Sample viewer

vx.netlux.org/Virus.DOS.Splinter.147

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:35.178612744Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x177 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov cx, 0 0x12a5a: push cx 0x12a5b: mov ah, 0x4e 0x12a5d: mov cx, 0 0x12a60: mov dx, 0x162 0x12a63: int 0x21 0x12a65: cmp ax, 2 0x12a68: je 0x12a99 0x12a6a: mov ah, 0x3d 0x12a6c: mov al, 2 0x12a6e: mov dx, 0x9e 0x12a71: int 0x21
2018-12-17T22:41:35.182109773Z	78	PC: 12a65 \| Find first file
2018-12-17T22:41:35.188076212Z	61	PC: 12a73 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:35.195151005Z	64	PC: 12a7e \| Write file or device (Write 147 bytes on handle 5)
2018-12-17T22:41:35.202709874Z	62	PC: 12a82 \| Close file
2018-12-17T22:41:35.218259069Z	79	PC: 12a94 \| Find next file
2018-12-17T22:41:35.221022974Z	61	PC: 12a73 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:41:35.228673207Z	64	PC: 12a7e \| Write file or device (Write 147 bytes on handle 5)
2018-12-17T22:41:35.235490263Z	62	PC: 12a82 \| Close file
2018-12-17T22:41:35.242982402Z	79	PC: 12a94 \| Find next file
2018-12-17T22:41:35.24589983Z	61	PC: 12a73 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:41:35.252440113Z	64	PC: 12a7e \| Write file or device (Write 147 bytes on handle 5)
2018-12-17T22:41:35.259003604Z	62	PC: 12a82 \| Close file
2018-12-17T22:41:35.267068576Z	79	PC: 12a94 \| Find next file
2018-12-17T22:41:35.270385892Z	61	PC: 12a73 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:41:35.276770187Z	64	PC: 12a7e \| Write file or device (Write 147 bytes on handle 5)
2018-12-17T22:41:35.283498202Z	62	PC: 12a82 \| Close file
2018-12-17T22:41:35.291812465Z	79	PC: 12a94 \| Find next file
2018-12-17T22:41:35.294741886Z	61	PC: 12a73 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:41:35.301361036Z	64	PC: 12a7e \| Write file or device (Write 147 bytes on handle 5)
2018-12-17T22:41:35.3098714Z	62	PC: 12a82 \| Close file
2018-12-17T22:41:35.317697769Z	9	PC: 12aa0 \| Display string (String= 'Out of Memory!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7272,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:16.345345206Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x177 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov cx, 0 0x12a5a: push cx 0x12a5b: mov ah, 0x4e 0x12a5d: mov cx, 0 0x12a60: mov dx, 0x162 0x12a63: int 0x21 0x12a65: cmp ax, 2 0x12a68: je 0x12a99 0x12a6a: mov ah, 0x3d 0x12a6c: mov al, 2 0x12a6e: mov dx, 0x9e 0x12a71: int 0x21
2018-12-25T12:01:16.348526924Z	78	PC: 12a65 \| Find first file
2018-12-25T12:01:16.368730979Z	61	PC: 12a73 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:16.37591737Z	64	PC: 12a7e \| Write file or device (Write 147 bytes on handle 5)
2018-12-25T12:01:16.383541288Z	62	PC: 12a82 \| Close file
2018-12-25T12:01:16.513874707Z	79	PC: 12a94 \| Find next file
2018-12-25T12:01:16.517235974Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.526148969Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.534850535Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.543477006Z	79	PC: 12a94 \| Find next file (See above)
2018-12-25T12:01:16.546684674Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.554921509Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.562572057Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.571280956Z	79	PC: 12a94 \| Find next file (See above)
2018-12-25T12:01:16.575392441Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.583197216Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.591510142Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.60069111Z	79	PC: 12a94 \| Find next file (See above)
2018-12-25T12:01:16.604438379Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.612099318Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.619812171Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.629262674Z	9	PC: 12aa0 \| Display string (String= 'Out of Memory!')

{"DateBased":true,"Day":22,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7272,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:16.407627564Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x177 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov cx, 0 0x12a5a: push cx 0x12a5b: mov ah, 0x4e 0x12a5d: mov cx, 0 0x12a60: mov dx, 0x162 0x12a63: int 0x21 0x12a65: cmp ax, 2 0x12a68: je 0x12a99 0x12a6a: mov ah, 0x3d 0x12a6c: mov al, 2 0x12a6e: mov dx, 0x9e 0x12a71: int 0x21
2018-12-25T12:01:16.410197426Z	78	PC: 12a65 \| Find first file
2018-12-25T12:01:16.416930539Z	61	PC: 12a73 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:01:16.423840175Z	64	PC: 12a7e \| Write file or device (Write 147 bytes on handle 5)
2018-12-25T12:01:16.430951945Z	62	PC: 12a82 \| Close file
2018-12-25T12:01:16.513950126Z	79	PC: 12a94 \| Find next file
2018-12-25T12:01:16.517240741Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.524949211Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.53351493Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.543105999Z	79	PC: 12a94 \| Find next file (See above)
2018-12-25T12:01:16.546433162Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.554109732Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.561802068Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.570650392Z	79	PC: 12a94 \| Find next file (See above)
2018-12-25T12:01:16.574087034Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.581190858Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.588372179Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.597592594Z	79	PC: 12a94 \| Find next file (See above)
2018-12-25T12:01:16.601392403Z	61	PC: 12a73 \| Open file (See above)
2018-12-25T12:01:16.609086343Z	64	PC: 12a7e \| Write file or device (See above)
2018-12-25T12:01:16.6172497Z	62	PC: 12a82 \| Close file (See above)
2018-12-25T12:01:16.629209261Z	9	PC: 12aa0 \| Display string (String= 'Out of Memory!')

{"DateBased":true,"Day":22,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7272,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:16.879917772Z	42	PC: 12a44 \| Get date 0x12a44: cmp dl, 0x16 0x12a47: jne 0x12a57 0x12a49: cmp dh, 7 0x12a4c: jne 0x12a57 0x12a4e: mov ah, 9 0x12a50: mov dx, 0x177 0x12a53: int 0x21 0x12a55: int 0x20 0x12a57: mov cx, 0 0x12a5a: push cx 0x12a5b: mov ah, 0x4e 0x12a5d: mov cx, 0 0x12a60: mov dx, 0x162 0x12a63: int 0x21 0x12a65: cmp ax, 2 0x12a68: je 0x12a99 0x12a6a: mov ah, 0x3d 0x12a6c: mov al, 2 0x12a6e: mov dx, 0x9e 0x12a71: int 0x21
2018-12-25T12:01:16.882836435Z	9	PC: 12a55 \| Display string (String= 'Splinter 2 Virus EXE-Gency')