Sample viewer

vx.netlux.org/Virus.DOS.Spellbound.1164.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:08.287617729Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:52:08.290683723Z 37 PC: 12b74 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:52:08.292991264Z 74 PC: 12b7f | Reallocate memory
2018-12-17T22:52:08.294758887Z 72 PC: 12b86 | Allocate memory
2018-12-17T22:52:08.297305007Z 37 PC: 12b92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:08.298876694Z 42 PC: 12b96 | Get date 0x12b96: cmp dl, 1
0x12b99: jne 0x12ba5
0x12b9b: mov ah, 9
0x12b9d: mov dx, 0x162
0x12ba0: int 0x21
0x12ba2: call 0x12ce8
0x12ba5: mov dx, 0x15d
0x12ba8: mov ah, 0x4e
0x12baa: int 0x21
0x12bac: jae 0x12bb3
0x12bae: xor al, al
0x12bb0: out 0x21, al
0x12bb2: ret
0x12bb3: mov ax, 0x4300
0x12bb6: mov dx, 0x9e
0x12bb9: int 0x21
0x12bbb: push cx
0x12bbc: mov ax, 0x4301
0x12bbf: xor cx, cx
0x12bc1: int 0x21
2018-12-17T22:52:08.301475973Z 78 PC: 12bac | Find first file
2018-12-17T22:52:08.308004656Z 67 PC: 12bbb | Get or set file attributes
2018-12-17T22:52:08.31965143Z 67 PC: 12bc3 | Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10791,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:16.481564139Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:29:16.483272629Z 37 PC: 12b74 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:29:16.484351187Z 74 PC: 12b7f | Reallocate memory
2018-12-25T12:29:16.485646735Z 72 PC: 12b86 | Allocate memory
2018-12-25T12:29:16.502341461Z 37 PC: 12b92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:16.50375228Z 42 PC: 12b96 | Get date 0x12b96: cmp dl, 1
0x12b99: jne 0x12ba5
0x12b9b: mov ah, 9
0x12b9d: mov dx, 0x162
0x12ba0: int 0x21
0x12ba2: call 0x12ce8
0x12ba5: mov dx, 0x15d
0x12ba8: mov ah, 0x4e
0x12baa: int 0x21
0x12bac: jae 0x12bb3
0x12bae: xor al, al
0x12bb0: out 0x21, al
0x12bb2: ret
0x12bb3: mov ax, 0x4300
0x12bb6: mov dx, 0x9e
0x12bb9: int 0x21
0x12bbb: push cx
0x12bbc: mov ax, 0x4301
0x12bbf: xor cx, cx
0x12bc1: int 0x21
2018-12-25T12:29:16.506066328Z 9 PC: 12ba2 | Display string (String= 'Prime Evil! (C) Spellbound, Line Noise 1992. Coded in Stockholm, Sweden. Please spell my name right!')
2018-12-25T12:29:16.513151706Z 78 PC: 12bac | Find first file
2018-12-25T12:29:16.519559967Z 67 PC: 12bbb | Get or set file attributes
2018-12-25T12:29:16.52532974Z 67 PC: 12bc3 | Get or set file attributes

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10791,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:16.636606086Z 37 PC: 12b70 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:29:16.639438363Z 37 PC: 12b74 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:29:16.641093712Z 74 PC: 12b7f | Reallocate memory
2018-12-25T12:29:16.643216602Z 72 PC: 12b86 | Allocate memory
2018-12-25T12:29:16.650821927Z 37 PC: 12b92 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:16.652162233Z 42 PC: 12b96 | Get date 0x12b96: cmp dl, 1
0x12b99: jne 0x12ba5
0x12b9b: mov ah, 9
0x12b9d: mov dx, 0x162
0x12ba0: int 0x21
0x12ba2: call 0x12ce8
0x12ba5: mov dx, 0x15d
0x12ba8: mov ah, 0x4e
0x12baa: int 0x21
0x12bac: jae 0x12bb3
0x12bae: xor al, al
0x12bb0: out 0x21, al
0x12bb2: ret
0x12bb3: mov ax, 0x4300
0x12bb6: mov dx, 0x9e
0x12bb9: int 0x21
0x12bbb: push cx
0x12bbc: mov ax, 0x4301
0x12bbf: xor cx, cx
0x12bc1: int 0x21
2018-12-25T12:29:16.655070564Z 78 PC: 12bac | Find first file
2018-12-25T12:29:16.6627026Z 67 PC: 12bbb | Get or set file attributes
2018-12-25T12:29:16.669392664Z 67 PC: 12bc3 | Get or set file attributes