Sample viewer

vx.netlux.org/Virus.DOS.Fingers.1322

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:52:56.496640375Z	48	PC: 13b85 \| Get DOS version
2018-12-17T22:52:56.498321705Z	255	PC: 13b8e \| UNKNOWN!
2018-12-17T22:52:56.500414781Z	53	PC: 12db0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:56.502211235Z	37	PC: 12dc2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:56.50400049Z	74	PC: 12dd9 \| Reallocate memory
2018-12-17T22:52:56.506891028Z	42	PC: 12e31 \| Get date 0x12e31: cmp cx, 0x7c6 0x12e35: ja 0x12e4e 0x12e37: je 0x12e3c 0x12e39: jmp 0x12e9a 0x12e3b: nop 0x12e3c: cmp dh, 0xb 0x12e3f: ja 0x12e4e 0x12e41: je 0x12e46 0x12e43: jmp 0x12e9a 0x12e45: nop 0x12e46: cmp dl, 0xb 0x12e49: jae 0x12e4e 0x12e4b: jmp 0x12e9a 0x12e4d: nop 0x12e4e: push cs 0x12e4f: pop ds 0x12e50: mov byte ptr [0xbd], 0 0x12e55: mov word ptr [0xbe], 0 0x12e5b: mov ax, 0x3509 0x12e5e: int 0x21
2018-12-17T22:52:56.510176156Z	53	PC: 12e60 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:52:56.511927143Z	37	PC: 12e70 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:52:56.514656865Z	75	PC: 12eab \| Execute program
2018-12-17T22:52:56.532960092Z	48	PC: 142a5 \| Get DOS version
2018-12-17T22:52:56.534855862Z	48	PC: 13dbb \| Get DOS version
2018-12-17T22:52:56.540577451Z	9	PC: 13dc7 \| Display string (String= ' Incorrect DOS version ')
2018-12-17T22:52:56.548839306Z	77	PC: 12ebd \| Get program return code
2018-12-17T22:52:56.550560356Z	73	PC: 12ee7 \| Release memory
2018-12-17T22:52:56.552698706Z	49	PC: 12ef1 \| Terminate and stay resident (Return code = '0' \| Memory size = '99')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11047,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:49.340705084Z	48	PC: 13b85 \| Get DOS version
2018-12-25T12:29:49.343017687Z	255	PC: 13b8e \| UNKNOWN!
2018-12-25T12:29:49.344464147Z	53	PC: 12db0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:49.346083091Z	37	PC: 12dc2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:49.347499005Z	74	PC: 12dd9 \| Reallocate memory
2018-12-25T12:29:49.349219887Z	42	PC: 12e31 \| Get date 0x12e31: cmp cx, 0x7c6 0x12e35: ja 0x12e4e 0x12e37: je 0x12e3c 0x12e39: jmp 0x12e9a 0x12e3b: nop 0x12e3c: cmp dh, 0xb 0x12e3f: ja 0x12e4e 0x12e41: je 0x12e46 0x12e43: jmp 0x12e9a 0x12e45: nop 0x12e46: cmp dl, 0xb 0x12e49: jae 0x12e4e 0x12e4b: jmp 0x12e9a 0x12e4d: nop 0x12e4e: push cs 0x12e4f: pop ds 0x12e50: mov byte ptr [0xbd], 0 0x12e55: mov word ptr [0xbe], 0 0x12e5b: mov ax, 0x3509 0x12e5e: int 0x21
2018-12-25T12:29:49.350861121Z	75	PC: 12eab \| Execute program
2018-12-25T12:29:49.360632855Z	48	PC: 142a5 \| Get DOS version
2018-12-25T12:29:49.363485414Z	48	PC: 13dbb \| Get DOS version
2018-12-25T12:29:49.365549821Z	9	PC: 13dc7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T12:29:49.372782757Z	77	PC: 12ebd \| Get program return code
2018-12-25T12:29:49.374850969Z	73	PC: 12ee7 \| Release memory
2018-12-25T12:29:49.37645275Z	49	PC: 12ef1 \| Terminate and stay resident (Return code = '0' \| Memory size = '99')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11047,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:50.109908723Z	48	PC: 13b85 \| Get DOS version
2018-12-25T12:29:50.111768841Z	255	PC: 13b8e \| UNKNOWN!
2018-12-25T12:29:50.112799957Z	53	PC: 12db0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:50.114174798Z	37	PC: 12dc2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:50.116264326Z	74	PC: 12dd9 \| Reallocate memory
2018-12-25T12:29:50.118305544Z	42	PC: 12e31 \| Get date 0x12e31: cmp cx, 0x7c6 0x12e35: ja 0x12e4e 0x12e37: je 0x12e3c 0x12e39: jmp 0x12e9a 0x12e3b: nop 0x12e3c: cmp dh, 0xb 0x12e3f: ja 0x12e4e 0x12e41: je 0x12e46 0x12e43: jmp 0x12e9a 0x12e45: nop 0x12e46: cmp dl, 0xb 0x12e49: jae 0x12e4e 0x12e4b: jmp 0x12e9a 0x12e4d: nop 0x12e4e: push cs 0x12e4f: pop ds 0x12e50: mov byte ptr [0xbd], 0 0x12e55: mov word ptr [0xbe], 0 0x12e5b: mov ax, 0x3509 0x12e5e: int 0x21
2018-12-25T12:29:50.12084001Z	75	PC: 12eab \| Execute program
2018-12-25T12:29:50.137644364Z	48	PC: 142a5 \| Get DOS version
2018-12-25T12:29:50.152791108Z	48	PC: 13dbb \| Get DOS version
2018-12-25T12:29:50.154192855Z	9	PC: 13dc7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T12:29:50.162397181Z	77	PC: 12ebd \| Get program return code
2018-12-25T12:29:50.164562216Z	73	PC: 12ee7 \| Release memory
2018-12-25T12:29:50.166066844Z	49	PC: 12ef1 \| Terminate and stay resident (Return code = '0' \| Memory size = '99')

{"DateBased":true,"Day":1,"Month":11,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11047,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:50.384990896Z	48	PC: 13b85 \| Get DOS version
2018-12-25T12:29:50.387118376Z	255	PC: 13b8e \| UNKNOWN!
2018-12-25T12:29:50.387977509Z	53	PC: 12db0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:50.389099216Z	37	PC: 12dc2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:50.390831813Z	74	PC: 12dd9 \| Reallocate memory
2018-12-25T12:29:50.392350469Z	42	PC: 12e31 \| Get date 0x12e31: cmp cx, 0x7c6 0x12e35: ja 0x12e4e 0x12e37: je 0x12e3c 0x12e39: jmp 0x12e9a 0x12e3b: nop 0x12e3c: cmp dh, 0xb 0x12e3f: ja 0x12e4e 0x12e41: je 0x12e46 0x12e43: jmp 0x12e9a 0x12e45: nop 0x12e46: cmp dl, 0xb 0x12e49: jae 0x12e4e 0x12e4b: jmp 0x12e9a 0x12e4d: nop 0x12e4e: push cs 0x12e4f: pop ds 0x12e50: mov byte ptr [0xbd], 0 0x12e55: mov word ptr [0xbe], 0 0x12e5b: mov ax, 0x3509 0x12e5e: int 0x21
2018-12-25T12:29:50.394392964Z	75	PC: 12eab \| Execute program
2018-12-25T12:29:50.408998146Z	48	PC: 142a5 \| Get DOS version
2018-12-25T12:29:50.410939554Z	48	PC: 13dbb \| Get DOS version
2018-12-25T12:29:50.412654729Z	9	PC: 13dc7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T12:29:50.427190112Z	77	PC: 12ebd \| Get program return code
2018-12-25T12:29:50.428509675Z	73	PC: 12ee7 \| Release memory
2018-12-25T12:29:50.429575064Z	49	PC: 12ef1 \| Terminate and stay resident (Return code = '0' \| Memory size = '99')

{"DateBased":true,"Day":12,"Month":11,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11047,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:51.071365999Z	48	PC: 13b85 \| Get DOS version
2018-12-25T12:29:51.073776737Z	255	PC: 13b8e \| UNKNOWN!
2018-12-25T12:29:51.07480141Z	53	PC: 12db0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:51.076234269Z	37	PC: 12dc2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:51.077770644Z	74	PC: 12dd9 \| Reallocate memory
2018-12-25T12:29:51.080289754Z	42	PC: 12e31 \| Get date 0x12e31: cmp cx, 0x7c6 0x12e35: ja 0x12e4e 0x12e37: je 0x12e3c 0x12e39: jmp 0x12e9a 0x12e3b: nop 0x12e3c: cmp dh, 0xb 0x12e3f: ja 0x12e4e 0x12e41: je 0x12e46 0x12e43: jmp 0x12e9a 0x12e45: nop 0x12e46: cmp dl, 0xb 0x12e49: jae 0x12e4e 0x12e4b: jmp 0x12e9a 0x12e4d: nop 0x12e4e: push cs 0x12e4f: pop ds 0x12e50: mov byte ptr [0xbd], 0 0x12e55: mov word ptr [0xbe], 0 0x12e5b: mov ax, 0x3509 0x12e5e: int 0x21
2018-12-25T12:29:51.082794734Z	53	PC: 12e60 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:29:51.084512985Z	37	PC: 12e70 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:29:51.086459923Z	75	PC: 12eab \| Execute program
2018-12-25T12:29:51.109094809Z	48	PC: 142a5 \| Get DOS version
2018-12-25T12:29:51.110815084Z	48	PC: 13dbb \| Get DOS version
2018-12-25T12:29:51.113371794Z	9	PC: 13dc7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T12:29:51.12209526Z	77	PC: 12ebd \| Get program return code
2018-12-25T12:29:51.123999658Z	73	PC: 12ee7 \| Release memory
2018-12-25T12:29:51.126439463Z	49	PC: 12ef1 \| Terminate and stay resident (Return code = '0' \| Memory size = '99')

{"DateBased":true,"Day":1,"Month":12,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11047,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:51.295040106Z	48	PC: 13b85 \| Get DOS version
2018-12-25T12:29:51.296848137Z	255	PC: 13b8e \| UNKNOWN!
2018-12-25T12:29:51.298677008Z	53	PC: 12db0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:51.300081323Z	37	PC: 12dc2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:51.301465211Z	74	PC: 12dd9 \| Reallocate memory
2018-12-25T12:29:51.303998199Z	42	PC: 12e31 \| Get date 0x12e31: cmp cx, 0x7c6 0x12e35: ja 0x12e4e 0x12e37: je 0x12e3c 0x12e39: jmp 0x12e9a 0x12e3b: nop 0x12e3c: cmp dh, 0xb 0x12e3f: ja 0x12e4e 0x12e41: je 0x12e46 0x12e43: jmp 0x12e9a 0x12e45: nop 0x12e46: cmp dl, 0xb 0x12e49: jae 0x12e4e 0x12e4b: jmp 0x12e9a 0x12e4d: nop 0x12e4e: push cs 0x12e4f: pop ds 0x12e50: mov byte ptr [0xbd], 0 0x12e55: mov word ptr [0xbe], 0 0x12e5b: mov ax, 0x3509 0x12e5e: int 0x21
2018-12-25T12:29:51.306577447Z	53	PC: 12e60 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:29:51.30804993Z	37	PC: 12e70 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:29:51.310733834Z	75	PC: 12eab \| Execute program
2018-12-25T12:29:51.329972989Z	48	PC: 142a5 \| Get DOS version
2018-12-25T12:29:51.331956435Z	48	PC: 13dbb \| Get DOS version
2018-12-25T12:29:51.334716721Z	9	PC: 13dc7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T12:29:51.343302499Z	77	PC: 12ebd \| Get program return code
2018-12-25T12:29:51.345865918Z	73	PC: 12ee7 \| Release memory
2018-12-25T12:29:51.348590707Z	49	PC: 12ef1 \| Terminate and stay resident (Return code = '0' \| Memory size = '99')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11047,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:29:51.341168954Z	48	PC: 13b85 \| Get DOS version
2018-12-25T12:29:51.343169725Z	255	PC: 13b8e \| UNKNOWN!
2018-12-25T12:29:51.344049029Z	53	PC: 12db0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:51.345140921Z	37	PC: 12dc2 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:51.346712425Z	74	PC: 12dd9 \| Reallocate memory
2018-12-25T12:29:51.34833952Z	42	PC: 12e31 \| Get date 0x12e31: cmp cx, 0x7c6 0x12e35: ja 0x12e4e 0x12e37: je 0x12e3c 0x12e39: jmp 0x12e9a 0x12e3b: nop 0x12e3c: cmp dh, 0xb 0x12e3f: ja 0x12e4e 0x12e41: je 0x12e46 0x12e43: jmp 0x12e9a 0x12e45: nop 0x12e46: cmp dl, 0xb 0x12e49: jae 0x12e4e 0x12e4b: jmp 0x12e9a 0x12e4d: nop 0x12e4e: push cs 0x12e4f: pop ds 0x12e50: mov byte ptr [0xbd], 0 0x12e55: mov word ptr [0xbe], 0 0x12e5b: mov ax, 0x3509 0x12e5e: int 0x21
2018-12-25T12:29:51.350485016Z	53	PC: 12e60 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:29:51.351586085Z	37	PC: 12e70 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:29:51.353014578Z	75	PC: 12eab \| Execute program
2018-12-25T12:29:51.367117655Z	48	PC: 142a5 \| Get DOS version
2018-12-25T12:29:51.368719652Z	48	PC: 13dbb \| Get DOS version
2018-12-25T12:29:51.370675922Z	9	PC: 13dc7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T12:29:51.377789076Z	77	PC: 12ebd \| Get program return code
2018-12-25T12:29:51.379297683Z	73	PC: 12ee7 \| Release memory
2018-12-25T12:29:51.381242904Z	49	PC: 12ef1 \| Terminate and stay resident (Return code = '0' \| Memory size = '99')