Sample viewer

vx.netlux.org/Virus.DOS.Bauman.2203

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:27:57.778284333Z	42	PC: 12ad1 \| Get date 0x12ad1: cmp al, 5 0x12ad3: jne 0x12afb 0x12ad5: mov ah, 0x2c 0x12ad7: int 0x21 0x12ad9: cmp ch, 0xc 0x12adc: jb 0x12afb 0x12ade: mov dx, 0x80 0x12ae1: mov cx, 1 0x12ae4: xor bx, bx 0x12ae6: mov ax, 0x326 0x12ae9: int 0x13 0x12aeb: inc dh 0x12aed: cmp dh, 6 0x12af0: jne 0x12ae6
2018-12-17T22:27:57.780683445Z	116	PC: 12b2e \| UNKNOWN!
2018-12-17T22:27:57.782310323Z	44	PC: 12b76 \| Get time 0x12b76: pushf 0x12b77: mov bp, sp 0x12b79: and byte ptr [bp + 1], 0xfe 0x12b7d: popf 0x12b7e: mov ax, bx 0x12b80: sub ax, 0xbc 0x12b83: mov ds, ax 0x12b85: mov dx, 6 0x12b88: mov ah, 0x1a 0x12b8a: int 0x21 0x12b8c: push ds 0x12b8d: push cs 0x12b8e: pop ds 0x12b8f: pop es 0x12b90: xor ax, ax 0x12b92: mov word ptr es:[0x8a8], ax 0x12b96: mov word ptr es:[0x8aa], ax 0x12b9a: mov ah, 0x4e 0x12b9c: mov dx, si 0x12b9e: sub dx, 9
2018-12-17T22:27:57.785843497Z	26	PC: 12b8c \| Set disk transfer address
2018-12-17T22:27:57.78785699Z	78	PC: 12ba5 \| Find first file
2018-12-17T22:27:57.792939627Z	78	PC: 12d74 \| Find first file
2018-12-17T22:27:57.800072605Z	67	PC: 12d97 \| Get or set file attributes
2018-12-17T22:27:57.814797935Z	61	PC: 12d9c \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:27:57.821397117Z	66	PC: 12da9 \| Move file pointer
2018-12-17T22:27:57.822586569Z	63	PC: 12db2 \| Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:27:57.827632405Z	66	PC: 12de7 \| Move file pointer
2018-12-17T22:27:57.828774953Z	63	PC: 12df1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:27:57.830555579Z	66	PC: 12dfa \| Move file pointer
2018-12-17T22:27:57.832834486Z	64	PC: 12e03 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:27:57.835107952Z	66	PC: 12e0c \| Move file pointer
2018-12-17T22:27:57.836178594Z	64	PC: 12e1a \| Write file or device (Write 8 bytes on handle 5)
2018-12-17T22:27:57.838400057Z	64	PC: 12e26 \| Write file or device (Write 7 bytes on handle 5)
2018-12-17T22:27:57.841011884Z	64	PC: 12e34 \| Write file or device (Write 2187 bytes on handle 5)
2018-12-17T22:27:57.849317741Z	64	PC: 12e43 \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:27:57.852035639Z	62	PC: 12e47 \| Close file
2018-12-17T22:27:57.860709808Z	116	PC: 12f22 \| UNKNOWN!
2018-12-17T22:27:57.861805815Z	82	PC: 9fb07 \| Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4980,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:19.329651515Z	42	PC: 12ad1 \| Get date 0x12ad1: cmp al, 5 0x12ad3: jne 0x12afb 0x12ad5: mov ah, 0x2c 0x12ad7: int 0x21 0x12ad9: cmp ch, 0xc 0x12adc: jb 0x12afb 0x12ade: mov dx, 0x80 0x12ae1: mov cx, 1 0x12ae4: xor bx, bx 0x12ae6: mov ax, 0x326 0x12ae9: int 0x13 0x12aeb: inc dh 0x12aed: cmp dh, 6 0x12af0: jne 0x12ae6
2018-12-25T11:53:19.33217625Z	116	PC: 12b2e \| UNKNOWN!
2018-12-25T11:53:19.333127567Z	44	PC: 12b76 \| Get time 0x12b76: pushf 0x12b77: mov bp, sp 0x12b79: and byte ptr [bp + 1], 0xfe 0x12b7d: popf 0x12b7e: mov ax, bx 0x12b80: sub ax, 0xbc 0x12b83: mov ds, ax 0x12b85: mov dx, 6 0x12b88: mov ah, 0x1a 0x12b8a: int 0x21 0x12b8c: push ds 0x12b8d: push cs 0x12b8e: pop ds 0x12b8f: pop es 0x12b90: xor ax, ax 0x12b92: mov word ptr es:[0x8a8], ax 0x12b96: mov word ptr es:[0x8aa], ax 0x12b9a: mov ah, 0x4e 0x12b9c: mov dx, si 0x12b9e: sub dx, 9
2018-12-25T11:53:19.336453012Z	26	PC: 12b8c \| Set disk transfer address
2018-12-25T11:53:19.338515518Z	78	PC: 12ba5 \| Find first file
2018-12-25T11:53:19.344208689Z	78	PC: 12d74 \| Find first file
2018-12-25T11:53:19.350519768Z	67	PC: 12d97 \| Get or set file attributes
2018-12-25T11:53:19.477862926Z	61	PC: 12d9c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:19.486551669Z	66	PC: 12da9 \| Move file pointer
2018-12-25T11:53:19.488400489Z	63	PC: 12db2 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:53:19.495326393Z	66	PC: 12de7 \| Move file pointer
2018-12-25T11:53:19.498568527Z	63	PC: 12df1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:19.50146994Z	66	PC: 12dfa \| Move file pointer
2018-12-25T11:53:19.50334315Z	64	PC: 12e03 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:19.508675333Z	66	PC: 12e0c \| Move file pointer
2018-12-25T11:53:19.511026239Z	64	PC: 12e1a \| Write file or device (Write 8 bytes on handle 5)
2018-12-25T11:53:19.513699729Z	64	PC: 12e26 \| Write file or device (Write 7 bytes on handle 5)
2018-12-25T11:53:19.516314898Z	64	PC: 12e34 \| Write file or device (Write 2187 bytes on handle 5)
2018-12-25T11:53:19.522053039Z	64	PC: 12e43 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:53:19.52396152Z	62	PC: 12e47 \| Close file
2018-12-25T11:53:19.529776413Z	116	PC: 12f22 \| UNKNOWN!
2018-12-25T11:53:19.53063091Z	82	PC: 9fb07 \| Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4980,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:19.711125073Z	42	PC: 12ad1 \| Get date 0x12ad1: cmp al, 5 0x12ad3: jne 0x12afb 0x12ad5: mov ah, 0x2c 0x12ad7: int 0x21 0x12ad9: cmp ch, 0xc 0x12adc: jb 0x12afb 0x12ade: mov dx, 0x80 0x12ae1: mov cx, 1 0x12ae4: xor bx, bx 0x12ae6: mov ax, 0x326 0x12ae9: int 0x13 0x12aeb: inc dh 0x12aed: cmp dh, 6 0x12af0: jne 0x12ae6
2018-12-25T11:53:19.714291751Z	44	PC: 12ad9 \| Get time 0x12ad9: cmp ch, 0xc 0x12adc: jb 0x12afb 0x12ade: mov dx, 0x80 0x12ae1: mov cx, 1 0x12ae4: xor bx, bx 0x12ae6: mov ax, 0x326 0x12ae9: int 0x13 0x12aeb: inc dh 0x12aed: cmp dh, 6 0x12af0: jne 0x12ae6
2018-12-25T11:53:19.717892184Z	116	PC: 12b2e \| UNKNOWN!
2018-12-25T11:53:19.719353661Z	44	PC: 12b76 \| Get time 0x12b76: pushf 0x12b77: mov bp, sp 0x12b79: and byte ptr [bp + 1], 0xfe 0x12b7d: popf 0x12b7e: mov ax, bx 0x12b80: sub ax, 0xbc 0x12b83: mov ds, ax 0x12b85: mov dx, 6 0x12b88: mov ah, 0x1a 0x12b8a: int 0x21 0x12b8c: push ds 0x12b8d: push cs 0x12b8e: pop ds 0x12b8f: pop es 0x12b90: xor ax, ax 0x12b92: mov word ptr es:[0x8a8], ax 0x12b96: mov word ptr es:[0x8aa], ax 0x12b9a: mov ah, 0x4e 0x12b9c: mov dx, si 0x12b9e: sub dx, 9
2018-12-25T11:53:19.72388538Z	26	PC: 12b8c \| Set disk transfer address
2018-12-25T11:53:19.725546525Z	78	PC: 12ba5 \| Find first file
2018-12-25T11:53:19.732513126Z	78	PC: 12d74 \| Find first file
2018-12-25T11:53:19.739719044Z	67	PC: 12d97 \| Get or set file attributes
2018-12-25T11:53:19.757942002Z	61	PC: 12d9c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:19.765272146Z	66	PC: 12da9 \| Move file pointer
2018-12-25T11:53:19.766725652Z	63	PC: 12db2 \| Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:53:19.774085353Z	66	PC: 12de7 \| Move file pointer
2018-12-25T11:53:19.775882851Z	63	PC: 12df1 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:53:19.779069245Z	66	PC: 12dfa \| Move file pointer
2018-12-25T11:53:19.782075668Z	64	PC: 12e03 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:19.785270909Z	66	PC: 12e0c \| Move file pointer
2018-12-25T11:53:19.787220739Z	64	PC: 12e1a \| Write file or device (Write 8 bytes on handle 5)
2018-12-25T11:53:19.792541654Z	64	PC: 12e26 \| Write file or device (Write 7 bytes on handle 5)
2018-12-25T11:53:19.796189987Z	64	PC: 12e34 \| Write file or device (Write 2187 bytes on handle 5)
2018-12-25T11:53:19.806533585Z	64	PC: 12e43 \| Write file or device (Write 1 bytes on handle 5)
2018-12-25T11:53:19.810946981Z	62	PC: 12e47 \| Close file
2018-12-25T11:53:19.820690252Z	116	PC: 12f22 \| UNKNOWN!
2018-12-25T11:53:19.821948224Z	82	PC: 9fb07 \| Get DOS internal pointers (SYSVARS)