Sample viewer

vx.netlux.org/Virus.DOS.Shadowbyte.635

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:41.333743563Z	42	PC: 1383a \| Get date 0x1383a: sub dh, 7 0x1383d: jne 0x13842 0x1383f: jmp 0x139a9 0x13842: mov dx, bp 0x13844: add dx, 0x22a 0x13848: mov si, dx 0x1384a: mov dx, word ptr [si + 3] 0x1384d: mov word ptr [si], dx 0x1384f: mov dh, byte ptr [si + 5] 0x13852: mov byte ptr [si + 2], dh 0x13855: mov ah, 0x47 0x13857: mov dl, 0 0x13859: mov cx, bp 0x1385b: mov si, cx 0x1385d: add si, 0x258 0x13861: int 0x21 0x13863: mov cx, 0x3f 0x13866: mov bx, 0 0x13869: mov si, 0x80 0x1386c: mov ax, bp
2018-12-17T23:05:41.336948112Z	71	PC: 13863 \| Get current directory
2018-12-17T23:05:41.341068206Z	59	PC: 13885 \| Change current directory
2018-12-17T23:05:41.346368651Z	78	PC: 13938 \| Find first file
2018-12-17T23:05:41.356379354Z	61	PC: 138c1 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:05:41.366225327Z	66	PC: 13933 \| Move file pointer
2018-12-17T23:05:41.368082855Z	66	PC: 13933 \| Move file pointer
2018-12-17T23:05:41.369675002Z	63	PC: 138ee \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:05:41.377259756Z	66	PC: 13933 \| Move file pointer
2018-12-17T23:05:41.378696541Z	64	PC: 138fc \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:41.381432195Z	66	PC: 13933 \| Move file pointer
2018-12-17T23:05:41.384484554Z	64	PC: 1390d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:05:41.387403536Z	64	PC: 13919 \| Write file or device (Write 632 bytes on handle 5)
2018-12-17T23:05:41.403336411Z	87	PC: 13924 \| Get or set file date and time
2018-12-17T23:05:41.405430989Z	62	PC: 13928 \| Close file
2018-12-17T23:05:41.414322955Z	59	PC: 13a22 \| Change current directory
2018-12-17T23:05:41.419324021Z	48	PC: 1369b \| Get DOS version
2018-12-17T23:05:41.421314814Z	9	PC: 136a7 \| Display string (String= ' Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15293,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:10.729668132Z	42	PC: 1383a \| Get date 0x1383a: sub dh, 7 0x1383d: jne 0x13842 0x1383f: jmp 0x139a9 0x13842: mov dx, bp 0x13844: add dx, 0x22a 0x13848: mov si, dx 0x1384a: mov dx, word ptr [si + 3] 0x1384d: mov word ptr [si], dx 0x1384f: mov dh, byte ptr [si + 5] 0x13852: mov byte ptr [si + 2], dh 0x13855: mov ah, 0x47 0x13857: mov dl, 0 0x13859: mov cx, bp 0x1385b: mov si, cx 0x1385d: add si, 0x258 0x13861: int 0x21 0x13863: mov cx, 0x3f 0x13866: mov bx, 0 0x13869: mov si, 0x80 0x1386c: mov ax, bp
2018-12-25T12:43:10.733982351Z	53	PC: 139af \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:43:10.73533527Z	37	PC: 139bb \| Set interrupt vector (Interrupt = '9' AKA 'Display string')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15293,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:11.185851527Z	42	PC: 1383a \| Get date 0x1383a: sub dh, 7 0x1383d: jne 0x13842 0x1383f: jmp 0x139a9 0x13842: mov dx, bp 0x13844: add dx, 0x22a 0x13848: mov si, dx 0x1384a: mov dx, word ptr [si + 3] 0x1384d: mov word ptr [si], dx 0x1384f: mov dh, byte ptr [si + 5] 0x13852: mov byte ptr [si + 2], dh 0x13855: mov ah, 0x47 0x13857: mov dl, 0 0x13859: mov cx, bp 0x1385b: mov si, cx 0x1385d: add si, 0x258 0x13861: int 0x21 0x13863: mov cx, 0x3f 0x13866: mov bx, 0 0x13869: mov si, 0x80 0x1386c: mov ax, bp
2018-12-25T12:43:11.188531792Z	71	PC: 13863 \| Get current directory
2018-12-25T12:43:11.192307289Z	59	PC: 13885 \| Change current directory
2018-12-25T12:43:11.197199738Z	78	PC: 13938 \| Find first file
2018-12-25T12:43:11.209861475Z	61	PC: 138c1 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:11.218465238Z	66	PC: 13933 \| Move file pointer
2018-12-25T12:43:11.220280627Z	66	PC: 13933 \| Move file pointer (See above)
2018-12-25T12:43:11.222177126Z	63	PC: 138ee \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:43:11.230779891Z	66	PC: 13933 \| Move file pointer (See above)
2018-12-25T12:43:11.233090049Z	64	PC: 138fc \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:11.237595541Z	66	PC: 13933 \| Move file pointer (See above)
2018-12-25T12:43:11.240945907Z	64	PC: 1390d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:43:11.244391562Z	64	PC: 13919 \| Write file or device (Write 632 bytes on handle 5)
2018-12-25T12:43:11.260260527Z	87	PC: 13924 \| Get or set file date and time
2018-12-25T12:43:11.262632704Z	62	PC: 13928 \| Close file
2018-12-25T12:43:11.279058967Z	59	PC: 13a22 \| Change current directory
2018-12-25T12:43:11.283734645Z	48	PC: 1369b \| Get DOS version
2018-12-25T12:43:11.285103666Z	9	PC: 136a7 \| Display string (String= ' Incorrect DOS version ')