Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.No.727

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:29.029515038Z 26 PC: 12a92 | Set disk transfer address
2018-12-17T22:50:29.031576383Z 71 PC: 12a9c | Get current directory
2018-12-17T22:50:29.034419984Z 53 PC: 12aa6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:29.03557367Z 37 PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:29.037802326Z 78 PC: 12b58 | Find first file
2018-12-17T22:50:29.055145041Z 78 PC: 12b58 | Find first file
2018-12-17T22:50:29.060931562Z 61 PC: 12cc2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:50:29.068028838Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.074157292Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.075829914Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.078886396Z 61 PC: 12cc2 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:50:29.085773476Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.091763965Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.094001128Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.096646596Z 61 PC: 12cc2 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:50:29.102944691Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.110088011Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.112116883Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.11509118Z 61 PC: 12cc2 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:50:29.121845815Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.128790414Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.130881639Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.133526677Z 61 PC: 12cc2 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:50:29.138883264Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.142842842Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.144489003Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.148265342Z 61 PC: 12cc2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:50:29.154514801Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.160534266Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.162716907Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.165132424Z 61 PC: 12cc2 | Open file (Filename = 'PAH.COM')
2018-12-17T22:50:29.171401051Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.178084492Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.179757429Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.182191681Z 61 PC: 12cc2 | Open file (Filename = 'TEST.COM')
2018-12-17T22:50:29.189146218Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:50:29.191689379Z 62 PC: 12b6e | Close file
2018-12-17T22:50:29.193526125Z 79 PC: 12b58 | Find next file
2018-12-17T22:50:29.197058567Z 59 PC: 12ace | Change current directory
2018-12-17T22:50:29.201490193Z 44 PC: 12ad4 | Get time 0x12ad4: cmp ch, 0xf
0x12ad7: ja 0x12ade
0x12ad9: cmp dl, 0x19
0x12adc: jbe 0x12b2c
0x12ade: mov ax, 0x2524
0x12ae1: lds dx, ptr [bp + 0x409]
0x12ae5: int 0x21
0x12ae7: push cs
0x12ae8: pop ds
0x12ae9: mov ah, 0x3b
0x12aeb: lea dx, word ptr [bp + 0x40d]
0x12aef: int 0x21
0x12af1: mov ah, 0x1a
0x12af3: mov dx, 0x80
0x12af6: cmp sp, 0x474e
0x12afa: je 0x12aff
0x12afc: int 0x21
0x12afe: ret
0x12aff: pop es
0x12b00: pop ds
2018-12-17T22:50:29.203931538Z 37 PC: 12ae7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:29.205687181Z 59 PC: 12af1 | Change current directory
2018-12-17T22:50:29.210303119Z 26 PC: 12afe | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10227,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:33.801031165Z 26 PC: 12a92 | Set disk transfer address
2018-12-25T12:27:33.803091488Z 71 PC: 12a9c | Get current directory
2018-12-25T12:27:33.806193572Z 53 PC: 12aa6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:33.807693856Z 37 PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:33.809146121Z 78 PC: 12b58 | Find first file
2018-12-25T12:27:33.816556719Z 78 PC: 12b58 | Find first file (See above)
2018-12-25T12:27:33.822615316Z 61 PC: 12cc2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:33.829244267Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:27:33.850972041Z 62 PC: 12b6e | Close file
2018-12-25T12:27:33.853089727Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.855837948Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:33.863193136Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:33.869805958Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:33.871845594Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.87634339Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:33.882928413Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:33.889344481Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:33.892455729Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.895265567Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:33.901876939Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:33.908449199Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:33.910993093Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.913800158Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:33.920508886Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:33.927800175Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:33.929749691Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.932545744Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:33.940595059Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:33.946945001Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:33.948893139Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.952700739Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:33.959280291Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:33.965650649Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:33.968169542Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.971164458Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:33.977696766Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:33.980955987Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:33.982912401Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:33.985304785Z 59 PC: 12ace | Change current directory
2018-12-25T12:27:33.990181039Z 44 PC: 12ad4 | Get time 0x12ad4: cmp ch, 0xf
0x12ad7: ja 0x12ade
0x12ad9: cmp dl, 0x19
0x12adc: jbe 0x12b2c
0x12ade: mov ax, 0x2524
0x12ae1: lds dx, ptr [bp + 0x409]
0x12ae5: int 0x21
0x12ae7: push cs
0x12ae8: pop ds
0x12ae9: mov ah, 0x3b
0x12aeb: lea dx, word ptr [bp + 0x40d]
0x12aef: int 0x21
0x12af1: mov ah, 0x1a
0x12af3: mov dx, 0x80
0x12af6: cmp sp, 0x474e
0x12afa: je 0x12aff
0x12afc: int 0x21
0x12afe: ret
0x12aff: pop es
0x12b00: pop ds
2018-12-25T12:27:33.992441572Z 37 PC: 12ae7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:33.993749799Z 59 PC: 12af1 | Change current directory
2018-12-25T12:27:34.001733887Z 26 PC: 12afe | Set disk transfer address

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":16,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10227,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:34.206720648Z 26 PC: 12a92 | Set disk transfer address
2018-12-25T12:27:34.208580691Z 71 PC: 12a9c | Get current directory
2018-12-25T12:27:34.212318506Z 53 PC: 12aa6 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:34.214228647Z 37 PC: 12ab6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:34.217518102Z 78 PC: 12b58 | Find first file
2018-12-25T12:27:34.228918781Z 78 PC: 12b58 | Find first file (See above)
2018-12-25T12:27:34.235510004Z 61 PC: 12cc2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:27:34.242887882Z 63 PC: 12b6a | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:27:34.250349335Z 62 PC: 12b6e | Close file
2018-12-25T12:27:34.252277972Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.255105764Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:34.268601131Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:34.276560973Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:34.278967533Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.283470565Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:34.290891315Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:34.298568609Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:34.300982885Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.304667064Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:34.311929882Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:34.319323878Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:34.321945295Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.325373753Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:34.333062583Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:34.342166827Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:34.34437035Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.347408069Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:34.355493416Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:34.362828185Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:34.364903731Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.368426683Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:34.375675443Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:34.382827131Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:34.385240566Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.388329396Z 61 PC: 12cc2 | Open file (See above)
2018-12-25T12:27:34.395681148Z 63 PC: 12b6a | Read file or device (See above)
2018-12-25T12:27:34.403842539Z 62 PC: 12b6e | Close file (See above)
2018-12-25T12:27:34.405956108Z 79 PC: 12b58 | Find next file (See above)
2018-12-25T12:27:34.408663222Z 59 PC: 12ace | Change current directory
2018-12-25T12:27:34.413426204Z 44 PC: 12ad4 | Get time 0x12ad4: cmp ch, 0xf
0x12ad7: ja 0x12ade
0x12ad9: cmp dl, 0x19
0x12adc: jbe 0x12b2c
0x12ade: mov ax, 0x2524
0x12ae1: lds dx, ptr [bp + 0x409]
0x12ae5: int 0x21
0x12ae7: push cs
0x12ae8: pop ds
0x12ae9: mov ah, 0x3b
0x12aeb: lea dx, word ptr [bp + 0x40d]
0x12aef: int 0x21
0x12af1: mov ah, 0x1a
0x12af3: mov dx, 0x80
0x12af6: cmp sp, 0x474e
0x12afa: je 0x12aff
0x12afc: int 0x21
0x12afe: ret
0x12aff: pop es
0x12b00: pop ds
2018-12-25T12:27:34.417459467Z 37 PC: 12ae7 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:34.419081267Z 59 PC: 12af1 | Change current directory
2018-12-25T12:27:34.424505495Z 26 PC: 12afe | Set disk transfer address