Sample viewer

vx.netlux.org/Virus.DOS.Mov.664

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:02.880111532Z 87 PC: 12b8a | Get or set file date and time
2018-12-17T22:53:02.882149402Z 78 PC: 12ba3 | Find first file
2018-12-17T22:53:02.893293512Z 42 PC: 12bd5 | Get date 0x12bd5: cmp dl, 0x1f
0x12bd8: je 0x12bdd
0x12bda: jmp 0x12bec
0x12bdc: nop
0x12bdd: mov ah, 9
0x12bdf: mov dx, 0x1f6
0x12be2: int 0x21
0x12be4: call 0x12ca1
0x12be7: call 0x12ca1
0x12bea: int 0x20
0x12bec: xor ax, ax
0x12bee: xor bx, bx
0x12bf0: xor cx, cx
0x12bf2: xor dx, dx
0x12bf4: mov ah, 0x1a
0x12bf6: mov dx, 0x105
0x12bf9: int 0x21
0x12bfb: mov ah, 0x47
0x12bfd: mov dl, 0
0x12bff: mov si, 0x14e
2018-12-17T22:53:02.895418325Z 26 PC: 12bfb | Set disk transfer address
2018-12-17T22:53:02.896585253Z 71 PC: 12c04 | Get current directory
2018-12-17T22:53:02.900422344Z 59 PC: 12c0b | Change current directory
2018-12-17T22:53:02.904789326Z 78 PC: 12c18 | Find first file
2018-12-17T22:53:02.911201794Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.176276353Z 61 PC: 12cc5 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:53:03.188957854Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 5)
2018-12-17T22:53:03.19530609Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.199291887Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.210935956Z 61 PC: 12cc5 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:53:03.219241319Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 6)
2018-12-17T22:53:03.229045581Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.233020408Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.24561528Z 61 PC: 12cc5 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:53:03.253751005Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 7)
2018-12-17T22:53:03.264241072Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.267320989Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.279185697Z 61 PC: 12cc5 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:53:03.285545264Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 8)
2018-12-17T22:53:03.291796878Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.293761382Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.301224845Z 61 PC: 12cc5 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:53:03.30569699Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 9)
2018-12-17T22:53:03.31147361Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.314198423Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.32187883Z 61 PC: 12cc5 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:53:03.329187914Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 10)
2018-12-17T22:53:03.340446118Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.343357618Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.355422859Z 61 PC: 12cc5 | Open file (Filename = 'PAH.COM')
2018-12-17T22:53:03.363746184Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 11)
2018-12-17T22:53:03.373961306Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.377753294Z 67 PC: 12cc0 | Get or set file attributes
2018-12-17T22:53:03.391403333Z 61 PC: 12cc5 | Open file (Filename = 'TEST.COM')
2018-12-17T22:53:03.399592809Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 12)
2018-12-17T22:53:03.409181926Z 79 PC: 12c18 | Find next file
2018-12-17T22:53:03.412404314Z 78 PC: 12c40 | Find first file
2018-12-17T22:53:03.419429605Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.422144426Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.424941875Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.427688985Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.430800542Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.433421396Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.436627568Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.439557003Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.442550306Z 79 PC: 12c4a | Find next file
2018-12-17T22:53:03.449674635Z 59 PC: 12c91 | Change current directory
2018-12-17T22:53:03.456018204Z 59 PC: 12c98 | Change current directory
2018-12-17T22:53:03.457909556Z 9 PC: 12c9f | Display string (String= 'Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11086,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:54.336789314Z 87 PC: 12b8a | Get or set file date and time
2018-12-25T12:29:54.339277798Z 78 PC: 12ba3 | Find first file
2018-12-25T12:29:54.348954458Z 42 PC: 12bd5 | Get date 0x12bd5: cmp dl, 0x1f
0x12bd8: je 0x12bdd
0x12bda: jmp 0x12bec
0x12bdc: nop
0x12bdd: mov ah, 9
0x12bdf: mov dx, 0x1f6
0x12be2: int 0x21
0x12be4: call 0x12ca1
0x12be7: call 0x12ca1
0x12bea: int 0x20
0x12bec: xor ax, ax
0x12bee: xor bx, bx
0x12bf0: xor cx, cx
0x12bf2: xor dx, dx
0x12bf4: mov ah, 0x1a
0x12bf6: mov dx, 0x105
0x12bf9: int 0x21
0x12bfb: mov ah, 0x47
0x12bfd: mov dl, 0
0x12bff: mov si, 0x14e
2018-12-25T12:29:54.351606599Z 26 PC: 12bfb | Set disk transfer address
2018-12-25T12:29:54.35355847Z 71 PC: 12c04 | Get current directory
2018-12-25T12:29:54.35773059Z 59 PC: 12c0b | Change current directory
2018-12-25T12:29:54.36257571Z 78 PC: 12c18 | Find first file
2018-12-25T12:29:54.36973293Z 67 PC: 12cc0 | Get or set file attributes
2018-12-25T12:29:54.388886531Z 61 PC: 12cc5 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:29:54.396992899Z 64 PC: 12cd3 | Write file or device (Write 664 bytes on handle 5)
2018-12-25T12:29:54.406945904Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.411674951Z 67 PC: 12cc0 | Get or set file attributes (See above)
2018-12-25T12:29:54.432666919Z 61 PC: 12cc5 | Open file (See above)
2018-12-25T12:29:54.43852608Z 64 PC: 12cd3 | Write file or device (See above)
2018-12-25T12:29:54.445074907Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.447416081Z 67 PC: 12cc0 | Get or set file attributes (See above)
2018-12-25T12:29:54.455661646Z 61 PC: 12cc5 | Open file (See above)
2018-12-25T12:29:54.46212931Z 64 PC: 12cd3 | Write file or device (See above)
2018-12-25T12:29:54.468169775Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.469969666Z 67 PC: 12cc0 | Get or set file attributes (See above)
2018-12-25T12:29:54.478669552Z 61 PC: 12cc5 | Open file (See above)
2018-12-25T12:29:54.484302769Z 64 PC: 12cd3 | Write file or device (See above)
2018-12-25T12:29:54.490625444Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.492619795Z 67 PC: 12cc0 | Get or set file attributes (See above)
2018-12-25T12:29:54.504588148Z 61 PC: 12cc5 | Open file (See above)
2018-12-25T12:29:54.513927023Z 64 PC: 12cd3 | Write file or device (See above)
2018-12-25T12:29:54.524137917Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.528452797Z 67 PC: 12cc0 | Get or set file attributes (See above)
2018-12-25T12:29:54.541078101Z 61 PC: 12cc5 | Open file (See above)
2018-12-25T12:29:54.550227338Z 64 PC: 12cd3 | Write file or device (See above)
2018-12-25T12:29:54.560890191Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.563860942Z 67 PC: 12cc0 | Get or set file attributes (See above)
2018-12-25T12:29:54.575838775Z 61 PC: 12cc5 | Open file (See above)
2018-12-25T12:29:54.58545166Z 64 PC: 12cd3 | Write file or device (See above)
2018-12-25T12:29:54.594557857Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.597585372Z 67 PC: 12cc0 | Get or set file attributes (See above)
2018-12-25T12:29:54.61027849Z 61 PC: 12cc5 | Open file (See above)
2018-12-25T12:29:54.618348074Z 64 PC: 12cd3 | Write file or device (See above)
2018-12-25T12:29:54.627755919Z 79 PC: 12c18 | Find next file (See above)
2018-12-25T12:29:54.631283634Z 78 PC: 12c40 | Find first file
2018-12-25T12:29:54.639794428Z 79 PC: 12c4a | Find next file
2018-12-25T12:29:54.643087366Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.646325033Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.650592448Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.653817133Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.657123072Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.661130161Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.663880507Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.666576924Z 79 PC: 12c4a | Find next file (See above)
2018-12-25T12:29:54.669784464Z 59 PC: 12c91 | Change current directory
2018-12-25T12:29:54.674158234Z 59 PC: 12c98 | Change current directory
2018-12-25T12:29:54.676932044Z 9 PC: 12c9f | Display string (String= 'Incorrect DOS version ')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11086,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:54.424385642Z 87 PC: 12b8a | Get or set file date and time
2018-12-25T12:29:54.427276829Z 78 PC: 12ba3 | Find first file
2018-12-25T12:29:54.43142956Z 42 PC: 12bd5 | Get date 0x12bd5: cmp dl, 0x1f
0x12bd8: je 0x12bdd
0x12bda: jmp 0x12bec
0x12bdc: nop
0x12bdd: mov ah, 9
0x12bdf: mov dx, 0x1f6
0x12be2: int 0x21
0x12be4: call 0x12ca1
0x12be7: call 0x12ca1
0x12bea: int 0x20
0x12bec: xor ax, ax
0x12bee: xor bx, bx
0x12bf0: xor cx, cx
0x12bf2: xor dx, dx
0x12bf4: mov ah, 0x1a
0x12bf6: mov dx, 0x105
0x12bf9: int 0x21
0x12bfb: mov ah, 0x47
0x12bfd: mov dl, 0
0x12bff: mov si, 0x14e
2018-12-25T12:29:54.4331637Z 9 PC: 12be4 | Display string (String= '(c) Copyleft 1997 10.29 by SVS/COREA [F.K Virus].MOV(Master Of Virus) ')