Sample viewer

vx.netlux.org/Virus.DOS.Fasolo.149

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:19.600562482Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 0xc 0x12a47: jne 0x12a79 0x12a49: cmp dl, 4 0x12a4c: jne 0x12a79 0x12a4e: mov ah, 2 0x12a50: mov dl, 7 0x12a52: int 0x21 0x12a54: in al, 0x21 0x12a56: or al, 2 0x12a58: out 0x21, al 0x12a5a: mov ah, 3 0x12a5c: mov al, 0x80 0x12a5e: mov ch, 0 0x12a60: mov cl, 1 0x12a62: mov dh, 0 0x12a64: mov dl, 0x80 0x12a66: mov bx, 0 0x12a69: int 0x13 0x12a6b: mov ah, 2 0x12a6d: mov dl, 7
2018-12-17T22:50:19.603290712Z	78	PC: 12a80 \| Find first file
2018-12-17T22:50:19.610147824Z	61	PC: 12a88 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:19.616830305Z	63	PC: 12a93 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:50:19.623988573Z	62	PC: 12a97 \| Close file
2018-12-17T22:50:19.625700333Z	61	PC: 12ab2 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:19.631900424Z	64	PC: 12abd \| Write file or device (Write 149 bytes on handle 5)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10187,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:25.404683765Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 0xc 0x12a47: jne 0x12a79 0x12a49: cmp dl, 4 0x12a4c: jne 0x12a79 0x12a4e: mov ah, 2 0x12a50: mov dl, 7 0x12a52: int 0x21 0x12a54: in al, 0x21 0x12a56: or al, 2 0x12a58: out 0x21, al 0x12a5a: mov ah, 3 0x12a5c: mov al, 0x80 0x12a5e: mov ch, 0 0x12a60: mov cl, 1 0x12a62: mov dh, 0 0x12a64: mov dl, 0x80 0x12a66: mov bx, 0 0x12a69: int 0x13 0x12a6b: mov ah, 2 0x12a6d: mov dl, 7
2018-12-25T12:27:25.407964297Z	78	PC: 12a80 \| Find first file
2018-12-25T12:27:25.414113343Z	61	PC: 12a88 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:25.420965112Z	63	PC: 12a93 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:27:25.428072797Z	62	PC: 12a97 \| Close file
2018-12-25T12:27:25.429907878Z	61	PC: 12ab2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:25.435782311Z	64	PC: 12abd \| Write file or device (Write 149 bytes on handle 5)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10187,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:25.680189968Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 0xc 0x12a47: jne 0x12a79 0x12a49: cmp dl, 4 0x12a4c: jne 0x12a79 0x12a4e: mov ah, 2 0x12a50: mov dl, 7 0x12a52: int 0x21 0x12a54: in al, 0x21 0x12a56: or al, 2 0x12a58: out 0x21, al 0x12a5a: mov ah, 3 0x12a5c: mov al, 0x80 0x12a5e: mov ch, 0 0x12a60: mov cl, 1 0x12a62: mov dh, 0 0x12a64: mov dl, 0x80 0x12a66: mov bx, 0 0x12a69: int 0x13 0x12a6b: mov ah, 2 0x12a6d: mov dl, 7
2018-12-25T12:27:25.683116522Z	78	PC: 12a80 \| Find first file
2018-12-25T12:27:25.6887648Z	61	PC: 12a88 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:25.695539183Z	63	PC: 12a93 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:27:25.70254945Z	62	PC: 12a97 \| Close file
2018-12-25T12:27:25.70418021Z	61	PC: 12ab2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:25.710756336Z	64	PC: 12abd \| Write file or device (Write 149 bytes on handle 5)

{"DateBased":true,"Day":4,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10187,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:26.070502816Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 0xc 0x12a47: jne 0x12a79 0x12a49: cmp dl, 4 0x12a4c: jne 0x12a79 0x12a4e: mov ah, 2 0x12a50: mov dl, 7 0x12a52: int 0x21 0x12a54: in al, 0x21 0x12a56: or al, 2 0x12a58: out 0x21, al 0x12a5a: mov ah, 3 0x12a5c: mov al, 0x80 0x12a5e: mov ch, 0 0x12a60: mov cl, 1 0x12a62: mov dh, 0 0x12a64: mov dl, 0x80 0x12a66: mov bx, 0 0x12a69: int 0x13 0x12a6b: mov ah, 2 0x12a6d: mov dl, 7
2018-12-25T12:27:26.073073408Z	2	PC: 12a54 \| Character output (Char = '07')
2018-12-25T12:27:26.984042648Z	2	PC: 12a71 \| Character output (Char = '07')