Sample viewer

vx.netlux.org/Virus.DOS.Neum.4338

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:59:53.727253949Z	53	PC: 13de5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:59:53.72881419Z	37	PC: 13dee \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T21:59:53.730133764Z	53	PC: 13e12 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:53.731125541Z	37	PC: 13e1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:53.732465762Z	37	PC: 13e26 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T21:59:53.733428167Z	26	PC: 13e33 \| Set disk transfer address
2018-12-17T21:59:53.734331377Z	25	PC: 13e37 \| Get default drive
2018-12-17T21:59:53.735816028Z	71	PC: 13e45 \| Get current directory
2018-12-17T21:59:53.738539743Z	42	PC: 1416e \| Get date 0x1416e: cmp dh, 3 0x14171: jne 0x1417b 0x14173: cmp dl, 0xc 0x14176: jne 0x1417b 0x14178: jmp 0x1417c 0x1417a: nop 0x1417b: ret 0x1417c: call 0x1424b 0x1417f: mov dx, 0x606 0x14182: call 0x14232 0x14185: call 0x24078 0x14188: cmp dl, 0xa 0x1418b: jg 0x14196 0x1418d: mov dx, 0x64f 0x14190: call 0x14232 0x14193: jmp 0x1422b 0x14196: cmp dl, 0x14 0x14199: jg 0x141a4 0x1419b: mov dx, 0x655 0x1419e: call 0x14232
2018-12-17T21:59:53.741794969Z	44	PC: 1407b \| Get time 0x1407b: inc dx 0x1407c: mov bx, dx 0x1407e: xchg bl, bh 0x14080: mov cx, word ptr [bx] 0x14082: inc cx 0x14083: cmp cx, 0 0x14086: je 0x14078 0x14088: cmp dl, 0 0x1408b: je 0x14078 0x1408d: ret 0x1408e: mov es, word ptr cs:[0x2c] 0x14093: xor di, di 0x14095: mov si, 0x11db 0x14098: lodsb al, byte ptr [si] 0x14099: mov cx, 0x8000 0x1409c: repne scasb al, byte ptr es:[di] 0x1409e: mov cx, 4 0x140a1: lodsb al, byte ptr [si] 0x140a2: scasb al, byte ptr es:[di] 0x140a3: jne 0x14095
2018-12-17T21:59:53.745169997Z	14	PC: 140e4 \| Set default drive (Drive = ' ')
2018-12-17T21:59:53.746409848Z	59	PC: 140eb \| Change current directory
2018-12-17T21:59:53.750053023Z	14	PC: 13e7a \| Set default drive (Drive = 'A')
2018-12-17T21:59:53.75164105Z	59	PC: 13e86 \| Change current directory
2018-12-17T21:59:53.75537715Z	37	PC: 13e8c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:59:53.756354211Z	26	PC: 13e94 \| Set disk transfer address
2018-12-17T21:59:53.757909799Z	9	PC: 12ad3 \| Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-17T21:59:53.770392768Z	76	PC: 12ad7 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1099,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:51.285227999Z	53	PC: 13de5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:51.288159929Z	37	PC: 13dee \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:42:51.290225002Z	53	PC: 13e12 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.291930128Z	37	PC: 13e1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.294514683Z	37	PC: 13e26 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:42:51.29603489Z	26	PC: 13e33 \| Set disk transfer address
2018-12-25T11:42:51.297260648Z	25	PC: 13e37 \| Get default drive
2018-12-25T11:42:51.298475022Z	71	PC: 13e45 \| Get current directory
2018-12-25T11:42:51.302438921Z	42	PC: 1416e \| Get date 0x1416e: cmp dh, 3 0x14171: jne 0x1417b 0x14173: cmp dl, 0xc 0x14176: jne 0x1417b 0x14178: jmp 0x1417c 0x1417a: nop 0x1417b: ret 0x1417c: call 0x1424b 0x1417f: mov dx, 0x606 0x14182: call 0x14232 0x14185: call 0x24078 0x14188: cmp dl, 0xa 0x1418b: jg 0x14196 0x1418d: mov dx, 0x64f 0x14190: call 0x14232 0x14193: jmp 0x1422b 0x14196: cmp dl, 0x14 0x14199: jg 0x141a4 0x1419b: mov dx, 0x655 0x1419e: call 0x14232
2018-12-25T11:42:51.304983712Z	44	PC: 1407b \| Get time 0x1407b: inc dx 0x1407c: mov bx, dx 0x1407e: xchg bl, bh 0x14080: mov cx, word ptr [bx] 0x14082: inc cx 0x14083: cmp cx, 0 0x14086: je 0x14078 0x14088: cmp dl, 0 0x1408b: je 0x14078 0x1408d: ret 0x1408e: mov es, word ptr cs:[0x2c] 0x14093: xor di, di 0x14095: mov si, 0x11db 0x14098: lodsb al, byte ptr [si] 0x14099: mov cx, 0x8000 0x1409c: repne scasb al, byte ptr es:[di] 0x1409e: mov cx, 4 0x140a1: lodsb al, byte ptr [si] 0x140a2: scasb al, byte ptr es:[di] 0x140a3: jne 0x14095
2018-12-25T11:42:51.307796167Z	59	PC: 14116 \| Change current directory
2018-12-25T11:42:51.313496334Z	44	PC: 1407b \| Get time (See above)
2018-12-25T11:42:51.316084839Z	78	PC: 14131 \| Find first file
2018-12-25T11:42:51.323320794Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.327178441Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.330913156Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.334178177Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.337467838Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.340647031Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.343314107Z	59	PC: 14149 \| Change current directory
2018-12-25T11:42:51.350673617Z	14	PC: 13e7a \| Set default drive (Drive = 'A')
2018-12-25T11:42:51.352357002Z	59	PC: 13e86 \| Change current directory
2018-12-25T11:42:51.357283559Z	37	PC: 13e8c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.358373357Z	26	PC: 13e94 \| Set disk transfer address
2018-12-25T11:42:51.359858068Z	9	PC: 12ad3 \| Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-25T11:42:51.3772273Z	76	PC: 12ad7 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1099,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:51.302895097Z	53	PC: 13de5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:51.30565262Z	37	PC: 13dee \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:42:51.307430213Z	53	PC: 13e12 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.308744496Z	37	PC: 13e1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.310318681Z	37	PC: 13e26 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:42:51.311572485Z	26	PC: 13e33 \| Set disk transfer address
2018-12-25T11:42:51.312512171Z	25	PC: 13e37 \| Get default drive
2018-12-25T11:42:51.313808453Z	71	PC: 13e45 \| Get current directory
2018-12-25T11:42:51.317090625Z	42	PC: 1416e \| Get date 0x1416e: cmp dh, 3 0x14171: jne 0x1417b 0x14173: cmp dl, 0xc 0x14176: jne 0x1417b 0x14178: jmp 0x1417c 0x1417a: nop 0x1417b: ret 0x1417c: call 0x1424b 0x1417f: mov dx, 0x606 0x14182: call 0x14232 0x14185: call 0x24078 0x14188: cmp dl, 0xa 0x1418b: jg 0x14196 0x1418d: mov dx, 0x64f 0x14190: call 0x14232 0x14193: jmp 0x1422b 0x14196: cmp dl, 0x14 0x14199: jg 0x141a4 0x1419b: mov dx, 0x655 0x1419e: call 0x14232
2018-12-25T11:42:51.319313384Z	44	PC: 1407b \| Get time 0x1407b: inc dx 0x1407c: mov bx, dx 0x1407e: xchg bl, bh 0x14080: mov cx, word ptr [bx] 0x14082: inc cx 0x14083: cmp cx, 0 0x14086: je 0x14078 0x14088: cmp dl, 0 0x1408b: je 0x14078 0x1408d: ret 0x1408e: mov es, word ptr cs:[0x2c] 0x14093: xor di, di 0x14095: mov si, 0x11db 0x14098: lodsb al, byte ptr [si] 0x14099: mov cx, 0x8000 0x1409c: repne scasb al, byte ptr es:[di] 0x1409e: mov cx, 4 0x140a1: lodsb al, byte ptr [si] 0x140a2: scasb al, byte ptr es:[di] 0x140a3: jne 0x14095
2018-12-25T11:42:51.321538006Z	59	PC: 14116 \| Change current directory
2018-12-25T11:42:51.326032495Z	44	PC: 1407b \| Get time (See above)
2018-12-25T11:42:51.328406453Z	78	PC: 14131 \| Find first file
2018-12-25T11:42:51.334861315Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.338047128Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.340767382Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.343407497Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.346397757Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.349039426Z	79	PC: 14131 \| Find next file (See above)
2018-12-25T11:42:51.351618521Z	59	PC: 14149 \| Change current directory
2018-12-25T11:42:51.358493929Z	14	PC: 13e7a \| Set default drive (Drive = 'A')
2018-12-25T11:42:51.359756326Z	59	PC: 13e86 \| Change current directory
2018-12-25T11:42:51.371723442Z	37	PC: 13e8c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.373874498Z	26	PC: 13e94 \| Set disk transfer address
2018-12-25T11:42:51.375458171Z	9	PC: 12ad3 \| Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-25T11:42:51.393347447Z	76	PC: 12ad7 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":12,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1099,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:51.902571506Z	53	PC: 13de5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:51.904090869Z	37	PC: 13dee \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:42:51.905470623Z	53	PC: 13e12 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.906493601Z	37	PC: 13e1d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:51.908416739Z	37	PC: 13e26 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:42:51.909705934Z	26	PC: 13e33 \| Set disk transfer address
2018-12-25T11:42:51.910960394Z	25	PC: 13e37 \| Get default drive
2018-12-25T11:42:51.912761544Z	71	PC: 13e45 \| Get current directory
2018-12-25T11:42:51.915515616Z	42	PC: 1416e \| Get date 0x1416e: cmp dh, 3 0x14171: jne 0x1417b 0x14173: cmp dl, 0xc 0x14176: jne 0x1417b 0x14178: jmp 0x1417c 0x1417a: nop 0x1417b: ret 0x1417c: call 0x1424b 0x1417f: mov dx, 0x606 0x14182: call 0x14232 0x14185: call 0x24078 0x14188: cmp dl, 0xa 0x1418b: jg 0x14196 0x1418d: mov dx, 0x64f 0x14190: call 0x14232 0x14193: jmp 0x1422b 0x14196: cmp dl, 0x14 0x14199: jg 0x141a4 0x1419b: mov dx, 0x655 0x1419e: call 0x14232
2018-12-25T11:42:51.917428219Z	44	PC: 1407b \| Get time 0x1407b: inc dx 0x1407c: mov bx, dx 0x1407e: xchg bl, bh 0x14080: mov cx, word ptr [bx] 0x14082: inc cx 0x14083: cmp cx, 0 0x14086: je 0x14078 0x14088: cmp dl, 0 0x1408b: je 0x14078 0x1408d: ret 0x1408e: mov es, word ptr cs:[0x2c] 0x14093: xor di, di 0x14095: mov si, 0x11db 0x14098: lodsb al, byte ptr [si] 0x14099: mov cx, 0x8000 0x1409c: repne scasb al, byte ptr es:[di] 0x1409e: mov cx, 4 0x140a1: lodsb al, byte ptr [si] 0x140a2: scasb al, byte ptr es:[di] 0x140a3: jne 0x14095
2018-12-25T11:42:51.919892174Z	25	PC: 14265 \| Get default drive
2018-12-25T11:42:51.920926749Z	60	PC: 14276 \| Create or truncate file
2018-12-25T11:42:52.96252015Z	44	PC: 1427e \| Get time 0x1427e: cmp dl, 0x18 0x14281: jg 0x1428d 0x14283: lea dx, word ptr [bp + 0x8b2] 0x14287: mov cx, 0x200 0x1428a: jmp 0x142b2 0x1428c: nop 0x1428d: cmp dl, 0x30 0x14290: jg 0x1429c 0x14292: lea dx, word ptr [bp + 0xab2] 0x14296: mov cx, 0xe8 0x14299: jmp 0x142b2 0x1429b: nop 0x1429c: cmp dl, 0x48 0x1429f: jg 0x142ab 0x142a1: lea dx, word ptr [bp + 0xb9a] 0x142a5: mov cx, 0x297 0x142a8: jmp 0x142b2 0x142aa: nop 0x142ab: lea dx, word ptr [bp + 0xe31] 0x142af: mov cx, 0x3a8
2018-12-25T11:42:52.965809099Z	64	PC: 142bb \| Write file or device (Write 937 bytes on handle 5)
2018-12-25T11:42:53.192342378Z	64	PC: 142c6 \| Write file or device (Write 366 bytes on handle 5)
2018-12-25T11:42:53.243098427Z	62	PC: 142ca \| Close file
2018-12-25T11:42:53.264310439Z	9	PC: 14238 \| Display string (String= ' miLLenEUm virus version 1.0 (C)Copyright 1993-1998 �PacMan� ')
2018-12-25T11:42:53.273653911Z	44	PC: 1407b \| Get time (See above)
2018-12-25T11:42:53.27621419Z	9	PC: 14238 \| Display string (See above)
2018-12-25T11:42:53.280118569Z	9	PC: 14238 \| Display string (See above)
2018-12-25T11:42:53.286415152Z	44	PC: 1407b \| Get time (See above)
2018-12-25T11:42:53.288515Z	59	PC: 14116 \| Change current directory
2018-12-25T11:42:53.293126Z	44	PC: 1407b \| Get time (See above)
2018-12-25T11:42:53.297355009Z	78	PC: 14131 \| Find first file
2018-12-25T11:42:53.303313944Z	59	PC: 14149 \| Change current directory
2018-12-25T11:42:53.310136761Z	14	PC: 13e7a \| Set default drive (Drive = 'A')
2018-12-25T11:42:53.312195133Z	59	PC: 13e86 \| Change current directory
2018-12-25T11:42:53.316337693Z	37	PC: 13e8c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:42:53.31835292Z	26	PC: 13e94 \| Set disk transfer address
2018-12-25T11:42:53.319579852Z	9	PC: 12ad3 \| Display string (String= ' Mabuhay! This program came from Bahay Kawayan at http://come.to/hexfiles Putoksa Kawayan [email protected] ')
2018-12-25T11:42:53.333163321Z	76	PC: 12ad7 \| Terminate with return code (Return code = '36')