Sample viewer

vx.netlux.org/Virus.DOS.SillyC.368

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:05.332092595Z	53	PC: 12a76 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:05.333490975Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:05.335445128Z	26	PC: 12a90 \| Set disk transfer address
2018-12-17T22:52:05.33687739Z	78	PC: 12ae4 \| Find first file
2018-12-17T22:52:05.342130669Z	67	PC: 12bac \| Get or set file attributes
2018-12-17T22:52:05.358192543Z	61	PC: 12b3b \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:52:05.3679589Z	44	PC: 12b43 \| Get time 0x12b43: and dh, 7 0x12b46: jne 0x12b50 0x12b48: mov cx, 5 0x12b4b: lea dx, word ptr [si + 0xe] 0x12b4e: jmp 0x12b7a 0x12b50: mov ah, 0x3f 0x12b52: mov cx, 3 0x12b55: lea dx, word ptr [si] 0x12b57: call 0x12baa 0x12b5a: jb 0x12b7d 0x12b5c: mov ax, 0x4202 0x12b5f: call 0x12ba3 0x12b62: add ax, 0x10 0x12b65: mov word ptr [bp - 0x7a], ax 0x12b68: mov cx, 0x170 0x12b6b: mov dx, si 0x12b6d: call 0x12ba8 0x12b70: jb 0x12b7d 0x12b72: call 0x12ba0 0x12b75: mov cl, 3
2018-12-17T22:52:05.371076211Z	63	PC: 12bac \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:05.379079964Z	66	PC: 12bac \| Move file pointer
2018-12-17T22:52:05.381159104Z	64	PC: 12bac \| Write file or device (Write 368 bytes on handle 5)
2018-12-17T22:52:05.391288869Z	66	PC: 12bac \| Move file pointer
2018-12-17T22:52:05.402347746Z	64	PC: 12bac \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:05.409753745Z	87	PC: 12b8b \| Get or set file date and time
2018-12-17T22:52:05.411669705Z	62	PC: 12b8f \| Close file
2018-12-17T22:52:05.420508186Z	67	PC: 12b9d \| Get or set file attributes
2018-12-17T22:52:05.431633241Z	37	PC: 12af6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:05.432833097Z	26	PC: 12afe \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10775,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:12.833326926Z	53	PC: 12a76 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:12.835039647Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:12.837131508Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:29:12.839232383Z	78	PC: 12ae4 \| Find first file
2018-12-25T12:29:12.8470301Z	67	PC: 12bac \| Get or set file attributes
2018-12-25T12:29:12.865119226Z	61	PC: 12b3b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:12.872961683Z	44	PC: 12b43 \| Get time 0x12b43: and dh, 7 0x12b46: jne 0x12b50 0x12b48: mov cx, 5 0x12b4b: lea dx, word ptr [si + 0xe] 0x12b4e: jmp 0x12b7a 0x12b50: mov ah, 0x3f 0x12b52: mov cx, 3 0x12b55: lea dx, word ptr [si] 0x12b57: call 0x12baa 0x12b5a: jb 0x12b7d 0x12b5c: mov ax, 0x4202 0x12b5f: call 0x12ba3 0x12b62: add ax, 0x10 0x12b65: mov word ptr [bp - 0x7a], ax 0x12b68: mov cx, 0x170 0x12b6b: mov dx, si 0x12b6d: call 0x12ba8 0x12b70: jb 0x12b7d 0x12b72: call 0x12ba0 0x12b75: mov cl, 3
2018-12-25T12:29:12.875782327Z	63	PC: 12bac \| Read file or device (See above)
2018-12-25T12:29:12.885048815Z	66	PC: 12bac \| Move file pointer (See above)
2018-12-25T12:29:12.897497752Z	64	PC: 12bac \| Write file or device (See above)
2018-12-25T12:29:12.907027411Z	66	PC: 12bac \| Move file pointer (See above)
2018-12-25T12:29:12.909234741Z	64	PC: 12bac \| Write file or device (See above)
2018-12-25T12:29:12.917711101Z	87	PC: 12b8b \| Get or set file date and time
2018-12-25T12:29:12.919739627Z	62	PC: 12b8f \| Close file
2018-12-25T12:29:12.929212004Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:29:12.94136089Z	37	PC: 12af6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:12.94266668Z	26	PC: 12afe \| Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":10775,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:13.091951223Z	53	PC: 12a76 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:13.093608839Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:13.094606158Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:29:13.095621497Z	78	PC: 12ae4 \| Find first file
2018-12-25T12:29:13.10019282Z	67	PC: 12bac \| Get or set file attributes
2018-12-25T12:29:13.112993641Z	61	PC: 12b3b \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:13.121404371Z	44	PC: 12b43 \| Get time 0x12b43: and dh, 7 0x12b46: jne 0x12b50 0x12b48: mov cx, 5 0x12b4b: lea dx, word ptr [si + 0xe] 0x12b4e: jmp 0x12b7a 0x12b50: mov ah, 0x3f 0x12b52: mov cx, 3 0x12b55: lea dx, word ptr [si] 0x12b57: call 0x12baa 0x12b5a: jb 0x12b7d 0x12b5c: mov ax, 0x4202 0x12b5f: call 0x12ba3 0x12b62: add ax, 0x10 0x12b65: mov word ptr [bp - 0x7a], ax 0x12b68: mov cx, 0x170 0x12b6b: mov dx, si 0x12b6d: call 0x12ba8 0x12b70: jb 0x12b7d 0x12b72: call 0x12ba0 0x12b75: mov cl, 3
2018-12-25T12:29:13.127250053Z	63	PC: 12bac \| Read file or device (See above)
2018-12-25T12:29:13.134931258Z	66	PC: 12bac \| Move file pointer (See above)
2018-12-25T12:29:13.136470315Z	64	PC: 12bac \| Write file or device (See above)
2018-12-25T12:29:13.145491983Z	66	PC: 12bac \| Move file pointer (See above)
2018-12-25T12:29:13.147141645Z	64	PC: 12bac \| Write file or device (See above)
2018-12-25T12:29:13.154276171Z	87	PC: 12b8b \| Get or set file date and time
2018-12-25T12:29:13.155830693Z	62	PC: 12b8f \| Close file
2018-12-25T12:29:13.165335235Z	67	PC: 12b9d \| Get or set file attributes
2018-12-25T12:29:13.176177629Z	37	PC: 12af6 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:13.177251173Z	26	PC: 12afe \| Set disk transfer address