Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.Tecla.1303

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:50.177269035Z 244 PC: 12e81 | UNKNOWN!
2018-12-17T22:47:50.179206766Z 53 PC: 12e8e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:50.180603481Z 53 PC: 12e9a | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:47:50.182138636Z 54 PC: 9f75e | Get free disk space
2018-12-17T22:47:50.232889341Z 53 PC: 9f780 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:50.236891852Z 67 PC: 9f7ab | Get or set file attributes
2018-12-17T22:47:50.245609253Z 67 PC: 9f7b7 | Get or set file attributes
2018-12-17T22:47:50.586514938Z 61 PC: 9f7c1 | Open file (Filename = '�S�')
2018-12-17T22:47:50.594707653Z 87 PC: 9f7d1 | Get or set file date and time
2018-12-17T22:47:50.596941521Z 66 PC: 9fa2b | Move file pointer
2018-12-17T22:47:50.599107371Z 63 PC: 9fa1c | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:47:50.6128584Z 66 PC: 9f815 | Move file pointer
2018-12-17T22:47:50.615058454Z 63 PC: 9fa1c | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:47:50.62231491Z 66 PC: 9fa2b | Move file pointer
2018-12-17T22:47:50.624989135Z 63 PC: 9f851 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:47:50.629080462Z 66 PC: 9fa3a | Move file pointer
2018-12-17T22:47:50.632340108Z 64 PC: 9fbdd | Write file or device (Write 1303 bytes on handle 5)
2018-12-17T22:47:50.643295694Z 66 PC: 9fa2b | Move file pointer
2018-12-17T22:47:50.646042997Z 64 PC: 9f890 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:47:50.649413701Z 87 PC: 9f9d0 | Get or set file date and time
2018-12-17T22:47:50.651388982Z 62 PC: 9f9d4 | Close file
2018-12-17T22:47:50.660305758Z 67 PC: 9f9e8 | Get or set file attributes
2018-12-17T22:47:50.672889304Z 42 PC: 12f2e | Get date 0x12f2e: cmp dx, 0x917
0x12f32: jne 0x12f45
0x12f34: xor ax, ax
0x12f36: mov es, ax
0x12f38: mov di, 0x17c
0x12f3b: mov word ptr es:[0x58], di
0x12f40: mov word ptr es:[0x5a], ds
0x12f45: cmp byte ptr cs:[si + 0x1b], 1
0x12f4b: je 0x12f60
0x12f4d: push cs
0x12f4e: push cs
0x12f4f: pop ds
0x12f50: pop es
0x12f51: add si, 7
0x12f55: mov di, 0x100
0x12f58: push di
0x12f59: cld
0x12f5a: mov cx, 3
0x12f5d: rep movsb byte ptr es:[di], byte ptr [si]
0x12f5f: ret
2018-12-17T22:47:50.675650342Z 76 PC: 12a44 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9355,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:57.499825338Z 244 PC: 12e81 | UNKNOWN!
2018-12-25T12:22:57.501689882Z 53 PC: 12e8e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:57.50279498Z 53 PC: 12e9a | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:22:57.504100331Z 54 PC: 9f75e | Get free disk space
2018-12-25T12:22:57.546755325Z 53 PC: 9f780 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:57.547874486Z 67 PC: 9f7ab | Get or set file attributes
2018-12-25T12:22:57.555585713Z 67 PC: 9f7b7 | Get or set file attributes
2018-12-25T12:22:58.21173029Z 61 PC: 9f7c1 | Open file (Filename = '�S�')
2018-12-25T12:22:58.216406973Z 87 PC: 9f7d1 | Get or set file date and time
2018-12-25T12:22:58.217404169Z 66 PC: 9fa2b | Move file pointer
2018-12-25T12:22:58.218546382Z 63 PC: 9fa1c | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:22:58.224173191Z 66 PC: 9f815 | Move file pointer
2018-12-25T12:22:58.225437319Z 63 PC: 9fa1c | Read file or device (See above)
2018-12-25T12:22:58.231271598Z 66 PC: 9fa2b | Move file pointer (See above)
2018-12-25T12:22:58.233091213Z 63 PC: 9f851 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:58.236228395Z 66 PC: 9fa3a | Move file pointer
2018-12-25T12:22:58.238376411Z 64 PC: 9fbdd | Write file or device (Write 1303 bytes on handle 5)
2018-12-25T12:22:58.248598524Z 66 PC: 9fa2b | Move file pointer (See above)
2018-12-25T12:22:58.249855659Z 64 PC: 9f890 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:58.252575788Z 87 PC: 9f9d0 | Get or set file date and time
2018-12-25T12:22:58.254431675Z 62 PC: 9f9d4 | Close file
2018-12-25T12:22:58.264073201Z 67 PC: 9f9e8 | Get or set file attributes
2018-12-25T12:22:58.589334959Z 42 PC: 12f2e | Get date 0x12f2e: cmp dx, 0x917
0x12f32: jne 0x12f45
0x12f34: xor ax, ax
0x12f36: mov es, ax
0x12f38: mov di, 0x17c
0x12f3b: mov word ptr es:[0x58], di
0x12f40: mov word ptr es:[0x5a], ds
0x12f45: cmp byte ptr cs:[si + 0x1b], 1
0x12f4b: je 0x12f60
0x12f4d: push cs
0x12f4e: push cs
0x12f4f: pop ds
0x12f50: pop es
0x12f51: add si, 7
0x12f55: mov di, 0x100
0x12f58: push di
0x12f59: cld
0x12f5a: mov cx, 3
0x12f5d: rep movsb byte ptr es:[di], byte ptr [si]
0x12f5f: ret
2018-12-25T12:22:58.592508062Z 76 PC: 12a44 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":23,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9355,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:57.557290826Z 244 PC: 12e81 | UNKNOWN!
2018-12-25T12:22:57.558499572Z 53 PC: 12e8e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:57.55947899Z 53 PC: 12e9a | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T12:22:57.560642745Z 54 PC: 9f75e | Get free disk space
2018-12-25T12:22:57.598707202Z 53 PC: 9f780 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:57.599558718Z 67 PC: 9f7ab | Get or set file attributes
2018-12-25T12:22:57.604178504Z 67 PC: 9f7b7 | Get or set file attributes
2018-12-25T12:22:58.213205129Z 61 PC: 9f7c1 | Open file (Filename = '�S�')
2018-12-25T12:22:58.222034767Z 87 PC: 9f7d1 | Get or set file date and time
2018-12-25T12:22:58.223708187Z 66 PC: 9fa2b | Move file pointer
2018-12-25T12:22:58.225161611Z 63 PC: 9fa1c | Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:22:58.236267038Z 66 PC: 9f815 | Move file pointer
2018-12-25T12:22:58.237590676Z 63 PC: 9fa1c | Read file or device (See above)
2018-12-25T12:22:58.243423777Z 66 PC: 9fa2b | Move file pointer (See above)
2018-12-25T12:22:58.246359213Z 63 PC: 9f851 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:22:58.249371699Z 66 PC: 9fa3a | Move file pointer
2018-12-25T12:22:58.251945713Z 64 PC: 9fbdd | Write file or device (Write 1303 bytes on handle 5)
2018-12-25T12:22:58.26425233Z 66 PC: 9fa2b | Move file pointer (See above)
2018-12-25T12:22:58.265728139Z 64 PC: 9f890 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:22:58.268656458Z 87 PC: 9f9d0 | Get or set file date and time
2018-12-25T12:22:58.271215088Z 62 PC: 9f9d4 | Close file
2018-12-25T12:22:58.589370508Z 67 PC: 9f9e8 | Get or set file attributes
2018-12-25T12:22:58.598384048Z 42 PC: 12f2e | Get date 0x12f2e: cmp dx, 0x917
0x12f32: jne 0x12f45
0x12f34: xor ax, ax
0x12f36: mov es, ax
0x12f38: mov di, 0x17c
0x12f3b: mov word ptr es:[0x58], di
0x12f40: mov word ptr es:[0x5a], ds
0x12f45: cmp byte ptr cs:[si + 0x1b], 1
0x12f4b: je 0x12f60
0x12f4d: push cs
0x12f4e: push cs
0x12f4f: pop ds
0x12f50: pop es
0x12f51: add si, 7
0x12f55: mov di, 0x100
0x12f58: push di
0x12f59: cld
0x12f5a: mov cx, 3
0x12f5d: rep movsb byte ptr es:[di], byte ptr [si]
0x12f5f: ret
2018-12-25T12:22:58.601959134Z 76 PC: 12a44 | Terminate with return code (Return code = '0')