Sample viewer

vx.netlux.org/Virus.DOS.SillyC.432.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:11:26.384451546Z	26	PC: 12acb \| Set disk transfer address
2018-12-17T22:11:26.386253038Z	78	PC: 12adb \| Find first file
2018-12-17T22:11:26.391265529Z	78	PC: 12b3d \| Find first file
2018-12-17T22:11:26.39796929Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:11:26.410712113Z	66	PC: 12b63 \| Move file pointer
2018-12-17T22:11:26.412295899Z	63	PC: 12b7d \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:11:26.419780909Z	66	PC: 12bb2 \| Move file pointer
2018-12-17T22:11:26.421599656Z	63	PC: 12bc9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:11:26.425113957Z	66	PC: 12be8 \| Move file pointer
2018-12-17T22:11:26.427266635Z	64	PC: 12bff \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:11:26.431134307Z	66	PC: 12c11 \| Move file pointer
2018-12-17T22:11:26.434076385Z	64	PC: 12c23 \| Write file or device (Write 432 bytes on handle 5)
2018-12-17T22:11:26.449002557Z	87	PC: 12c2e \| Get or set file date and time
2018-12-17T22:11:26.450813415Z	87	PC: 12c33 \| Get or set file date and time
2018-12-17T22:11:26.452958419Z	62	PC: 12c37 \| Close file
2018-12-17T22:11:26.462912139Z	42	PC: 12c3b \| Get date 0x12c3b: cmp cx, 0x7ca 0x12c3f: jne 0x12c4a 0x12c41: mov ax, 0x702 0x12c44: mov ch, 0 0x12c46: mov dl, 0x80 0x12c48: int 0x13 0x12c4a: mov ax, 0x100 0x12c4d: push ax 0x12c4e: ret 0x12c4f: ljmp ptr [bp + si] 0x12c51: arpl word ptr cs:[bx + 0x6d], bp 0x12c55: add byte ptr [bp - 0x18], ah 0x12c58: cmp byte ptr [di], al 0x12c5a: add cl, ch 0x12c5c: xchg ax, sp 0x12c5d: add word ptr [0x601], sp 0x12c61: add word ptr [bx], di 0x12c63: aas 0x12c64: aas 0x12c65: aas
2018-12-17T22:11:26.465064528Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2395,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:40.10318289Z	26	PC: 12acb \| Set disk transfer address
2018-12-25T11:45:40.104791107Z	78	PC: 12adb \| Find first file
2018-12-25T11:45:40.112404507Z	78	PC: 12b3d \| Find first file
2018-12-25T11:45:40.120306429Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:40.128048563Z	66	PC: 12b63 \| Move file pointer
2018-12-25T11:45:40.13126478Z	63	PC: 12b7d \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:45:40.138789586Z	66	PC: 12bb2 \| Move file pointer
2018-12-25T11:45:40.140809417Z	63	PC: 12bc9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:40.145018277Z	66	PC: 12be8 \| Move file pointer
2018-12-25T11:45:40.146612472Z	64	PC: 12bff \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:40.148955075Z	66	PC: 12c11 \| Move file pointer
2018-12-25T11:45:40.150292924Z	64	PC: 12c23 \| Write file or device (Write 432 bytes on handle 5)
2018-12-25T11:45:40.161760575Z	87	PC: 12c2e \| Get or set file date and time
2018-12-25T11:45:40.162928766Z	87	PC: 12c33 \| Get or set file date and time
2018-12-25T11:45:40.164297895Z	62	PC: 12c37 \| Close file
2018-12-25T11:45:40.170220016Z	42	PC: 12c3b \| Get date 0x12c3b: cmp cx, 0x7ca 0x12c3f: jne 0x12c4a 0x12c41: mov ax, 0x702 0x12c44: mov ch, 0 0x12c46: mov dl, 0x80 0x12c48: int 0x13 0x12c4a: mov ax, 0x100 0x12c4d: push ax 0x12c4e: ret 0x12c4f: ljmp ptr [bp + si] 0x12c51: arpl word ptr cs:[bx + 0x6d], bp 0x12c55: add byte ptr [bp - 0x18], ah 0x12c58: cmp byte ptr [di], al 0x12c5a: add cl, ch 0x12c5c: xchg ax, sp 0x12c5d: add word ptr [0x601], sp 0x12c61: add word ptr [bx], di 0x12c63: aas 0x12c64: aas 0x12c65: aas
2018-12-25T11:45:40.171815488Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2395,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:40.60826529Z	26	PC: 12acb \| Set disk transfer address
2018-12-25T11:45:40.609864781Z	78	PC: 12adb \| Find first file
2018-12-25T11:45:40.615969333Z	78	PC: 12b3d \| Find first file
2018-12-25T11:45:40.620581543Z	61	PC: 12b4e \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:45:40.627463212Z	66	PC: 12b63 \| Move file pointer
2018-12-25T11:45:40.629084355Z	63	PC: 12b7d \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:45:40.635254881Z	66	PC: 12bb2 \| Move file pointer
2018-12-25T11:45:40.637283134Z	63	PC: 12bc9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:45:40.639647877Z	66	PC: 12be8 \| Move file pointer
2018-12-25T11:45:40.640873828Z	64	PC: 12bff \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:45:40.643563871Z	66	PC: 12c11 \| Move file pointer
2018-12-25T11:45:40.645661107Z	64	PC: 12c23 \| Write file or device (Write 432 bytes on handle 5)
2018-12-25T11:45:40.657819365Z	87	PC: 12c2e \| Get or set file date and time
2018-12-25T11:45:40.659211089Z	87	PC: 12c33 \| Get or set file date and time
2018-12-25T11:45:40.660802395Z	62	PC: 12c37 \| Close file
2018-12-25T11:45:40.668002041Z	42	PC: 12c3b \| Get date 0x12c3b: cmp cx, 0x7ca 0x12c3f: jne 0x12c4a 0x12c41: mov ax, 0x702 0x12c44: mov ch, 0 0x12c46: mov dl, 0x80 0x12c48: int 0x13 0x12c4a: mov ax, 0x100 0x12c4d: push ax 0x12c4e: ret 0x12c4f: ljmp ptr [bp + si] 0x12c51: arpl word ptr cs:[bx + 0x6d], bp 0x12c55: add byte ptr [bp - 0x18], ah 0x12c58: cmp byte ptr [di], al 0x12c5a: add cl, ch 0x12c5c: xchg ax, sp 0x12c5d: add word ptr [0x601], sp 0x12c61: add word ptr [bx], di 0x12c63: aas 0x12c64: aas 0x12c65: aas
2018-12-25T11:45:40.670755586Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')