Sample viewer

vx.netlux.org/Virus.DOS.Lunch.1756

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:56.970648851Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-17T22:42:56.973189102Z 78 PC: 12ba4 | Find first file
2018-12-17T22:42:56.981080614Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:56.98404443Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:56.987234111Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:56.991364238Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:56.995147744Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:56.998348636Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:57.001813383Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:57.004784924Z 61 PC: 12bee | Open file (Filename = 'TEST.COM')
2018-12-17T22:42:57.01171477Z 63 PC: 12bfd | Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:42:57.015906813Z 62 PC: 12c11 | Close file
2018-12-17T22:42:57.018239164Z 67 PC: 12c20 | Get or set file attributes
2018-12-17T22:42:57.035510502Z 79 PC: 12bc7 | Find next file
2018-12-17T22:42:57.039015816Z 42 PC: 12c91 | Get date 0x12c91: cmp al, 6
0x12c93: je 0x12c99
0x12c95: cmp al, 3
0x12c97: jne 0x12d05
0x12c99: cmp dl, 0xe
0x12c9c: jne 0x12d05
0x12c9e: mov ah, 0x3c
0x12ca0: xor cx, cx
0x12ca2: mov dx, 0x3e3
0x12ca5: int 0x21
0x12ca7: jb 0x12d05
0x12ca9: xchg ax, bx
0x12caa: push bx
0x12cab: mov cx, 0x3ed
0x12cae: mov dx, cx
0x12cb0: mov ax, 0x770
0x12cb3: sub ax, cx
0x12cb5: xchg ax, cx
0x12cb6: mov ah, 0x40
0x12cb8: int 0x21

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:27.937289278Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:27.940261055Z 78 PC: 12ba4 | Find first file
2018-12-25T12:02:27.947564034Z 79 PC: 12bc7 | Find next file
2018-12-25T12:02:27.949987531Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.953008278Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.955624519Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.958121199Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.96115239Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.964983488Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.967824802Z 61 PC: 12bee | Open file (Filename = 'TEST.COM')
2018-12-25T12:02:27.974666244Z 63 PC: 12bfd | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:02:27.977580159Z 62 PC: 12c11 | Close file
2018-12-25T12:02:27.979473935Z 67 PC: 12c20 | Get or set file attributes
2018-12-25T12:02:27.996919046Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.999802318Z 42 PC: 12c91 | Get date 0x12c91: cmp al, 6
0x12c93: je 0x12c99
0x12c95: cmp al, 3
0x12c97: jne 0x12d05
0x12c99: cmp dl, 0xe
0x12c9c: jne 0x12d05
0x12c9e: mov ah, 0x3c
0x12ca0: xor cx, cx
0x12ca2: mov dx, 0x3e3
0x12ca5: int 0x21
0x12ca7: jb 0x12d05
0x12ca9: xchg ax, bx
0x12caa: push bx
0x12cab: mov cx, 0x3ed
0x12cae: mov dx, cx
0x12cb0: mov ax, 0x770
0x12cb3: sub ax, cx
0x12cb5: xchg ax, cx
0x12cb6: mov ah, 0x40
0x12cb8: int 0x21

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:27.937751501Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:27.940338188Z 78 PC: 12ba4 | Find first file
2018-12-25T12:02:27.946496409Z 79 PC: 12bc7 | Find next file
2018-12-25T12:02:27.949046997Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.956570086Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.959216124Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.961644817Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.964081279Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.96710519Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:27.969820994Z 61 PC: 12bee | Open file (Filename = 'TEST.COM')
2018-12-25T12:02:27.976593389Z 63 PC: 12bfd | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:02:27.987105447Z 62 PC: 12c11 | Close file
2018-12-25T12:02:27.989273983Z 67 PC: 12c20 | Get or set file attributes
2018-12-25T12:02:28.018403895Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.022341028Z 42 PC: 12c91 | Get date 0x12c91: cmp al, 6
0x12c93: je 0x12c99
0x12c95: cmp al, 3
0x12c97: jne 0x12d05
0x12c99: cmp dl, 0xe
0x12c9c: jne 0x12d05
0x12c9e: mov ah, 0x3c
0x12ca0: xor cx, cx
0x12ca2: mov dx, 0x3e3
0x12ca5: int 0x21
0x12ca7: jb 0x12d05
0x12ca9: xchg ax, bx
0x12caa: push bx
0x12cab: mov cx, 0x3ed
0x12cae: mov dx, cx
0x12cb0: mov ax, 0x770
0x12cb3: sub ax, cx
0x12cb5: xchg ax, cx
0x12cb6: mov ah, 0x40
0x12cb8: int 0x21

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:28.011384183Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:28.014425117Z 78 PC: 12ba4 | Find first file
2018-12-25T12:02:28.021922084Z 79 PC: 12bc7 | Find next file
2018-12-25T12:02:28.024842562Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.027665419Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.030926174Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.033677507Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.036836883Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.040477534Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.043452039Z 61 PC: 12bee | Open file (Filename = 'TEST.COM')
2018-12-25T12:02:28.052400866Z 63 PC: 12bfd | Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:02:28.055992947Z 62 PC: 12c11 | Close file
2018-12-25T12:02:28.058048268Z 67 PC: 12c20 | Get or set file attributes
2018-12-25T12:02:28.076094616Z 79 PC: 12bc7 | Find next file (See above)
2018-12-25T12:02:28.079446868Z 42 PC: 12c91 | Get date 0x12c91: cmp al, 6
0x12c93: je 0x12c99
0x12c95: cmp al, 3
0x12c97: jne 0x12d05
0x12c99: cmp dl, 0xe
0x12c9c: jne 0x12d05
0x12c9e: mov ah, 0x3c
0x12ca0: xor cx, cx
0x12ca2: mov dx, 0x3e3
0x12ca5: int 0x21
0x12ca7: jb 0x12d05
0x12ca9: xchg ax, bx
0x12caa: push bx
0x12cab: mov cx, 0x3ed
0x12cae: mov dx, cx
0x12cb0: mov ax, 0x770
0x12cb3: sub ax, cx
0x12cb5: xchg ax, cx
0x12cb6: mov ah, 0x40
0x12cb8: int 0x21

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:12.385487796Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T13:07:12.389478893Z 9 PC: 12b58 | Display string (String= 'It's 12:00, time for lunch!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:28.842576002Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:28.845339324Z 9 PC: 12b58 | Display string (String= 'It's 12:00, time for lunch!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:28.918334274Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:28.920455709Z 9 PC: 12b58 | Display string (String= 'It's 12:00, time for lunch!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:28.92723185Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:28.930155489Z 9 PC: 12b75 | Display string (String= 'It's 17:00, time to go home!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:29.56217921Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:29.564271651Z 9 PC: 12b75 | Display string (String= 'It's 17:00, time to go home!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":17,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:29.605998361Z 44 PC: 12b3e | Get time 0x12b3e: cmp cx, 0xc00
0x12b42: jne 0x12b5b
0x12b44: mov bx, 0x770
0x12b47: mov cx, 0x1d
0x12b4a: cld
0x12b4b: xor byte ptr [bx], 0xff
0x12b4e: inc bx
0x12b4f: loop 0x12b4b
0x12b51: mov dx, 0x770
0x12b54: mov ah, 9
0x12b56: int 0x21
0x12b58: jmp 0x12b75
0x12b5a: nop
0x12b5b: cmp cx, 0x1100
0x12b5f: jne 0x12b9a
0x12b61: mov bx, 0x78d
0x12b64: mov cx, 0x1e
0x12b67: cld
0x12b68: xor byte ptr [bx], 0xff
0x12b6b: inc bx
2018-12-25T12:02:29.608557823Z 9 PC: 12b75 | Display string (String= 'It's 17:00, time to go home!')