Sample viewer

vx.netlux.org/Virus.DOS.Hybrid.1306

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:29:37.685304113Z	47	PC: 12a69 \| Get disk transfer address
2018-12-17T22:29:37.686518515Z	26	PC: 12a78 \| Set disk transfer address
2018-12-17T22:29:37.688701039Z	78	PC: 12b15 \| Find first file
2018-12-17T22:29:37.696513918Z	67	PC: 12b50 \| Get or set file attributes
2018-12-17T22:29:37.703297654Z	67	PC: 12b60 \| Get or set file attributes
2018-12-17T22:29:37.723065624Z	61	PC: 12b6a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:29:37.730563225Z	87	PC: 12b76 \| Get or set file date and time
2018-12-17T22:29:37.732197037Z	42	PC: 12b80 \| Get date 0x12b80: cmp cx, 0x7c7 0x12b84: ja 0x12b8b 0x12b86: cmp dh, 0x12 0x12b89: jbe 0x12c03 0x12b8b: cmp al, 5 0x12b8d: jne 0x12bd3 0x12b8f: cmp dl, 0xd 0x12b92: jne 0x12bd3 0x12b94: mov ah, 0x19 0x12b96: int 0x21 0x12b98: push ax 0x12b99: push si 0x12b9a: mov cx, 1 0x12b9d: mov dx, 0 0x12ba0: mov bx, 0x28d 0x12ba3: add bx, si 0x12ba5: int 0x25 0x12ba7: popf 0x12ba8: pop si 0x12ba9: push si
2018-12-17T22:29:37.736571753Z	44	PC: 12bd7 \| Get time 0x12bd7: and dh, 7 0x12bda: jne 0x12bec 0x12bdc: mov ah, 0x40 0x12bde: mov cx, 5 0x12be1: mov dx, si 0x12be3: add dx, 0x28d 0x12be7: int 0x21 0x12be9: jmp 0x12cc6 0x12bec: and dh, 9 0x12bef: jne 0x12c03 0x12bf1: xor ax, ax 0x12bf3: mov ds, ax 0x12bf5: and word ptr [0x410], 0xff3f 0x12bfb: mov word ptr [0x413], 0x100 0x12c01: int 0x19 0x12c03: mov ah, 0x3f 0x12c05: mov cx, 3 0x12c08: mov dx, 0xa 0x12c0b: add dx, si 0x12c0d: int 0x21
2018-12-17T22:29:37.739600297Z	63	PC: 12c0f \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:29:37.746886632Z	66	PC: 12c27 \| Move file pointer
2018-12-17T22:29:37.750033377Z	64	PC: 12c71 \| Write file or device (Write 1306 bytes on handle 5)
2018-12-17T22:29:37.760215868Z	66	PC: 12c99 \| Move file pointer
2018-12-17T22:29:37.761792881Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:29:37.769637578Z	87	PC: 12cb5 \| Get or set file date and time
2018-12-17T22:29:37.771293627Z	62	PC: 12cb9 \| Close file
2018-12-17T22:29:37.780146998Z	67	PC: 12cc6 \| Get or set file attributes
2018-12-17T22:29:37.793057333Z	26	PC: 12cd1 \| Set disk transfer address
2018-12-17T22:29:37.794747124Z	0	PC: 12a4a \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:11.621428403Z	47	PC: 12a69 \| Get disk transfer address
2018-12-25T11:54:11.622688137Z	26	PC: 12a78 \| Set disk transfer address
2018-12-25T11:54:11.624316831Z	78	PC: 12b15 \| Find first file
2018-12-25T11:54:11.630109435Z	67	PC: 12b50 \| Get or set file attributes
2018-12-25T11:54:11.635617376Z	67	PC: 12b60 \| Get or set file attributes
2018-12-25T11:54:11.652030576Z	61	PC: 12b6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:11.658395717Z	87	PC: 12b76 \| Get or set file date and time
2018-12-25T11:54:11.659654781Z	42	PC: 12b80 \| Get date 0x12b80: cmp cx, 0x7c7 0x12b84: ja 0x12b8b 0x12b86: cmp dh, 0x12 0x12b89: jbe 0x12c03 0x12b8b: cmp al, 5 0x12b8d: jne 0x12bd3 0x12b8f: cmp dl, 0xd 0x12b92: jne 0x12bd3 0x12b94: mov ah, 0x19 0x12b96: int 0x21 0x12b98: push ax 0x12b99: push si 0x12b9a: mov cx, 1 0x12b9d: mov dx, 0 0x12ba0: mov bx, 0x28d 0x12ba3: add bx, si 0x12ba5: int 0x25 0x12ba7: popf 0x12ba8: pop si 0x12ba9: push si
2018-12-25T11:54:11.662200084Z	63	PC: 12c0f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:11.668300691Z	66	PC: 12c27 \| Move file pointer
2018-12-25T11:54:11.669954664Z	64	PC: 12c71 \| Write file or device (Write 1306 bytes on handle 5)
2018-12-25T11:54:11.679126412Z	66	PC: 12c99 \| Move file pointer
2018-12-25T11:54:11.680343155Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:11.686561002Z	87	PC: 12cb5 \| Get or set file date and time
2018-12-25T11:54:11.68833998Z	62	PC: 12cb9 \| Close file
2018-12-25T11:54:11.696429925Z	67	PC: 12cc6 \| Get or set file attributes
2018-12-25T11:54:11.706372216Z	26	PC: 12cd1 \| Set disk transfer address
2018-12-25T11:54:11.708265576Z	0	PC: 12a4a \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":5296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.498002852Z	47	PC: 12a69 \| Get disk transfer address
2018-12-25T11:54:12.500527151Z	26	PC: 12a78 \| Set disk transfer address
2018-12-25T11:54:12.50210015Z	78	PC: 12b15 \| Find first file
2018-12-25T11:54:12.508111343Z	67	PC: 12b50 \| Get or set file attributes
2018-12-25T11:54:12.514252665Z	67	PC: 12b60 \| Get or set file attributes
2018-12-25T11:54:12.533365099Z	61	PC: 12b6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:12.540281962Z	87	PC: 12b76 \| Get or set file date and time
2018-12-25T11:54:12.54251173Z	42	PC: 12b80 \| Get date 0x12b80: cmp cx, 0x7c7 0x12b84: ja 0x12b8b 0x12b86: cmp dh, 0x12 0x12b89: jbe 0x12c03 0x12b8b: cmp al, 5 0x12b8d: jne 0x12bd3 0x12b8f: cmp dl, 0xd 0x12b92: jne 0x12bd3 0x12b94: mov ah, 0x19 0x12b96: int 0x21 0x12b98: push ax 0x12b99: push si 0x12b9a: mov cx, 1 0x12b9d: mov dx, 0 0x12ba0: mov bx, 0x28d 0x12ba3: add bx, si 0x12ba5: int 0x25 0x12ba7: popf 0x12ba8: pop si 0x12ba9: push si
2018-12-25T11:54:12.544954074Z	63	PC: 12c0f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.550534914Z	66	PC: 12c27 \| Move file pointer
2018-12-25T11:54:12.552350785Z	64	PC: 12c71 \| Write file or device (Write 1306 bytes on handle 5)
2018-12-25T11:54:12.558206578Z	66	PC: 12c99 \| Move file pointer
2018-12-25T11:54:12.563905015Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:12.579529024Z	87	PC: 12cb5 \| Get or set file date and time
2018-12-25T11:54:12.581035035Z	62	PC: 12cb9 \| Close file
2018-12-25T11:54:12.588904633Z	67	PC: 12cc6 \| Get or set file attributes
2018-12-25T11:54:12.600238406Z	26	PC: 12cd1 \| Set disk transfer address
2018-12-25T11:54:12.601377151Z	0	PC: 12a4a \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":5296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.48587918Z	47	PC: 12a69 \| Get disk transfer address
2018-12-25T11:54:12.488186327Z	26	PC: 12a78 \| Set disk transfer address
2018-12-25T11:54:12.489628158Z	78	PC: 12b15 \| Find first file
2018-12-25T11:54:12.496118604Z	67	PC: 12b50 \| Get or set file attributes
2018-12-25T11:54:12.502535315Z	67	PC: 12b60 \| Get or set file attributes
2018-12-25T11:54:12.523751042Z	61	PC: 12b6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:12.530180469Z	87	PC: 12b76 \| Get or set file date and time
2018-12-25T11:54:12.531905464Z	42	PC: 12b80 \| Get date 0x12b80: cmp cx, 0x7c7 0x12b84: ja 0x12b8b 0x12b86: cmp dh, 0x12 0x12b89: jbe 0x12c03 0x12b8b: cmp al, 5 0x12b8d: jne 0x12bd3 0x12b8f: cmp dl, 0xd 0x12b92: jne 0x12bd3 0x12b94: mov ah, 0x19 0x12b96: int 0x21 0x12b98: push ax 0x12b99: push si 0x12b9a: mov cx, 1 0x12b9d: mov dx, 0 0x12ba0: mov bx, 0x28d 0x12ba3: add bx, si 0x12ba5: int 0x25 0x12ba7: popf 0x12ba8: pop si 0x12ba9: push si
2018-12-25T11:54:12.534054891Z	63	PC: 12c0f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.540466374Z	66	PC: 12c27 \| Move file pointer
2018-12-25T11:54:12.54257699Z	64	PC: 12c71 \| Write file or device (Write 1306 bytes on handle 5)
2018-12-25T11:54:12.551494763Z	66	PC: 12c99 \| Move file pointer
2018-12-25T11:54:12.553007404Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:12.559231687Z	87	PC: 12cb5 \| Get or set file date and time
2018-12-25T11:54:12.561002385Z	62	PC: 12cb9 \| Close file
2018-12-25T11:54:12.568702659Z	67	PC: 12cc6 \| Get or set file attributes
2018-12-25T11:54:12.578780569Z	26	PC: 12cd1 \| Set disk transfer address
2018-12-25T11:54:12.58110004Z	0	PC: 12a4a \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":7,"TimeBased":true,"OriginalID":5296,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:12.534388395Z	47	PC: 12a69 \| Get disk transfer address
2018-12-25T11:54:12.536112133Z	26	PC: 12a78 \| Set disk transfer address
2018-12-25T11:54:12.545996614Z	78	PC: 12b15 \| Find first file
2018-12-25T11:54:12.553203568Z	67	PC: 12b50 \| Get or set file attributes
2018-12-25T11:54:12.559968619Z	67	PC: 12b60 \| Get or set file attributes
2018-12-25T11:54:12.578609571Z	61	PC: 12b6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:12.589152548Z	87	PC: 12b76 \| Get or set file date and time
2018-12-25T11:54:12.591889623Z	42	PC: 12b80 \| Get date 0x12b80: cmp cx, 0x7c7 0x12b84: ja 0x12b8b 0x12b86: cmp dh, 0x12 0x12b89: jbe 0x12c03 0x12b8b: cmp al, 5 0x12b8d: jne 0x12bd3 0x12b8f: cmp dl, 0xd 0x12b92: jne 0x12bd3 0x12b94: mov ah, 0x19 0x12b96: int 0x21 0x12b98: push ax 0x12b99: push si 0x12b9a: mov cx, 1 0x12b9d: mov dx, 0 0x12ba0: mov bx, 0x28d 0x12ba3: add bx, si 0x12ba5: int 0x25 0x12ba7: popf 0x12ba8: pop si 0x12ba9: push si
2018-12-25T11:54:12.596904046Z	63	PC: 12c0f \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:12.604445804Z	66	PC: 12c27 \| Move file pointer
2018-12-25T11:54:12.606599991Z	64	PC: 12c71 \| Write file or device (Write 1306 bytes on handle 5)
2018-12-25T11:54:12.617303264Z	66	PC: 12c99 \| Move file pointer
2018-12-25T11:54:12.619086023Z	64	PC: 12ca7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:12.626823822Z	87	PC: 12cb5 \| Get or set file date and time
2018-12-25T11:54:12.629135379Z	62	PC: 12cb9 \| Close file
2018-12-25T11:54:12.638698336Z	67	PC: 12cc6 \| Get or set file attributes
2018-12-25T11:54:12.649571706Z	26	PC: 12cd1 \| Set disk transfer address
2018-12-25T11:54:12.651271646Z	0	PC: 12a4a \| Program terminate