Sample viewer

vx.netlux.org/Virus.DOS.Itv.449

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:59.06474658Z	47	PC: 12abf \| Get disk transfer address
2018-12-17T22:45:59.06716953Z	26	PC: 12acf \| Set disk transfer address
2018-12-17T22:45:59.068982565Z	78	PC: 12b3e \| Find first file
2018-12-17T22:45:59.076367495Z	67	PC: 12b73 \| Get or set file attributes
2018-12-17T22:45:59.092933228Z	61	PC: 12b7c \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:59.101826982Z	63	PC: 12b8b \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:45:59.108596095Z	66	PC: 12b9b \| Move file pointer
2018-12-17T22:45:59.110081024Z	64	PC: 12baf \| Write file or device (Write 449 bytes on handle 5)
2018-12-17T22:45:59.125699377Z	66	PC: 12bbf \| Move file pointer
2018-12-17T22:45:59.127644701Z	64	PC: 12bcc \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:45:59.135541572Z	87	PC: 12bdf \| Get or set file date and time
2018-12-17T22:45:59.138474711Z	62	PC: 12be3 \| Close file
2018-12-17T22:45:59.147847655Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-17T22:45:59.164163098Z	26	PC: 12bfb \| Set disk transfer address
2018-12-17T22:45:59.169354358Z	42	PC: 12c00 \| Get date 0x12c00: cmp dx, 0x505 0x12c04: je 0x12c12 0x12c06: cmp dx, 0x910 0x12c0a: je 0x12c12 0x12c0c: cmp dx, 0xb14 0x12c10: jne 0x12c1a 0x12c12: mov ah, 9 0x12c14: lea dx, word ptr [bp + 0x2ca] 0x12c18: int 0x21 0x12c1a: xor bp, bp 0x12c1c: xor di, di 0x12c1e: xor si, si 0x12c20: xor dx, dx 0x12c22: pop cx 0x12c23: xor bx, bx 0x12c25: mov ax, 0x100 0x12c28: push ax 0x12c29: xor ax, ax 0x12c2b: ret 0x12c2c: sub byte ptr [bp + di + 0x29], al
2018-12-17T22:45:59.171935014Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8730,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:47.804532915Z	47	PC: 12abf \| Get disk transfer address
2018-12-25T12:21:47.805881566Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:21:47.808105656Z	78	PC: 12b3e \| Find first file
2018-12-25T12:21:47.81544608Z	67	PC: 12b73 \| Get or set file attributes
2018-12-25T12:21:47.831976766Z	61	PC: 12b7c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:47.840218896Z	63	PC: 12b8b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:21:47.847319018Z	66	PC: 12b9b \| Move file pointer
2018-12-25T12:21:47.848839259Z	64	PC: 12baf \| Write file or device (Write 449 bytes on handle 5)
2018-12-25T12:21:47.859036201Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:21:47.860476698Z	64	PC: 12bcc \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:47.868299518Z	87	PC: 12bdf \| Get or set file date and time
2018-12-25T12:21:47.870786348Z	62	PC: 12be3 \| Close file
2018-12-25T12:21:47.879453624Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-25T12:21:47.890354808Z	26	PC: 12bfb \| Set disk transfer address
2018-12-25T12:21:47.891657998Z	42	PC: 12c00 \| Get date 0x12c00: cmp dx, 0x505 0x12c04: je 0x12c12 0x12c06: cmp dx, 0x910 0x12c0a: je 0x12c12 0x12c0c: cmp dx, 0xb14 0x12c10: jne 0x12c1a 0x12c12: mov ah, 9 0x12c14: lea dx, word ptr [bp + 0x2ca] 0x12c18: int 0x21 0x12c1a: xor bp, bp 0x12c1c: xor di, di 0x12c1e: xor si, si 0x12c20: xor dx, dx 0x12c22: pop cx 0x12c23: xor bx, bx 0x12c25: mov ax, 0x100 0x12c28: push ax 0x12c29: xor ax, ax 0x12c2b: ret 0x12c2c: sub byte ptr [bp + di + 0x29], al
2018-12-25T12:21:47.895444042Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":5,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8730,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:47.973236831Z	47	PC: 12abf \| Get disk transfer address
2018-12-25T12:21:47.974738706Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:21:47.976021222Z	78	PC: 12b3e \| Find first file
2018-12-25T12:21:47.982583473Z	67	PC: 12b73 \| Get or set file attributes
2018-12-25T12:21:47.999608887Z	61	PC: 12b7c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:48.007264443Z	63	PC: 12b8b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:21:48.01445614Z	66	PC: 12b9b \| Move file pointer
2018-12-25T12:21:48.01593423Z	64	PC: 12baf \| Write file or device (Write 449 bytes on handle 5)
2018-12-25T12:21:48.025244974Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:21:48.026804401Z	64	PC: 12bcc \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:48.034210757Z	87	PC: 12bdf \| Get or set file date and time
2018-12-25T12:21:48.036376519Z	62	PC: 12be3 \| Close file
2018-12-25T12:21:48.048115284Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-25T12:21:48.059020554Z	26	PC: 12bfb \| Set disk transfer address
2018-12-25T12:21:48.060639016Z	42	PC: 12c00 \| Get date 0x12c00: cmp dx, 0x505 0x12c04: je 0x12c12 0x12c06: cmp dx, 0x910 0x12c0a: je 0x12c12 0x12c0c: cmp dx, 0xb14 0x12c10: jne 0x12c1a 0x12c12: mov ah, 9 0x12c14: lea dx, word ptr [bp + 0x2ca] 0x12c18: int 0x21 0x12c1a: xor bp, bp 0x12c1c: xor di, di 0x12c1e: xor si, si 0x12c20: xor dx, dx 0x12c22: pop cx 0x12c23: xor bx, bx 0x12c25: mov ax, 0x100 0x12c28: push ax 0x12c29: xor ax, ax 0x12c2b: ret 0x12c2c: sub byte ptr [bp + di + 0x29], al
2018-12-25T12:21:48.06292132Z	9	PC: 12c1a \| Display string (String= ' �Viva M�xico! ')
2018-12-25T12:21:48.071572786Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":16,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8730,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:48.089516532Z	47	PC: 12abf \| Get disk transfer address
2018-12-25T12:21:48.09122695Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:21:48.09398427Z	78	PC: 12b3e \| Find first file
2018-12-25T12:21:48.102609995Z	67	PC: 12b73 \| Get or set file attributes
2018-12-25T12:21:48.120420886Z	61	PC: 12b7c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:48.128675315Z	63	PC: 12b8b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:21:48.136667168Z	66	PC: 12b9b \| Move file pointer
2018-12-25T12:21:48.138389453Z	64	PC: 12baf \| Write file or device (Write 449 bytes on handle 5)
2018-12-25T12:21:48.148068171Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:21:48.149748394Z	64	PC: 12bcc \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:48.157950436Z	87	PC: 12bdf \| Get or set file date and time
2018-12-25T12:21:48.160731088Z	62	PC: 12be3 \| Close file
2018-12-25T12:21:48.170051637Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-25T12:21:48.181357093Z	26	PC: 12bfb \| Set disk transfer address
2018-12-25T12:21:48.191398349Z	42	PC: 12c00 \| Get date 0x12c00: cmp dx, 0x505 0x12c04: je 0x12c12 0x12c06: cmp dx, 0x910 0x12c0a: je 0x12c12 0x12c0c: cmp dx, 0xb14 0x12c10: jne 0x12c1a 0x12c12: mov ah, 9 0x12c14: lea dx, word ptr [bp + 0x2ca] 0x12c18: int 0x21 0x12c1a: xor bp, bp 0x12c1c: xor di, di 0x12c1e: xor si, si 0x12c20: xor dx, dx 0x12c22: pop cx 0x12c23: xor bx, bx 0x12c25: mov ax, 0x100 0x12c28: push ax 0x12c29: xor ax, ax 0x12c2b: ret 0x12c2c: sub byte ptr [bp + di + 0x29], al
2018-12-25T12:21:48.193836536Z	9	PC: 12c1a \| Display string (String= ' �Viva M�xico! ')
2018-12-25T12:21:48.203216308Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":20,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8730,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:48.166725598Z	47	PC: 12abf \| Get disk transfer address
2018-12-25T12:21:48.168290527Z	26	PC: 12acf \| Set disk transfer address
2018-12-25T12:21:48.169852226Z	78	PC: 12b3e \| Find first file
2018-12-25T12:21:48.178293425Z	67	PC: 12b73 \| Get or set file attributes
2018-12-25T12:21:48.195693644Z	61	PC: 12b7c \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:48.203960657Z	63	PC: 12b8b \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:21:48.212784273Z	66	PC: 12b9b \| Move file pointer
2018-12-25T12:21:48.215080766Z	64	PC: 12baf \| Write file or device (Write 449 bytes on handle 5)
2018-12-25T12:21:48.225739845Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:21:48.227357199Z	64	PC: 12bcc \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:21:48.235998845Z	87	PC: 12bdf \| Get or set file date and time
2018-12-25T12:21:48.238444865Z	62	PC: 12be3 \| Close file
2018-12-25T12:21:48.248479878Z	67	PC: 12bf2 \| Get or set file attributes
2018-12-25T12:21:48.25972912Z	26	PC: 12bfb \| Set disk transfer address
2018-12-25T12:21:48.262202192Z	42	PC: 12c00 \| Get date 0x12c00: cmp dx, 0x505 0x12c04: je 0x12c12 0x12c06: cmp dx, 0x910 0x12c0a: je 0x12c12 0x12c0c: cmp dx, 0xb14 0x12c10: jne 0x12c1a 0x12c12: mov ah, 9 0x12c14: lea dx, word ptr [bp + 0x2ca] 0x12c18: int 0x21 0x12c1a: xor bp, bp 0x12c1c: xor di, di 0x12c1e: xor si, si 0x12c20: xor dx, dx 0x12c22: pop cx 0x12c23: xor bx, bx 0x12c25: mov ax, 0x100 0x12c28: push ax 0x12c29: xor ax, ax 0x12c2b: ret 0x12c2c: sub byte ptr [bp + di + 0x29], al
2018-12-25T12:21:48.26526113Z	9	PC: 12c1a \| Display string (String= ' �Viva M�xico! ')
2018-12-25T12:21:48.274035312Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')