Sample viewer

vx.netlux.org/Virus.DOS.Accept.3619

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:26.674180717Z	53	PC: 149ee \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-17T22:52:26.678494156Z	53	PC: 12af8 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:52:26.695328245Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:26.696647189Z	51	PC: 133e2 \| Get or set Ctrl-Break
2018-12-17T22:52:26.698145714Z	74	PC: 12b49 \| Reallocate memory
2018-12-17T22:52:26.699271397Z	82	PC: 134cc \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:52:26.700533895Z	75	PC: 137f8 \| Execute program
2018-12-17T22:52:26.711216392Z	53	PC: 169fe \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-17T22:52:26.712489916Z	48	PC: 152be \| Get DOS version
2018-12-17T22:52:26.713904229Z	74	PC: 15317 \| Reallocate memory
2018-12-17T22:52:26.716599634Z	72	PC: 1531e \| Allocate memory
2018-12-17T22:52:26.718071929Z	61	PC: 15334 \| Open file (Filename = '')
2018-12-17T22:52:26.72444056Z	73	PC: 159fb \| Release memory
2018-12-17T22:52:26.726282916Z	76	PC: 15558 \| Terminate with return code (Return code = '1')
2018-12-17T22:52:26.72917491Z	49	PC: 12b9c \| Terminate and stay resident (Return code = '0' \| Memory size = '507')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:25.594619325Z	53	PC: 149ee \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:25.597361088Z	53	PC: 12af8 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:25.59989284Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:25.601317773Z	51	PC: 133e2 \| Get or set Ctrl-Break
2018-12-25T12:29:25.602466516Z	74	PC: 12b49 \| Reallocate memory
2018-12-25T12:29:25.604404289Z	82	PC: 134cc \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:25.60601199Z	75	PC: 137f8 \| Execute program
2018-12-25T12:29:25.622537457Z	53	PC: 169fe \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:25.624529702Z	48	PC: 152be \| Get DOS version
2018-12-25T12:29:25.626003566Z	74	PC: 15317 \| Reallocate memory
2018-12-25T12:29:25.627603494Z	72	PC: 1531e \| Allocate memory
2018-12-25T12:29:25.630289319Z	61	PC: 15334 \| Open file (Filename = '')
2018-12-25T12:29:25.637591834Z	73	PC: 159fb \| Release memory
2018-12-25T12:29:25.639143122Z	76	PC: 15558 \| Terminate with return code (Return code = '1')
2018-12-25T12:29:25.643067712Z	49	PC: 12b9c \| Terminate and stay resident (Return code = '0' \| Memory size = '507')

{"DateBased":true,"Day":20,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:25.970943881Z	53	PC: 149ee \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:25.978718631Z	53	PC: 12af8 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:25.982678324Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:25.984644473Z	51	PC: 133e2 \| Get or set Ctrl-Break
2018-12-25T12:29:25.98805272Z	74	PC: 12b49 \| Reallocate memory
2018-12-25T12:29:25.989707504Z	82	PC: 134cc \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:25.991567548Z	75	PC: 137f8 \| Execute program
2018-12-25T12:29:26.025589175Z	53	PC: 169fe \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:26.027510774Z	48	PC: 152be \| Get DOS version
2018-12-25T12:29:26.029493662Z	74	PC: 15317 \| Reallocate memory
2018-12-25T12:29:26.033191382Z	72	PC: 1531e \| Allocate memory
2018-12-25T12:29:26.035172031Z	61	PC: 15334 \| Open file (Filename = '')
2018-12-25T12:29:26.049674042Z	73	PC: 159fb \| Release memory
2018-12-25T12:29:26.053757365Z	76	PC: 15558 \| Terminate with return code (Return code = '1')
2018-12-25T12:29:26.057318795Z	49	PC: 12b9c \| Terminate and stay resident (Return code = '0' \| Memory size = '507')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:26.066404533Z	53	PC: 149ee \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:26.070184169Z	53	PC: 12af8 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:26.07310136Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:26.074632349Z	51	PC: 133e2 \| Get or set Ctrl-Break
2018-12-25T12:29:26.076446323Z	74	PC: 12b49 \| Reallocate memory
2018-12-25T12:29:26.077970908Z	82	PC: 134cc \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:26.079628883Z	75	PC: 137f8 \| Execute program
2018-12-25T12:29:26.098386222Z	53	PC: 169fe \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:26.101287578Z	48	PC: 152be \| Get DOS version
2018-12-25T12:29:26.103353253Z	74	PC: 15317 \| Reallocate memory
2018-12-25T12:29:26.105850828Z	72	PC: 1531e \| Allocate memory
2018-12-25T12:29:26.108473787Z	61	PC: 15334 \| Open file (Filename = '')
2018-12-25T12:29:26.115907746Z	73	PC: 159fb \| Release memory
2018-12-25T12:29:26.117494999Z	76	PC: 15558 \| Terminate with return code (Return code = '1')
2018-12-25T12:29:26.121818873Z	49	PC: 12b9c \| Terminate and stay resident (Return code = '0' \| Memory size = '507')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:26.10560539Z	53	PC: 149ee \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:26.108953971Z	53	PC: 12af8 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:26.113592622Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:26.115163613Z	51	PC: 133e2 \| Get or set Ctrl-Break
2018-12-25T12:29:26.117154522Z	74	PC: 12b49 \| Reallocate memory
2018-12-25T12:29:26.121999562Z	82	PC: 134cc \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:26.123719208Z	75	PC: 137f8 \| Execute program
2018-12-25T12:29:26.140951925Z	53	PC: 169fe \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:26.142694141Z	48	PC: 152be \| Get DOS version
2018-12-25T12:29:26.149241715Z	74	PC: 15317 \| Reallocate memory
2018-12-25T12:29:26.150453055Z	72	PC: 1531e \| Allocate memory
2018-12-25T12:29:26.152316444Z	61	PC: 15334 \| Open file (Filename = '')
2018-12-25T12:29:26.156535843Z	73	PC: 159fb \| Release memory
2018-12-25T12:29:26.15760669Z	76	PC: 15558 \| Terminate with return code (Return code = '1')
2018-12-25T12:29:26.160322337Z	49	PC: 12b9c \| Terminate and stay resident (Return code = '0' \| Memory size = '507')

{"DateBased":true,"Day":28,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10878,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:26.23437923Z	53	PC: 149ee \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:26.238315995Z	53	PC: 12af8 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:29:26.241549161Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:26.243175232Z	51	PC: 133e2 \| Get or set Ctrl-Break
2018-12-25T12:29:26.24481667Z	74	PC: 12b49 \| Reallocate memory
2018-12-25T12:29:26.247165659Z	82	PC: 134cc \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:26.248930716Z	75	PC: 137f8 \| Execute program
2018-12-25T12:29:26.265901138Z	53	PC: 169fe \| Get interrupt vector (Interrupt = '126' AKA 'UNKNOWN!')
2018-12-25T12:29:26.2681024Z	48	PC: 152be \| Get DOS version
2018-12-25T12:29:26.269662642Z	74	PC: 15317 \| Reallocate memory
2018-12-25T12:29:26.271306511Z	72	PC: 1531e \| Allocate memory
2018-12-25T12:29:26.273786149Z	61	PC: 15334 \| Open file (Filename = '')
2018-12-25T12:29:26.281114227Z	73	PC: 159fb \| Release memory
2018-12-25T12:29:26.282756408Z	76	PC: 15558 \| Terminate with return code (Return code = '1')
2018-12-25T12:29:26.287052778Z	49	PC: 12b9c \| Terminate and stay resident (Return code = '0' \| Memory size = '507')