Sample viewer

vx.netlux.org/Virus.DOS.Bach.498

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:11:08.654003485Z	78	PC: 12afa \| Find first file
2018-12-17T22:11:08.660800426Z	67	PC: 12b28 \| Get or set file attributes
2018-12-17T22:11:08.665422104Z	61	PC: 12b30 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:11:08.672086163Z	87	PC: 12b3a \| Get or set file date and time
2018-12-17T22:11:08.67545912Z	66	PC: 12b49 \| Move file pointer
2018-12-17T22:11:08.676922191Z	63	PC: 12b55 \| Read file or device (Read 16 bytes on handle 5)
2018-12-17T22:11:08.683384782Z	66	PC: 12b97 \| Move file pointer
2018-12-17T22:11:08.685987928Z	64	PC: 12ba1 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:11:08.688857743Z	66	PC: 12baa \| Move file pointer
2018-12-17T22:11:08.690778299Z	64	PC: 12bb6 \| Write file or device (Write 16 bytes on handle 5)
2018-12-17T22:11:08.693875438Z	64	PC: 12bc2 \| Write file or device (Write 482 bytes on handle 5)
2018-12-17T22:11:08.707494593Z	87	PC: 12bcd \| Get or set file date and time
2018-12-17T22:11:08.70915699Z	62	PC: 12bd8 \| Close file
2018-12-17T22:11:08.716642308Z	67	PC: 12be5 \| Get or set file attributes
2018-12-17T22:11:08.729765932Z	42	PC: 12c64 \| Get date 0x12c64: cmp cx, 0x7c9 0x12c68: jne 0x12c71 0x12c6a: cmp dl, 0x14 0x12c6d: jae 0x12c71 0x12c6f: jmp 0x12c74 0x12c71: call 0x22c21 0x12c74: cld 0x12c75: mov di, 0x100 0x12c78: mov cx, 0x10 0x12c7b: rep movsb byte ptr es:[di], byte ptr [si] 0x12c7d: cld 0x12c7e: mov si, 0xfd10 0x12c81: mov di, 0x80 0x12c84: mov cx, 0x80 0x12c87: rep movsb byte ptr es:[di], byte ptr [si] 0x12c89: pop es 0x12c8a: pop ds 0x12c8b: pop di 0x12c8c: pop si 0x12c8d: pop dx
2018-12-17T22:11:08.732033414Z	53	PC: 12c37 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:11:08.733455478Z	37	PC: 12c5c \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:11:08.735807676Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":21,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2361,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:34.868030633Z	78	PC: 12afa \| Find first file
2018-12-25T11:45:34.874479554Z	67	PC: 12b28 \| Get or set file attributes
2018-12-25T11:45:34.879200932Z	61	PC: 12b30 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:34.891298431Z	87	PC: 12b3a \| Get or set file date and time
2018-12-25T11:45:34.893851651Z	66	PC: 12b49 \| Move file pointer
2018-12-25T11:45:34.903840841Z	63	PC: 12b55 \| Read file or device (Read 16 bytes on handle 5)
2018-12-25T11:45:34.910186638Z	66	PC: 12b97 \| Move file pointer
2018-12-25T11:45:34.912359333Z	64	PC: 12ba1 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:45:34.915171007Z	66	PC: 12baa \| Move file pointer
2018-12-25T11:45:34.916790265Z	64	PC: 12bb6 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:45:34.927606182Z	64	PC: 12bc2 \| Write file or device (Write 482 bytes on handle 5)
2018-12-25T11:45:34.940364929Z	87	PC: 12bcd \| Get or set file date and time
2018-12-25T11:45:34.942006377Z	62	PC: 12bd8 \| Close file
2018-12-25T11:45:34.950418813Z	67	PC: 12be5 \| Get or set file attributes
2018-12-25T11:45:34.960706148Z	42	PC: 12c64 \| Get date 0x12c64: cmp cx, 0x7c9 0x12c68: jne 0x12c71 0x12c6a: cmp dl, 0x14 0x12c6d: jae 0x12c71 0x12c6f: jmp 0x12c74 0x12c71: call 0x22c21 0x12c74: cld 0x12c75: mov di, 0x100 0x12c78: mov cx, 0x10 0x12c7b: rep movsb byte ptr es:[di], byte ptr [si] 0x12c7d: cld 0x12c7e: mov si, 0xfd10 0x12c81: mov di, 0x80 0x12c84: mov cx, 0x80 0x12c87: rep movsb byte ptr es:[di], byte ptr [si] 0x12c89: pop es 0x12c8a: pop ds 0x12c8b: pop di 0x12c8c: pop si 0x12c8d: pop dx
2018-12-25T11:45:34.963154848Z	53	PC: 12c37 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:34.964656442Z	37	PC: 12c5c \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:34.966747872Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2361,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:34.993823726Z	78	PC: 12afa \| Find first file
2018-12-25T11:45:35.001713332Z	67	PC: 12b28 \| Get or set file attributes
2018-12-25T11:45:35.007224739Z	61	PC: 12b30 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:35.013841945Z	87	PC: 12b3a \| Get or set file date and time
2018-12-25T11:45:35.016503655Z	66	PC: 12b49 \| Move file pointer
2018-12-25T11:45:35.018488071Z	63	PC: 12b55 \| Read file or device (Read 16 bytes on handle 5)
2018-12-25T11:45:35.025028079Z	66	PC: 12b97 \| Move file pointer
2018-12-25T11:45:35.027172837Z	64	PC: 12ba1 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:45:35.030321534Z	66	PC: 12baa \| Move file pointer
2018-12-25T11:45:35.031939285Z	64	PC: 12bb6 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:45:35.03500846Z	64	PC: 12bc2 \| Write file or device (Write 482 bytes on handle 5)
2018-12-25T11:45:35.048511369Z	87	PC: 12bcd \| Get or set file date and time
2018-12-25T11:45:35.050276582Z	62	PC: 12bd8 \| Close file
2018-12-25T11:45:35.057857284Z	67	PC: 12be5 \| Get or set file attributes
2018-12-25T11:45:35.06895947Z	42	PC: 12c64 \| Get date 0x12c64: cmp cx, 0x7c9 0x12c68: jne 0x12c71 0x12c6a: cmp dl, 0x14 0x12c6d: jae 0x12c71 0x12c6f: jmp 0x12c74 0x12c71: call 0x22c21 0x12c74: cld 0x12c75: mov di, 0x100 0x12c78: mov cx, 0x10 0x12c7b: rep movsb byte ptr es:[di], byte ptr [si] 0x12c7d: cld 0x12c7e: mov si, 0xfd10 0x12c81: mov di, 0x80 0x12c84: mov cx, 0x80 0x12c87: rep movsb byte ptr es:[di], byte ptr [si] 0x12c89: pop es 0x12c8a: pop ds 0x12c8b: pop di 0x12c8c: pop si 0x12c8d: pop dx
2018-12-25T11:45:35.071374741Z	53	PC: 12c37 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:35.072847765Z	37	PC: 12c5c \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:45:35.076362385Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2361,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:35.059494329Z	78	PC: 12afa \| Find first file
2018-12-25T11:45:35.066383132Z	67	PC: 12b28 \| Get or set file attributes
2018-12-25T11:45:35.07162657Z	61	PC: 12b30 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:35.078181026Z	87	PC: 12b3a \| Get or set file date and time
2018-12-25T11:45:35.080587113Z	66	PC: 12b49 \| Move file pointer
2018-12-25T11:45:35.082074263Z	63	PC: 12b55 \| Read file or device (Read 16 bytes on handle 5)
2018-12-25T11:45:35.088208377Z	66	PC: 12b97 \| Move file pointer
2018-12-25T11:45:35.089751751Z	64	PC: 12ba1 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:45:35.092708484Z	66	PC: 12baa \| Move file pointer
2018-12-25T11:45:35.094300152Z	64	PC: 12bb6 \| Write file or device (Write 16 bytes on handle 5)
2018-12-25T11:45:35.097305493Z	64	PC: 12bc2 \| Write file or device (Write 482 bytes on handle 5)
2018-12-25T11:45:35.110708855Z	87	PC: 12bcd \| Get or set file date and time
2018-12-25T11:45:35.112677361Z	62	PC: 12bd8 \| Close file
2018-12-25T11:45:35.131333502Z	67	PC: 12be5 \| Get or set file attributes
2018-12-25T11:45:35.141704108Z	42	PC: 12c64 \| Get date 0x12c64: cmp cx, 0x7c9 0x12c68: jne 0x12c71 0x12c6a: cmp dl, 0x14 0x12c6d: jae 0x12c71 0x12c6f: jmp 0x12c74 0x12c71: call 0x22c21 0x12c74: cld 0x12c75: mov di, 0x100 0x12c78: mov cx, 0x10 0x12c7b: rep movsb byte ptr es:[di], byte ptr [si] 0x12c7d: cld 0x12c7e: mov si, 0xfd10 0x12c81: mov di, 0x80 0x12c84: mov cx, 0x80 0x12c87: rep movsb byte ptr es:[di], byte ptr [si] 0x12c89: pop es 0x12c8a: pop ds 0x12c8b: pop di 0x12c8c: pop si 0x12c8d: pop dx
2018-12-25T11:45:35.143941196Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')