Sample viewer

vx.netlux.org/Virus.DOS.Astron.1056

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:41.888181048Z	78	PC: 151c0 \| Find first file
2018-12-17T22:01:41.895588377Z	47	PC: 151d4 \| Get disk transfer address
2018-12-17T22:01:41.897040687Z	67	PC: 151f5 \| Get or set file attributes
2018-12-17T22:01:41.903312698Z	67	PC: 151fe \| Get or set file attributes
2018-12-17T22:01:41.920634745Z	61	PC: 15203 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:01:41.930739276Z	66	PC: 1520f \| Move file pointer
2018-12-17T22:01:41.932161666Z	66	PC: 1521e \| Move file pointer
2018-12-17T22:01:41.934667157Z	63	PC: 1522a \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:01:41.941206982Z	87	PC: 1525d \| Get or set file date and time
2018-12-17T22:01:41.942995346Z	66	PC: 1526b \| Move file pointer
2018-12-17T22:01:41.944910758Z	63	PC: 15277 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:01:41.948276363Z	66	PC: 15282 \| Move file pointer
2018-12-17T22:01:41.950407688Z	66	PC: 15292 \| Move file pointer
2018-12-17T22:01:41.952739121Z	64	PC: 152a8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:01:41.956618975Z	66	PC: 152b3 \| Move file pointer
2018-12-17T22:01:41.958997484Z	64	PC: 152cd \| Write file or device (Write 1056 bytes on handle 5)
2018-12-17T22:01:41.969602704Z	62	PC: 152d1 \| Close file
2018-12-17T22:01:41.977472499Z	67	PC: 152dd \| Get or set file attributes
2018-12-17T22:01:41.987157557Z	61	PC: 152e2 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:01:41.994217564Z	87	PC: 152ef \| Get or set file date and time
2018-12-17T22:01:41.995645991Z	62	PC: 152f3 \| Close file
2018-12-17T22:01:42.002875627Z	67	PC: 152ff \| Get or set file attributes
2018-12-17T22:01:42.013194833Z	42	PC: 15306 \| Get date 0x15306: cmp dl, 0x1b 0x15309: jne 0x1530e 0x1530b: call 0x15502 0x1530e: mov ax, 0xdeca 0x15311: int 0x21 0x15313: cmp ax, 0xaced 0x15316: jne 0x1531b 0x15318: jmp 0x154fa 0x1531b: push ds 0x1531c: push es 0x1531d: push cs 0x1531e: pop ax 0x1531f: dec ax 0x15320: mov es, ax 0x15322: mov dl, byte ptr es:[0] 0x15327: mov ax, word ptr es:[3] 0x1532b: mov bx, cs 0x1532d: add ax, bx 0x1532f: sub ax, 0x15 0x15332: mov ds, ax
2018-12-17T22:01:42.015342316Z	222	PC: 15313 \| UNKNOWN!
2018-12-17T22:01:42.016748718Z	76	PC: 15144 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1304,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:22.745846415Z	78	PC: 151c0 \| Find first file
2018-12-25T11:43:22.752511018Z	47	PC: 151d4 \| Get disk transfer address
2018-12-25T11:43:22.753728427Z	67	PC: 151f5 \| Get or set file attributes
2018-12-25T11:43:22.759363246Z	67	PC: 151fe \| Get or set file attributes
2018-12-25T11:43:22.777580433Z	61	PC: 15203 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:22.797370153Z	66	PC: 1520f \| Move file pointer
2018-12-25T11:43:22.798775464Z	66	PC: 1521e \| Move file pointer
2018-12-25T11:43:22.801089741Z	63	PC: 1522a \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:43:22.807335807Z	87	PC: 1525d \| Get or set file date and time
2018-12-25T11:43:22.808754534Z	66	PC: 1526b \| Move file pointer
2018-12-25T11:43:22.810632896Z	63	PC: 15277 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:22.813118082Z	66	PC: 15282 \| Move file pointer
2018-12-25T11:43:22.814406207Z	66	PC: 15292 \| Move file pointer
2018-12-25T11:43:22.816250924Z	64	PC: 152a8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:22.819154984Z	66	PC: 152b3 \| Move file pointer
2018-12-25T11:43:22.82070608Z	64	PC: 152cd \| Write file or device (Write 1056 bytes on handle 5)
2018-12-25T11:43:22.829897309Z	62	PC: 152d1 \| Close file
2018-12-25T11:43:22.837948573Z	67	PC: 152dd \| Get or set file attributes
2018-12-25T11:43:22.847910508Z	61	PC: 152e2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:22.854907151Z	87	PC: 152ef \| Get or set file date and time
2018-12-25T11:43:22.856987082Z	62	PC: 152f3 \| Close file
2018-12-25T11:43:22.864139196Z	67	PC: 152ff \| Get or set file attributes
2018-12-25T11:43:22.874228361Z	42	PC: 15306 \| Get date 0x15306: cmp dl, 0x1b 0x15309: jne 0x1530e 0x1530b: call 0x15502 0x1530e: mov ax, 0xdeca 0x15311: int 0x21 0x15313: cmp ax, 0xaced 0x15316: jne 0x1531b 0x15318: jmp 0x154fa 0x1531b: push ds 0x1531c: push es 0x1531d: push cs 0x1531e: pop ax 0x1531f: dec ax 0x15320: mov es, ax 0x15322: mov dl, byte ptr es:[0] 0x15327: mov ax, word ptr es:[3] 0x1532b: mov bx, cs 0x1532d: add ax, bx 0x1532f: sub ax, 0x15 0x15332: mov ds, ax
2018-12-25T11:43:22.876826805Z	222	PC: 15313 \| UNKNOWN!
2018-12-25T11:43:22.877943999Z	76	PC: 15144 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":27,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1304,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:22.862857922Z	78	PC: 151c0 \| Find first file
2018-12-25T11:43:22.884260644Z	47	PC: 151d4 \| Get disk transfer address
2018-12-25T11:43:22.885575163Z	67	PC: 151f5 \| Get or set file attributes
2018-12-25T11:43:22.891700981Z	67	PC: 151fe \| Get or set file attributes
2018-12-25T11:43:23.331430338Z	61	PC: 15203 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:23.339994522Z	66	PC: 1520f \| Move file pointer
2018-12-25T11:43:23.341849278Z	66	PC: 1521e \| Move file pointer
2018-12-25T11:43:23.343861041Z	63	PC: 1522a \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:43:23.352520261Z	87	PC: 1525d \| Get or set file date and time
2018-12-25T11:43:23.354436145Z	66	PC: 1526b \| Move file pointer
2018-12-25T11:43:23.356384251Z	63	PC: 15277 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:43:23.361157237Z	66	PC: 15282 \| Move file pointer
2018-12-25T11:43:23.363663523Z	66	PC: 15292 \| Move file pointer
2018-12-25T11:43:23.365645949Z	64	PC: 152a8 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:43:23.369611535Z	66	PC: 152b3 \| Move file pointer
2018-12-25T11:43:23.372031197Z	64	PC: 152cd \| Write file or device (Write 1056 bytes on handle 5)
2018-12-25T11:43:23.392388521Z	62	PC: 152d1 \| Close file
2018-12-25T11:43:23.403320315Z	67	PC: 152dd \| Get or set file attributes
2018-12-25T11:43:23.414900381Z	61	PC: 152e2 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:43:23.422339126Z	87	PC: 152ef \| Get or set file date and time
2018-12-25T11:43:23.424318891Z	62	PC: 152f3 \| Close file
2018-12-25T11:43:23.43242008Z	67	PC: 152ff \| Get or set file attributes
2018-12-25T11:43:23.442374947Z	42	PC: 15306 \| Get date 0x15306: cmp dl, 0x1b 0x15309: jne 0x1530e 0x1530b: call 0x15502 0x1530e: mov ax, 0xdeca 0x15311: int 0x21 0x15313: cmp ax, 0xaced 0x15316: jne 0x1531b 0x15318: jmp 0x154fa 0x1531b: push ds 0x1531c: push es 0x1531d: push cs 0x1531e: pop ax 0x1531f: dec ax 0x15320: mov es, ax 0x15322: mov dl, byte ptr es:[0] 0x15327: mov ax, word ptr es:[3] 0x1532b: mov bx, cs 0x1532d: add ax, bx 0x1532f: sub ax, 0x15 0x15332: mov ds, ax
2018-12-25T11:43:23.780975124Z	222	PC: 15313 \| UNKNOWN!
2018-12-25T11:43:23.783609636Z	76	PC: 15144 \| Terminate with return code (Return code = '0')