Sample viewer

vx.netlux.org/Virus.DOS.Cookie.653

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:05.45696354Z	44	PC: 12ad3 \| Get time 0x12ad3: add dx, bp 0x12ad5: mov byte ptr [bp + 0x400], dh 0x12ad9: cmp ch, 5 0x12adc: jge 0x12afe 0x12ade: mov al, 0 0x12ae0: and al, al 0x12ae2: jne 0x12afe 0x12ae4: mov ah, 0x2a 0x12ae6: int 0x21 0x12ae8: cmp cx, 0x7c4 0x12aec: ja 0x12af5 0x12aee: jb 0x12afe 0x12af0: cmp dh, 0xb 0x12af3: jbe 0x12afe 0x12af5: mov dl, byte ptr [bp + 0x400] 0x12af9: and dl, 7 0x12afc: je 0x12b01 0x12afe: jmp 0x12baa 0x12b01: mov cx, 0x1e 0x12b04: mov si, 0xce
2018-12-17T22:44:05.459589101Z	42	PC: 12ae8 \| Get date 0x12ae8: cmp cx, 0x7c4 0x12aec: ja 0x12af5 0x12aee: jb 0x12afe 0x12af0: cmp dh, 0xb 0x12af3: jbe 0x12afe 0x12af5: mov dl, byte ptr [bp + 0x400] 0x12af9: and dl, 7 0x12afc: je 0x12b01 0x12afe: jmp 0x12baa 0x12b01: mov cx, 0x1e 0x12b04: mov si, 0xce 0x12b07: add si, di 0x12b09: call 0x12d17 0x12b0c: loop 0x12b04 0x12b0e: call 0x12b5b 0x12b11: mov si, 0xd9 0x12b14: add si, di 0x12b16: call 0x12d17 0x12b19: mov ah, 6 0x12b1b: mov dl, 0xff
2018-12-17T22:44:05.462482245Z	26	PC: 12bbf \| Set disk transfer address
2018-12-17T22:44:05.463764213Z	78	PC: 12bcb \| Find first file
2018-12-17T22:44:05.4714885Z	79	PC: 12be3 \| Find next file
2018-12-17T22:44:05.474882535Z	79	PC: 12be3 \| Find next file
2018-12-17T22:44:05.477403038Z	61	PC: 12bfa \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:44:05.484123952Z	87	PC: 12c06 \| Get or set file date and time
2018-12-17T22:44:05.486417519Z	63	PC: 12c1b \| Read file or device (Read 30720 bytes on handle 5)
2018-12-17T22:44:05.49306797Z	62	PC: 12c23 \| Close file
2018-12-17T22:44:05.495098614Z	60	PC: 12cc8 \| Create or truncate file
2018-12-17T22:44:05.515023947Z	64	PC: 12cdf \| Write file or device (Write 745 bytes on handle 5)
2018-12-17T22:44:05.524435112Z	87	PC: 12ced \| Get or set file date and time
2018-12-17T22:44:05.526448223Z	62	PC: 12cf1 \| Close file
2018-12-17T22:44:05.536547131Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8102,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:22.514183717Z	44	PC: 12ad3 \| Get time 0x12ad3: add dx, bp 0x12ad5: mov byte ptr [bp + 0x400], dh 0x12ad9: cmp ch, 5 0x12adc: jge 0x12afe 0x12ade: mov al, 0 0x12ae0: and al, al 0x12ae2: jne 0x12afe 0x12ae4: mov ah, 0x2a 0x12ae6: int 0x21 0x12ae8: cmp cx, 0x7c4 0x12aec: ja 0x12af5 0x12aee: jb 0x12afe 0x12af0: cmp dh, 0xb 0x12af3: jbe 0x12afe 0x12af5: mov dl, byte ptr [bp + 0x400] 0x12af9: and dl, 7 0x12afc: je 0x12b01 0x12afe: jmp 0x12baa 0x12b01: mov cx, 0x1e 0x12b04: mov si, 0xce
2018-12-25T12:03:22.516735154Z	26	PC: 12bbf \| Set disk transfer address
2018-12-25T12:03:22.518491803Z	78	PC: 12bcb \| Find first file
2018-12-25T12:03:22.525823275Z	79	PC: 12be3 \| Find next file
2018-12-25T12:03:22.529800303Z	61	PC: 12bfa \| Open file (Filename = 'PRINT.COM')
2018-12-25T12:03:22.539632094Z	87	PC: 12c06 \| Get or set file date and time
2018-12-25T12:03:22.541095853Z	63	PC: 12c1b \| Read file or device (Read 30720 bytes on handle 5)
2018-12-25T12:03:22.548233Z	62	PC: 12c23 \| Close file
2018-12-25T12:03:22.550641607Z	60	PC: 12cc8 \| Create or truncate file
2018-12-25T12:03:22.576033297Z	64	PC: 12cdf \| Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:03:22.584956784Z	87	PC: 12ced \| Get or set file date and time
2018-12-25T12:03:22.586966123Z	62	PC: 12cf1 \| Close file
2018-12-25T12:03:22.599471374Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":11,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8102,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:22.526346466Z	42	PC: 12a62 \| Get date 0x12a62: cmp dh, 0xc 0x12a65: jne 0x12a6f 0x12a67: cmp dl, 0x19 0x12a6a: jne 0x12a6f 0x12a6c: jmp 0x12c47 0x12a6f: cmp dh, 4 0x12a72: jne 0x12a79 0x12a74: cmp dl, 1 0x12a77: jne 0x12a79 0x12a79: call 0x12c27 0x12a7c: call 0x12c14 0x12a7f: mov si, bp 0x12a81: add si, 0x22d 0x12a85: lodsw ax, word ptr [si] 0x12a86: cmp ax, 5 0x12a89: ja 0x12a8e 0x12a8b: jmp 0x12ae5 0x12a8d: nop 0x12a8e: call 0x12bfb 0x12a91: mov bx, ax
2018-12-25T12:03:22.529263834Z	26	PC: 12c31 \| Set disk transfer address
2018-12-25T12:03:22.530582772Z	78	PC: 12c21 \| Find first file
2018-12-25T12:03:22.537097232Z	61	PC: 12c06 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:03:22.544423464Z	87	PC: 12be9 \| Get or set file date and time
2018-12-25T12:03:22.545794154Z	63	PC: 12aa5 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:03:22.551987467Z	66	PC: 12aaf \| Move file pointer
2018-12-25T12:03:22.55368781Z	64	PC: 12b09 \| Write file or device (Write 602 bytes on handle 5)
2018-12-25T12:03:22.569725628Z	66	PC: 12b13 \| Move file pointer
2018-12-25T12:03:22.571414931Z	64	PC: 12b21 \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:03:22.578065308Z	87	PC: 12be4 \| Get or set file date and time
2018-12-25T12:03:22.580229268Z	62	PC: 12b2b \| Close file
2018-12-25T12:03:22.588260525Z	79	PC: 12aec \| Find next file
2018-12-25T12:03:22.591317852Z	61	PC: 12c06 \| Open file (See above)
2018-12-25T12:03:22.599857672Z	87	PC: 12be9 \| Get or set file date and time (See above)
2018-12-25T12:03:22.601518126Z	63	PC: 12aa5 \| Read file or device (See above)
2018-12-25T12:03:22.608074047Z	66	PC: 12aaf \| Move file pointer (See above)
2018-12-25T12:03:22.611067963Z	64	PC: 12b09 \| Write file or device (See above)
2018-12-25T12:03:22.619445049Z	66	PC: 12b13 \| Move file pointer (See above)
2018-12-25T12:03:22.62108082Z	64	PC: 12b21 \| Write file or device (See above)
2018-12-25T12:03:22.628765391Z	87	PC: 12be4 \| Get or set file date and time (See above)
2018-12-25T12:03:22.630754147Z	62	PC: 12b2b \| Close file (See above)
2018-12-25T12:03:22.638608133Z	79	PC: 12aec \| Find next file (See above)
2018-12-25T12:03:22.641958068Z	61	PC: 12c06 \| Open file (See above)
2018-12-25T12:03:22.649416874Z	87	PC: 12be9 \| Get or set file date and time (See above)
2018-12-25T12:03:22.650950079Z	63	PC: 12aa5 \| Read file or device (See above)
2018-12-25T12:03:22.658138072Z	66	PC: 12aaf \| Move file pointer (See above)
2018-12-25T12:03:22.659982418Z	64	PC: 12b09 \| Write file or device (See above)
2018-12-25T12:03:22.668535635Z	66	PC: 12b13 \| Move file pointer (See above)
2018-12-25T12:03:22.670169987Z	64	PC: 12b21 \| Write file or device (See above)
2018-12-25T12:03:22.682627808Z	87	PC: 12be4 \| Get or set file date and time (See above)
2018-12-25T12:03:22.68452052Z	62	PC: 12b2b \| Close file (See above)
2018-12-25T12:03:22.692359798Z	79	PC: 12aec \| Find next file (See above)
2018-12-25T12:03:22.69576326Z	61	PC: 12c06 \| Open file (See above)
2018-12-25T12:03:22.70246973Z	87	PC: 12be9 \| Get or set file date and time (See above)
2018-12-25T12:03:22.704175886Z	63	PC: 12aa5 \| Read file or device (See above)
2018-12-25T12:03:22.712154229Z	66	PC: 12aaf \| Move file pointer (See above)
2018-12-25T12:03:22.713694555Z	64	PC: 12b09 \| Write file or device (See above)
2018-12-25T12:03:22.72326279Z	66	PC: 12b13 \| Move file pointer (See above)
2018-12-25T12:03:22.725697577Z	64	PC: 12b21 \| Write file or device (See above)
2018-12-25T12:03:22.732989628Z	87	PC: 12be4 \| Get or set file date and time (See above)
2018-12-25T12:03:22.743097891Z	62	PC: 12b2b \| Close file (See above)
2018-12-25T12:03:22.752013938Z	79	PC: 12aec \| Find next file (See above)
2018-12-25T12:03:22.754604867Z	61	PC: 12c06 \| Open file (See above)
2018-12-25T12:03:22.761513318Z	87	PC: 12be9 \| Get or set file date and time (See above)
2018-12-25T12:03:22.763643268Z	63	PC: 12aa5 \| Read file or device (See above)
2018-12-25T12:03:22.769736368Z	66	PC: 12aaf \| Move file pointer (See above)
2018-12-25T12:03:22.771163322Z	64	PC: 12b09 \| Write file or device (See above)
2018-12-25T12:03:22.778970652Z	66	PC: 12b13 \| Move file pointer (See above)
2018-12-25T12:03:22.780914399Z	64	PC: 12b21 \| Write file or device (See above)
2018-12-25T12:03:22.787243438Z	87	PC: 12be4 \| Get or set file date and time (See above)
2018-12-25T12:03:22.788679102Z	62	PC: 12b2b \| Close file (See above)
2018-12-25T12:03:22.796774392Z	79	PC: 12aec \| Find next file (See above)
2018-12-25T12:03:22.80698219Z	61	PC: 12c06 \| Open file (See above)
2018-12-25T12:03:22.813546484Z	87	PC: 12be9 \| Get or set file date and time (See above)
2018-12-25T12:03:22.815671891Z	63	PC: 12aa5 \| Read file or device (See above)
2018-12-25T12:03:22.822031028Z	66	PC: 12aaf \| Move file pointer (See above)
2018-12-25T12:03:22.823687323Z	64	PC: 12b09 \| Write file or device (See above)
2018-12-25T12:03:22.832680416Z	66	PC: 12b13 \| Move file pointer (See above)
2018-12-25T12:03:22.834200451Z	64	PC: 12b21 \| Write file or device (See above)
2018-12-25T12:03:22.84130255Z	87	PC: 12be4 \| Get or set file date and time (See above)
2018-12-25T12:03:22.847154097Z	62	PC: 12b2b \| Close file (See above)
2018-12-25T12:03:22.855159342Z	79	PC: 12aec \| Find next file (See above)
2018-12-25T12:03:22.858029358Z	61	PC: 12c06 \| Open file (See above)
2018-12-25T12:03:22.865290599Z	87	PC: 12be9 \| Get or set file date and time (See above)
2018-12-25T12:03:22.866964691Z	63	PC: 12aa5 \| Read file or device (See above)
2018-12-25T12:03:22.873711132Z	66	PC: 12aaf \| Move file pointer (See above)
2018-12-25T12:03:22.875870875Z	64	PC: 12b09 \| Write file or device (See above)
2018-12-25T12:03:22.883858757Z	66	PC: 12b13 \| Move file pointer (See above)
2018-12-25T12:03:22.885392174Z	64	PC: 12b21 \| Write file or device (See above)
2018-12-25T12:03:22.892525899Z	87	PC: 12be4 \| Get or set file date and time (See above)
2018-12-25T12:03:22.893990885Z	62	PC: 12b2b \| Close file (See above)
2018-12-25T12:03:22.90170546Z	79	PC: 12aec \| Find next file (See above)
2018-12-25T12:03:22.90504991Z	61	PC: 12c06 \| Open file (See above)
2018-12-25T12:03:22.911242268Z	87	PC: 12be9 \| Get or set file date and time (See above)
2018-12-25T12:03:22.912436282Z	63	PC: 12aa5 \| Read file or device (See above)
2018-12-25T12:03:22.915441574Z	66	PC: 12aaf \| Move file pointer (See above)
2018-12-25T12:03:22.916836955Z	64	PC: 12b09 \| Write file or device (See above)
2018-12-25T12:03:22.924829036Z	66	PC: 12b13 \| Move file pointer (See above)
2018-12-25T12:03:22.927037698Z	64	PC: 12b21 \| Write file or device (See above)
2018-12-25T12:03:22.93046701Z	87	PC: 12be4 \| Get or set file date and time (See above)
2018-12-25T12:03:22.932264862Z	62	PC: 12b2b \| Close file (See above)
2018-12-25T12:03:22.941709862Z	79	PC: 12aec \| Find next file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8102,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:22.569443993Z	44	PC: 12ad3 \| Get time 0x12ad3: add dx, bp 0x12ad5: mov byte ptr [bp + 0x400], dh 0x12ad9: cmp ch, 5 0x12adc: jge 0x12afe 0x12ade: mov al, 0 0x12ae0: and al, al 0x12ae2: jne 0x12afe 0x12ae4: mov ah, 0x2a 0x12ae6: int 0x21 0x12ae8: cmp cx, 0x7c4 0x12aec: ja 0x12af5 0x12aee: jb 0x12afe 0x12af0: cmp dh, 0xb 0x12af3: jbe 0x12afe 0x12af5: mov dl, byte ptr [bp + 0x400] 0x12af9: and dl, 7 0x12afc: je 0x12b01 0x12afe: jmp 0x12baa 0x12b01: mov cx, 0x1e 0x12b04: mov si, 0xce
2018-12-25T12:03:22.571102619Z	26	PC: 12bbf \| Set disk transfer address
2018-12-25T12:03:22.575779495Z	78	PC: 12bcb \| Find first file
2018-12-25T12:03:22.580305217Z	79	PC: 12be3 \| Find next file
2018-12-25T12:03:22.582073147Z	61	PC: 12bfa \| Open file (Filename = 'PRINT.COM')
2018-12-25T12:03:22.587525833Z	87	PC: 12c06 \| Get or set file date and time
2018-12-25T12:03:22.588760271Z	63	PC: 12c1b \| Read file or device (Read 30720 bytes on handle 5)
2018-12-25T12:03:22.595605173Z	62	PC: 12c23 \| Close file
2018-12-25T12:03:22.599854651Z	60	PC: 12cc8 \| Create or truncate file
2018-12-25T12:03:22.619496094Z	64	PC: 12cdf \| Write file or device (Write 680 bytes on handle 5)
2018-12-25T12:03:22.633962259Z	87	PC: 12ced \| Get or set file date and time
2018-12-25T12:03:22.63636276Z	62	PC: 12cf1 \| Close file
2018-12-25T12:03:22.656210357Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8102,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:22.878138984Z	44	PC: 12ad3 \| Get time 0x12ad3: add dx, bp 0x12ad5: mov byte ptr [bp + 0x400], dh 0x12ad9: cmp ch, 5 0x12adc: jge 0x12afe 0x12ade: mov al, 0 0x12ae0: and al, al 0x12ae2: jne 0x12afe 0x12ae4: mov ah, 0x2a 0x12ae6: int 0x21 0x12ae8: cmp cx, 0x7c4 0x12aec: ja 0x12af5 0x12aee: jb 0x12afe 0x12af0: cmp dh, 0xb 0x12af3: jbe 0x12afe 0x12af5: mov dl, byte ptr [bp + 0x400] 0x12af9: and dl, 7 0x12afc: je 0x12b01 0x12afe: jmp 0x12baa 0x12b01: mov cx, 0x1e 0x12b04: mov si, 0xce
2018-12-25T12:03:22.882277462Z	26	PC: 12bbf \| Set disk transfer address
2018-12-25T12:03:22.883205657Z	78	PC: 12bcb \| Find first file
2018-12-25T12:03:22.888760335Z	79	PC: 12be3 \| Find next file
2018-12-25T12:03:22.891527241Z	79	PC: 12be3 \| Find next file (See above)
2018-12-25T12:03:22.894303183Z	61	PC: 12bfa \| Open file (Filename = 'HELLO.COM')
2018-12-25T12:03:22.900912515Z	87	PC: 12c06 \| Get or set file date and time
2018-12-25T12:03:22.903120399Z	63	PC: 12c1b \| Read file or device (Read 30720 bytes on handle 5)
2018-12-25T12:03:22.927935143Z	62	PC: 12c23 \| Close file
2018-12-25T12:03:22.930040182Z	60	PC: 12cc8 \| Create or truncate file
2018-12-25T12:03:22.948558616Z	64	PC: 12cdf \| Write file or device (Write 745 bytes on handle 5)
2018-12-25T12:03:22.957346699Z	87	PC: 12ced \| Get or set file date and time
2018-12-25T12:03:22.958959741Z	62	PC: 12cf1 \| Close file
2018-12-25T12:03:22.966380315Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')