Sample viewer

vx.netlux.org/Virus.DOS.Atomic.480

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:18:50.82563823Z 42 PC: 12a81 | Get date 0x12a81: cmp dl, 1
0x12a84: je 0x12a8c
0x12a86: cmp dl, 0x1a
0x12a89: je 0x12a9b
0x12a8b: ret
0x12a8c: mov cx, 0x32
0x12a8f: mov ah, 9
0x12a91: mov dx, 0x26a
0x12a94: int 0x21
0x12a96: loop 0x12a8e
0x12a98: jmp 0x12bd0
0x12a9b: mov ah, 9
0x12a9d: mov dx, 0x213
0x12aa0: int 0x21
0x12aa2: jmp 0x12aa2
0x12aa4: mov ah, 0x4e
0x12aa6: mov cl, 3
0x12aa8: mov dx, 0x295
0x12aab: int 0x21
0x12aad: jb 0x12b13
2018-12-17T22:18:50.829060636Z 78 PC: 12aad | Find first file
2018-12-17T22:18:50.83793389Z 61 PC: 12ad5 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:18:50.844832979Z 87 PC: 12adb | Get or set file date and time
2018-12-17T22:18:50.847487486Z 64 PC: 12ae7 | Write file or device (Write 480 bytes on handle 5)
2018-12-17T22:18:50.854347848Z 87 PC: 12aee | Get or set file date and time
2018-12-17T22:18:50.855841491Z 67 PC: 12af9 | Get or set file attributes
2018-12-17T22:18:50.861127135Z 62 PC: 12afd | Close file
2018-12-17T22:18:50.877110857Z 79 PC: 12ab4 | Find next file
2018-12-17T22:18:50.879689472Z 61 PC: 12ad5 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:18:50.886117296Z 87 PC: 12adb | Get or set file date and time
2018-12-17T22:18:50.888372523Z 64 PC: 12ae7 | Write file or device (Write 480 bytes on handle 5)
2018-12-17T22:18:50.895157537Z 87 PC: 12aee | Get or set file date and time
2018-12-17T22:18:50.896892268Z 67 PC: 12af9 | Get or set file attributes
2018-12-17T22:18:50.903173959Z 62 PC: 12afd | Close file
2018-12-17T22:18:50.914561098Z 71 PC: 12b08 | Get current directory
2018-12-17T22:18:50.91737091Z 59 PC: 12b10 | Change current directory
2018-12-17T22:18:50.922536642Z 9 PC: 12b2a | Display string (String= 'Program execution terminated ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3224,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:43.994710788Z 42 PC: 12a81 | Get date 0x12a81: cmp dl, 1
0x12a84: je 0x12a8c
0x12a86: cmp dl, 0x1a
0x12a89: je 0x12a9b
0x12a8b: ret
0x12a8c: mov cx, 0x32
0x12a8f: mov ah, 9
0x12a91: mov dx, 0x26a
0x12a94: int 0x21
0x12a96: loop 0x12a8e
0x12a98: jmp 0x12bd0
0x12a9b: mov ah, 9
0x12a9d: mov dx, 0x213
0x12aa0: int 0x21
0x12aa2: jmp 0x12aa2
0x12aa4: mov ah, 0x4e
0x12aa6: mov cl, 3
0x12aa8: mov dx, 0x295
0x12aab: int 0x21
0x12aad: jb 0x12b13
2018-12-25T11:48:43.998984681Z 9 PC: 12a96 | Display string (String= 'The Atomic Dustbin - YOUR PHUCKED!')
2018-12-25T11:48:44.00358209Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.006693597Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.013229466Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.017139963Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.023635131Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.026748847Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.040525465Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.047605129Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.050108274Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.05679503Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.058477584Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.063413653Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.065673271Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.068327277Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.071766985Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.076684483Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.085757355Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.087727208Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.093518298Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.100782405Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.103148784Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.109177066Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.116881333Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.123680443Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.126696859Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.134201634Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.138328726Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.140958763Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.164860113Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.167548015Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.174651552Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.182318218Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.188677757Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.193009668Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.195814519Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.203731427Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.206520895Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.216487327Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.220085097Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.226625502Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.230736567Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.236122275Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.242379582Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.244967308Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.251531431Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.26799461Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.269691768Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.273307228Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:44.275078327Z 9 PC: 12a96 | Display string (See above)
2018-12-25T11:48:46.466515509Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T11:48:46.468742982Z 72 PC: 8f1bd | Allocate memory
2018-12-25T11:48:46.471726342Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T11:48:46.474722991Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T11:48:46.486569448Z 66 PC: 91f95 | Move file pointer
2018-12-25T11:48:46.48944495Z 62 PC: 91fc1 | Close file
2018-12-25T11:48:46.491995591Z 75 PC: 91fe0 | Execute program
2018-12-25T11:48:46.509578888Z 98 PC: 916f1 | Get current PSP
2018-12-25T11:48:46.512816242Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T11:48:46.51742849Z 48 PC: c609 | Get DOS version
2018-12-25T11:48:46.520993092Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T11:48:46.524841967Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T11:48:46.527298317Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T11:48:46.533366752Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T11:48:46.540449443Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T11:48:46.545695825Z 61 PC: 91f88 | Open file (See above)
2018-12-25T11:48:46.556903478Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T11:48:46.559389229Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T11:48:46.561908067Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T11:48:46.584620787Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T11:48:46.589502947Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:48:46.591217727Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:46.5928122Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:48:46.594549834Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:48:46.596203426Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:48:46.597478206Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T11:48:46.607987905Z 62 PC: 8f8eb | Close file
2018-12-25T11:48:46.61073132Z 62 PC: 8f8f2 | Close file
2018-12-25T11:48:46.613076895Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.615106027Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.617887896Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.620036732Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.622183649Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.624792357Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.626998269Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.629141222Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.632172746Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.633713408Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.635405941Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.637425745Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.638971756Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.640459992Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.642652196Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.644328648Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.645861911Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.647371527Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.649137699Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.65060363Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.651933094Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.653806549Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.655464404Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.657123187Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.659212698Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.660706683Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.662023414Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.664041968Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.665587075Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T11:48:46.667149872Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T11:48:46.673036186Z 62 PC: 8f90e | Close file
2018-12-25T11:48:46.674931303Z 69 PC: 8f915 | Duplicate handle
2018-12-25T11:48:46.676660488Z 69 PC: 8f919 | Duplicate handle
2018-12-25T11:48:46.678891325Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T11:48:46.684646693Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T11:48:46.686088703Z 61 PC: 9387b | Open file (See above)
2018-12-25T11:48:46.691705034Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T11:48:46.693425592Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T11:48:46.69466854Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T11:48:46.696749832Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T11:48:46.698268304Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T11:48:46.699795615Z 72 PC: 8fa02 | Allocate memory
2018-12-25T11:48:46.70230428Z 72 PC: 8fa06 | Allocate memory
2018-12-25T11:48:46.703967859Z 73 PC: 8fa11 | Release memory
2018-12-25T11:48:46.705909065Z 73 PC: 8efea | Release memory
2018-12-25T11:48:46.708127659Z 74 PC: 8f003 | Reallocate memory
2018-12-25T11:48:46.710091312Z 72 PC: 8f054 | Allocate memory
2018-12-25T11:48:46.712174407Z 72 PC: 8f058 | Allocate memory
2018-12-25T11:48:46.714425675Z 73 PC: 8f060 | Release memory
2018-12-25T11:48:46.716223458Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T11:48:46.721777079Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:48:46.726103602Z 66 PC: 8f0ad | Move file pointer
2018-12-25T11:48:46.727578445Z 62 PC: 8f0d1 | Close file
2018-12-25T11:48:46.729183783Z 75 PC: 8f0f2 | Execute program
2018-12-25T11:48:46.750924215Z 80 PC: 12be9 | Set current PSP
2018-12-25T11:48:46.751773845Z 48 PC: 12bee | Get DOS version
2018-12-25T11:48:46.753239253Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T11:48:46.755928337Z 101 PC: 12c74 | Get extended country info
2018-12-25T11:48:46.757461769Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T11:48:46.758520414Z 74 PC: 12cdc | Reallocate memory
2018-12-25T11:48:46.760005188Z 72 PC: 1355d | Allocate memory
2018-12-25T11:48:46.761731228Z 25 PC: 13596 | Get default drive
2018-12-25T11:48:46.762809768Z 71 PC: 135ad | Get current directory
2018-12-25T11:48:46.765424752Z 59 PC: 135ba | Change current directory
2018-12-25T11:48:46.771196289Z 59 PC: 135c8 | Change current directory
2018-12-25T11:48:46.777277621Z 59 PC: 135d3 | Change current directory
2018-12-25T11:48:46.781162575Z 25 PC: 12d13 | Get default drive
2018-12-25T11:48:46.782494612Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:48:46.783570642Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:48:46.784796918Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:46.787110787Z 80 PC: 1301d | Set current PSP
2018-12-25T11:48:46.787756632Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T11:48:46.78899923Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:48:46.790602141Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:48:46.791782149Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T11:48:46.79394167Z 72 PC: 130ec | Allocate memory
2018-12-25T11:48:46.79601496Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T11:48:46.802461686Z 62 PC: 131ba | Close file
2018-12-25T11:48:46.804585047Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T11:48:46.805903012Z 74 PC: 1197c | Reallocate memory
2018-12-25T11:48:46.807352055Z 72 PC: 11991 | Allocate memory
2018-12-25T11:48:46.809405364Z 73 PC: 119b2 | Release memory
2018-12-25T11:48:46.810954963Z 72 PC: 119bd | Allocate memory
2018-12-25T11:48:46.812620476Z 73 PC: 119df | Release memory
2018-12-25T11:48:46.814094038Z 72 PC: 119f5 | Allocate memory
2018-12-25T11:48:46.816578667Z 72 PC: 119fd | Allocate memory

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3224,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:44.040896082Z 42 PC: 12a81 | Get date 0x12a81: cmp dl, 1
0x12a84: je 0x12a8c
0x12a86: cmp dl, 0x1a
0x12a89: je 0x12a9b
0x12a8b: ret
0x12a8c: mov cx, 0x32
0x12a8f: mov ah, 9
0x12a91: mov dx, 0x26a
0x12a94: int 0x21
0x12a96: loop 0x12a8e
0x12a98: jmp 0x12bd0
0x12a9b: mov ah, 9
0x12a9d: mov dx, 0x213
0x12aa0: int 0x21
0x12aa2: jmp 0x12aa2
0x12aa4: mov ah, 0x4e
0x12aa6: mov cl, 3
0x12aa8: mov dx, 0x295
0x12aab: int 0x21
0x12aad: jb 0x12b13
2018-12-25T11:48:44.042863553Z 78 PC: 12aad | Find first file
2018-12-25T11:48:44.046853227Z 61 PC: 12ad5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:44.053148916Z 87 PC: 12adb | Get or set file date and time
2018-12-25T11:48:44.05492276Z 64 PC: 12ae7 | Write file or device (Write 480 bytes on handle 5)
2018-12-25T11:48:44.06161118Z 87 PC: 12aee | Get or set file date and time
2018-12-25T11:48:44.0629521Z 67 PC: 12af9 | Get or set file attributes
2018-12-25T11:48:44.067693019Z 62 PC: 12afd | Close file
2018-12-25T11:48:45.088810936Z 79 PC: 12ab4 | Find next file
2018-12-25T11:48:45.095639016Z 61 PC: 12ad5 | Open file (See above)
2018-12-25T11:48:45.099814373Z 87 PC: 12adb | Get or set file date and time (See above)
2018-12-25T11:48:45.102273529Z 64 PC: 12ae7 | Write file or device (See above)
2018-12-25T11:48:45.107669653Z 87 PC: 12aee | Get or set file date and time (See above)
2018-12-25T11:48:45.109542146Z 67 PC: 12af9 | Get or set file attributes (See above)
2018-12-25T11:48:45.115606052Z 62 PC: 12afd | Close file (See above)
2018-12-25T11:48:45.735618713Z 71 PC: 12b08 | Get current directory
2018-12-25T11:48:45.738538577Z 59 PC: 12b10 | Change current directory
2018-12-25T11:48:45.743028601Z 9 PC: 12b2a | Display string (String= 'Program execution terminated ')

{"DateBased":true,"Day":26,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3224,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:44.08190172Z 42 PC: 12a81 | Get date 0x12a81: cmp dl, 1
0x12a84: je 0x12a8c
0x12a86: cmp dl, 0x1a
0x12a89: je 0x12a9b
0x12a8b: ret
0x12a8c: mov cx, 0x32
0x12a8f: mov ah, 9
0x12a91: mov dx, 0x26a
0x12a94: int 0x21
0x12a96: loop 0x12a8e
0x12a98: jmp 0x12bd0
0x12a9b: mov ah, 9
0x12a9d: mov dx, 0x213
0x12aa0: int 0x21
0x12aa2: jmp 0x12aa2
0x12aa4: mov ah, 0x4e
0x12aa6: mov cl, 3
0x12aa8: mov dx, 0x295
0x12aab: int 0x21
0x12aad: jb 0x12b13
2018-12-25T11:48:44.084754216Z 9 PC: 12aa2 | Display string (String= 'The Atomic Dustbin 1B -- This is almost the second step')