Sample viewer

vx.netlux.org/Virus.DOS.Murzic.1745

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:58:36.055916784Z 61 PC: 13ce5 | Open file (Filename = 'c:\windows\system\gm32.sys')
2018-12-17T21:58:36.068925644Z 61 PC: 13cf6 | Open file (Filename = 'c:\gm32.sys')
2018-12-17T21:58:36.074960621Z 25 PC: 13f21 | Get default drive
2018-12-17T21:58:36.075990631Z 71 PC: 13f3f | Get current directory
2018-12-17T21:58:36.080049495Z 14 PC: 13fae | Set default drive (Drive = 'M')
2018-12-17T21:58:36.08115232Z 59 PC: 13fb6 | Change current directory
2018-12-17T21:58:36.086874982Z 26 PC: 13d40 | Set disk transfer address
2018-12-17T21:58:36.088420636Z 78 PC: 13d4b | Find first file
2018-12-17T21:58:36.094272426Z 67 PC: 13d6e | Get or set file attributes
2018-12-17T21:58:36.099777277Z 67 PC: 13d79 | Get or set file attributes
2018-12-17T21:58:36.833363776Z 61 PC: 13d82 | Open file (Filename = 'TEST.EXE')
2018-12-17T21:58:36.840371106Z 87 PC: 13d8e | Get or set file date and time
2018-12-17T21:58:36.84203843Z 63 PC: 13da1 | Read file or device (Read 24 bytes on handle 5)
2018-12-17T21:58:36.8454225Z 66 PC: 13db2 | Move file pointer
2018-12-17T21:58:36.847281068Z 66 PC: 13dbe | Move file pointer
2018-12-17T21:58:36.849606694Z 63 PC: 13dc9 | Read file or device (Read 2 bytes on handle 5)
2018-12-17T21:58:36.853174583Z 87 PC: 13efd | Get or set file date and time
2018-12-17T21:58:36.854591473Z 62 PC: 13f01 | Close file
2018-12-17T21:58:36.8614387Z 67 PC: 13f0e | Get or set file attributes
2018-12-17T21:58:36.86694972Z 79 PC: 13d52 | Find next file
2018-12-17T21:58:36.869389147Z 14 PC: 13fcd | Set default drive (Drive = 'A')
2018-12-17T21:58:36.870658237Z 59 PC: 13fd5 | Change current directory
2018-12-17T21:58:36.874773401Z 60 PC: 13d0e | Create or truncate file
2018-12-17T21:58:37.217841135Z 62 PC: 13d14 | Close file
2018-12-17T21:58:37.219627596Z 26 PC: 13d40 | Set disk transfer address
2018-12-17T21:58:37.221346973Z 78 PC: 13d4b | Find first file
2018-12-17T21:58:37.227343655Z 67 PC: 13d6e | Get or set file attributes
2018-12-17T21:58:37.232143377Z 67 PC: 13d79 | Get or set file attributes
2018-12-17T21:58:37.242192888Z 61 PC: 13d82 | Open file (Filename = '')
2018-12-17T21:58:37.253029045Z 87 PC: 13d8e | Get or set file date and time
2018-12-17T21:58:37.254438538Z 63 PC: 13da1 | Read file or device (Read 24 bytes on handle 0)
2018-12-17T21:58:37.260241124Z 66 PC: 13db2 | Move file pointer
2018-12-17T21:58:37.265785397Z 66 PC: 13dbe | Move file pointer
2018-12-17T21:58:37.267193588Z 63 PC: 13dc9 | Read file or device (Read 2 bytes on handle 0)
2018-12-17T21:58:37.27321808Z 87 PC: 13efd | Get or set file date and time
2018-12-17T21:58:37.275191434Z 62 PC: 13f01 | Close file
2018-12-17T21:58:37.281247428Z 67 PC: 13f0e | Get or set file attributes
2018-12-17T21:58:37.285304996Z 79 PC: 13d52 | Find next file
2018-12-17T21:58:37.288135976Z 42 PC: 13ff9 | Get date 0x13ff9: cmp dl, 0x1c
0x13ffc: jne 0x1401c
0x13ffe: mov ah, 0x3c
0x14000: lea dx, word ptr [si + 0x50f]
0x14004: mov cx, 0
0x14007: int 0x21
0x14009: jb 0x1401c
0x1400b: mov bx, ax
0x1400d: mov cx, 0xe0
0x14010: mov ah, 0x40
0x14012: lea dx, word ptr [si + 0x546]
0x14016: int 0x21
0x14018: mov ah, 0x3e
0x1401a: int 0x21
0x1401c: pop es
0x1401d: pop ds
0x1401e: pop di
0x1401f: pop dx
0x14020: pop cx
0x14021: pop bx
2018-12-17T21:58:37.290238277Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-17T21:58:37.294579652Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":951,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:20.028989358Z 61 PC: 13ce5 | Open file (Filename = 'c:\windows\system\gm32.sys')
2018-12-25T11:42:20.04086196Z 61 PC: 13cf6 | Open file (Filename = 'c:\gm32.sys')
2018-12-25T11:42:20.046681581Z 25 PC: 13f21 | Get default drive
2018-12-25T11:42:20.048313301Z 71 PC: 13f3f | Get current directory
2018-12-25T11:42:20.051651609Z 14 PC: 13fae | Set default drive (Drive = 'M')
2018-12-25T11:42:20.052688587Z 59 PC: 13fb6 | Change current directory
2018-12-25T11:42:20.058124898Z 26 PC: 13d40 | Set disk transfer address
2018-12-25T11:42:20.05958579Z 78 PC: 13d4b | Find first file
2018-12-25T11:42:20.065304088Z 67 PC: 13d6e | Get or set file attributes
2018-12-25T11:42:20.082591565Z 67 PC: 13d79 | Get or set file attributes
2018-12-25T11:42:20.100093668Z 61 PC: 13d82 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:42:20.106654781Z 87 PC: 13d8e | Get or set file date and time
2018-12-25T11:42:20.107965699Z 63 PC: 13da1 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:42:20.114712768Z 66 PC: 13db2 | Move file pointer
2018-12-25T11:42:20.116326093Z 66 PC: 13dbe | Move file pointer
2018-12-25T11:42:20.117746691Z 63 PC: 13dc9 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:42:20.124326422Z 87 PC: 13efd | Get or set file date and time
2018-12-25T11:42:20.13448261Z 62 PC: 13f01 | Close file
2018-12-25T11:42:20.14159003Z 67 PC: 13f0e | Get or set file attributes
2018-12-25T11:42:20.146280097Z 79 PC: 13d52 | Find next file
2018-12-25T11:42:20.149312864Z 14 PC: 13fcd | Set default drive (Drive = 'A')
2018-12-25T11:42:20.15059947Z 59 PC: 13fd5 | Change current directory
2018-12-25T11:42:20.165220498Z 60 PC: 13d0e | Create or truncate file
2018-12-25T11:42:20.515062058Z 62 PC: 13d14 | Close file
2018-12-25T11:42:20.517176893Z 26 PC: 13d40 | Set disk transfer address (See above)
2018-12-25T11:42:20.518549247Z 78 PC: 13d4b | Find first file (See above)
2018-12-25T11:42:20.529095487Z 67 PC: 13d6e | Get or set file attributes (See above)
2018-12-25T11:42:20.535027887Z 67 PC: 13d79 | Get or set file attributes (See above)
2018-12-25T11:42:20.54483819Z 61 PC: 13d82 | Open file (See above)
2018-12-25T11:42:20.55242916Z 87 PC: 13d8e | Get or set file date and time (See above)
2018-12-25T11:42:20.55415236Z 63 PC: 13da1 | Read file or device (See above)
2018-12-25T11:42:20.56127652Z 66 PC: 13db2 | Move file pointer (See above)
2018-12-25T11:42:20.563699563Z 66 PC: 13dbe | Move file pointer (See above)
2018-12-25T11:42:20.573774968Z 63 PC: 13dc9 | Read file or device (See above)
2018-12-25T11:42:20.580667169Z 87 PC: 13efd | Get or set file date and time (See above)
2018-12-25T11:42:20.583237964Z 62 PC: 13f01 | Close file (See above)
2018-12-25T11:42:20.904776031Z 67 PC: 13f0e | Get or set file attributes (See above)
2018-12-25T11:42:20.909863344Z 79 PC: 13d52 | Find next file (See above)
2018-12-25T11:42:20.912895825Z 42 PC: 13ff9 | Get date 0x13ff9: cmp dl, 0x1c
0x13ffc: jne 0x1401c
0x13ffe: mov ah, 0x3c
0x14000: lea dx, word ptr [si + 0x50f]
0x14004: mov cx, 0
0x14007: int 0x21
0x14009: jb 0x1401c
0x1400b: mov bx, ax
0x1400d: mov cx, 0xe0
0x14010: mov ah, 0x40
0x14012: lea dx, word ptr [si + 0x546]
0x14016: int 0x21
0x14018: mov ah, 0x3e
0x1401a: int 0x21
0x1401c: pop es
0x1401d: pop ds
0x1401e: pop di
0x1401f: pop dx
0x14020: pop cx
0x14021: pop bx
2018-12-25T11:42:20.915698359Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T11:42:20.920749683Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":28,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":951,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:20.299353366Z 61 PC: 13ce5 | Open file (Filename = 'c:\windows\system\gm32.sys')
2018-12-25T11:42:20.310836055Z 61 PC: 13cf6 | Open file (Filename = 'c:\gm32.sys')
2018-12-25T11:42:20.316587398Z 25 PC: 13f21 | Get default drive
2018-12-25T11:42:20.317690723Z 71 PC: 13f3f | Get current directory
2018-12-25T11:42:20.321634821Z 14 PC: 13fae | Set default drive (Drive = 'M')
2018-12-25T11:42:20.322897743Z 59 PC: 13fb6 | Change current directory
2018-12-25T11:42:20.328712213Z 26 PC: 13d40 | Set disk transfer address
2018-12-25T11:42:20.330127319Z 78 PC: 13d4b | Find first file
2018-12-25T11:42:20.336549501Z 67 PC: 13d6e | Get or set file attributes
2018-12-25T11:42:20.34301563Z 67 PC: 13d79 | Get or set file attributes
2018-12-25T11:42:20.514510748Z 61 PC: 13d82 | Open file (Filename = 'TEST.EXE')
2018-12-25T11:42:20.521588317Z 87 PC: 13d8e | Get or set file date and time
2018-12-25T11:42:20.522935602Z 63 PC: 13da1 | Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:42:20.530651919Z 66 PC: 13db2 | Move file pointer
2018-12-25T11:42:20.532798293Z 66 PC: 13dbe | Move file pointer
2018-12-25T11:42:20.534145801Z 63 PC: 13dc9 | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:42:20.536966442Z 87 PC: 13efd | Get or set file date and time
2018-12-25T11:42:20.540678894Z 62 PC: 13f01 | Close file
2018-12-25T11:42:20.547715679Z 67 PC: 13f0e | Get or set file attributes
2018-12-25T11:42:20.552470059Z 79 PC: 13d52 | Find next file
2018-12-25T11:42:20.556126938Z 14 PC: 13fcd | Set default drive (Drive = 'A')
2018-12-25T11:42:20.557312471Z 59 PC: 13fd5 | Change current directory
2018-12-25T11:42:20.561153693Z 60 PC: 13d0e | Create or truncate file
2018-12-25T11:42:20.906360752Z 62 PC: 13d14 | Close file
2018-12-25T11:42:20.909017601Z 26 PC: 13d40 | Set disk transfer address (See above)
2018-12-25T11:42:20.910486042Z 78 PC: 13d4b | Find first file (See above)
2018-12-25T11:42:20.917421837Z 67 PC: 13d6e | Get or set file attributes (See above)
2018-12-25T11:42:20.923131166Z 67 PC: 13d79 | Get or set file attributes (See above)
2018-12-25T11:42:20.932798359Z 61 PC: 13d82 | Open file (See above)
2018-12-25T11:42:20.94033748Z 87 PC: 13d8e | Get or set file date and time (See above)
2018-12-25T11:42:20.9582598Z 63 PC: 13da1 | Read file or device (See above)
2018-12-25T11:42:20.961424239Z 66 PC: 13db2 | Move file pointer (See above)
2018-12-25T11:42:20.963523831Z 66 PC: 13dbe | Move file pointer (See above)
2018-12-25T11:42:20.965387659Z 63 PC: 13dc9 | Read file or device (See above)
2018-12-25T11:42:20.968701567Z 87 PC: 13efd | Get or set file date and time (See above)
2018-12-25T11:42:20.970747333Z 62 PC: 13f01 | Close file (See above)
2018-12-25T11:42:20.991017236Z 67 PC: 13f0e | Get or set file attributes (See above)
2018-12-25T11:42:20.996544393Z 79 PC: 13d52 | Find next file (See above)
2018-12-25T11:42:21.000241558Z 42 PC: 13ff9 | Get date 0x13ff9: cmp dl, 0x1c
0x13ffc: jne 0x1401c
0x13ffe: mov ah, 0x3c
0x14000: lea dx, word ptr [si + 0x50f]
0x14004: mov cx, 0
0x14007: int 0x21
0x14009: jb 0x1401c
0x1400b: mov bx, ax
0x1400d: mov cx, 0xe0
0x14010: mov ah, 0x40
0x14012: lea dx, word ptr [si + 0x546]
0x14016: int 0x21
0x14018: mov ah, 0x3e
0x1401a: int 0x21
0x1401c: pop es
0x1401d: pop ds
0x1401e: pop di
0x1401f: pop dx
0x14020: pop cx
0x14021: pop bx
2018-12-25T11:42:21.002724453Z 60 PC: 14009 | Create or truncate file
2018-12-25T11:42:21.015137902Z 64 PC: 14018 | Write file or device (Write 224 bytes on handle 0)
2018-12-25T11:42:21.023826898Z 62 PC: 1401c | Close file
2018-12-25T11:42:21.032880471Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T11:42:21.03939852Z 76 PC: 12a61 | Terminate with return code (Return code = '0')