Sample viewer

vx.netlux.org/Virus.DOS.Ming.491

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:44.715191446Z 42 PC: 12a5b | Get date 0x12a5b: cmp dh, 2
0x12a5e: je 0x12ab6
0x12a60: mov ah, 0x47
0x12a62: xor dl, dl
0x12a64: lea si, word ptr [bp + 0x2a2]
0x12a68: int 0x21
0x12a6a: mov ah, 0x1a
0x12a6c: lea dx, word ptr [bp + 0x2f0]
0x12a70: int 0x21
0x12a72: jmp 0x12aa1
0x12a74: mov ah, 0x3b
0x12a76: lea dx, word ptr [bp + 0x2e2]
0x12a7a: int 0x21
0x12a7c: mov ah, 0x4e
0x12a7e: lea dx, word ptr [bp + 0x2a0]
0x12a82: mov cx, 0x11
0x12a85: int 0x21
0x12a87: jb 0x12ab3
0x12a89: mov bx, word ptr [bp + 0x29e]
0x12a8d: dec bx
2018-12-17T22:48:44.722697248Z 71 PC: 12a6a | Get current directory
2018-12-17T22:48:44.725527478Z 26 PC: 12a72 | Set disk transfer address
2018-12-17T22:48:44.726515137Z 78 PC: 12aab | Find first file
2018-12-17T22:48:44.746319924Z 61 PC: 12ac9 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:44.752591493Z 63 PC: 12ad6 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:48:44.75865188Z 62 PC: 12af1 | Close file
2018-12-17T22:48:44.760836924Z 61 PC: 12afa | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:44.767462673Z 87 PC: 12b01 | Get or set file date and time
2018-12-17T22:48:44.768787624Z 64 PC: 12b0e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:44.7719378Z 66 PC: 12b16 | Move file pointer
2018-12-17T22:48:44.773469993Z 64 PC: 12b21 | Write file or device (Write 491 bytes on handle 5)
2018-12-17T22:48:45.125602706Z 87 PC: 12b28 | Get or set file date and time
2018-12-17T22:48:45.127106547Z 62 PC: 12b2c | Close file
2018-12-17T22:48:45.135027854Z 59 PC: 12b55 | Change current directory
2018-12-17T22:48:45.138844128Z 59 PC: 12b5d | Change current directory
2018-12-17T22:48:45.142483149Z 26 PC: 12b64 | Set disk transfer address
2018-12-17T22:48:45.144585364Z 76 PC: 12a44 | Terminate with return code (Return code = '3')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9658,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:23.210258167Z 42 PC: 12a5b | Get date 0x12a5b: cmp dh, 2
0x12a5e: je 0x12ab6
0x12a60: mov ah, 0x47
0x12a62: xor dl, dl
0x12a64: lea si, word ptr [bp + 0x2a2]
0x12a68: int 0x21
0x12a6a: mov ah, 0x1a
0x12a6c: lea dx, word ptr [bp + 0x2f0]
0x12a70: int 0x21
0x12a72: jmp 0x12aa1
0x12a74: mov ah, 0x3b
0x12a76: lea dx, word ptr [bp + 0x2e2]
0x12a7a: int 0x21
0x12a7c: mov ah, 0x4e
0x12a7e: lea dx, word ptr [bp + 0x2a0]
0x12a82: mov cx, 0x11
0x12a85: int 0x21
0x12a87: jb 0x12ab3
0x12a89: mov bx, word ptr [bp + 0x29e]
0x12a8d: dec bx
2018-12-25T12:23:23.214172447Z 71 PC: 12a6a | Get current directory
2018-12-25T12:23:23.217691322Z 26 PC: 12a72 | Set disk transfer address
2018-12-25T12:23:23.219254081Z 78 PC: 12aab | Find first file
2018-12-25T12:23:23.226691155Z 61 PC: 12ac9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:23.234997039Z 63 PC: 12ad6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:23.242402204Z 62 PC: 12af1 | Close file
2018-12-25T12:23:23.244375327Z 61 PC: 12afa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:23.257418853Z 87 PC: 12b01 | Get or set file date and time
2018-12-25T12:23:23.259516724Z 64 PC: 12b0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:23.263252497Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:23:23.266047339Z 64 PC: 12b21 | Write file or device (Write 491 bytes on handle 5)
2018-12-25T12:23:23.281167504Z 87 PC: 12b28 | Get or set file date and time
2018-12-25T12:23:23.283347181Z 62 PC: 12b2c | Close file
2018-12-25T12:23:23.293226807Z 59 PC: 12b55 | Change current directory
2018-12-25T12:23:23.303246989Z 59 PC: 12b5d | Change current directory
2018-12-25T12:23:23.305528471Z 26 PC: 12b64 | Set disk transfer address
2018-12-25T12:23:23.307565959Z 76 PC: 12a44 | Terminate with return code (Return code = '3')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9658,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:23.664500839Z 42 PC: 12a5b | Get date 0x12a5b: cmp dh, 2
0x12a5e: je 0x12ab6
0x12a60: mov ah, 0x47
0x12a62: xor dl, dl
0x12a64: lea si, word ptr [bp + 0x2a2]
0x12a68: int 0x21
0x12a6a: mov ah, 0x1a
0x12a6c: lea dx, word ptr [bp + 0x2f0]
0x12a70: int 0x21
0x12a72: jmp 0x12aa1
0x12a74: mov ah, 0x3b
0x12a76: lea dx, word ptr [bp + 0x2e2]
0x12a7a: int 0x21
0x12a7c: mov ah, 0x4e
0x12a7e: lea dx, word ptr [bp + 0x2a0]
0x12a82: mov cx, 0x11
0x12a85: int 0x21
0x12a87: jb 0x12ab3
0x12a89: mov bx, word ptr [bp + 0x29e]
0x12a8d: dec bx
2018-12-25T12:23:23.667681841Z 9 PC: 12b45 | Display string (String= ' Nice To Meet You! Copyright(c) 1-11-1993 By Ming. From Tuen Mun, Hong Kong Version 3.00')
2018-12-25T12:23:23.671899757Z 71 PC: 12a6a | Get current directory
2018-12-25T12:23:23.674582216Z 26 PC: 12a72 | Set disk transfer address
2018-12-25T12:23:23.676285181Z 78 PC: 12aab | Find first file
2018-12-25T12:23:23.6821268Z 61 PC: 12ac9 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:23.688866098Z 63 PC: 12ad6 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:23.693734078Z 62 PC: 12af1 | Close file
2018-12-25T12:23:23.695582285Z 61 PC: 12afa | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:23.699925578Z 87 PC: 12b01 | Get or set file date and time
2018-12-25T12:23:23.702995797Z 64 PC: 12b0e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:23.704834661Z 66 PC: 12b16 | Move file pointer
2018-12-25T12:23:23.70582355Z 64 PC: 12b21 | Write file or device (Write 491 bytes on handle 5)
2018-12-25T12:23:23.71768637Z 87 PC: 12b28 | Get or set file date and time
2018-12-25T12:23:23.718732973Z 62 PC: 12b2c | Close file
2018-12-25T12:23:23.724655397Z 59 PC: 12b55 | Change current directory
2018-12-25T12:23:23.734560014Z 59 PC: 12b5d | Change current directory
2018-12-25T12:23:23.736412232Z 26 PC: 12b64 | Set disk transfer address
2018-12-25T12:23:23.737560097Z 76 PC: 12a44 | Terminate with return code (Return code = '3')