Sample viewer

vx.netlux.org/Virus.DOS.Eumel.756

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:02.679816908Z	42	PC: 12b76 \| Get date 0x12b76: cmp dh, 5 0x12b79: jb 0x12ba5 0x12b7b: cmp dl, 9 0x12b7e: jb 0x12ba5 0x12b80: cmp cx, 0x7cb 0x12b84: jb 0x12ba5 0x12b86: cmp al, 0 0x12b88: jne 0x12ba5 0x12b8a: mov ah, 0x2c 0x12b8c: int 0x21 0x12b8e: cmp ch, 0xc 0x12b91: jne 0x12ba5 0x12b93: cmp cl, 0x1e 0x12b96: jb 0x12ba5 0x12b98: cmp dh, 0x1e 0x12b9b: jb 0x12ba5 0x12b9d: cmp dl, 0x32 0x12ba0: jb 0x12ba5 0x12ba2: call 0x12ba6 0x12ba5: ret
2018-12-17T22:49:02.682374764Z	26	PC: 12a77 \| Set disk transfer address
2018-12-17T22:49:02.686660827Z	25	PC: 12a88 \| Get default drive
2018-12-17T22:49:02.687835304Z	14	PC: 12a92 \| Set default drive (Drive = 'C')
2018-12-17T22:49:02.689197553Z	78	PC: 12a9c \| Find first file
2018-12-17T22:49:02.698192063Z	61	PC: 12aad \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:49:02.704649406Z	66	PC: 12ce9 \| Move file pointer
2018-12-17T22:49:02.706304245Z	62	PC: 12ad3 \| Close file
2018-12-17T22:49:02.709313739Z	79	PC: 12a9c \| Find next file
2018-12-17T22:49:02.712196816Z	26	PC: 12b65 \| Set disk transfer address
2018-12-17T22:49:02.713495366Z	14	PC: 12b6d \| Set default drive (Drive = 'A')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9755,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:43.564734232Z	42	PC: 12b76 \| Get date 0x12b76: cmp dh, 5 0x12b79: jb 0x12ba5 0x12b7b: cmp dl, 9 0x12b7e: jb 0x12ba5 0x12b80: cmp cx, 0x7cb 0x12b84: jb 0x12ba5 0x12b86: cmp al, 0 0x12b88: jne 0x12ba5 0x12b8a: mov ah, 0x2c 0x12b8c: int 0x21 0x12b8e: cmp ch, 0xc 0x12b91: jne 0x12ba5 0x12b93: cmp cl, 0x1e 0x12b96: jb 0x12ba5 0x12b98: cmp dh, 0x1e 0x12b9b: jb 0x12ba5 0x12b9d: cmp dl, 0x32 0x12ba0: jb 0x12ba5 0x12ba2: call 0x12ba6 0x12ba5: ret
2018-12-25T12:23:43.567705335Z	26	PC: 12a77 \| Set disk transfer address
2018-12-25T12:23:43.569230653Z	25	PC: 12a88 \| Get default drive
2018-12-25T12:23:43.570623437Z	14	PC: 12a92 \| Set default drive (Drive = 'C')
2018-12-25T12:23:43.572771926Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T12:23:43.574345266Z	14	PC: 12b6d \| Set default drive (Drive = 'A')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9755,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:44.834785215Z	42	PC: 12b76 \| Get date 0x12b76: cmp dh, 5 0x12b79: jb 0x12ba5 0x12b7b: cmp dl, 9 0x12b7e: jb 0x12ba5 0x12b80: cmp cx, 0x7cb 0x12b84: jb 0x12ba5 0x12b86: cmp al, 0 0x12b88: jne 0x12ba5 0x12b8a: mov ah, 0x2c 0x12b8c: int 0x21 0x12b8e: cmp ch, 0xc 0x12b91: jne 0x12ba5 0x12b93: cmp cl, 0x1e 0x12b96: jb 0x12ba5 0x12b98: cmp dh, 0x1e 0x12b9b: jb 0x12ba5 0x12b9d: cmp dl, 0x32 0x12ba0: jb 0x12ba5 0x12ba2: call 0x12ba6 0x12ba5: ret
2018-12-25T12:23:44.837279773Z	26	PC: 12a77 \| Set disk transfer address
2018-12-25T12:23:44.838829577Z	25	PC: 12a88 \| Get default drive
2018-12-25T12:23:44.839891182Z	14	PC: 12a92 \| Set default drive (Drive = 'C')
2018-12-25T12:23:44.841134153Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T12:23:44.84279419Z	14	PC: 12b6d \| Set default drive (Drive = 'A')

{"DateBased":true,"Day":9,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9755,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:45.147618856Z	42	PC: 12b76 \| Get date 0x12b76: cmp dh, 5 0x12b79: jb 0x12ba5 0x12b7b: cmp dl, 9 0x12b7e: jb 0x12ba5 0x12b80: cmp cx, 0x7cb 0x12b84: jb 0x12ba5 0x12b86: cmp al, 0 0x12b88: jne 0x12ba5 0x12b8a: mov ah, 0x2c 0x12b8c: int 0x21 0x12b8e: cmp ch, 0xc 0x12b91: jne 0x12ba5 0x12b93: cmp cl, 0x1e 0x12b96: jb 0x12ba5 0x12b98: cmp dh, 0x1e 0x12b9b: jb 0x12ba5 0x12b9d: cmp dl, 0x32 0x12ba0: jb 0x12ba5 0x12ba2: call 0x12ba6 0x12ba5: ret
2018-12-25T12:23:45.150469526Z	26	PC: 12a77 \| Set disk transfer address
2018-12-25T12:23:45.151597778Z	25	PC: 12a88 \| Get default drive
2018-12-25T12:23:45.152645598Z	14	PC: 12a92 \| Set default drive (Drive = 'C')
2018-12-25T12:23:45.154450344Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T12:23:45.156038078Z	14	PC: 12b6d \| Set default drive (Drive = 'A')

{"DateBased":true,"Day":9,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9755,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:45.24846524Z	42	PC: 12b76 \| Get date 0x12b76: cmp dh, 5 0x12b79: jb 0x12ba5 0x12b7b: cmp dl, 9 0x12b7e: jb 0x12ba5 0x12b80: cmp cx, 0x7cb 0x12b84: jb 0x12ba5 0x12b86: cmp al, 0 0x12b88: jne 0x12ba5 0x12b8a: mov ah, 0x2c 0x12b8c: int 0x21 0x12b8e: cmp ch, 0xc 0x12b91: jne 0x12ba5 0x12b93: cmp cl, 0x1e 0x12b96: jb 0x12ba5 0x12b98: cmp dh, 0x1e 0x12b9b: jb 0x12ba5 0x12b9d: cmp dl, 0x32 0x12ba0: jb 0x12ba5 0x12ba2: call 0x12ba6 0x12ba5: ret
2018-12-25T12:23:45.25050095Z	26	PC: 12a77 \| Set disk transfer address
2018-12-25T12:23:45.251456257Z	25	PC: 12a88 \| Get default drive
2018-12-25T12:23:45.252249337Z	14	PC: 12a92 \| Set default drive (Drive = 'C')
2018-12-25T12:23:45.253274867Z	78	PC: 12a9c \| Find first file
2018-12-25T12:23:45.256896976Z	61	PC: 12aad \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:23:45.260649987Z	66	PC: 12ce9 \| Move file pointer
2018-12-25T12:23:45.26159846Z	62	PC: 12ad3 \| Close file
2018-12-25T12:23:45.263018537Z	79	PC: 12a9c \| Find next file (See above)
2018-12-25T12:23:45.264731165Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T12:23:45.265693743Z	14	PC: 12b6d \| Set default drive (Drive = 'A')

{"DateBased":true,"Day":14,"Month":5,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9755,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:45.267165074Z	42	PC: 12b76 \| Get date 0x12b76: cmp dh, 5 0x12b79: jb 0x12ba5 0x12b7b: cmp dl, 9 0x12b7e: jb 0x12ba5 0x12b80: cmp cx, 0x7cb 0x12b84: jb 0x12ba5 0x12b86: cmp al, 0 0x12b88: jne 0x12ba5 0x12b8a: mov ah, 0x2c 0x12b8c: int 0x21 0x12b8e: cmp ch, 0xc 0x12b91: jne 0x12ba5 0x12b93: cmp cl, 0x1e 0x12b96: jb 0x12ba5 0x12b98: cmp dh, 0x1e 0x12b9b: jb 0x12ba5 0x12b9d: cmp dl, 0x32 0x12ba0: jb 0x12ba5 0x12ba2: call 0x12ba6 0x12ba5: ret
2018-12-25T12:23:45.269599249Z	44	PC: 12b8e \| Get time 0x12b8e: cmp ch, 0xc 0x12b91: jne 0x12ba5 0x12b93: cmp cl, 0x1e 0x12b96: jb 0x12ba5 0x12b98: cmp dh, 0x1e 0x12b9b: jb 0x12ba5 0x12b9d: cmp dl, 0x32 0x12ba0: jb 0x12ba5 0x12ba2: call 0x12ba6 0x12ba5: ret 0x12ba6: push si 0x12ba7: push di 0x12ba8: push bp 0x12ba9: call 0x12bac 0x12bac: pop di 0x12bad: sub di, 0x26c 0x12bb1: lea si, word ptr [di + 0x2bd] 0x12bb5: mov bx, word ptr [si] 0x12bb7: or bx, bx 0x12bb9: je 0x12bf9
2018-12-25T12:23:45.271752572Z	26	PC: 12a77 \| Set disk transfer address
2018-12-25T12:23:45.27295475Z	25	PC: 12a88 \| Get default drive
2018-12-25T12:23:45.274529416Z	14	PC: 12a92 \| Set default drive (Drive = 'C')
2018-12-25T12:23:45.27586184Z	26	PC: 12b65 \| Set disk transfer address
2018-12-25T12:23:45.276974812Z	14	PC: 12b6d \| Set default drive (Drive = 'A')