Sample viewer

vx.netlux.org/Virus.DOS.Mini.233

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:04.500246412Z	42	PC: 15154 \| Get date 0x15154: cmp al, 5 0x15156: jne 0x1517b 0x15158: cmp dl, 0xd 0x1515b: jne 0x1517b 0x1515d: mov ax, 3 0x15160: int 0x10 0x15162: add di, 0xd3 0x15166: mov si, di 0x15168: mov cx, 0xa 0x1516b: lodsb al, byte ptr [si] 0x1516c: mov bx, 0x18f 0x1516f: mov ah, 0xe 0x15171: xor al, 0x55 0x15173: int 0x10 0x15175: loop 0x1516b 0x15177: int 0x10 0x15179: jmp 0x15177 0x1517b: push di 0x1517c: add di, 0xe3 0x15180: mov si, di
2018-12-17T23:07:04.503374737Z	47	PC: 1518f \| Get disk transfer address
2018-12-17T23:07:04.504863906Z	78	PC: 1519a \| Find first file
2018-12-17T23:07:04.511634258Z	61	PC: 151b9 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:07:04.519978326Z	66	PC: 151c6 \| Move file pointer
2018-12-17T23:07:04.521461326Z	63	PC: 151d2 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T23:07:04.528517745Z	66	PC: 151db \| Move file pointer
2018-12-17T23:07:04.53006029Z	64	PC: 151e5 \| Write file or device (Write 233 bytes on handle 5)
2018-12-17T23:07:04.545140038Z	66	PC: 15205 \| Move file pointer
2018-12-17T23:07:04.546717827Z	64	PC: 1520e \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T23:07:04.557117775Z	87	PC: 15215 \| Get or set file date and time
2018-12-17T23:07:04.560419303Z	62	PC: 15219 \| Close file
2018-12-17T23:07:04.570638833Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15739,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:22.324060898Z	42	PC: 15154 \| Get date 0x15154: cmp al, 5 0x15156: jne 0x1517b 0x15158: cmp dl, 0xd 0x1515b: jne 0x1517b 0x1515d: mov ax, 3 0x15160: int 0x10 0x15162: add di, 0xd3 0x15166: mov si, di 0x15168: mov cx, 0xa 0x1516b: lodsb al, byte ptr [si] 0x1516c: mov bx, 0x18f 0x1516f: mov ah, 0xe 0x15171: xor al, 0x55 0x15173: int 0x10 0x15175: loop 0x1516b 0x15177: int 0x10 0x15179: jmp 0x15177 0x1517b: push di 0x1517c: add di, 0xe3 0x15180: mov si, di
2018-12-25T12:44:22.327222178Z	47	PC: 1518f \| Get disk transfer address
2018-12-25T12:44:22.328344435Z	78	PC: 1519a \| Find first file
2018-12-25T12:44:22.335886962Z	61	PC: 151b9 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:22.353693021Z	66	PC: 151c6 \| Move file pointer
2018-12-25T12:44:22.355200918Z	63	PC: 151d2 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:44:22.374141869Z	66	PC: 151db \| Move file pointer
2018-12-25T12:44:22.391485065Z	64	PC: 151e5 \| Write file or device (Write 233 bytes on handle 5)
2018-12-25T12:44:22.406628857Z	66	PC: 15205 \| Move file pointer
2018-12-25T12:44:22.407970634Z	64	PC: 1520e \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:44:22.420737187Z	87	PC: 15215 \| Get or set file date and time
2018-12-25T12:44:22.422568832Z	62	PC: 15219 \| Close file
2018-12-25T12:44:22.441874459Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15739,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:22.391107027Z	42	PC: 15154 \| Get date 0x15154: cmp al, 5 0x15156: jne 0x1517b 0x15158: cmp dl, 0xd 0x1515b: jne 0x1517b 0x1515d: mov ax, 3 0x15160: int 0x10 0x15162: add di, 0xd3 0x15166: mov si, di 0x15168: mov cx, 0xa 0x1516b: lodsb al, byte ptr [si] 0x1516c: mov bx, 0x18f 0x1516f: mov ah, 0xe 0x15171: xor al, 0x55 0x15173: int 0x10 0x15175: loop 0x1516b 0x15177: int 0x10 0x15179: jmp 0x15177 0x1517b: push di 0x1517c: add di, 0xe3 0x15180: mov si, di
2018-12-25T12:44:22.393926268Z	47	PC: 1518f \| Get disk transfer address
2018-12-25T12:44:22.395446546Z	78	PC: 1519a \| Find first file
2018-12-25T12:44:22.401129621Z	61	PC: 151b9 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:44:22.408080959Z	66	PC: 151c6 \| Move file pointer
2018-12-25T12:44:22.409440759Z	63	PC: 151d2 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:44:22.415853747Z	66	PC: 151db \| Move file pointer
2018-12-25T12:44:22.421375253Z	64	PC: 151e5 \| Write file or device (Write 233 bytes on handle 5)
2018-12-25T12:44:22.435338966Z	66	PC: 15205 \| Move file pointer
2018-12-25T12:44:22.437173785Z	64	PC: 1520e \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:44:22.444037125Z	87	PC: 15215 \| Get or set file date and time
2018-12-25T12:44:22.446944718Z	62	PC: 15219 \| Close file
2018-12-25T12:44:22.455599118Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15739,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:22.379392367Z	42	PC: 15154 \| Get date 0x15154: cmp al, 5 0x15156: jne 0x1517b 0x15158: cmp dl, 0xd 0x1515b: jne 0x1517b 0x1515d: mov ax, 3 0x15160: int 0x10 0x15162: add di, 0xd3 0x15166: mov si, di 0x15168: mov cx, 0xa 0x1516b: lodsb al, byte ptr [si] 0x1516c: mov bx, 0x18f 0x1516f: mov ah, 0xe 0x15171: xor al, 0x55 0x15173: int 0x10 0x15175: loop 0x1516b 0x15177: int 0x10 0x15179: jmp 0x15177 0x1517b: push di 0x1517c: add di, 0xe3 0x15180: mov si, di