Sample viewer

vx.netlux.org/Virus.DOS.Search.549

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:34:19.086395234Z	26	PC: 12ab4 \| Set disk transfer address
2018-12-17T22:34:19.087579497Z	78	PC: 12ad8 \| Find first file
2018-12-17T22:34:19.095858649Z	61	PC: 12b46 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:19.103381269Z	63	PC: 12b5d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:19.110935671Z	66	PC: 12b6f \| Move file pointer
2018-12-17T22:34:19.113608925Z	64	PC: 12b7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:19.116658252Z	66	PC: 12b8d \| Move file pointer
2018-12-17T22:34:19.118550125Z	64	PC: 12b9d \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:34:19.123749281Z	64	PC: 12baf \| Write file or device (Write 543 bytes on handle 5)
2018-12-17T22:34:19.141098661Z	62	PC: 12bb8 \| Close file
2018-12-17T22:34:19.151188625Z	61	PC: 12bc3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:34:19.157231839Z	87	PC: 12be0 \| Get or set file date and time
2018-12-17T22:34:19.159460807Z	62	PC: 12be9 \| Close file
2018-12-17T22:34:19.168412994Z	78	PC: 12ad8 \| Find first file
2018-12-17T22:34:19.175978806Z	61	PC: 12b46 \| Open file (Filename = 'C:COMMAND.COM')
2018-12-17T22:34:19.183288672Z	63	PC: 12b5d \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:34:19.187213645Z	66	PC: 12b6f \| Move file pointer
2018-12-17T22:34:19.189178079Z	64	PC: 12b7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:34:19.193211822Z	66	PC: 12b8d \| Move file pointer
2018-12-17T22:34:19.195244056Z	64	PC: 12b9d \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:34:19.19930497Z	64	PC: 12baf \| Write file or device (Write 543 bytes on handle 5)
2018-12-17T22:34:19.616311491Z	62	PC: 12bb8 \| Close file
2018-12-17T22:34:19.624596798Z	61	PC: 12bc3 \| Open file (Filename = 'C:COMMAND.COM')
2018-12-17T22:34:19.632674933Z	87	PC: 12be0 \| Get or set file date and time
2018-12-17T22:34:19.635205073Z	62	PC: 12be9 \| Close file
2018-12-17T22:34:19.642745705Z	42	PC: 12c12 \| Get date 0x12c12: cmp dh, 5 0x12c15: jne 0x12c76 0x12c17: cmp dl, 0xc 0x12c1a: jb 0x12c76 0x12c1c: mov byte ptr ds:[bp + 0x305], 0 0x12c22: mov al, 2 0x12c24: add al, byte ptr ds:[bp + 0x305] 0x12c29: mov dx, 1 0x12c2c: mov cx, 0x80 0x12c2f: push bp 0x12c30: int 0x26 0x12c32: popf 0x12c33: pop bp 0x12c34: mov word ptr ds:[bp + 0x323], 0x18cd 0x12c3b: mov al, 2 0x12c3d: xor dx, dx 0x12c3f: mov cx, 1 0x12c42: lea bx, word ptr [bp + 0x323] 0x12c46: push bp 0x12c47: int 0x26
2018-12-17T22:34:19.645732615Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6143,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:38.445894341Z	26	PC: 12ab4 \| Set disk transfer address
2018-12-25T11:58:38.447781693Z	78	PC: 12ad8 \| Find first file
2018-12-25T11:58:38.454254684Z	61	PC: 12b46 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:38.461199086Z	63	PC: 12b5d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:38.468241896Z	66	PC: 12b6f \| Move file pointer
2018-12-25T11:58:38.474841202Z	64	PC: 12b7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:38.478260943Z	66	PC: 12b8d \| Move file pointer
2018-12-25T11:58:38.480312898Z	64	PC: 12b9d \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:58:38.484766717Z	64	PC: 12baf \| Write file or device (Write 543 bytes on handle 5)
2018-12-25T11:58:38.500040073Z	62	PC: 12bb8 \| Close file
2018-12-25T11:58:38.510240713Z	61	PC: 12bc3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:38.518704623Z	87	PC: 12be0 \| Get or set file date and time
2018-12-25T11:58:38.520301726Z	62	PC: 12be9 \| Close file
2018-12-25T11:58:38.528427667Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T11:58:38.53512637Z	61	PC: 12b46 \| Open file (See above)
2018-12-25T11:58:38.541670436Z	63	PC: 12b5d \| Read file or device (See above)
2018-12-25T11:58:38.544402878Z	66	PC: 12b6f \| Move file pointer (See above)
2018-12-25T11:58:38.548012249Z	64	PC: 12b7f \| Write file or device (See above)
2018-12-25T11:58:38.550955968Z	66	PC: 12b8d \| Move file pointer (See above)
2018-12-25T11:58:38.552554452Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T11:58:38.560838569Z	64	PC: 12baf \| Write file or device (See above)
2018-12-25T11:58:38.901068232Z	62	PC: 12bb8 \| Close file (See above)
2018-12-25T11:58:38.909259042Z	61	PC: 12bc3 \| Open file (See above)
2018-12-25T11:58:38.916352017Z	87	PC: 12be0 \| Get or set file date and time (See above)
2018-12-25T11:58:38.918416201Z	62	PC: 12be9 \| Close file (See above)
2018-12-25T11:58:38.925679019Z	42	PC: 12c12 \| Get date 0x12c12: cmp dh, 5 0x12c15: jne 0x12c76 0x12c17: cmp dl, 0xc 0x12c1a: jb 0x12c76 0x12c1c: mov byte ptr ds:[bp + 0x305], 0 0x12c22: mov al, 2 0x12c24: add al, byte ptr ds:[bp + 0x305] 0x12c29: mov dx, 1 0x12c2c: mov cx, 0x80 0x12c2f: push bp 0x12c30: int 0x26 0x12c32: popf 0x12c33: pop bp 0x12c34: mov word ptr ds:[bp + 0x323], 0x18cd 0x12c3b: mov al, 2 0x12c3d: xor dx, dx 0x12c3f: mov cx, 1 0x12c42: lea bx, word ptr [bp + 0x323] 0x12c46: push bp 0x12c47: int 0x26
2018-12-25T11:58:38.927866275Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":12,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6143,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:38.562411702Z	26	PC: 12ab4 \| Set disk transfer address
2018-12-25T11:58:38.571966845Z	78	PC: 12ad8 \| Find first file
2018-12-25T11:58:38.578155202Z	61	PC: 12b46 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:38.584551681Z	63	PC: 12b5d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:38.597527118Z	66	PC: 12b6f \| Move file pointer
2018-12-25T11:58:38.601447757Z	64	PC: 12b7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:38.604198706Z	66	PC: 12b8d \| Move file pointer
2018-12-25T11:58:38.608274007Z	64	PC: 12b9d \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:58:38.611318585Z	64	PC: 12baf \| Write file or device (Write 543 bytes on handle 5)
2018-12-25T11:58:38.624710183Z	62	PC: 12bb8 \| Close file
2018-12-25T11:58:38.632922156Z	61	PC: 12bc3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:38.641819514Z	87	PC: 12be0 \| Get or set file date and time
2018-12-25T11:58:38.643529057Z	62	PC: 12be9 \| Close file
2018-12-25T11:58:38.650590938Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T11:58:38.656241246Z	61	PC: 12b46 \| Open file (See above)
2018-12-25T11:58:38.662316234Z	63	PC: 12b5d \| Read file or device (See above)
2018-12-25T11:58:38.665101043Z	66	PC: 12b6f \| Move file pointer (See above)
2018-12-25T11:58:38.667455265Z	64	PC: 12b7f \| Write file or device (See above)
2018-12-25T11:58:38.670299113Z	66	PC: 12b8d \| Move file pointer (See above)
2018-12-25T11:58:38.671899962Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T11:58:38.675666528Z	64	PC: 12baf \| Write file or device (See above)
2018-12-25T11:58:39.014652213Z	62	PC: 12bb8 \| Close file (See above)
2018-12-25T11:58:39.027321889Z	61	PC: 12bc3 \| Open file (See above)
2018-12-25T11:58:39.037676056Z	87	PC: 12be0 \| Get or set file date and time (See above)
2018-12-25T11:58:39.03956525Z	62	PC: 12be9 \| Close file (See above)
2018-12-25T11:58:39.058636815Z	42	PC: 12c12 \| Get date 0x12c12: cmp dh, 5 0x12c15: jne 0x12c76 0x12c17: cmp dl, 0xc 0x12c1a: jb 0x12c76 0x12c1c: mov byte ptr ds:[bp + 0x305], 0 0x12c22: mov al, 2 0x12c24: add al, byte ptr ds:[bp + 0x305] 0x12c29: mov dx, 1 0x12c2c: mov cx, 0x80 0x12c2f: push bp 0x12c30: int 0x26 0x12c32: popf 0x12c33: pop bp 0x12c34: mov word ptr ds:[bp + 0x323], 0x18cd 0x12c3b: mov al, 2 0x12c3d: xor dx, dx 0x12c3f: mov cx, 1 0x12c42: lea bx, word ptr [bp + 0x323] 0x12c46: push bp 0x12c47: int 0x26
2018-12-25T11:58:39.062438659Z	9	PC: 12c73 \| Display string (String= 'MATURA '92 b')
2018-12-25T11:58:39.065121748Z	76	PC: 12c9a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6143,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:38.97811932Z	26	PC: 12ab4 \| Set disk transfer address
2018-12-25T11:58:38.980255782Z	78	PC: 12ad8 \| Find first file
2018-12-25T11:58:38.986126689Z	61	PC: 12b46 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:38.992485449Z	63	PC: 12b5d \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:58:38.998713038Z	66	PC: 12b6f \| Move file pointer
2018-12-25T11:58:39.000243219Z	64	PC: 12b7f \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:58:39.002781416Z	66	PC: 12b8d \| Move file pointer
2018-12-25T11:58:39.004062814Z	64	PC: 12b9d \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T11:58:39.007164909Z	64	PC: 12baf \| Write file or device (Write 543 bytes on handle 5)
2018-12-25T11:58:39.020572741Z	62	PC: 12bb8 \| Close file
2018-12-25T11:58:39.028752484Z	61	PC: 12bc3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:58:39.037643616Z	87	PC: 12be0 \| Get or set file date and time
2018-12-25T11:58:39.039164494Z	62	PC: 12be9 \| Close file
2018-12-25T11:58:39.046183697Z	78	PC: 12ad8 \| Find first file (See above)
2018-12-25T11:58:39.053845574Z	61	PC: 12b46 \| Open file (See above)
2018-12-25T11:58:39.059942418Z	63	PC: 12b5d \| Read file or device (See above)
2018-12-25T11:58:39.062792391Z	66	PC: 12b6f \| Move file pointer (See above)
2018-12-25T11:58:39.068979478Z	64	PC: 12b7f \| Write file or device (See above)
2018-12-25T11:58:39.071971088Z	66	PC: 12b8d \| Move file pointer (See above)
2018-12-25T11:58:39.073543229Z	64	PC: 12b9d \| Write file or device (See above)
2018-12-25T11:58:39.077983967Z	64	PC: 12baf \| Write file or device (See above)
2018-12-25T11:58:39.41512737Z	62	PC: 12bb8 \| Close file (See above)
2018-12-25T11:58:39.422358639Z	61	PC: 12bc3 \| Open file (See above)
2018-12-25T11:58:39.429084671Z	87	PC: 12be0 \| Get or set file date and time (See above)
2018-12-25T11:58:39.431835487Z	62	PC: 12be9 \| Close file (See above)
2018-12-25T11:58:39.43816923Z	42	PC: 12c12 \| Get date 0x12c12: cmp dh, 5 0x12c15: jne 0x12c76 0x12c17: cmp dl, 0xc 0x12c1a: jb 0x12c76 0x12c1c: mov byte ptr ds:[bp + 0x305], 0 0x12c22: mov al, 2 0x12c24: add al, byte ptr ds:[bp + 0x305] 0x12c29: mov dx, 1 0x12c2c: mov cx, 0x80 0x12c2f: push bp 0x12c30: int 0x26 0x12c32: popf 0x12c33: pop bp 0x12c34: mov word ptr ds:[bp + 0x323], 0x18cd 0x12c3b: mov al, 2 0x12c3d: xor dx, dx 0x12c3f: mov cx, 1 0x12c42: lea bx, word ptr [bp + 0x323] 0x12c46: push bp 0x12c47: int 0x26
2018-12-25T11:58:39.440625187Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')