Sample viewer

vx.netlux.org/Virus.DOS.Farside.3008

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:57.637140418Z 53 PC: 130cc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:57.639114868Z 26 PC: 130fe | Set disk transfer address
2018-12-17T22:50:57.640588043Z 75 PC: 13104 | Execute program
2018-12-17T22:50:57.643930551Z 37 PC: 13121 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:57.646562439Z 42 PC: 9d11d | Get date 0x9d11d: cmp dx, 0x406
0x9d121: jne 0x9d126
0x9d123: jmp 0x9d053
0x9d126: push ds
0x9d127: mov ax, word ptr [0x119]
0x9d12a: mov ds, ax
0x9d12c: mov ax, word ptr [0x2c]
0x9d12f: mov ds, ax
0x9d131: xor si, si
0x9d133: cld
0x9d134: lodsw ax, word ptr [si]
0x9d135: or ax, ax
0x9d137: je 0x9d13b
0x9d139: jmp 0x9d134
0x9d13b: lodsw ax, word ptr [si]
0x9d13c: cmp ax, 1
0x9d13f: jne 0x9d157
0x9d141: push cs
0x9d142: pop es
0x9d143: mov di, 0x11b
2018-12-17T22:50:57.649125963Z 61 PC: 9d165 | Open file (Filename = 'A:\TEST.COM')
2018-12-17T22:50:57.655930515Z 66 PC: 9d18b | Move file pointer
2018-12-17T22:50:57.658712377Z 63 PC: 9d1bf | Read file or device (Read 3006 bytes on handle 5)
2018-12-17T22:50:57.666249235Z 62 PC: 9d2a2 | Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:52.590377899Z 53 PC: 130cc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.592664701Z 26 PC: 130fe | Set disk transfer address
2018-12-25T12:27:52.594215785Z 75 PC: 13104 | Execute program
2018-12-25T12:27:52.596033538Z 37 PC: 13121 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.597824573Z 42 PC: 9d11d | Get date 0x9d11d: cmp dx, 0x406
0x9d121: jne 0x9d126
0x9d123: jmp 0x9d053
0x9d126: push ds
0x9d127: mov ax, word ptr [0x119]
0x9d12a: mov ds, ax
0x9d12c: mov ax, word ptr [0x2c]
0x9d12f: mov ds, ax
0x9d131: xor si, si
0x9d133: cld
0x9d134: lodsw ax, word ptr [si]
0x9d135: or ax, ax
0x9d137: je 0x9d13b
0x9d139: jmp 0x9d134
0x9d13b: lodsw ax, word ptr [si]
0x9d13c: cmp ax, 1
0x9d13f: jne 0x9d157
0x9d141: push cs
0x9d142: pop es
0x9d143: mov di, 0x11b
2018-12-25T12:27:52.600866444Z 61 PC: 9d165 | Open file (Filename = 'A:\TEST.COM')
2018-12-25T12:27:52.607490084Z 66 PC: 9d18b | Move file pointer
2018-12-25T12:27:52.609123416Z 63 PC: 9d1bf | Read file or device (Read 3006 bytes on handle 5)
2018-12-25T12:27:52.617236048Z 62 PC: 9d2a2 | Close file

{"DateBased":true,"Day":6,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10384,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:52.651123487Z 53 PC: 130cc | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.653064132Z 26 PC: 130fe | Set disk transfer address
2018-12-25T12:27:52.656213764Z 75 PC: 13104 | Execute program
2018-12-25T12:27:52.658321336Z 37 PC: 13121 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:52.660107261Z 42 PC: 9d11d | Get date 0x9d11d: cmp dx, 0x406
0x9d121: jne 0x9d126
0x9d123: jmp 0x9d053
0x9d126: push ds
0x9d127: mov ax, word ptr [0x119]
0x9d12a: mov ds, ax
0x9d12c: mov ax, word ptr [0x2c]
0x9d12f: mov ds, ax
0x9d131: xor si, si
0x9d133: cld
0x9d134: lodsw ax, word ptr [si]
0x9d135: or ax, ax
0x9d137: je 0x9d13b
0x9d139: jmp 0x9d134
0x9d13b: lodsw ax, word ptr [si]
0x9d13c: cmp ax, 1
0x9d13f: jne 0x9d157
0x9d141: push cs
0x9d142: pop es
0x9d143: mov di, 0x11b
2018-12-25T12:27:52.663401394Z 9 PC: 9d065 | Display string (String= 'For cryin'out loud! My circuits are haunted by the ghost of a porcupine. . .')
2018-12-25T12:27:52.667902037Z 76 PC: 9d071 | Terminate with return code (Return code = '0')