Sample viewer

vx.netlux.org/Virus.DOS.Spellbound.1164

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:50:59.713321274Z 37 PC: 12b2c | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:50:59.714533843Z 37 PC: 12b30 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:50:59.716235159Z 74 PC: 12b3b | Reallocate memory
2018-12-17T22:50:59.71779395Z 72 PC: 12b42 | Allocate memory
2018-12-17T22:50:59.719528516Z 37 PC: 12b4e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:50:59.721330473Z 42 PC: 12b52 | Get date 0x12b52: cmp dl, 1
0x12b55: jne 0x12b61
0x12b57: mov ah, 9
0x12b59: mov dx, 0x161
0x12b5c: int 0x21
0x12b5e: call 0x12c7c
0x12b61: mov dx, 0x15c
0x12b64: mov ah, 0x4e
0x12b66: int 0x21
0x12b68: jae 0x12b6f
0x12b6a: xor al, al
0x12b6c: out 0x21, al
0x12b6e: ret
0x12b6f: mov ax, 0x4300
0x12b72: mov dx, 0x9e
0x12b75: int 0x21
0x12b77: push cx
0x12b78: mov ax, 0x4301
0x12b7b: xor cx, cx
0x12b7d: int 0x21
2018-12-17T22:50:59.723677813Z 78 PC: 12b68 | Find first file
2018-12-17T22:50:59.731255041Z 67 PC: 12b77 | Get or set file attributes
2018-12-17T22:50:59.742091583Z 67 PC: 12b7f | Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10395,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:53.523604436Z 37 PC: 12b2c | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:53.525083284Z 37 PC: 12b30 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:27:53.526634045Z 74 PC: 12b3b | Reallocate memory
2018-12-25T12:27:53.528271046Z 72 PC: 12b42 | Allocate memory
2018-12-25T12:27:53.530347947Z 37 PC: 12b4e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:53.544761949Z 42 PC: 12b52 | Get date 0x12b52: cmp dl, 1
0x12b55: jne 0x12b61
0x12b57: mov ah, 9
0x12b59: mov dx, 0x161
0x12b5c: int 0x21
0x12b5e: call 0x12c7c
0x12b61: mov dx, 0x15c
0x12b64: mov ah, 0x4e
0x12b66: int 0x21
0x12b68: jae 0x12b6f
0x12b6a: xor al, al
0x12b6c: out 0x21, al
0x12b6e: ret
0x12b6f: mov ax, 0x4300
0x12b72: mov dx, 0x9e
0x12b75: int 0x21
0x12b77: push cx
0x12b78: mov ax, 0x4301
0x12b7b: xor cx, cx
0x12b7d: int 0x21
2018-12-25T12:27:53.548020603Z 9 PC: 12b5e | Display string (String= 'Prime Evil! (C) Spellbound, Line Noise 1992. Coded in Stockholm, Sweden. Please spell my name right!')
2018-12-25T12:27:53.55715422Z 78 PC: 12b68 | Find first file
2018-12-25T12:27:53.566122508Z 67 PC: 12b77 | Get or set file attributes
2018-12-25T12:27:53.57378793Z 67 PC: 12b7f | Get or set file attributes

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10395,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:27:54.641454896Z 37 PC: 12b2c | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:27:54.643736847Z 37 PC: 12b30 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:27:54.648935402Z 74 PC: 12b3b | Reallocate memory
2018-12-25T12:27:54.650299661Z 72 PC: 12b42 | Allocate memory
2018-12-25T12:27:54.652800205Z 37 PC: 12b4e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:27:54.653954708Z 42 PC: 12b52 | Get date 0x12b52: cmp dl, 1
0x12b55: jne 0x12b61
0x12b57: mov ah, 9
0x12b59: mov dx, 0x161
0x12b5c: int 0x21
0x12b5e: call 0x12c7c
0x12b61: mov dx, 0x15c
0x12b64: mov ah, 0x4e
0x12b66: int 0x21
0x12b68: jae 0x12b6f
0x12b6a: xor al, al
0x12b6c: out 0x21, al
0x12b6e: ret
0x12b6f: mov ax, 0x4300
0x12b72: mov dx, 0x9e
0x12b75: int 0x21
0x12b77: push cx
0x12b78: mov ax, 0x4301
0x12b7b: xor cx, cx
0x12b7d: int 0x21
2018-12-25T12:27:54.657418756Z 78 PC: 12b68 | Find first file
2018-12-25T12:27:54.663932064Z 67 PC: 12b77 | Get or set file attributes
2018-12-25T12:27:54.669876251Z 67 PC: 12b7f | Get or set file attributes