Sample viewer

vx.netlux.org/Virus.DOS.Deino.1000.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:22.101230047Z	250	PC: 12aa4 \| UNKNOWN!
2018-12-17T22:49:22.102720717Z	42	PC: 12a77 \| Get date 0x12a77: cmp dh, 1 0x12a7a: jne 0x12aa5 0x12a7c: cmp dl, 0x12 0x12a7f: jne 0x12aa5 0x12a81: mov ax, 0x900 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: lea dx, word ptr [bp + 0x446] 0x12a8b: mov ah, 9 0x12a8d: int 0x21 0x12a8f: push 2 0x12a91: pop ax 0x12a92: push 0x10 0x12a94: pop cx 0x12a95: cli 0x12a96: cdq 0x12a97: int 0x26 0x12a99: sti 0x12a9a: push 0xfa02 0x12a9d: pop ax
2018-12-17T22:49:22.106045965Z	71	PC: 12abc \| Get current directory
2018-12-17T22:49:22.109651919Z	78	PC: 12c94 \| Find first file
2018-12-17T22:49:22.116515646Z	47	PC: 12c98 \| Get disk transfer address
2018-12-17T22:49:22.119300508Z	65	PC: 12c9f \| Delete file (Filename = '')
2018-12-17T22:49:22.121774546Z	78	PC: 12aca \| Find first file
2018-12-17T22:49:22.141437089Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.146186792Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.150335968Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.15344056Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.157248987Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.160303115Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.172588737Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.175995698Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.179444638Z	79	PC: 12b3d \| Find next file
2018-12-17T22:49:22.182183714Z	59	PC: 12b27 \| Change current directory
2018-12-17T22:49:22.187353377Z	59	PC: 12b63 \| Change current directory
2018-12-17T22:49:22.19286905Z	250	PC: 12aa4 \| UNKNOWN!
2018-12-17T22:49:22.194304387Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9867,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:56.27361093Z	250	PC: 12aa4 \| UNKNOWN!
2018-12-25T12:23:56.274883263Z	42	PC: 12a77 \| Get date 0x12a77: cmp dh, 1 0x12a7a: jne 0x12aa5 0x12a7c: cmp dl, 0x12 0x12a7f: jne 0x12aa5 0x12a81: mov ax, 0x900 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: lea dx, word ptr [bp + 0x446] 0x12a8b: mov ah, 9 0x12a8d: int 0x21 0x12a8f: push 2 0x12a91: pop ax 0x12a92: push 0x10 0x12a94: pop cx 0x12a95: cli 0x12a96: cdq 0x12a97: int 0x26 0x12a99: sti 0x12a9a: push 0xfa02 0x12a9d: pop ax
2018-12-25T12:23:56.276901579Z	71	PC: 12abc \| Get current directory
2018-12-25T12:23:56.279648544Z	78	PC: 12c94 \| Find first file
2018-12-25T12:23:56.287098271Z	47	PC: 12c98 \| Get disk transfer address
2018-12-25T12:23:56.28838767Z	65	PC: 12c9f \| Delete file (Filename = '')
2018-12-25T12:23:56.28998386Z	78	PC: 12aca \| Find first file
2018-12-25T12:23:56.301583594Z	79	PC: 12b3d \| Find next file
2018-12-25T12:23:56.304089418Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.306710393Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.31250284Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.314966729Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.31742845Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.320835614Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.323419742Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.325812399Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:56.328448725Z	59	PC: 12b27 \| Change current directory
2018-12-25T12:23:56.332551993Z	59	PC: 12b63 \| Change current directory
2018-12-25T12:23:56.33652493Z	250	PC: 12aa4 \| UNKNOWN! (See above)
2018-12-25T12:23:56.337612816Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9867,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:57.303291503Z	250	PC: 12aa4 \| UNKNOWN!
2018-12-25T12:23:57.304634466Z	42	PC: 12a77 \| Get date 0x12a77: cmp dh, 1 0x12a7a: jne 0x12aa5 0x12a7c: cmp dl, 0x12 0x12a7f: jne 0x12aa5 0x12a81: mov ax, 0x900 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: lea dx, word ptr [bp + 0x446] 0x12a8b: mov ah, 9 0x12a8d: int 0x21 0x12a8f: push 2 0x12a91: pop ax 0x12a92: push 0x10 0x12a94: pop cx 0x12a95: cli 0x12a96: cdq 0x12a97: int 0x26 0x12a99: sti 0x12a9a: push 0xfa02 0x12a9d: pop ax
2018-12-25T12:23:57.306680776Z	71	PC: 12abc \| Get current directory
2018-12-25T12:23:57.309315815Z	78	PC: 12c94 \| Find first file
2018-12-25T12:23:57.315971244Z	47	PC: 12c98 \| Get disk transfer address
2018-12-25T12:23:57.317020423Z	65	PC: 12c9f \| Delete file (Filename = '')
2018-12-25T12:23:57.318627665Z	78	PC: 12aca \| Find first file
2018-12-25T12:23:57.324349579Z	79	PC: 12b3d \| Find next file
2018-12-25T12:23:57.326924561Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.329357408Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.33172875Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.335590221Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.338201785Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.340620188Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.344160542Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.347371936Z	79	PC: 12b3d \| Find next file (See above)
2018-12-25T12:23:57.350173892Z	59	PC: 12b27 \| Change current directory
2018-12-25T12:23:57.357756377Z	59	PC: 12b63 \| Change current directory
2018-12-25T12:23:57.362437327Z	250	PC: 12aa4 \| UNKNOWN! (See above)
2018-12-25T12:23:57.363317912Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')