Sample viewer

vx.netlux.org/Virus.DOS.V.3388

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:30.144062993Z	42	PC: 12d0a \| Get date 0x12d0a: cmp cx, 0x7c5 0x12d0e: je 0x12d61 0x12d10: mov ah, 0x4a 0x12d12: mov bx, 0x1000 0x12d15: int 0x21 0x12d17: mov ah, 0x48 0x12d19: mov bx, 0x1000 0x12d1c: int 0x21 0x12d1e: mov word ptr cs:[0x12b], ax 0x12d22: mov es, ax 0x12d24: mov si, 0x100 0x12d27: xor di, di 0x12d29: mov cx, 0x32f 0x12d2c: rep movsb byte ptr es:[di], byte ptr [si] 0x12d2e: mov word ptr cs:[0x12d], di 0x12d33: push cs 0x12d34: pop es 0x12d35: mov cx, word ptr cs:[0x106] 0x12d3a: mov si, 0x108 0x12d3d: mov al, byte ptr [si]
2018-12-17T23:10:30.146764395Z	74	PC: 12d17 \| Reallocate memory
2018-12-17T23:10:30.149198384Z	72	PC: 12d1e \| Allocate memory
2018-12-17T23:10:30.151311109Z	26	PC: 12d4d \| Set disk transfer address
2018-12-17T23:10:30.152955953Z	61	PC: 12b21 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T23:10:30.162843994Z	66	PC: 12b79 \| Move file pointer
2018-12-17T23:10:30.164898479Z	63	PC: 12b39 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T23:10:30.168117975Z	66	PC: 12b79 \| Move file pointer
2018-12-17T23:10:30.170333183Z	64	PC: 12b5e \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T23:10:30.186017788Z	62	PC: 12b67 \| Close file
2018-12-17T23:10:30.207220846Z	78	PC: 12ace \| Find first file
2018-12-17T23:10:30.21524511Z	61	PC: 12bae \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:30.229227845Z	66	PC: 12bc3 \| Move file pointer
2018-12-17T23:10:30.232436501Z	63	PC: 12bde \| Read file or device (Read 2573 bytes on handle 5)
2018-12-17T23:10:30.235909795Z	62	PC: 12bef \| Close file
2018-12-17T23:10:30.239836742Z	67	PC: 12bfc \| Get or set file attributes
2018-12-17T23:10:30.246790234Z	67	PC: 12c08 \| Get or set file attributes
2018-12-17T23:10:30.25756357Z	61	PC: 12c10 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:10:30.265992576Z	87	PC: 12c1b \| Get or set file date and time
2018-12-17T23:10:30.268058784Z	66	PC: 12cac \| Move file pointer
2018-12-17T23:10:30.26986951Z	63	PC: 12c40 \| Read file or device (Read 407 bytes on handle 5)
2018-12-17T23:10:30.277746358Z	66	PC: 12cac \| Move file pointer
2018-12-17T23:10:30.282823028Z	64	PC: 12c75 \| Write file or device (Write 3795 bytes on handle 5)
2018-12-17T23:10:30.292309083Z	87	PC: 12c84 \| Get or set file date and time
2018-12-17T23:10:30.294466582Z	62	PC: 12c8d \| Close file
2018-12-17T23:10:30.304230519Z	67	PC: 12c9c \| Get or set file attributes
2018-12-17T23:10:30.314465694Z	73	PC: 12d5f \| Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16875,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:08.688802785Z	42	PC: 12d0a \| Get date 0x12d0a: cmp cx, 0x7c5 0x12d0e: je 0x12d61 0x12d10: mov ah, 0x4a 0x12d12: mov bx, 0x1000 0x12d15: int 0x21 0x12d17: mov ah, 0x48 0x12d19: mov bx, 0x1000 0x12d1c: int 0x21 0x12d1e: mov word ptr cs:[0x12b], ax 0x12d22: mov es, ax 0x12d24: mov si, 0x100 0x12d27: xor di, di 0x12d29: mov cx, 0x32f 0x12d2c: rep movsb byte ptr es:[di], byte ptr [si] 0x12d2e: mov word ptr cs:[0x12d], di 0x12d33: push cs 0x12d34: pop es 0x12d35: mov cx, word ptr cs:[0x106] 0x12d3a: mov si, 0x108 0x12d3d: mov al, byte ptr [si]
2018-12-25T12:54:08.692075459Z	74	PC: 12d17 \| Reallocate memory
2018-12-25T12:54:08.693905359Z	72	PC: 12d1e \| Allocate memory
2018-12-25T12:54:08.695948565Z	26	PC: 12d4d \| Set disk transfer address
2018-12-25T12:54:08.698153769Z	61	PC: 12b21 \| Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:54:08.705689722Z	66	PC: 12b79 \| Move file pointer
2018-12-25T12:54:08.707551454Z	63	PC: 12b39 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:54:08.710592418Z	66	PC: 12b79 \| Move file pointer (See above)
2018-12-25T12:54:08.713455268Z	64	PC: 12b5e \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T12:54:08.71669285Z	62	PC: 12b67 \| Close file
2018-12-25T12:54:08.7315914Z	78	PC: 12ace \| Find first file
2018-12-25T12:54:08.738946142Z	61	PC: 12bae \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:08.746514249Z	66	PC: 12bc3 \| Move file pointer
2018-12-25T12:54:08.748270209Z	63	PC: 12bde \| Read file or device (Read 2573 bytes on handle 5)
2018-12-25T12:54:08.751487621Z	62	PC: 12bef \| Close file
2018-12-25T12:54:08.753510451Z	67	PC: 12bfc \| Get or set file attributes
2018-12-25T12:54:08.765359967Z	67	PC: 12c08 \| Get or set file attributes
2018-12-25T12:54:08.776484896Z	61	PC: 12c10 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:08.783849289Z	87	PC: 12c1b \| Get or set file date and time
2018-12-25T12:54:08.785471408Z	66	PC: 12cac \| Move file pointer
2018-12-25T12:54:08.788613871Z	63	PC: 12c40 \| Read file or device (Read 407 bytes on handle 5)
2018-12-25T12:54:08.795800816Z	66	PC: 12cac \| Move file pointer (See above)
2018-12-25T12:54:08.797441143Z	64	PC: 12c75 \| Write file or device (Write 3795 bytes on handle 5)
2018-12-25T12:54:08.808023966Z	87	PC: 12c84 \| Get or set file date and time
2018-12-25T12:54:08.810648202Z	62	PC: 12c8d \| Close file
2018-12-25T12:54:08.819355065Z	67	PC: 12c9c \| Get or set file attributes
2018-12-25T12:54:08.831689354Z	73	PC: 12d5f \| Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16875,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:08.987277959Z	42	PC: 12d0a \| Get date 0x12d0a: cmp cx, 0x7c5 0x12d0e: je 0x12d61 0x12d10: mov ah, 0x4a 0x12d12: mov bx, 0x1000 0x12d15: int 0x21 0x12d17: mov ah, 0x48 0x12d19: mov bx, 0x1000 0x12d1c: int 0x21 0x12d1e: mov word ptr cs:[0x12b], ax 0x12d22: mov es, ax 0x12d24: mov si, 0x100 0x12d27: xor di, di 0x12d29: mov cx, 0x32f 0x12d2c: rep movsb byte ptr es:[di], byte ptr [si] 0x12d2e: mov word ptr cs:[0x12d], di 0x12d33: push cs 0x12d34: pop es 0x12d35: mov cx, word ptr cs:[0x106] 0x12d3a: mov si, 0x108 0x12d3d: mov al, byte ptr [si]