Sample viewer

vx.netlux.org/Virus.DOS.SillyC.321.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:38.580274337Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:38.582019972Z	47	PC: 12a64 \| Get disk transfer address
2018-12-17T22:30:38.584533826Z	26	PC: 12a6f \| Set disk transfer address
2018-12-17T22:30:38.586209654Z	78	PC: 12a7f \| Find first file
2018-12-17T22:30:38.593339324Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:30:38.604674626Z	63	PC: 12abd \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:30:38.611766558Z	66	PC: 12ade \| Move file pointer
2018-12-17T22:30:38.613430075Z	64	PC: 12af4 \| Write file or device (Write 321 bytes on handle 5)
2018-12-17T22:30:38.629668172Z	66	PC: 12afc \| Move file pointer
2018-12-17T22:30:38.631796431Z	64	PC: 12b05 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:30:38.653676355Z	87	PC: 12b10 \| Get or set file date and time
2018-12-17T22:30:38.671351228Z	62	PC: 12b14 \| Close file
2018-12-17T22:30:38.680071215Z	67	PC: 12b26 \| Get or set file attributes
2018-12-17T22:30:38.692003349Z	26	PC: 12b2c \| Set disk transfer address
2018-12-17T22:30:38.693320225Z	42	PC: 12b37 \| Get date 0x12b37: cmp al, 5 0x12b39: jne 0x12b78 0x12b3b: cmp dl, 0xd 0x12b3e: jne 0x12b78 0x12b40: call 0x12b6e 0x12b43: push sp 0x12b44: push 0x7369 0x12b47: and byte ptr [bx + si + 0x72], dh 0x12b4a: outsw dx, word ptr [si] 0x12b4b: jb 0x12baf 0x12b4e: insw word ptr es:[di], dx 0x12b4f: and byte ptr [bp + si + 0x65], dh 0x12b52: jno 0x12bc9 0x12b54: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b59: dec bp 0x12b5a: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5f: outsw dx, word ptr [si] 0x12b60: je 0x12b83 0x12b63: push di 0x12b64: imul bp, word ptr [bp + 0x64], 0x776f

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5480,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:33.806082423Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:33.808098777Z	47	PC: 12a64 \| Get disk transfer address
2018-12-25T11:54:33.809831222Z	26	PC: 12a6f \| Set disk transfer address
2018-12-25T11:54:33.811492278Z	78	PC: 12a7f \| Find first file
2018-12-25T11:54:33.818715163Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:33.825835189Z	63	PC: 12abd \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:33.832570663Z	66	PC: 12ade \| Move file pointer
2018-12-25T11:54:33.8340102Z	64	PC: 12af4 \| Write file or device (Write 321 bytes on handle 5)
2018-12-25T11:54:33.850047945Z	66	PC: 12afc \| Move file pointer
2018-12-25T11:54:33.851421415Z	64	PC: 12b05 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:33.858631246Z	87	PC: 12b10 \| Get or set file date and time
2018-12-25T11:54:33.861025077Z	62	PC: 12b14 \| Close file
2018-12-25T11:54:33.869947215Z	67	PC: 12b26 \| Get or set file attributes
2018-12-25T11:54:33.880804101Z	26	PC: 12b2c \| Set disk transfer address
2018-12-25T11:54:33.882707977Z	42	PC: 12b37 \| Get date 0x12b37: cmp al, 5 0x12b39: jne 0x12b78 0x12b3b: cmp dl, 0xd 0x12b3e: jne 0x12b78 0x12b40: call 0x12b6e 0x12b43: push sp 0x12b44: push 0x7369 0x12b47: and byte ptr [bx + si + 0x72], dh 0x12b4a: outsw dx, word ptr [si] 0x12b4b: jb 0x12baf 0x12b4e: insw word ptr es:[di], dx 0x12b4f: and byte ptr [bp + si + 0x65], dh 0x12b52: jno 0x12bc9 0x12b54: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b59: dec bp 0x12b5a: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5f: outsw dx, word ptr [si] 0x12b60: je 0x12b83 0x12b63: push di 0x12b64: imul bp, word ptr [bp + 0x64], 0x776f
2018-12-25T11:54:33.88491986Z	9	PC: 12b73 \| Display string (String= 'This program requires Microsoft Windows. ')
2018-12-25T11:54:33.890579614Z	76	PC: 12b78 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5480,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:33.992562908Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:33.993812635Z	47	PC: 12a64 \| Get disk transfer address
2018-12-25T11:54:33.995240983Z	26	PC: 12a6f \| Set disk transfer address
2018-12-25T11:54:33.996512967Z	78	PC: 12a7f \| Find first file
2018-12-25T11:54:34.001951918Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:34.007354822Z	63	PC: 12abd \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:34.012300527Z	66	PC: 12ade \| Move file pointer
2018-12-25T11:54:34.013323262Z	64	PC: 12af4 \| Write file or device (Write 321 bytes on handle 5)
2018-12-25T11:54:34.024994561Z	66	PC: 12afc \| Move file pointer
2018-12-25T11:54:34.026240986Z	64	PC: 12b05 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:34.032341751Z	87	PC: 12b10 \| Get or set file date and time
2018-12-25T11:54:34.034172671Z	62	PC: 12b14 \| Close file
2018-12-25T11:54:34.041379405Z	67	PC: 12b26 \| Get or set file attributes
2018-12-25T11:54:34.050692736Z	26	PC: 12b2c \| Set disk transfer address
2018-12-25T11:54:34.051961935Z	42	PC: 12b37 \| Get date 0x12b37: cmp al, 5 0x12b39: jne 0x12b78 0x12b3b: cmp dl, 0xd 0x12b3e: jne 0x12b78 0x12b40: call 0x12b6e 0x12b43: push sp 0x12b44: push 0x7369 0x12b47: and byte ptr [bx + si + 0x72], dh 0x12b4a: outsw dx, word ptr [si] 0x12b4b: jb 0x12baf 0x12b4e: insw word ptr es:[di], dx 0x12b4f: and byte ptr [bp + si + 0x65], dh 0x12b52: jno 0x12bc9 0x12b54: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b59: dec bp 0x12b5a: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5f: outsw dx, word ptr [si] 0x12b60: je 0x12b83 0x12b63: push di 0x12b64: imul bp, word ptr [bp + 0x64], 0x776f

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5480,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:34.012461124Z	37	PC: 12a60 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:34.014135677Z	47	PC: 12a64 \| Get disk transfer address
2018-12-25T11:54:34.015547324Z	26	PC: 12a6f \| Set disk transfer address
2018-12-25T11:54:34.016914738Z	78	PC: 12a7f \| Find first file
2018-12-25T11:54:34.025271327Z	61	PC: 12aaa \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:54:34.033551022Z	63	PC: 12abd \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:54:34.0406684Z	66	PC: 12ade \| Move file pointer
2018-12-25T11:54:34.042336766Z	64	PC: 12af4 \| Write file or device (Write 321 bytes on handle 5)
2018-12-25T11:54:34.056806308Z	66	PC: 12afc \| Move file pointer
2018-12-25T11:54:34.058258597Z	64	PC: 12b05 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:54:34.065363054Z	87	PC: 12b10 \| Get or set file date and time
2018-12-25T11:54:34.067377431Z	62	PC: 12b14 \| Close file
2018-12-25T11:54:34.075893679Z	67	PC: 12b26 \| Get or set file attributes
2018-12-25T11:54:34.0884496Z	26	PC: 12b2c \| Set disk transfer address
2018-12-25T11:54:34.091085381Z	42	PC: 12b37 \| Get date 0x12b37: cmp al, 5 0x12b39: jne 0x12b78 0x12b3b: cmp dl, 0xd 0x12b3e: jne 0x12b78 0x12b40: call 0x12b6e 0x12b43: push sp 0x12b44: push 0x7369 0x12b47: and byte ptr [bx + si + 0x72], dh 0x12b4a: outsw dx, word ptr [si] 0x12b4b: jb 0x12baf 0x12b4e: insw word ptr es:[di], dx 0x12b4f: and byte ptr [bp + si + 0x65], dh 0x12b52: jno 0x12bc9 0x12b54: imul si, word ptr [bp + si + 0x65], 0x2073 0x12b59: dec bp 0x12b5a: imul sp, word ptr [bp + di + 0x72], 0x736f 0x12b5f: outsw dx, word ptr [si] 0x12b60: je 0x12b83 0x12b63: push di 0x12b64: imul bp, word ptr [bp + 0x64], 0x776f