Sample viewer

vx.netlux.org/Virus.DOS.BetaBoys.Maz.459

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:36.554187275Z	26	PC: 12abb \| Set disk transfer address
2018-12-17T22:49:36.555627531Z	78	PC: 12ac6 \| Find first file
2018-12-17T22:49:36.562746636Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-17T22:49:36.569488843Z	66	PC: 12afa \| Move file pointer
2018-12-17T22:49:36.571267084Z	66	PC: 12b09 \| Move file pointer
2018-12-17T22:49:36.574247784Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:49:36.577973804Z	66	PC: 12b2e \| Move file pointer
2018-12-17T22:49:36.579931673Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:36.584019723Z	66	PC: 12b48 \| Move file pointer
2018-12-17T22:49:36.586012157Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:36.589323618Z	66	PC: 12b6a \| Move file pointer
2018-12-17T22:49:36.592051343Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-17T22:49:37.058724273Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:37.062198952Z	62	PC: 12b8c \| Close file
2018-12-17T22:49:37.070922882Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-17T22:49:37.077763724Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9946,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:26:48.992693359Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T12:26:48.994387858Z	78	PC: 12ac6 \| Find first file
2018-12-25T12:26:48.999106569Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:26:49.003788085Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:26:49.005624162Z	66	PC: 12b09 \| Move file pointer
2018-12-25T12:26:49.007744135Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:26:49.010505755Z	66	PC: 12b2e \| Move file pointer
2018-12-25T12:26:49.011567619Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:49.014431631Z	66	PC: 12b48 \| Move file pointer
2018-12-25T12:26:49.016077243Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:49.019617428Z	66	PC: 12b6a \| Move file pointer
2018-12-25T12:26:49.021759417Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:26:50.705379846Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:50.709043401Z	62	PC: 12b8c \| Close file
2018-12-25T12:26:50.717032955Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:26:50.724222136Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21

{"DateBased":true,"Day":23,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9946,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:26:49.093571939Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T12:26:49.095099375Z	78	PC: 12ac6 \| Find first file
2018-12-25T12:26:49.114980021Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:26:49.122799597Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:26:49.124418946Z	66	PC: 12b09 \| Move file pointer
2018-12-25T12:26:49.131464396Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:26:49.134911116Z	66	PC: 12b2e \| Move file pointer
2018-12-25T12:26:49.136538276Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:49.140731671Z	66	PC: 12b48 \| Move file pointer
2018-12-25T12:26:49.14252295Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:49.145366563Z	66	PC: 12b6a \| Move file pointer
2018-12-25T12:26:49.148898532Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:26:50.705323763Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:50.712637723Z	62	PC: 12b8c \| Close file
2018-12-25T12:26:50.722249301Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:26:50.729184013Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21
2018-12-25T12:26:50.732152394Z	60	PC: 12bba \| Create or truncate file

{"DateBased":true,"Day":24,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9946,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:26:49.623113886Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T12:26:49.625390343Z	78	PC: 12ac6 \| Find first file
2018-12-25T12:26:49.63282849Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:26:49.640759756Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:26:49.644461089Z	66	PC: 12b09 \| Move file pointer
2018-12-25T12:26:49.646842837Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:26:49.650116558Z	66	PC: 12b2e \| Move file pointer
2018-12-25T12:26:49.651485805Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:49.655094076Z	66	PC: 12b48 \| Move file pointer
2018-12-25T12:26:49.656574801Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:49.659371333Z	66	PC: 12b6a \| Move file pointer
2018-12-25T12:26:49.661899116Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:26:50.705860698Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:50.709522442Z	62	PC: 12b8c \| Close file
2018-12-25T12:26:50.718987276Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:26:50.727249222Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21
2018-12-25T12:26:50.730170384Z	60	PC: 12bc8 \| Create or truncate file

{"DateBased":true,"Day":25,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9946,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:26:49.610759297Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T12:26:49.613081155Z	78	PC: 12ac6 \| Find first file
2018-12-25T12:26:49.619645883Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:26:49.625637567Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:26:49.62790239Z	66	PC: 12b09 \| Move file pointer
2018-12-25T12:26:49.629638585Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:26:49.632878639Z	66	PC: 12b2e \| Move file pointer
2018-12-25T12:26:49.63445327Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:49.638149007Z	66	PC: 12b48 \| Move file pointer
2018-12-25T12:26:49.645997778Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:49.649703145Z	66	PC: 12b6a \| Move file pointer
2018-12-25T12:26:49.651691173Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:26:50.704969477Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:50.707919585Z	62	PC: 12b8c \| Close file
2018-12-25T12:26:50.717645774Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:26:50.723650258Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21
2018-12-25T12:26:50.779984191Z	2	PC: 12b85 \| Character output (See above)
2018-12-25T12:26:50.787454175Z	62	PC: 12b8c \| Close file (See above)
2018-12-25T12:26:50.790797558Z	65	PC: 12b94 \| Delete file (See above)
2018-12-25T12:26:50.799293991Z	42	PC: 12b98 \| Get date (See above)
2018-12-25T12:26:54.305343949Z	77	PC: 11fe0 \| Get program return code
2018-12-25T12:26:54.306893963Z	72	PC: 12174 \| Allocate memory
2018-12-25T12:26:54.309543989Z	72	PC: 1218d \| Allocate memory
2018-12-25T12:26:54.312446945Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:26:54.313922209Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:26:54.315675611Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:26:54.317728148Z	62	PC: 122ab \| Close file
2018-12-25T12:26:54.320505139Z	62	PC: 122ab \| Close file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9946,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:26:49.645170354Z	26	PC: 12abb \| Set disk transfer address
2018-12-25T12:26:49.647268763Z	78	PC: 12ac6 \| Find first file
2018-12-25T12:26:49.654120585Z	61	PC: 12aec \| Open file (Filename = 'C:\Command.Com')
2018-12-25T12:26:49.661054872Z	66	PC: 12afa \| Move file pointer
2018-12-25T12:26:49.664078405Z	66	PC: 12b09 \| Move file pointer
2018-12-25T12:26:49.665405001Z	63	PC: 12b14 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:26:49.669084072Z	66	PC: 12b2e \| Move file pointer
2018-12-25T12:26:49.671027752Z	63	PC: 12b3d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:26:49.674989876Z	66	PC: 12b48 \| Move file pointer
2018-12-25T12:26:49.676704139Z	64	PC: 12b5f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:49.679876277Z	66	PC: 12b6a \| Move file pointer
2018-12-25T12:26:49.683251968Z	64	PC: 12b76 \| Write file or device (Write 456 bytes on handle 5)
2018-12-25T12:26:50.709111927Z	64	PC: 12b85 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:26:50.714456171Z	62	PC: 12b8c \| Close file
2018-12-25T12:26:50.72819265Z	65	PC: 12b94 \| Delete file (Filename = '\windows\win.com')
2018-12-25T12:26:50.736458085Z	42	PC: 12b98 \| Get date 0x12b98: cmp dh, 2 0x12b9b: jne 0x12bdb 0x12b9d: cmp dl, 0x17 0x12ba0: je 0x12baf 0x12ba2: cmp dl, 0x18 0x12ba5: je 0x12bbd 0x12ba7: cmp dl, 0x19 0x12baa: je 0x12bcb 0x12bac: jmp 0x12bdb 0x12bae: nop 0x12baf: mov ah, 0x3c 0x12bb1: lea dx, word ptr [si + 0x119] 0x12bb5: mov cx, 1 0x12bb8: int 0x21 0x12bba: jmp 0x12bdb 0x12bbc: nop 0x12bbd: mov ah, 0x3c 0x12bbf: lea dx, word ptr [si + 0x129] 0x12bc3: mov cx, 1 0x12bc6: int 0x21