Sample viewer

vx.netlux.org/Virus.DOS.Upsy.586

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:56.958133506Z 42 PC: 12b2a | Get date 0x12b2a: cmp cx, 0x7c9
0x12b2e: ja 0x12b43
0x12b30: jb 0x12b40
0x12b32: cmp dh, 9
0x12b35: ja 0x12b43
0x12b37: jb 0x12b40
0x12b39: cmp dl, 3
0x12b3c: ja 0x12b43
0x12b3e: jbe 0x12b40
0x12b40: jmp 0x12c98
0x12b43: mov ah, 0x19
0x12b45: int 0x21
0x12b47: mov byte ptr cs:[0xffa9], 0x5c
0x12b4d: mov byte ptr [0xfff2], al
0x12b50: mov ah, 0x47
0x12b52: mov dh, 0
0x12b54: add al, 1
0x12b56: mov dl, al
0x12b58: mov si, 0xffaa
0x12b5b: int 0x21
2018-12-17T23:02:56.960876344Z 25 PC: 12b47 | Get default drive
2018-12-17T23:02:56.961958715Z 71 PC: 12b5d | Get current directory
2018-12-17T23:02:56.965064001Z 78 PC: 12b67 | Find first file
2018-12-17T23:02:56.985490679Z 61 PC: 12bc2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:02:56.992052008Z 63 PC: 12bce | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:02:56.998391067Z 62 PC: 12bd2 | Close file
2018-12-17T23:02:57.000558069Z 67 PC: 12bff | Get or set file attributes
2018-12-17T23:02:57.006378417Z 67 PC: 12c09 | Get or set file attributes
2018-12-17T23:02:57.024340514Z 61 PC: 12c12 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:02:57.035786487Z 87 PC: 12c1a | Get or set file date and time
2018-12-17T23:02:57.037468343Z 63 PC: 12c26 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:02:57.043562163Z 66 PC: 12c32 | Move file pointer
2018-12-17T23:02:57.044848834Z 64 PC: 12c42 | Write file or device (Write 582 bytes on handle 5)
2018-12-17T23:02:57.056844921Z 66 PC: 12c4e | Move file pointer
2018-12-17T23:02:57.058719015Z 64 PC: 12c5b | Write file or device (Write 4 bytes on handle 5)
2018-12-17T23:02:57.061765942Z 66 PC: 12c68 | Move file pointer
2018-12-17T23:02:57.077546481Z 64 PC: 12c72 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:02:57.083985946Z 64 PC: 12c81 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:02:57.086883702Z 64 PC: 12c8b | Write file or device (Write 2 bytes on handle 5)
2018-12-17T23:02:57.090993958Z 87 PC: 12c94 | Get or set file date and time
2018-12-17T23:02:57.092731112Z 62 PC: 12c98 | Close file
2018-12-17T23:02:57.100445071Z 59 PC: 12c9f | Change current directory

{"DateBased":true,"Day":1,"Month":10,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:26.387082708Z 42 PC: 12b2a | Get date 0x12b2a: cmp cx, 0x7c9
0x12b2e: ja 0x12b43
0x12b30: jb 0x12b40
0x12b32: cmp dh, 9
0x12b35: ja 0x12b43
0x12b37: jb 0x12b40
0x12b39: cmp dl, 3
0x12b3c: ja 0x12b43
0x12b3e: jbe 0x12b40
0x12b40: jmp 0x12c98
0x12b43: mov ah, 0x19
0x12b45: int 0x21
0x12b47: mov byte ptr cs:[0xffa9], 0x5c
0x12b4d: mov byte ptr [0xfff2], al
0x12b50: mov ah, 0x47
0x12b52: mov dh, 0
0x12b54: add al, 1
0x12b56: mov dl, al
0x12b58: mov si, 0xffaa
0x12b5b: int 0x21
2018-12-25T12:40:26.390143067Z 25 PC: 12b47 | Get default drive
2018-12-25T12:40:26.391147904Z 71 PC: 12b5d | Get current directory
2018-12-25T12:40:26.393925283Z 78 PC: 12b67 | Find first file
2018-12-25T12:40:26.400488155Z 61 PC: 12bc2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:26.407024806Z 63 PC: 12bce | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:26.411401199Z 62 PC: 12bd2 | Close file
2018-12-25T12:40:26.413145553Z 67 PC: 12bff | Get or set file attributes
2018-12-25T12:40:26.418894539Z 67 PC: 12c09 | Get or set file attributes
2018-12-25T12:40:26.436972955Z 61 PC: 12c12 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:26.448278349Z 87 PC: 12c1a | Get or set file date and time
2018-12-25T12:40:26.449875684Z 63 PC: 12c26 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:26.456665445Z 66 PC: 12c32 | Move file pointer
2018-12-25T12:40:26.458453589Z 64 PC: 12c42 | Write file or device (Write 582 bytes on handle 5)
2018-12-25T12:40:26.466649846Z 66 PC: 12c4e | Move file pointer
2018-12-25T12:40:26.467925358Z 64 PC: 12c5b | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:40:26.470414074Z 66 PC: 12c68 | Move file pointer
2018-12-25T12:40:26.472487052Z 64 PC: 12c72 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:40:26.479486471Z 64 PC: 12c81 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:40:26.482223988Z 64 PC: 12c8b | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:40:26.486025499Z 87 PC: 12c94 | Get or set file date and time
2018-12-25T12:40:26.487725363Z 62 PC: 12c98 | Close file
2018-12-25T12:40:26.495589623Z 59 PC: 12c9f | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:26.594277841Z 42 PC: 12b2a | Get date 0x12b2a: cmp cx, 0x7c9
0x12b2e: ja 0x12b43
0x12b30: jb 0x12b40
0x12b32: cmp dh, 9
0x12b35: ja 0x12b43
0x12b37: jb 0x12b40
0x12b39: cmp dl, 3
0x12b3c: ja 0x12b43
0x12b3e: jbe 0x12b40
0x12b40: jmp 0x12c98
0x12b43: mov ah, 0x19
0x12b45: int 0x21
0x12b47: mov byte ptr cs:[0xffa9], 0x5c
0x12b4d: mov byte ptr [0xfff2], al
0x12b50: mov ah, 0x47
0x12b52: mov dh, 0
0x12b54: add al, 1
0x12b56: mov dl, al
0x12b58: mov si, 0xffaa
0x12b5b: int 0x21
2018-12-25T12:40:26.597330493Z 25 PC: 12b47 | Get default drive
2018-12-25T12:40:26.599704839Z 71 PC: 12b5d | Get current directory
2018-12-25T12:40:26.603959069Z 78 PC: 12b67 | Find first file
2018-12-25T12:40:26.610894769Z 61 PC: 12bc2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:26.625028353Z 63 PC: 12bce | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:26.632021231Z 62 PC: 12bd2 | Close file
2018-12-25T12:40:26.633728354Z 67 PC: 12bff | Get or set file attributes
2018-12-25T12:40:26.640699306Z 67 PC: 12c09 | Get or set file attributes
2018-12-25T12:40:26.657485277Z 61 PC: 12c12 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:26.66469234Z 87 PC: 12c1a | Get or set file date and time
2018-12-25T12:40:26.66661566Z 63 PC: 12c26 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:26.669440666Z 66 PC: 12c32 | Move file pointer
2018-12-25T12:40:26.670985128Z 64 PC: 12c42 | Write file or device (Write 582 bytes on handle 5)
2018-12-25T12:40:26.680868795Z 66 PC: 12c4e | Move file pointer
2018-12-25T12:40:26.682332923Z 64 PC: 12c5b | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:40:26.686305695Z 66 PC: 12c68 | Move file pointer
2018-12-25T12:40:26.689456551Z 64 PC: 12c72 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:40:26.69699619Z 64 PC: 12c81 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:40:26.699903708Z 64 PC: 12c8b | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:40:26.702974881Z 87 PC: 12c94 | Get or set file date and time
2018-12-25T12:40:26.704958336Z 62 PC: 12c98 | Close file
2018-12-25T12:40:26.713934157Z 59 PC: 12c9f | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:26.867555649Z 42 PC: 12b2a | Get date 0x12b2a: cmp cx, 0x7c9
0x12b2e: ja 0x12b43
0x12b30: jb 0x12b40
0x12b32: cmp dh, 9
0x12b35: ja 0x12b43
0x12b37: jb 0x12b40
0x12b39: cmp dl, 3
0x12b3c: ja 0x12b43
0x12b3e: jbe 0x12b40
0x12b40: jmp 0x12c98
0x12b43: mov ah, 0x19
0x12b45: int 0x21
0x12b47: mov byte ptr cs:[0xffa9], 0x5c
0x12b4d: mov byte ptr [0xfff2], al
0x12b50: mov ah, 0x47
0x12b52: mov dh, 0
0x12b54: add al, 1
0x12b56: mov dl, al
0x12b58: mov si, 0xffaa
0x12b5b: int 0x21
2018-12-25T12:40:26.86994026Z 59 PC: 12c9f | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:27.245255903Z 42 PC: 12b2a | Get date 0x12b2a: cmp cx, 0x7c9
0x12b2e: ja 0x12b43
0x12b30: jb 0x12b40
0x12b32: cmp dh, 9
0x12b35: ja 0x12b43
0x12b37: jb 0x12b40
0x12b39: cmp dl, 3
0x12b3c: ja 0x12b43
0x12b3e: jbe 0x12b40
0x12b40: jmp 0x12c98
0x12b43: mov ah, 0x19
0x12b45: int 0x21
0x12b47: mov byte ptr cs:[0xffa9], 0x5c
0x12b4d: mov byte ptr [0xfff2], al
0x12b50: mov ah, 0x47
0x12b52: mov dh, 0
0x12b54: add al, 1
0x12b56: mov dl, al
0x12b58: mov si, 0xffaa
0x12b5b: int 0x21
2018-12-25T12:40:27.248499618Z 59 PC: 12c9f | Change current directory

{"DateBased":true,"Day":1,"Month":9,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:27.895055137Z 42 PC: 12b2a | Get date 0x12b2a: cmp cx, 0x7c9
0x12b2e: ja 0x12b43
0x12b30: jb 0x12b40
0x12b32: cmp dh, 9
0x12b35: ja 0x12b43
0x12b37: jb 0x12b40
0x12b39: cmp dl, 3
0x12b3c: ja 0x12b43
0x12b3e: jbe 0x12b40
0x12b40: jmp 0x12c98
0x12b43: mov ah, 0x19
0x12b45: int 0x21
0x12b47: mov byte ptr cs:[0xffa9], 0x5c
0x12b4d: mov byte ptr [0xfff2], al
0x12b50: mov ah, 0x47
0x12b52: mov dh, 0
0x12b54: add al, 1
0x12b56: mov dl, al
0x12b58: mov si, 0xffaa
0x12b5b: int 0x21
2018-12-25T12:40:27.898609645Z 59 PC: 12c9f | Change current directory

{"DateBased":true,"Day":4,"Month":9,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:28.616840924Z 42 PC: 12b2a | Get date 0x12b2a: cmp cx, 0x7c9
0x12b2e: ja 0x12b43
0x12b30: jb 0x12b40
0x12b32: cmp dh, 9
0x12b35: ja 0x12b43
0x12b37: jb 0x12b40
0x12b39: cmp dl, 3
0x12b3c: ja 0x12b43
0x12b3e: jbe 0x12b40
0x12b40: jmp 0x12c98
0x12b43: mov ah, 0x19
0x12b45: int 0x21
0x12b47: mov byte ptr cs:[0xffa9], 0x5c
0x12b4d: mov byte ptr [0xfff2], al
0x12b50: mov ah, 0x47
0x12b52: mov dh, 0
0x12b54: add al, 1
0x12b56: mov dl, al
0x12b58: mov si, 0xffaa
0x12b5b: int 0x21
2018-12-25T12:40:28.62030336Z 25 PC: 12b47 | Get default drive
2018-12-25T12:40:28.622036195Z 71 PC: 12b5d | Get current directory
2018-12-25T12:40:28.625646678Z 78 PC: 12b67 | Find first file
2018-12-25T12:40:28.632760956Z 61 PC: 12bc2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:28.641303633Z 63 PC: 12bce | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:28.648579897Z 62 PC: 12bd2 | Close file
2018-12-25T12:40:28.650660625Z 67 PC: 12bff | Get or set file attributes
2018-12-25T12:40:28.658176428Z 67 PC: 12c09 | Get or set file attributes
2018-12-25T12:40:28.679490046Z 61 PC: 12c12 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:40:28.687397201Z 87 PC: 12c1a | Get or set file date and time
2018-12-25T12:40:28.689949351Z 63 PC: 12c26 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:40:28.697601108Z 66 PC: 12c32 | Move file pointer
2018-12-25T12:40:28.699645222Z 64 PC: 12c42 | Write file or device (Write 582 bytes on handle 5)
2018-12-25T12:40:28.709241743Z 66 PC: 12c4e | Move file pointer
2018-12-25T12:40:28.711854187Z 64 PC: 12c5b | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:40:28.715271003Z 66 PC: 12c68 | Move file pointer
2018-12-25T12:40:28.717256779Z 64 PC: 12c72 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:40:28.726209114Z 64 PC: 12c81 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:40:28.729563156Z 64 PC: 12c8b | Write file or device (Write 2 bytes on handle 5)
2018-12-25T12:40:28.732887862Z 87 PC: 12c94 | Get or set file date and time
2018-12-25T12:40:28.735401716Z 62 PC: 12c98 | Close file
2018-12-25T12:40:28.745154853Z 59 PC: 12c9f | Change current directory