Sample viewer

vx.netlux.org/Virus.DOS.IVP.549

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:39.180863824Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-17T22:51:39.182493935Z	53	PC: 12a57 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:39.185010826Z	37	PC: 12a69 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:39.18627102Z	71	PC: 12a75 \| Get current directory
2018-12-17T22:51:39.1894363Z	78	PC: 12ab3 \| Find first file
2018-12-17T22:51:39.197550453Z	59	PC: 12a84 \| Change current directory
2018-12-17T22:51:39.208229085Z	42	PC: 12b6f \| Get date 0x12b6f: cmp cx, 0x7c9 0x12b73: jb 0x12bc6 0x12b75: cmp dl, 0xd 0x12b78: jne 0x12bc6 0x12b7a: mov ah, 0x2c 0x12b7c: int 0x21 0x12b7e: cmp ch, 0xd 0x12b81: jne 0x12bc6 0x12b83: mov ah, 9 0x12b85: lea dx, word ptr [bp + 0x2cf] 0x12b89: int 0x21 0x12b8b: mov cx, 2 0x12b8e: push cx 0x12b8f: cli 0x12b90: mov dx, 0x2ee0 0x12b93: sub dx, word ptr cs:[0x1388] 0x12b98: mov bx, 0x64 0x12b9b: mov al, 0xb6 0x12b9d: out 0x43, al 0x12b9f: mov ax, bx
2018-12-17T22:51:39.2108079Z	37	PC: 12a93 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:39.212671526Z	59	PC: 12a9d \| Change current directory
2018-12-17T22:51:39.215129997Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-17T22:51:39.216884181Z	66	PC: 18432 \| Move file pointer
2018-12-17T22:51:39.218950657Z	64	PC: 18444 \| Write file or device (Write 0 bytes on handle 25964)
2018-12-17T22:51:39.221376094Z	89	PC: 15fa8 \| Get extended error info
2018-12-17T22:51:39.22434632Z	64	PC: 19838 \| Write file or device (Write 34 bytes on handle 2)
2018-12-17T22:51:39.230192316Z	64	PC: 19838 \| Write file or device (Write 2 bytes on handle 2)
2018-12-17T22:51:39.235123774Z	100	PC: 19d8b \| Set wait for external event flag
2018-12-17T22:51:39.2365303Z	66	PC: 18476 \| Move file pointer
2018-12-17T22:51:39.238372488Z	64	PC: 1847c \| Write file or device (Write 0 bytes on handle 25964)
2018-12-17T22:51:39.241372431Z	64	PC: 1848b \| Write file or device (Write 1 bytes on handle 25964)
2018-12-17T22:51:39.243311422Z	62	PC: 1848f \| Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10632,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:39.902147243Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-25T12:28:39.90381309Z	53	PC: 12a57 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:39.904981753Z	37	PC: 12a69 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:39.90602366Z	71	PC: 12a75 \| Get current directory
2018-12-25T12:28:39.909541649Z	78	PC: 12ab3 \| Find first file
2018-12-25T12:28:39.915746977Z	59	PC: 12a84 \| Change current directory
2018-12-25T12:28:39.92081532Z	42	PC: 12b6f \| Get date 0x12b6f: cmp cx, 0x7c9 0x12b73: jb 0x12bc6 0x12b75: cmp dl, 0xd 0x12b78: jne 0x12bc6 0x12b7a: mov ah, 0x2c 0x12b7c: int 0x21 0x12b7e: cmp ch, 0xd 0x12b81: jne 0x12bc6 0x12b83: mov ah, 9 0x12b85: lea dx, word ptr [bp + 0x2cf] 0x12b89: int 0x21 0x12b8b: mov cx, 2 0x12b8e: push cx 0x12b8f: cli 0x12b90: mov dx, 0x2ee0 0x12b93: sub dx, word ptr cs:[0x1388] 0x12b98: mov bx, 0x64 0x12b9b: mov al, 0xb6 0x12b9d: out 0x43, al 0x12b9f: mov ax, bx
2018-12-25T12:28:39.923583323Z	37	PC: 12a93 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:39.924651958Z	59	PC: 12a9d \| Change current directory
2018-12-25T12:28:39.92616646Z	26	PC: 12bd4 \| Set disk transfer address (See above)
2018-12-25T12:28:39.930702072Z	66	PC: 18432 \| Move file pointer
2018-12-25T12:28:39.9322847Z	64	PC: 18444 \| Write file or device (Write 0 bytes on handle 25964)
2018-12-25T12:28:39.934164024Z	89	PC: 15fa8 \| Get extended error info
2018-12-25T12:28:39.937286998Z	64	PC: 19838 \| Write file or device (Write 34 bytes on handle 2)
2018-12-25T12:28:39.94318521Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T12:28:39.947558414Z	100	PC: 19d8b \| Set wait for external event flag
2018-12-25T12:28:39.948961901Z	66	PC: 18476 \| Move file pointer
2018-12-25T12:28:39.951115643Z	64	PC: 1847c \| Write file or device (Write 0 bytes on handle 25964)
2018-12-25T12:28:39.952819127Z	64	PC: 1848b \| Write file or device (Write 1 bytes on handle 25964)
2018-12-25T12:28:39.954628728Z	62	PC: 1848f \| Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10632,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:40.110387728Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-25T12:28:40.112192669Z	53	PC: 12a57 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:40.115492603Z	37	PC: 12a69 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:40.117489715Z	71	PC: 12a75 \| Get current directory
2018-12-25T12:28:40.127542813Z	78	PC: 12ab3 \| Find first file
2018-12-25T12:28:40.148558884Z	59	PC: 12a84 \| Change current directory
2018-12-25T12:28:40.15558543Z	42	PC: 12b6f \| Get date 0x12b6f: cmp cx, 0x7c9 0x12b73: jb 0x12bc6 0x12b75: cmp dl, 0xd 0x12b78: jne 0x12bc6 0x12b7a: mov ah, 0x2c 0x12b7c: int 0x21 0x12b7e: cmp ch, 0xd 0x12b81: jne 0x12bc6 0x12b83: mov ah, 9 0x12b85: lea dx, word ptr [bp + 0x2cf] 0x12b89: int 0x21 0x12b8b: mov cx, 2 0x12b8e: push cx 0x12b8f: cli 0x12b90: mov dx, 0x2ee0 0x12b93: sub dx, word ptr cs:[0x1388] 0x12b98: mov bx, 0x64 0x12b9b: mov al, 0xb6 0x12b9d: out 0x43, al 0x12b9f: mov ax, bx
2018-12-25T12:28:40.158469263Z	37	PC: 12a93 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:40.16079097Z	59	PC: 12a9d \| Change current directory
2018-12-25T12:28:40.163004291Z	26	PC: 12bd4 \| Set disk transfer address (See above)
2018-12-25T12:28:40.164785233Z	66	PC: 18432 \| Move file pointer
2018-12-25T12:28:40.167676679Z	64	PC: 18444 \| Write file or device (Write 0 bytes on handle 25964)
2018-12-25T12:28:40.169737647Z	89	PC: 15fa8 \| Get extended error info
2018-12-25T12:28:40.172311069Z	64	PC: 19838 \| Write file or device (Write 34 bytes on handle 2)
2018-12-25T12:28:40.17835469Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T12:28:40.183279733Z	100	PC: 19d8b \| Set wait for external event flag
2018-12-25T12:28:40.184982772Z	66	PC: 18476 \| Move file pointer
2018-12-25T12:28:40.186897115Z	64	PC: 1847c \| Write file or device (Write 0 bytes on handle 25964)
2018-12-25T12:28:40.189299746Z	64	PC: 1848b \| Write file or device (Write 1 bytes on handle 25964)
2018-12-25T12:28:40.190904434Z	62	PC: 1848f \| Close file

{"DateBased":true,"Day":13,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10632,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:40.112207148Z	26	PC: 12bd4 \| Set disk transfer address
2018-12-25T12:28:40.113586166Z	53	PC: 12a57 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:40.115869021Z	37	PC: 12a69 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:40.117289584Z	71	PC: 12a75 \| Get current directory
2018-12-25T12:28:40.120938182Z	78	PC: 12ab3 \| Find first file
2018-12-25T12:28:40.128701047Z	59	PC: 12a84 \| Change current directory
2018-12-25T12:28:40.135596361Z	42	PC: 12b6f \| Get date 0x12b6f: cmp cx, 0x7c9 0x12b73: jb 0x12bc6 0x12b75: cmp dl, 0xd 0x12b78: jne 0x12bc6 0x12b7a: mov ah, 0x2c 0x12b7c: int 0x21 0x12b7e: cmp ch, 0xd 0x12b81: jne 0x12bc6 0x12b83: mov ah, 9 0x12b85: lea dx, word ptr [bp + 0x2cf] 0x12b89: int 0x21 0x12b8b: mov cx, 2 0x12b8e: push cx 0x12b8f: cli 0x12b90: mov dx, 0x2ee0 0x12b93: sub dx, word ptr cs:[0x1388] 0x12b98: mov bx, 0x64 0x12b9b: mov al, 0xb6 0x12b9d: out 0x43, al 0x12b9f: mov ax, bx
2018-12-25T12:28:40.138397301Z	44	PC: 12b7e \| Get time 0x12b7e: cmp ch, 0xd 0x12b81: jne 0x12bc6 0x12b83: mov ah, 9 0x12b85: lea dx, word ptr [bp + 0x2cf] 0x12b89: int 0x21 0x12b8b: mov cx, 2 0x12b8e: push cx 0x12b8f: cli 0x12b90: mov dx, 0x2ee0 0x12b93: sub dx, word ptr cs:[0x1388] 0x12b98: mov bx, 0x64 0x12b9b: mov al, 0xb6 0x12b9d: out 0x43, al 0x12b9f: mov ax, bx 0x12ba1: out 0x42, al 0x12ba3: mov al, ah 0x12ba5: out 0x42, al 0x12ba7: in al, 0x61 0x12ba9: mov ah, 0 0x12bab: or ax, 3
2018-12-25T12:28:40.141668038Z	37	PC: 12a93 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:40.143102733Z	59	PC: 12a9d \| Change current directory
2018-12-25T12:28:40.145381039Z	26	PC: 12bd4 \| Set disk transfer address (See above)
2018-12-25T12:28:40.14737574Z	66	PC: 18432 \| Move file pointer
2018-12-25T12:28:40.149869703Z	64	PC: 18444 \| Write file or device (Write 0 bytes on handle 25964)
2018-12-25T12:28:40.1525447Z	89	PC: 15fa8 \| Get extended error info
2018-12-25T12:28:40.156081692Z	64	PC: 19838 \| Write file or device (Write 34 bytes on handle 2)
2018-12-25T12:28:40.163301034Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T12:28:40.167867772Z	100	PC: 19d8b \| Set wait for external event flag
2018-12-25T12:28:40.169214302Z	66	PC: 18476 \| Move file pointer
2018-12-25T12:28:40.171309658Z	64	PC: 1847c \| Write file or device (Write 0 bytes on handle 25964)
2018-12-25T12:28:40.1731048Z	64	PC: 1848b \| Write file or device (Write 1 bytes on handle 25964)
2018-12-25T12:28:40.174746022Z	62	PC: 1848f \| Close file