Sample viewer

vx.netlux.org/Virus.DOS.Bward.1024

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:23.711687942Z 48 PC: 19c6d | Get DOS version
2018-12-17T22:53:23.713763911Z 42 PC: 19f66 | Get date 0x19f66: cmp al, 1
0x19f68: jne 0x19f71
0x19f6a: mov byte ptr cs:[0x3f5], 0x69
0x19f70: nop
0x19f71: cmp al, 5
0x19f73: jne 0x19f7c
0x19f75: mov byte ptr cs:[0x3f5], 0x69
0x19f7b: nop
0x19f7c: mov ax, 0xf000
0x19f7f: mov es, ax
0x19f81: mov di, 0xfa19
0x19f84: mov si, 0x3a9
0x19f87: mov cx, 5
0x19f8a: repe cmpsb byte ptr [si], byte ptr es:[di]
0x19f8c: jne 0x19f94
0x19f8e: mov dx, 0xffff
0x19f91: jmp 0x19f99
0x19f93: nop
0x19f94: pop ds
0x19f95: pop es
2018-12-17T22:53:23.716296148Z 38 PC: 19cc6 | Create PSP
2018-12-17T22:53:23.731210724Z 48 PC: 19ce6 | Get DOS version
2018-12-17T22:53:23.733839682Z 74 PC: 19d40 | Reallocate memory
2018-12-17T22:53:23.736240382Z 48 PC: 19d98 | Get DOS version
2018-12-17T22:53:23.73817745Z 53 PC: 19da0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:23.741404573Z 37 PC: 19db2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:23.743045715Z 68 PC: 19e36 | I/O control for devices (Set for = ' D��Z')
2018-12-17T22:53:23.744763041Z 68 PC: 19e36 | I/O control for devices (Set for = '')
2018-12-17T22:53:23.746715308Z 68 PC: 19e36 | I/O control for devices (Set for = '�X+ȉN����0F��I ���N��X�� �t
2018-12-17T22:53:23.748998207Z 68 PC: 19e36 | I/O control for devices (Set for = '��N��X�� �t
2018-12-17T22:53:23.751007681Z 68 PC: 19e36 | I/O control for devices (Set for = '��N��X�� �t
2018-12-17T22:53:23.753650155Z 53 PC: 1b607 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:23.755485212Z 37 PC: 1b61c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:53:23.757516337Z 99 PC: 1df49 | Get DBCS lead byte table pointer
2018-12-17T22:53:23.75915751Z 68 PC: 1df63 | I/O control for devices (Set for = '')
2018-12-17T22:53:23.761627109Z 68 PC: 1df6e | I/O control for devices (Set for = '')
2018-12-17T22:53:23.763381534Z 68 PC: 1df79 | I/O control for devices (Set for = '')
2018-12-17T22:53:23.76490161Z 68 PC: 1df81 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:53:23.767718481Z 48 PC: 1df86 | Get DOS version
2018-12-17T22:53:23.770402793Z 64 PC: 1e201 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T22:53:23.776341489Z 37 PC: 19ecb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:53:23.779406667Z 76 PC: 19eb4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11198,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:08.624394404Z 48 PC: 19c6d | Get DOS version
2018-12-25T12:30:08.62652033Z 42 PC: 19f66 | Get date 0x19f66: cmp al, 1
0x19f68: jne 0x19f71
0x19f6a: mov byte ptr cs:[0x3f5], 0x69
0x19f70: nop
0x19f71: cmp al, 5
0x19f73: jne 0x19f7c
0x19f75: mov byte ptr cs:[0x3f5], 0x69
0x19f7b: nop
0x19f7c: mov ax, 0xf000
0x19f7f: mov es, ax
0x19f81: mov di, 0xfa19
0x19f84: mov si, 0x3a9
0x19f87: mov cx, 5
0x19f8a: repe cmpsb byte ptr [si], byte ptr es:[di]
0x19f8c: jne 0x19f94
0x19f8e: mov dx, 0xffff
0x19f91: jmp 0x19f99
0x19f93: nop
0x19f94: pop ds
0x19f95: pop es
2018-12-25T12:30:08.630224535Z 38 PC: 19cc6 | Create PSP
2018-12-25T12:30:08.648813939Z 48 PC: 19ce6 | Get DOS version
2018-12-25T12:30:08.651408184Z 74 PC: 19d40 | Reallocate memory
2018-12-25T12:30:08.653915514Z 48 PC: 19d98 | Get DOS version
2018-12-25T12:30:08.655348579Z 53 PC: 19da0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:08.656806398Z 37 PC: 19db2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:08.659786606Z 68 PC: 19e36 | I/O control for devices (Set for = ' D��Z')
2018-12-25T12:30:08.661916291Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:08.664036382Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:08.667203891Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:08.669402591Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:08.672434247Z 53 PC: 1b607 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:30:08.674715519Z 37 PC: 1b61c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:30:08.676630146Z 99 PC: 1df49 | Get DBCS lead byte table pointer
2018-12-25T12:30:08.678003694Z 68 PC: 1df63 | I/O control for devices (Set for = '')
2018-12-25T12:30:08.679996871Z 68 PC: 1df6e | I/O control for devices (Set for = '')
2018-12-25T12:30:08.681821767Z 68 PC: 1df79 | I/O control for devices (Set for = '')
2018-12-25T12:30:08.683344206Z 68 PC: 1df81 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:30:08.685886355Z 48 PC: 1df86 | Get DOS version
2018-12-25T12:30:08.688379346Z 64 PC: 1e201 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:30:08.695650743Z 37 PC: 19ecb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:08.698424341Z 76 PC: 19eb4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11198,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:09.187743853Z 48 PC: 19c6d | Get DOS version
2018-12-25T12:30:09.189776338Z 42 PC: 19f66 | Get date 0x19f66: cmp al, 1
0x19f68: jne 0x19f71
0x19f6a: mov byte ptr cs:[0x3f5], 0x69
0x19f70: nop
0x19f71: cmp al, 5
0x19f73: jne 0x19f7c
0x19f75: mov byte ptr cs:[0x3f5], 0x69
0x19f7b: nop
0x19f7c: mov ax, 0xf000
0x19f7f: mov es, ax
0x19f81: mov di, 0xfa19
0x19f84: mov si, 0x3a9
0x19f87: mov cx, 5
0x19f8a: repe cmpsb byte ptr [si], byte ptr es:[di]
0x19f8c: jne 0x19f94
0x19f8e: mov dx, 0xffff
0x19f91: jmp 0x19f99
0x19f93: nop
0x19f94: pop ds
0x19f95: pop es
2018-12-25T12:30:09.191631733Z 38 PC: 19cc6 | Create PSP
2018-12-25T12:30:09.205179611Z 48 PC: 19ce6 | Get DOS version
2018-12-25T12:30:09.207701867Z 74 PC: 19d40 | Reallocate memory
2018-12-25T12:30:09.209506556Z 48 PC: 19d98 | Get DOS version
2018-12-25T12:30:09.21083428Z 53 PC: 19da0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:09.213250618Z 37 PC: 19db2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:09.2152578Z 68 PC: 19e36 | I/O control for devices (Set for = ' D��Z')
2018-12-25T12:30:09.217482937Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.219702194Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.221832236Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.223424324Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.226191841Z 53 PC: 1b607 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:30:09.228963742Z 37 PC: 1b61c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:30:09.230933604Z 99 PC: 1df49 | Get DBCS lead byte table pointer
2018-12-25T12:30:09.232891008Z 68 PC: 1df63 | I/O control for devices (Set for = '')
2018-12-25T12:30:09.235087086Z 68 PC: 1df6e | I/O control for devices (Set for = '')
2018-12-25T12:30:09.236941132Z 68 PC: 1df79 | I/O control for devices (Set for = '')
2018-12-25T12:30:09.238452155Z 68 PC: 1df81 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:30:09.24129019Z 48 PC: 1df86 | Get DOS version
2018-12-25T12:30:09.243729714Z 64 PC: 1e201 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:30:09.250433405Z 37 PC: 19ecb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:09.253202725Z 76 PC: 19eb4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11198,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:09.368521909Z 48 PC: 19c6d | Get DOS version
2018-12-25T12:30:09.370809829Z 42 PC: 19f66 | Get date 0x19f66: cmp al, 1
0x19f68: jne 0x19f71
0x19f6a: mov byte ptr cs:[0x3f5], 0x69
0x19f70: nop
0x19f71: cmp al, 5
0x19f73: jne 0x19f7c
0x19f75: mov byte ptr cs:[0x3f5], 0x69
0x19f7b: nop
0x19f7c: mov ax, 0xf000
0x19f7f: mov es, ax
0x19f81: mov di, 0xfa19
0x19f84: mov si, 0x3a9
0x19f87: mov cx, 5
0x19f8a: repe cmpsb byte ptr [si], byte ptr es:[di]
0x19f8c: jne 0x19f94
0x19f8e: mov dx, 0xffff
0x19f91: jmp 0x19f99
0x19f93: nop
0x19f94: pop ds
0x19f95: pop es
2018-12-25T12:30:09.373711735Z 38 PC: 19cc6 | Create PSP
2018-12-25T12:30:09.392528111Z 48 PC: 19ce6 | Get DOS version
2018-12-25T12:30:09.394937286Z 74 PC: 19d40 | Reallocate memory
2018-12-25T12:30:09.397031858Z 48 PC: 19d98 | Get DOS version
2018-12-25T12:30:09.39866477Z 53 PC: 19da0 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:09.400538499Z 37 PC: 19db2 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:09.409230613Z 68 PC: 19e36 | I/O control for devices (Set for = ' D��Z')
2018-12-25T12:30:09.410789769Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.412362716Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.414489364Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.41608142Z 68 PC: 19e36 | I/O control for devices (See above)
2018-12-25T12:30:09.41846294Z 53 PC: 1b607 | Get interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:30:09.420516155Z 37 PC: 1b61c | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:30:09.422661338Z 99 PC: 1df49 | Get DBCS lead byte table pointer
2018-12-25T12:30:09.42499649Z 68 PC: 1df63 | I/O control for devices (Set for = '')
2018-12-25T12:30:09.427389109Z 68 PC: 1df6e | I/O control for devices (Set for = '')
2018-12-25T12:30:09.430351037Z 68 PC: 1df79 | I/O control for devices (Set for = '')
2018-12-25T12:30:09.432944034Z 68 PC: 1df81 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:30:09.43666302Z 48 PC: 1df86 | Get DOS version
2018-12-25T12:30:09.438739212Z 64 PC: 1e201 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:30:09.444924298Z 37 PC: 19ecb | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:30:09.44694922Z 76 PC: 19eb4 | Terminate with return code (Return code = '0')