Sample viewer

vx.netlux.org/Virus.DOS.Atomic.371

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:26.216640219Z	42	PC: 12a71 \| Get date 0x12a71: cmp dl, 0x19 0x12a74: je 0x12a77 0x12a76: ret 0x12a77: mov ah, 9 0x12a79: mov dx, 0x1da 0x12a7c: int 0x21 0x12a7e: jmp 0x12a7e 0x12a80: mov ah, 0x4e 0x12a82: xor cx, cx 0x12a84: mov dx, 0x22a 0x12a87: int 0x21 0x12a89: jb 0x12ada 0x12a8b: ret 0x12a8c: mov ah, 0x4f 0x12a8e: int 0x21 0x12a90: jb 0x12aea 0x12a92: ret 0x12a93: mov bx, 0x80 0x12a96: mov ax, word ptr [bx + 0x35] 0x12a99: cmp ax, 0x444e
2018-12-17T23:09:26.220144886Z	78	PC: 12a89 \| Find first file
2018-12-17T23:09:26.227482948Z	61	PC: 12aa7 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:26.234911579Z	87	PC: 12aad \| Get or set file date and time
2018-12-17T23:09:26.236939942Z	64	PC: 12ab9 \| Write file or device (Write 371 bytes on handle 5)
2018-12-17T23:09:26.2451544Z	87	PC: 12ac0 \| Get or set file date and time
2018-12-17T23:09:26.247177562Z	62	PC: 12ac4 \| Close file
2018-12-17T23:09:26.261690398Z	79	PC: 12a90 \| Find next file
2018-12-17T23:09:26.266079647Z	61	PC: 12aa7 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:09:26.276274949Z	87	PC: 12aad \| Get or set file date and time
2018-12-17T23:09:26.278376558Z	64	PC: 12ab9 \| Write file or device (Write 371 bytes on handle 5)
2018-12-17T23:09:26.289554807Z	87	PC: 12ac0 \| Get or set file date and time
2018-12-17T23:09:26.297068117Z	62	PC: 12ac4 \| Close file
2018-12-17T23:09:26.310285949Z	71	PC: 12acf \| Get current directory
2018-12-17T23:09:26.31498476Z	59	PC: 12ad7 \| Change current directory
2018-12-17T23:09:26.322232082Z	9	PC: 12af1 \| Display string (String= 'Bad command or file name ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16524,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:07.258476473Z	42	PC: 12a71 \| Get date 0x12a71: cmp dl, 0x19 0x12a74: je 0x12a77 0x12a76: ret 0x12a77: mov ah, 9 0x12a79: mov dx, 0x1da 0x12a7c: int 0x21 0x12a7e: jmp 0x12a7e 0x12a80: mov ah, 0x4e 0x12a82: xor cx, cx 0x12a84: mov dx, 0x22a 0x12a87: int 0x21 0x12a89: jb 0x12ada 0x12a8b: ret 0x12a8c: mov ah, 0x4f 0x12a8e: int 0x21 0x12a90: jb 0x12aea 0x12a92: ret 0x12a93: mov bx, 0x80 0x12a96: mov ax, word ptr [bx + 0x35] 0x12a99: cmp ax, 0x444e
2018-12-25T12:53:07.260793317Z	78	PC: 12a89 \| Find first file
2018-12-25T12:53:07.266591956Z	61	PC: 12aa7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:07.27322983Z	87	PC: 12aad \| Get or set file date and time
2018-12-25T12:53:07.284096712Z	64	PC: 12ab9 \| Write file or device (Write 371 bytes on handle 5)
2018-12-25T12:53:07.290347812Z	87	PC: 12ac0 \| Get or set file date and time
2018-12-25T12:53:07.291645415Z	62	PC: 12ac4 \| Close file
2018-12-25T12:53:07.596397563Z	79	PC: 12a90 \| Find next file
2018-12-25T12:53:07.600128007Z	61	PC: 12aa7 \| Open file (See above)
2018-12-25T12:53:07.606947658Z	87	PC: 12aad \| Get or set file date and time (See above)
2018-12-25T12:53:07.608626285Z	64	PC: 12ab9 \| Write file or device (See above)
2018-12-25T12:53:07.61292108Z	87	PC: 12ac0 \| Get or set file date and time (See above)
2018-12-25T12:53:07.614422193Z	62	PC: 12ac4 \| Close file (See above)
2018-12-25T12:53:07.621882548Z	71	PC: 12acf \| Get current directory
2018-12-25T12:53:07.624671943Z	59	PC: 12ad7 \| Change current directory
2018-12-25T12:53:07.628608547Z	9	PC: 12af1 \| Display string (String= 'Bad command or file name ')

{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16524,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:07.568982309Z	42	PC: 12a71 \| Get date 0x12a71: cmp dl, 0x19 0x12a74: je 0x12a77 0x12a76: ret 0x12a77: mov ah, 9 0x12a79: mov dx, 0x1da 0x12a7c: int 0x21 0x12a7e: jmp 0x12a7e 0x12a80: mov ah, 0x4e 0x12a82: xor cx, cx 0x12a84: mov dx, 0x22a 0x12a87: int 0x21 0x12a89: jb 0x12ada 0x12a8b: ret 0x12a8c: mov ah, 0x4f 0x12a8e: int 0x21 0x12a90: jb 0x12aea 0x12a92: ret 0x12a93: mov bx, 0x80 0x12a96: mov ax, word ptr [bx + 0x35] 0x12a99: cmp ax, 0x444e
2018-12-25T12:53:07.571302495Z	9	PC: 12a7e \| Display string (String= 'The Atomic Dustbin 1A -- This is just the first step')