0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:54.627008827Z 62 PC: 12ab0 | Close file
2018-12-25T12:22:54.629441297Z 79 PC: 12ab5 | Find next file
2018-12-25T12:22:54.633369651Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.646296035Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.648928727Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.653556431Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.661050856Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.663407734Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.669777145Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.677475097Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.679921893Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.68337454Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.69162518Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.693986587Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.697103066Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.705678903Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.707932894Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.710922284Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.719148734Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.722366207Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.725555374Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.73491435Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.737353027Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.740309806Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dh, 6
0x12bbc: ja 0x12bc5
0x12bbe: cmp dl, 0xe
0x12bc1: ja 0x12bc5
0x12bc3: jmp 0x12bcd
0x12bc5: mov ah, 9
0x12bc7: lea dx, word ptr [bp + 0x28e]
0x12bcb: int 0x21
0x12bcd: ret
0x12bce: dec byte ptr [di + 0x4a]
0x12bd1: xor word ptr [bp + di], si
2018-12-25T12:22:54.744383623Z 9 PC: 12bcd | Display string (String= '�MJ13� virus by !UNKM� -�� OrD�n�T�Ur S�Us C�NtR�Le ��- ')
2018-12-25T12:22:54.748765431Z 26 PC: 12ac6 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9337,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:54.807135435Z 26 PC: 12a9a | Set disk transfer address
2018-12-25T12:22:54.809660603Z 78 PC: 12aa5 | Find first file
2018-12-25T12:22:54.815913996Z 61 PC: 12ad0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:54.82378316Z 62 PC: 12ab0 | Close file
2018-12-25T12:22:54.825801247Z 79 PC: 12ab5 | Find next file
2018-12-25T12:22:54.84078307Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.851492098Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.852883935Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.855519494Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.864892668Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.866407078Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.869284027Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.874841474Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.876673143Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.880229644Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.886353219Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.888116554Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.890715255Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.897396065Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.899027738Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.901376321Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.908026529Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.90964143Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.911988162Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:54.924571086Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:54.926213631Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:54.929064176Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dh, 6
0x12bbc: ja 0x12bc5
0x12bbe: cmp dl, 0xe
0x12bc1: ja 0x12bc5
0x12bc3: jmp 0x12bcd
0x12bc5: mov ah, 9
0x12bc7: lea dx, word ptr [bp + 0x28e]
0x12bcb: int 0x21
0x12bcd: ret
0x12bce: dec byte ptr [di + 0x4a]
0x12bd1: xor word ptr [bp + di], si
2018-12-25T12:22:54.931848769Z 26 PC: 12ac6 | Set disk transfer address

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9337,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:55.550503434Z 26 PC: 12a9a | Set disk transfer address
2018-12-25T12:22:55.552102776Z 78 PC: 12aa5 | Find first file
2018-12-25T12:22:55.557955353Z 61 PC: 12ad0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:22:55.564231637Z 62 PC: 12ab0 | Close file
2018-12-25T12:22:55.566386295Z 79 PC: 12ab5 | Find next file
2018-12-25T12:22:55.569013736Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:55.575473214Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:55.577592367Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:55.580160992Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:55.586454787Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:55.588471149Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:55.59127767Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:55.602638054Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:55.60472197Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:55.607840077Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:55.619624732Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:55.621355938Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:55.625138028Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:55.631695672Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:55.633720942Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:55.636955918Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:55.643255149Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:55.644795941Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:55.647628042Z 61 PC: 12ad0 | Open file (See above)
2018-12-25T12:22:55.653545792Z 62 PC: 12ab0 | Close file (See above)
2018-12-25T12:22:55.655078401Z 79 PC: 12ab5 | Find next file (See above)
2018-12-25T12:22:55.657376256Z 42 PC: 12bb9 | Get date 0x12bb9: cmp dh, 6
0x12bbc: ja 0x12bc5
0x12bbe: cmp dl, 0xe
0x12bc1: ja 0x12bc5
0x12bc3: jmp 0x12bcd
0x12bc5: mov ah, 9
0x12bc7: lea dx, word ptr [bp + 0x28e]
0x12bcb: int 0x21
0x12bcd: ret
0x12bce: dec byte ptr [di + 0x4a]
0x12bd1: xor word ptr [bp + di], si
2018-12-25T12:22:55.659379902Z 9 PC: 12bcd | Display string (String= '�MJ13� virus by !UNKM� -�� OrD�n�T�Ur S�Us C�NtR�Le ��- ')
2018-12-25T12:22:55.662180608Z 26 PC: 12ac6 | Set disk transfer address