Sample viewer

vx.netlux.org/Virus.DOS.CyberTech.Strain.1080

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:28.318806995Z	48	PC: 13e95 \| Get DOS version
2018-12-17T22:43:28.32159Z	54	PC: 13ea3 \| Get free disk space
2018-12-17T22:43:28.332342308Z	42	PC: 13eaf \| Get date 0x13eaf: cmp cx, 0x7c9 0x13eb3: jae 0x13eb8 0x13eb5: jmp 0x13f49 0x13eb8: push cs 0x13eb9: pop ds 0x13eba: mov ah, 9 0x13ebc: lea dx, word ptr [bp + 0x378] 0x13ec0: int 0x21 0x13ec2: mov ah, 0x1a 0x13ec4: mov dx, 0xfd00 0x13ec7: int 0x21 0x13ec9: mov ax, word ptr cs:[0x2c] 0x13ecd: mov ds, ax 0x13ecf: mov si, 0 0x13ed2: mov cx, 0x4000 0x13ed5: lodsb al, byte ptr [si] 0x13ed6: cmp al, 1 0x13ed8: je 0x13edc 0x13eda: loop 0x13ed5 0x13edc: inc si
2018-12-17T22:43:28.335158375Z	9	PC: 13ec2 \| Display string (Could not find end pointer)
2018-12-17T22:43:28.35912473Z	26	PC: 13ec9 \| Set disk transfer address
2018-12-17T22:43:28.367144412Z	67	PC: 13ef9 \| Get or set file attributes
2018-12-17T22:43:28.37604086Z	67	PC: 13f06 \| Get or set file attributes
2018-12-17T22:43:28.394121542Z	61	PC: 13f0b \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:43:28.410920012Z	87	PC: 13f12 \| Get or set file date and time
2018-12-17T22:43:28.412893894Z	62	PC: 13f18 \| Close file
2018-12-17T22:43:28.415251902Z	60	PC: 13f21 \| Create or truncate file
2018-12-17T22:43:28.452736977Z	64	PC: 13f30 \| Write file or device (Write 4864 bytes on handle 5)
2018-12-17T22:43:28.462529874Z	87	PC: 13f37 \| Get or set file date and time
2018-12-17T22:43:28.464595565Z	62	PC: 13f3b \| Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7891,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:53.435678912Z	48	PC: 13e95 \| Get DOS version
2018-12-25T12:02:53.437242789Z	54	PC: 13ea3 \| Get free disk space
2018-12-25T12:02:53.448626966Z	42	PC: 13eaf \| Get date 0x13eaf: cmp cx, 0x7c9 0x13eb3: jae 0x13eb8 0x13eb5: jmp 0x13f49 0x13eb8: push cs 0x13eb9: pop ds 0x13eba: mov ah, 9 0x13ebc: lea dx, word ptr [bp + 0x378] 0x13ec0: int 0x21 0x13ec2: mov ah, 0x1a 0x13ec4: mov dx, 0xfd00 0x13ec7: int 0x21 0x13ec9: mov ax, word ptr cs:[0x2c] 0x13ecd: mov ds, ax 0x13ecf: mov si, 0 0x13ed2: mov cx, 0x4000 0x13ed5: lodsb al, byte ptr [si] 0x13ed6: cmp al, 1 0x13ed8: je 0x13edc 0x13eda: loop 0x13ed5 0x13edc: inc si
2018-12-25T12:02:53.450942568Z	26	PC: 13f50 \| Set disk transfer address
2018-12-25T12:02:53.451855871Z	78	PC: 13f5a \| Find first file
2018-12-25T12:02:53.458800426Z	67	PC: 13f67 \| Get or set file attributes
2018-12-25T12:02:53.465862773Z	67	PC: 13f6f \| Get or set file attributes
2018-12-25T12:02:53.482792777Z	61	PC: 13f74 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:02:53.500532406Z	87	PC: 13f7a \| Get or set file date and time
2018-12-25T12:02:53.502261182Z	63	PC: 13f87 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:02:53.509845825Z	66	PC: 13fad \| Move file pointer
2018-12-25T12:02:53.512351179Z	66	PC: 13fce \| Move file pointer
2018-12-25T12:02:53.516269997Z	63	PC: 13fd8 \| Read file or device (Read 52 bytes on handle 5)
2018-12-25T12:02:53.519091939Z	66	PC: 13fad \| Move file pointer (See above)
2018-12-25T12:02:53.529027392Z	44	PC: 14025 \| Get time 0x14025: cmp dl, 0 0x14028: jne 0x14034 0x1402a: mov ah, 9 0x1402c: lea dx, word ptr [bp + 0x4dd] 0x14030: int 0x21 0x14032: jmp 0x14021 0x14034: mov byte ptr cs:[bp + 0x118], dl 0x14039: lea si, word ptr [bp + 0x104] 0x1403d: mov di, 0xfb00 0x14040: mov cx, 0x18 0x14043: rep movsb byte ptr es:[di], byte ptr [si] 0x14045: lea si, word ptr [bp + 0x11c] 0x14049: mov cx, 0x420 0x1404c: lodsb al, byte ptr [si] 0x1404d: xor al, dl 0x1404f: stosb byte ptr es:[di], al 0x14050: loop 0x1404c 0x14052: mov ah, 0x40 0x14054: mov dx, 0xfb00 0x14057: mov cx, 0x438
2018-12-25T12:02:53.532605451Z	64	PC: 1405c \| Write file or device (Write 1080 bytes on handle 5)
2018-12-25T12:02:53.542746872Z	66	PC: 13fad \| Move file pointer (See above)
2018-12-25T12:02:53.544632295Z	64	PC: 1406d \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:02:53.552701713Z	87	PC: 1409d \| Get or set file date and time
2018-12-25T12:02:53.554857435Z	62	PC: 140a1 \| Close file
2018-12-25T12:02:53.563922017Z	67	PC: 140aa \| Get or set file attributes
2018-12-25T12:02:53.570761928Z	65	PC: 140b2 \| Delete file (Filename = 'chklist.cps')
2018-12-25T12:02:53.57780294Z	26	PC: 14077 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7891,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:53.796614226Z	48	PC: 13e95 \| Get DOS version
2018-12-25T12:02:53.802316085Z	54	PC: 13ea3 \| Get free disk space
2018-12-25T12:02:53.812837603Z	42	PC: 13eaf \| Get date 0x13eaf: cmp cx, 0x7c9 0x13eb3: jae 0x13eb8 0x13eb5: jmp 0x13f49 0x13eb8: push cs 0x13eb9: pop ds 0x13eba: mov ah, 9 0x13ebc: lea dx, word ptr [bp + 0x378] 0x13ec0: int 0x21 0x13ec2: mov ah, 0x1a 0x13ec4: mov dx, 0xfd00 0x13ec7: int 0x21 0x13ec9: mov ax, word ptr cs:[0x2c] 0x13ecd: mov ds, ax 0x13ecf: mov si, 0 0x13ed2: mov cx, 0x4000 0x13ed5: lodsb al, byte ptr [si] 0x13ed6: cmp al, 1 0x13ed8: je 0x13edc 0x13eda: loop 0x13ed5 0x13edc: inc si
2018-12-25T12:02:53.81570613Z	9	PC: 13ec2 \| Display string (Could not find end pointer)
2018-12-25T12:02:53.840065825Z	26	PC: 13ec9 \| Set disk transfer address
2018-12-25T12:02:53.841723852Z	67	PC: 13ef9 \| Get or set file attributes
2018-12-25T12:02:53.848482378Z	67	PC: 13f06 \| Get or set file attributes
2018-12-25T12:02:53.867966684Z	61	PC: 13f0b \| Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:02:53.879861878Z	87	PC: 13f12 \| Get or set file date and time
2018-12-25T12:02:53.881457394Z	62	PC: 13f18 \| Close file
2018-12-25T12:02:53.903598025Z	60	PC: 13f21 \| Create or truncate file
2018-12-25T12:02:53.921016828Z	64	PC: 13f30 \| Write file or device (Write 4864 bytes on handle 5)
2018-12-25T12:02:53.93115575Z	87	PC: 13f37 \| Get or set file date and time
2018-12-25T12:02:53.93336428Z	62	PC: 13f3b \| Close file