Sample viewer

vx.netlux.org/Virus.DOS.Atomic.831

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:20.500554455Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 7
0x12a5e: je 0x12a80
0x12a60: mov ah, 0x2f
0x12a62: int 0x21
0x12a64: mov word ptr ds:[bp + 0x41a], bx
0x12a69: lea dx, word ptr [bp + 0x3f0]
0x12a6d: call 0x12a92
0x12a70: mov cx, 0x9eb
0x12a73: mov dx, 0xfe05
0x12a76: jmp 0x12a74
0x12a78: add ah, 0x3b
0x12a7b: jmp 0x12a71
0x12a7d: jmp 0x12aab
0x12a7f: nop
0x12a80: mov ah, 9
0x12a82: lea dx, word ptr [bp + 0x329]
0x12a86: int 0x21
0x12a88: mov cx, 0x1fff
0x12a8b: loop 0x12a8b
0x12a8d: ljmp 0xffff:0
2018-12-17T22:49:20.502184295Z 47 PC: 12a64 | Get disk transfer address
2018-12-17T22:49:20.504792169Z 26 PC: 12a96 | Set disk transfer address
2018-12-17T22:49:20.545740027Z 78 PC: 12ab6 | Find first file
2018-12-17T22:49:20.553094961Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T22:49:20.560112529Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T22:49:20.578554891Z 61 PC: 12b2e | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:49:20.586574263Z 63 PC: 12b50 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:49:20.594987066Z 87 PC: 12a9b | Get or set file date and time
2018-12-17T22:49:20.596893981Z 66 PC: 12aa5 | Move file pointer
2018-12-17T22:49:20.598781623Z 64 PC: 12aaa | Write file or device (Write 831 bytes on handle 5)
2018-12-17T22:49:20.60877864Z 66 PC: 12aa5 | Move file pointer
2018-12-17T22:49:20.610827665Z 64 PC: 12aaa | Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:49:20.619336785Z 66 PC: 12aa5 | Move file pointer
2018-12-17T22:49:20.621443924Z 64 PC: 12aaa | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:49:20.624880271Z 87 PC: 12a9b | Get or set file date and time
2018-12-17T22:49:20.626541174Z 62 PC: 12bb4 | Close file
2018-12-17T22:49:20.635825407Z 67 PC: 12aa0 | Get or set file attributes
2018-12-17T22:49:20.647361811Z 78 PC: 12ac6 | Find first file
2018-12-17T22:49:20.653985714Z 78 PC: 12adb | Find first file
2018-12-17T22:49:20.660443604Z 26 PC: 12a96 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9855,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:55.724179409Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 7
0x12a5e: je 0x12a80
0x12a60: mov ah, 0x2f
0x12a62: int 0x21
0x12a64: mov word ptr ds:[bp + 0x41a], bx
0x12a69: lea dx, word ptr [bp + 0x3f0]
0x12a6d: call 0x12a92
0x12a70: mov cx, 0x9eb
0x12a73: mov dx, 0xfe05
0x12a76: jmp 0x12a74
0x12a78: add ah, 0x3b
0x12a7b: jmp 0x12a71
0x12a7d: jmp 0x12aab
0x12a7f: nop
0x12a80: mov ah, 9
0x12a82: lea dx, word ptr [bp + 0x329]
0x12a86: int 0x21
0x12a88: mov cx, 0x1fff
0x12a8b: loop 0x12a8b
0x12a8d: ljmp 0xffff:0
2018-12-25T12:23:55.727117295Z 47 PC: 12a64 | Get disk transfer address
2018-12-25T12:23:55.728287384Z 26 PC: 12a96 | Set disk transfer address
2018-12-25T12:23:55.748186965Z 78 PC: 12ab6 | Find first file
2018-12-25T12:23:55.755165566Z 67 PC: 12aa0 | Get or set file attributes
2018-12-25T12:23:55.759607606Z 67 PC: 12aa0 | Get or set file attributes (See above)
2018-12-25T12:23:55.774093058Z 61 PC: 12b2e | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:55.781826616Z 63 PC: 12b50 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:23:55.792439343Z 87 PC: 12a9b | Get or set file date and time
2018-12-25T12:23:55.793817083Z 66 PC: 12aa5 | Move file pointer
2018-12-25T12:23:55.795212174Z 64 PC: 12aaa | Write file or device (Write 831 bytes on handle 5)
2018-12-25T12:23:55.80427475Z 66 PC: 12aa5 | Move file pointer (See above)
2018-12-25T12:23:55.805513969Z 64 PC: 12aaa | Write file or device (See above)
2018-12-25T12:23:55.812011772Z 66 PC: 12aa5 | Move file pointer (See above)
2018-12-25T12:23:55.818587826Z 64 PC: 12aaa | Write file or device (See above)
2018-12-25T12:23:55.822796917Z 87 PC: 12a9b | Get or set file date and time (See above)
2018-12-25T12:23:55.824260389Z 62 PC: 12bb4 | Close file
2018-12-25T12:23:55.834691232Z 67 PC: 12aa0 | Get or set file attributes (See above)
2018-12-25T12:23:55.845493122Z 78 PC: 12ac6 | Find first file
2018-12-25T12:23:55.852320384Z 78 PC: 12adb | Find first file
2018-12-25T12:23:55.859626011Z 26 PC: 12a96 | Set disk transfer address (See above)

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9855,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:55.719247746Z 42 PC: 12a5b | Get date 0x12a5b: cmp dl, 7
0x12a5e: je 0x12a80
0x12a60: mov ah, 0x2f
0x12a62: int 0x21
0x12a64: mov word ptr ds:[bp + 0x41a], bx
0x12a69: lea dx, word ptr [bp + 0x3f0]
0x12a6d: call 0x12a92
0x12a70: mov cx, 0x9eb
0x12a73: mov dx, 0xfe05
0x12a76: jmp 0x12a74
0x12a78: add ah, 0x3b
0x12a7b: jmp 0x12a71
0x12a7d: jmp 0x12aab
0x12a7f: nop
0x12a80: mov ah, 9
0x12a82: lea dx, word ptr [bp + 0x329]
0x12a86: int 0x21
0x12a88: mov cx, 0x1fff
0x12a8b: loop 0x12a8b
0x12a8d: ljmp 0xffff:0
2018-12-25T12:23:55.729094188Z 9 PC: 12a88 | Display string (String= ' ������������������������������������������Ŀ � The Atomic Dustbin 2B - I'm Here To Stay � �������������������������������������������� ')
2018-12-25T12:23:57.863714864Z 72 PC: 8f1b9 | Allocate memory
2018-12-25T12:23:57.865747496Z 72 PC: 8f1bd | Allocate memory
2018-12-25T12:23:57.86842433Z 99 PC: 90858 | Get DBCS lead byte table pointer
2018-12-25T12:23:57.871141179Z 61 PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS')
2018-12-25T12:23:57.881755786Z 66 PC: 91f95 | Move file pointer
2018-12-25T12:23:57.88402424Z 62 PC: 91fc1 | Close file
2018-12-25T12:23:57.886053422Z 75 PC: 91fe0 | Execute program
2018-12-25T12:23:57.901434498Z 98 PC: 916f1 | Get current PSP
2018-12-25T12:23:57.902876101Z 9 PC: c605 | Display string (String= '6��r�&;] u')
2018-12-25T12:23:57.907931683Z 48 PC: c609 | Get DOS version
2018-12-25T12:23:57.911216713Z 9 PC: c382 | Display string (String= ' Installed A20 handler number ')
2018-12-25T12:23:57.913768975Z 2 PC: c38c | Character output (Char = '32')
2018-12-25T12:23:57.91656898Z 2 PC: c3a7 | Character output (Char = '2e')
2018-12-25T12:23:57.919785208Z 9 PC: c6d9 | Display string (String= '�����VH�VD���V@��������������_���Ku��t1��������D�����t �� ��������a1��Z�����W���� ������5���|�����(���������Nj�(��������p�^')
2018-12-25T12:23:57.923362314Z 9 PC: c6e0 | Display string (String= '�5���|�����(���������Nj�(��������p�^')
2018-12-25T12:23:57.929233062Z 61 PC: 91f88 | Open file (See above)
2018-12-25T12:23:57.948133949Z 66 PC: 91f95 | Move file pointer (See above)
2018-12-25T12:23:57.949465698Z 62 PC: 91fc1 | Close file (See above)
2018-12-25T12:23:57.952361196Z 75 PC: 91fe0 | Execute program (See above)
2018-12-25T12:23:57.972768983Z 98 PC: 916f1 | Get current PSP (See above)
2018-12-25T12:23:57.976475906Z 82 PC: 13d46 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:57.97863627Z 53 PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:23:57.980126484Z 37 PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:23:57.981581619Z 53 PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:57.983586341Z 37 PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:57.985047507Z 9 PC: 13a0d | Display string (Could not find end pointer)
2018-12-25T12:23:57.993458383Z 62 PC: 8f8eb | Close file
2018-12-25T12:23:57.996218744Z 62 PC: 8f8f2 | Close file
2018-12-25T12:23:57.998308366Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.000112559Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.002824922Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.004569486Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.00611972Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.007858918Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.009749031Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.011219648Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.013367314Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.014775012Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.016267514Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.017864312Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.020097679Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.022005911Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.023437575Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.025838641Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.0273131Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.028742582Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.031316408Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.032744676Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.034145062Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.036433985Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.037853669Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.039459064Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.042165568Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.043794363Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.045797508Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.047874191Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.049522094Z 62 PC: 8f8f2 | Close file (See above)
2018-12-25T12:23:58.050957845Z 61 PC: 8f8ff | Open file (Filename = '')
2018-12-25T12:23:58.056001092Z 62 PC: 8f90e | Close file
2018-12-25T12:23:58.058073234Z 69 PC: 8f915 | Duplicate handle
2018-12-25T12:23:58.05960895Z 69 PC: 8f919 | Duplicate handle
2018-12-25T12:23:58.06165914Z 61 PC: 9387b | Open file (Filename = '')
2018-12-25T12:23:58.066115112Z 68 PC: 9386b | I/O control for devices (Set for = '')
2018-12-25T12:23:58.067308079Z 61 PC: 9387b | Open file (See above)
2018-12-25T12:23:58.072274333Z 68 PC: 9386b | I/O control for devices (See above)
2018-12-25T12:23:58.073836321Z 74 PC: 8f9c4 | Reallocate memory
2018-12-25T12:23:58.075358939Z 72 PC: 8f9e0 | Allocate memory
2018-12-25T12:23:58.078366599Z 72 PC: 8f9e4 | Allocate memory
2018-12-25T12:23:58.080906061Z 74 PC: 8f9fb | Reallocate memory
2018-12-25T12:23:58.082945219Z 72 PC: 8fa02 | Allocate memory
2018-12-25T12:23:58.085282016Z 72 PC: 8fa06 | Allocate memory
2018-12-25T12:23:58.086616608Z 73 PC: 8fa11 | Release memory
2018-12-25T12:23:58.087948802Z 73 PC: 8efea | Release memory
2018-12-25T12:23:58.089776216Z 74 PC: 8f003 | Reallocate memory
2018-12-25T12:23:58.091237797Z 72 PC: 8f054 | Allocate memory
2018-12-25T12:23:58.093132921Z 72 PC: 8f058 | Allocate memory
2018-12-25T12:23:58.095089476Z 73 PC: 8f060 | Release memory
2018-12-25T12:23:58.096349089Z 61 PC: 8f080 | Open file (Filename = '')
2018-12-25T12:23:58.10491718Z 63 PC: 8f095 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:23:58.119533131Z 66 PC: 8f0ad | Move file pointer
2018-12-25T12:23:58.121122673Z 62 PC: 8f0d1 | Close file
2018-12-25T12:23:58.123252498Z 75 PC: 8f0f2 | Execute program
2018-12-25T12:23:58.150412117Z 80 PC: 12be9 | Set current PSP
2018-12-25T12:23:58.151415642Z 48 PC: 12bee | Get DOS version
2018-12-25T12:23:58.153179909Z 99 PC: 193d0 | Get DBCS lead byte table pointer
2018-12-25T12:23:58.156427355Z 101 PC: 12c74 | Get extended country info
2018-12-25T12:23:58.15808204Z 99 PC: 12c7a | Get DBCS lead byte table pointer
2018-12-25T12:23:58.160263075Z 74 PC: 12cdc | Reallocate memory
2018-12-25T12:23:58.162100504Z 72 PC: 1355d | Allocate memory
2018-12-25T12:23:58.164122864Z 25 PC: 13596 | Get default drive
2018-12-25T12:23:58.165452106Z 71 PC: 135ad | Get current directory
2018-12-25T12:23:58.1682123Z 59 PC: 135ba | Change current directory
2018-12-25T12:23:58.174213497Z 59 PC: 135c8 | Change current directory
2018-12-25T12:23:58.17976002Z 59 PC: 135d3 | Change current directory
2018-12-25T12:23:58.183328488Z 25 PC: 12d13 | Get default drive
2018-12-25T12:23:58.184842875Z 37 PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:23:58.18586181Z 37 PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:58.187127918Z 37 PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:58.190133299Z 80 PC: 1301d | Set current PSP
2018-12-25T12:23:58.19117229Z 37 PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag')
2018-12-25T12:23:58.192611292Z 53 PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:58.194333019Z 37 PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:58.195393422Z 51 PC: 13417 | Get or set Ctrl-Break
2018-12-25T12:23:58.197150427Z 72 PC: 130ec | Allocate memory
2018-12-25T12:23:58.199598609Z 61 PC: 131b2 | Open file (Filename = '')
2018-12-25T12:23:58.205579448Z 62 PC: 131ba | Close file
2018-12-25T12:23:58.207633834Z 51 PC: 1344c | Get or set Ctrl-Break
2018-12-25T12:23:58.209599421Z 74 PC: 1197c | Reallocate memory
2018-12-25T12:23:58.211026402Z 72 PC: 11991 | Allocate memory
2018-12-25T12:23:58.21276448Z 73 PC: 119b2 | Release memory
2018-12-25T12:23:58.214948008Z 72 PC: 119bd | Allocate memory
2018-12-25T12:23:58.216491097Z 73 PC: 119df | Release memory
2018-12-25T12:23:58.217692868Z 72 PC: 119f5 | Allocate memory
2018-12-25T12:23:58.220288345Z 72 PC: 119fd | Allocate memory