Sample viewer

vx.netlux.org/Virus.DOS.SillyC.609

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:12:26.941689351Z	42	PC: 12a62 \| Get date 0x12a62: cmp dh, 0xc 0x12a65: jne 0x12a6f 0x12a67: cmp dl, 0x19 0x12a6a: jne 0x12a6f 0x12a6c: jmp 0x12c4e 0x12a6f: cmp dh, 4 0x12a72: jne 0x12a79 0x12a74: cmp dl, 1 0x12a77: jne 0x12a79 0x12a79: call 0x12c2e 0x12a7c: call 0x12c1b 0x12a7f: mov si, bp 0x12a81: add si, 0x234 0x12a85: lodsw ax, word ptr [si] 0x12a86: cmp ax, 5 0x12a89: ja 0x12a8e 0x12a8b: jmp 0x12ae6 0x12a8d: nop 0x12a8e: call 0x12c02 0x12a91: mov bx, ax
2018-12-17T22:12:26.945423126Z	26	PC: 12c38 \| Set disk transfer address
2018-12-17T22:12:26.946596979Z	78	PC: 12c28 \| Find first file
2018-12-17T22:12:26.952428419Z	61	PC: 12c0d \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:12:26.959639908Z	87	PC: 12bf0 \| Get or set file date and time
2018-12-17T22:12:26.961429398Z	63	PC: 12aa5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:12:26.967818108Z	0	PC: 12ab0 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2505,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:01.044640122Z	42	PC: 12a62 \| Get date 0x12a62: cmp dh, 0xc 0x12a65: jne 0x12a6f 0x12a67: cmp dl, 0x19 0x12a6a: jne 0x12a6f 0x12a6c: jmp 0x12c4e 0x12a6f: cmp dh, 4 0x12a72: jne 0x12a79 0x12a74: cmp dl, 1 0x12a77: jne 0x12a79 0x12a79: call 0x12c2e 0x12a7c: call 0x12c1b 0x12a7f: mov si, bp 0x12a81: add si, 0x234 0x12a85: lodsw ax, word ptr [si] 0x12a86: cmp ax, 5 0x12a89: ja 0x12a8e 0x12a8b: jmp 0x12ae6 0x12a8d: nop 0x12a8e: call 0x12c02 0x12a91: mov bx, ax
2018-12-25T11:46:01.048048962Z	26	PC: 12c38 \| Set disk transfer address
2018-12-25T11:46:01.050298469Z	78	PC: 12c28 \| Find first file
2018-12-25T11:46:01.057515132Z	61	PC: 12c0d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:01.065353771Z	87	PC: 12bf0 \| Get or set file date and time
2018-12-25T11:46:01.073781847Z	63	PC: 12aa5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:01.080769578Z	0	PC: 12ab0 \| Program terminate

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2505,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:01.061869088Z	42	PC: 12a62 \| Get date 0x12a62: cmp dh, 0xc 0x12a65: jne 0x12a6f 0x12a67: cmp dl, 0x19 0x12a6a: jne 0x12a6f 0x12a6c: jmp 0x12c4e 0x12a6f: cmp dh, 4 0x12a72: jne 0x12a79 0x12a74: cmp dl, 1 0x12a77: jne 0x12a79 0x12a79: call 0x12c2e 0x12a7c: call 0x12c1b 0x12a7f: mov si, bp 0x12a81: add si, 0x234 0x12a85: lodsw ax, word ptr [si] 0x12a86: cmp ax, 5 0x12a89: ja 0x12a8e 0x12a8b: jmp 0x12ae6 0x12a8d: nop 0x12a8e: call 0x12c02 0x12a91: mov bx, ax
2018-12-25T11:46:01.06488572Z	26	PC: 12c38 \| Set disk transfer address
2018-12-25T11:46:01.06594714Z	78	PC: 12c28 \| Find first file
2018-12-25T11:46:01.071608119Z	61	PC: 12c0d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:46:01.078081351Z	87	PC: 12bf0 \| Get or set file date and time
2018-12-25T11:46:01.079411916Z	63	PC: 12aa5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:46:01.085160584Z	0	PC: 12ab0 \| Program terminate

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2505,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:47.705888151Z	42	PC: 12a62 \| Get date 0x12a62: cmp dh, 0xc 0x12a65: jne 0x12a6f 0x12a67: cmp dl, 0x19 0x12a6a: jne 0x12a6f 0x12a6c: jmp 0x12c4e 0x12a6f: cmp dh, 4 0x12a72: jne 0x12a79 0x12a74: cmp dl, 1 0x12a77: jne 0x12a79 0x12a79: call 0x12c2e 0x12a7c: call 0x12c1b 0x12a7f: mov si, bp 0x12a81: add si, 0x234 0x12a85: lodsw ax, word ptr [si] 0x12a86: cmp ax, 5 0x12a89: ja 0x12a8e 0x12a8b: jmp 0x12ae6 0x12a8d: nop 0x12a8e: call 0x12c02 0x12a91: mov bx, ax
2018-12-25T13:06:47.712362745Z	26	PC: 12c38 \| Set disk transfer address
2018-12-25T13:06:47.713465537Z	78	PC: 12c28 \| Find first file
2018-12-25T13:06:47.719248122Z	61	PC: 12c0d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:47.726058116Z	87	PC: 12bf0 \| Get or set file date and time
2018-12-25T13:06:47.727385072Z	63	PC: 12aa5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T13:06:47.733411683Z	0	PC: 12ab0 \| Program terminate

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2505,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:01.1771031Z	42	PC: 12a62 \| Get date 0x12a62: cmp dh, 0xc 0x12a65: jne 0x12a6f 0x12a67: cmp dl, 0x19 0x12a6a: jne 0x12a6f 0x12a6c: jmp 0x12c4e 0x12a6f: cmp dh, 4 0x12a72: jne 0x12a79 0x12a74: cmp dl, 1 0x12a77: jne 0x12a79 0x12a79: call 0x12c2e 0x12a7c: call 0x12c1b 0x12a7f: mov si, bp 0x12a81: add si, 0x234 0x12a85: lodsw ax, word ptr [si] 0x12a86: cmp ax, 5 0x12a89: ja 0x12a8e 0x12a8b: jmp 0x12ae6 0x12a8d: nop 0x12a8e: call 0x12c02 0x12a91: mov bx, ax