Sample viewer

vx.netlux.org/Virus.DOS.Slavery.929

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:16.910356969Z	71	PC: 1324e \| Get current directory
2018-12-17T22:28:16.914963242Z	71	PC: 13259 \| Get current directory
2018-12-17T22:28:16.918827591Z	26	PC: 1326c \| Set disk transfer address
2018-12-17T22:28:16.921026647Z	42	PC: 13330 \| Get date 0x13330: cmp dh, 3 0x13333: jl 0x13389 0x13335: cmp dl, 0x18 0x13338: jl 0x13389 0x1333a: lea dx, word ptr [0x1ae] 0x1333e: add di, dx 0x13340: mov ah, 0xf0 0x13342: mov cx, 0x2d 0x13345: xor byte ptr [di], ah 0x13347: inc di 0x13348: loop 0x13345 0x1334a: sub di, 0x1db 0x1334e: lea dx, word ptr [0x1ae] 0x13352: add dx, di 0x13354: mov ah, 9 0x13356: int 0x21 0x13358: cli 0x13359: call 0x232ee 0x1335c: mov dx, di 0x1335e: mov si, dx
2018-12-17T22:28:16.924946712Z	26	PC: 1342b \| Set disk transfer address
2018-12-17T22:28:16.92630562Z	78	PC: 1343b \| Find first file
2018-12-17T22:28:16.941429386Z	67	PC: 1345b \| Get or set file attributes
2018-12-17T22:28:16.96066312Z	61	PC: 13461 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:28:16.974324079Z	63	PC: 13479 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:28:16.982207971Z	66	PC: 13492 \| Move file pointer
2018-12-17T22:28:16.983911365Z	66	PC: 134a0 \| Move file pointer
2018-12-17T22:28:16.986413191Z	63	PC: 134b3 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:28:16.989372019Z	26	PC: 134ea \| Set disk transfer address
2018-12-17T22:28:16.990879965Z	87	PC: 134fb \| Get or set file date and time
2018-12-17T22:28:16.995134379Z	66	PC: 1350f \| Move file pointer
2018-12-17T22:28:16.996804739Z	64	PC: 1351c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:28:17.000725048Z	66	PC: 1353b \| Move file pointer
2018-12-17T22:28:17.006041357Z	64	PC: 13564 \| Write file or device (Write 929 bytes on handle 5)
2018-12-17T22:28:17.016437244Z	62	PC: 1356a \| Close file
2018-12-17T22:28:17.026248578Z	61	PC: 13578 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:28:17.034803248Z	87	PC: 13588 \| Get or set file date and time
2018-12-17T22:28:17.038634797Z	62	PC: 1358c \| Close file
2018-12-17T22:28:17.047721778Z	67	PC: 1359e \| Get or set file attributes
2018-12-17T22:28:17.059278676Z	26	PC: 132a0 \| Set disk transfer address
2018-12-17T22:28:17.061391333Z	59	PC: 132a9 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5041,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:55.439241523Z	71	PC: 1324e \| Get current directory
2018-12-25T13:06:55.441642676Z	71	PC: 13259 \| Get current directory
2018-12-25T13:06:55.444375949Z	26	PC: 1326c \| Set disk transfer address
2018-12-25T13:06:55.445271165Z	42	PC: 13330 \| Get date 0x13330: cmp dh, 3 0x13333: jl 0x13389 0x13335: cmp dl, 0x18 0x13338: jl 0x13389 0x1333a: lea dx, word ptr [0x1ae] 0x1333e: add di, dx 0x13340: mov ah, 0xf0 0x13342: mov cx, 0x2d 0x13345: xor byte ptr [di], ah 0x13347: inc di 0x13348: loop 0x13345 0x1334a: sub di, 0x1db 0x1334e: lea dx, word ptr [0x1ae] 0x13352: add dx, di 0x13354: mov ah, 9 0x13356: int 0x21 0x13358: cli 0x13359: call 0x232ee 0x1335c: mov dx, di 0x1335e: mov si, dx
2018-12-25T13:06:55.44738696Z	26	PC: 1342b \| Set disk transfer address
2018-12-25T13:06:55.448463906Z	78	PC: 1343b \| Find first file
2018-12-25T13:06:55.460121474Z	67	PC: 1345b \| Get or set file attributes
2018-12-25T13:06:56.044912124Z	61	PC: 13461 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:56.051639519Z	63	PC: 13479 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T13:06:56.055504505Z	66	PC: 13492 \| Move file pointer
2018-12-25T13:06:56.056475066Z	66	PC: 134a0 \| Move file pointer
2018-12-25T13:06:56.057744908Z	63	PC: 134b3 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T13:06:56.059307771Z	26	PC: 134ea \| Set disk transfer address
2018-12-25T13:06:56.060031153Z	87	PC: 134fb \| Get or set file date and time
2018-12-25T13:06:56.06153739Z	66	PC: 1350f \| Move file pointer
2018-12-25T13:06:56.062502137Z	64	PC: 1351c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T13:06:56.064255168Z	66	PC: 1353b \| Move file pointer
2018-12-25T13:06:56.065877524Z	64	PC: 13564 \| Write file or device (Write 929 bytes on handle 5)
2018-12-25T13:06:56.159835326Z	62	PC: 1356a \| Close file
2018-12-25T13:06:56.259388105Z	61	PC: 13578 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:06:56.266437367Z	87	PC: 13588 \| Get or set file date and time
2018-12-25T13:06:56.267907854Z	62	PC: 1358c \| Close file
2018-12-25T13:06:56.429897876Z	67	PC: 1359e \| Get or set file attributes
2018-12-25T13:06:56.56986406Z	26	PC: 132a0 \| Set disk transfer address
2018-12-25T13:06:56.571046031Z	59	PC: 132a9 \| Change current directory

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5041,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:31.322730801Z	71	PC: 1324e \| Get current directory
2018-12-25T11:53:31.326624008Z	71	PC: 13259 \| Get current directory
2018-12-25T11:53:31.329777906Z	26	PC: 1326c \| Set disk transfer address
2018-12-25T11:53:31.330706272Z	42	PC: 13330 \| Get date 0x13330: cmp dh, 3 0x13333: jl 0x13389 0x13335: cmp dl, 0x18 0x13338: jl 0x13389 0x1333a: lea dx, word ptr [0x1ae] 0x1333e: add di, dx 0x13340: mov ah, 0xf0 0x13342: mov cx, 0x2d 0x13345: xor byte ptr [di], ah 0x13347: inc di 0x13348: loop 0x13345 0x1334a: sub di, 0x1db 0x1334e: lea dx, word ptr [0x1ae] 0x13352: add dx, di 0x13354: mov ah, 9 0x13356: int 0x21 0x13358: cli 0x13359: call 0x232ee 0x1335c: mov dx, di 0x1335e: mov si, dx
2018-12-25T11:53:31.333606867Z	26	PC: 1342b \| Set disk transfer address
2018-12-25T11:53:31.334674259Z	78	PC: 1343b \| Find first file
2018-12-25T11:53:31.34110797Z	67	PC: 1345b \| Get or set file attributes
2018-12-25T11:53:31.359791591Z	61	PC: 13461 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:31.372657555Z	63	PC: 13479 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:53:31.380149585Z	66	PC: 13492 \| Move file pointer
2018-12-25T11:53:31.382802318Z	66	PC: 134a0 \| Move file pointer
2018-12-25T11:53:31.391194739Z	63	PC: 134b3 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:53:31.393879591Z	26	PC: 134ea \| Set disk transfer address
2018-12-25T11:53:31.395137094Z	87	PC: 134fb \| Get or set file date and time
2018-12-25T11:53:31.39775751Z	66	PC: 1350f \| Move file pointer
2018-12-25T11:53:31.399455838Z	64	PC: 1351c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:53:31.40311813Z	66	PC: 1353b \| Move file pointer
2018-12-25T11:53:31.405273081Z	64	PC: 13564 \| Write file or device (Write 929 bytes on handle 5)
2018-12-25T11:53:31.414893261Z	62	PC: 1356a \| Close file
2018-12-25T11:53:31.424310863Z	61	PC: 13578 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:53:31.432974975Z	87	PC: 13588 \| Get or set file date and time
2018-12-25T11:53:31.434554834Z	62	PC: 1358c \| Close file
2018-12-25T11:53:31.442696101Z	67	PC: 1359e \| Get or set file attributes
2018-12-25T11:53:31.454450221Z	26	PC: 132a0 \| Set disk transfer address
2018-12-25T11:53:31.455975546Z	59	PC: 132a9 \| Change current directory

{"DateBased":true,"Day":24,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5041,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:31.696713061Z	71	PC: 1324e \| Get current directory
2018-12-25T11:53:31.699898208Z	71	PC: 13259 \| Get current directory
2018-12-25T11:53:31.702634288Z	26	PC: 1326c \| Set disk transfer address
2018-12-25T11:53:31.703703785Z	42	PC: 13330 \| Get date 0x13330: cmp dh, 3 0x13333: jl 0x13389 0x13335: cmp dl, 0x18 0x13338: jl 0x13389 0x1333a: lea dx, word ptr [0x1ae] 0x1333e: add di, dx 0x13340: mov ah, 0xf0 0x13342: mov cx, 0x2d 0x13345: xor byte ptr [di], ah 0x13347: inc di 0x13348: loop 0x13345 0x1334a: sub di, 0x1db 0x1334e: lea dx, word ptr [0x1ae] 0x13352: add dx, di 0x13354: mov ah, 9 0x13356: int 0x21 0x13358: cli 0x13359: call 0x232ee 0x1335c: mov dx, di 0x1335e: mov si, dx
2018-12-25T11:53:31.706456687Z	9	PC: 13358 \| Display string (String= ' Freedom is Slavery: Berlusconi ti guarda')
2018-12-25T11:53:31.711702438Z	44	PC: 132f9 \| Get time 0x132f9: mov bh, dl 0x132fb: cmp bh, dl 0x132fd: jne 0x13303 0x132ff: int 0x21 0x13301: jmp 0x132fb 0x13303: mov bh, dl 0x13305: cmp bh, dl 0x13307: jne 0x13316 0x13309: mov cx, word ptr [di + 0x1ac] 0x1330d: inc cx 0x1330e: mov word ptr [di + 0x1ac], cx 0x13312: int 0x21 0x13314: jmp 0x13305 0x13316: ret 0x13317: mov cx, bx 0x13319: jcxz 0x13320 0x1331b: call 0x13321 0x1331e: loop 0x1331b 0x13320: ret 0x13321: mov ax, cx
2018-12-25T11:53:31.713968721Z	44	PC: 13301 \| Get time 0x13301: jmp 0x132fb 0x13303: mov bh, dl 0x13305: cmp bh, dl 0x13307: jne 0x13316 0x13309: mov cx, word ptr [di + 0x1ac] 0x1330d: inc cx 0x1330e: mov word ptr [di + 0x1ac], cx 0x13312: int 0x21 0x13314: jmp 0x13305 0x13316: ret 0x13317: mov cx, bx 0x13319: jcxz 0x13320 0x1331b: call 0x13321 0x1331e: loop 0x1331b 0x13320: ret 0x13321: mov ax, cx 0x13323: mov cx, word ptr [di + 0x1ac] 0x13327: loop 0x13327 0x13329: mov cx, ax 0x1332b: ret
2018-12-25T11:53:31.716817099Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.718971746Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.720941176Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.723261327Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.725175269Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.727070186Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.729360167Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.73131838Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.733180571Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.735228839Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.737527389Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.739649541Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.741711981Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.744472321Z	44	PC: 13301 \| Get time (See above)
2018-12-25T11:53:31.747070611Z	44	PC: 13314 \| Get time 0x13314: jmp 0x13305 0x13316: ret 0x13317: mov cx, bx 0x13319: jcxz 0x13320 0x1331b: call 0x13321 0x1331e: loop 0x1331b 0x13320: ret 0x13321: mov ax, cx 0x13323: mov cx, word ptr [di + 0x1ac] 0x13327: loop 0x13327 0x13329: mov cx, ax 0x1332b: ret 0x1332c: mov ah, 0x2a 0x1332e: int 0x21 0x13330: cmp dh, 3 0x13333: jl 0x13389 0x13335: cmp dl, 0x18 0x13338: jl 0x13389 0x1333a: lea dx, word ptr [0x1ae] 0x1333e: add di, dx
2018-12-25T11:53:31.749014614Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.751554411Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.75352284Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.755522186Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.758178146Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.760171908Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.762112835Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.765111234Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.76720215Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.769218177Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.772135389Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.774220408Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.776791387Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.786649041Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.792589692Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.795150681Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.798121627Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.800207981Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.802249366Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.805237712Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.807432922Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.8099843Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.818331607Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.820521208Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.822591243Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.825624376Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.833138804Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.835304842Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.837527558Z	44	PC: 13314 \| Get time (See above)
2018-12-25T11:53:31.84014787Z	44	PC: 13314 \| Get time (See above)