Sample viewer

vx.netlux.org/Virus.DOS.Fox.5414

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:00:46.042640741Z	53	PC: 18889 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:00:46.045211149Z	42	PC: 17f58 \| Get date 0x17f58: cmp cx, 0x7cd 0x17f5c: jb 0x17f72 0x17f5e: cmp dl, 0xa 0x17f61: jne 0x17f72 0x17f63: mov ah, 0x2c 0x17f65: int 0x21 0x17f67: cmp cl, ch 0x17f69: jne 0x17f72 0x17f6b: cmp cl, dh 0x17f6d: jne 0x17f72 0x17f6f: call 0x27ee5 0x17f72: mov si, 0x15e3 0x17f75: cmp word ptr cs:[0xe088], 0x61 0x17f7b: jne 0x17f85 0x17f7d: add si, word ptr cs:[0xe040] 0x17f82: jmp 0x17f8a 0x17f84: nop 0x17f85: sub si, word ptr cs:[0xe040] 0x17f8a: mov di, 0xe400 0x17f8d: cld
2018-12-17T22:00:46.047809429Z	47	PC: 18dd1 \| Get disk transfer address
2018-12-17T22:00:46.048934475Z	26	PC: 18de2 \| Set disk transfer address
2018-12-17T22:00:46.051608934Z	25	PC: 17f9d \| Get default drive
2018-12-17T22:00:46.052786542Z	87	PC: 17fc8 \| Get or set file date and time
2018-12-17T22:00:46.054244364Z	25	PC: 18064 \| Get default drive
2018-12-17T22:00:46.056288444Z	26	PC: 1826e \| Set disk transfer address
2018-12-17T22:00:46.057785743Z	78	PC: 1828c \| Find first file
2018-12-17T22:00:46.063446053Z	26	PC: 1826e \| Set disk transfer address
2018-12-17T22:00:46.06511402Z	78	PC: 1828c \| Find first file
2018-12-17T22:00:46.070495068Z	26	PC: 1826e \| Set disk transfer address
2018-12-17T22:00:46.071504285Z	78	PC: 1828c \| Find first file
2018-12-17T22:00:46.077488883Z	26	PC: 1826e \| Set disk transfer address
2018-12-17T22:00:46.078640322Z	78	PC: 1828c \| Find first file
2018-12-17T22:00:46.083902525Z	26	PC: 1826e \| Set disk transfer address
2018-12-17T22:00:46.086230985Z	78	PC: 1828c \| Find first file
2018-12-17T22:00:46.09150501Z	26	PC: 1826e \| Set disk transfer address
2018-12-17T22:00:46.092581238Z	78	PC: 1828c \| Find first file
2018-12-17T22:00:46.099626672Z	26	PC: 18df7 \| Set disk transfer address
2018-12-17T22:00:46.102019787Z	87	PC: 18718 \| Get or set file date and time
2018-12-17T22:00:46.103514854Z	53	PC: 18785 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:46.11742394Z	37	PC: 18795 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:46.11859982Z	9	PC: 17bc0 \| Display string (Could not find end pointer)
2018-12-17T22:00:46.122557226Z	76	PC: 17bc4 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1199,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:59.842973635Z	53	PC: 18889 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:42:59.846611564Z	42	PC: 17f58 \| Get date 0x17f58: cmp cx, 0x7cd 0x17f5c: jb 0x17f72 0x17f5e: cmp dl, 0xa 0x17f61: jne 0x17f72 0x17f63: mov ah, 0x2c 0x17f65: int 0x21 0x17f67: cmp cl, ch 0x17f69: jne 0x17f72 0x17f6b: cmp cl, dh 0x17f6d: jne 0x17f72 0x17f6f: call 0x27ee5 0x17f72: mov si, 0x15e3 0x17f75: cmp word ptr cs:[0xe088], 0x61 0x17f7b: jne 0x17f85 0x17f7d: add si, word ptr cs:[0xe040] 0x17f82: jmp 0x17f8a 0x17f84: nop 0x17f85: sub si, word ptr cs:[0xe040] 0x17f8a: mov di, 0xe400 0x17f8d: cld
2018-12-25T11:42:59.849091861Z	47	PC: 18dd1 \| Get disk transfer address
2018-12-25T11:42:59.850951515Z	26	PC: 18de2 \| Set disk transfer address
2018-12-25T11:42:59.852440835Z	25	PC: 17f9d \| Get default drive
2018-12-25T11:42:59.853981167Z	87	PC: 17fc8 \| Get or set file date and time
2018-12-25T11:42:59.855964949Z	25	PC: 18064 \| Get default drive
2018-12-25T11:42:59.857452331Z	26	PC: 1826e \| Set disk transfer address
2018-12-25T11:42:59.858880039Z	78	PC: 1828c \| Find first file
2018-12-25T11:42:59.86653991Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.867724081Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.875415528Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.877027228Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.884602269Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.887064249Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.893673196Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.895751606Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.904808367Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.906875741Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.914785651Z	26	PC: 18df7 \| Set disk transfer address
2018-12-25T11:42:59.918206267Z	87	PC: 18718 \| Get or set file date and time
2018-12-25T11:42:59.920290631Z	53	PC: 18785 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:59.921500299Z	37	PC: 18795 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:59.922978435Z	9	PC: 17bc0 \| Display string (Could not find end pointer)
2018-12-25T11:42:59.930399009Z	76	PC: 17bc4 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1199,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:59.83274861Z	53	PC: 18889 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:42:59.835023377Z	42	PC: 17f58 \| Get date 0x17f58: cmp cx, 0x7cd 0x17f5c: jb 0x17f72 0x17f5e: cmp dl, 0xa 0x17f61: jne 0x17f72 0x17f63: mov ah, 0x2c 0x17f65: int 0x21 0x17f67: cmp cl, ch 0x17f69: jne 0x17f72 0x17f6b: cmp cl, dh 0x17f6d: jne 0x17f72 0x17f6f: call 0x27ee5 0x17f72: mov si, 0x15e3 0x17f75: cmp word ptr cs:[0xe088], 0x61 0x17f7b: jne 0x17f85 0x17f7d: add si, word ptr cs:[0xe040] 0x17f82: jmp 0x17f8a 0x17f84: nop 0x17f85: sub si, word ptr cs:[0xe040] 0x17f8a: mov di, 0xe400 0x17f8d: cld
2018-12-25T11:42:59.837200645Z	47	PC: 18dd1 \| Get disk transfer address
2018-12-25T11:42:59.838268514Z	26	PC: 18de2 \| Set disk transfer address
2018-12-25T11:42:59.840142857Z	25	PC: 17f9d \| Get default drive
2018-12-25T11:42:59.841331682Z	87	PC: 17fc8 \| Get or set file date and time
2018-12-25T11:42:59.842646628Z	25	PC: 18064 \| Get default drive
2018-12-25T11:42:59.844028437Z	26	PC: 1826e \| Set disk transfer address
2018-12-25T11:42:59.845304073Z	78	PC: 1828c \| Find first file
2018-12-25T11:42:59.85145305Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.852605351Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.856639901Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.858703533Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.864447816Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.866341903Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.872654045Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.873873108Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.881813878Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.883289726Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.889498425Z	26	PC: 18df7 \| Set disk transfer address
2018-12-25T11:42:59.892500738Z	87	PC: 18718 \| Get or set file date and time
2018-12-25T11:42:59.894576874Z	53	PC: 18785 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:59.895918125Z	37	PC: 18795 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:59.898724428Z	9	PC: 17bc0 \| Display string (Could not find end pointer)
2018-12-25T11:42:59.90259623Z	76	PC: 17bc4 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":10,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1199,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:59.8942912Z	53	PC: 18889 \| Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:42:59.896268285Z	42	PC: 17f58 \| Get date 0x17f58: cmp cx, 0x7cd 0x17f5c: jb 0x17f72 0x17f5e: cmp dl, 0xa 0x17f61: jne 0x17f72 0x17f63: mov ah, 0x2c 0x17f65: int 0x21 0x17f67: cmp cl, ch 0x17f69: jne 0x17f72 0x17f6b: cmp cl, dh 0x17f6d: jne 0x17f72 0x17f6f: call 0x27ee5 0x17f72: mov si, 0x15e3 0x17f75: cmp word ptr cs:[0xe088], 0x61 0x17f7b: jne 0x17f85 0x17f7d: add si, word ptr cs:[0xe040] 0x17f82: jmp 0x17f8a 0x17f84: nop 0x17f85: sub si, word ptr cs:[0xe040] 0x17f8a: mov di, 0xe400 0x17f8d: cld
2018-12-25T11:42:59.898313761Z	44	PC: 17f67 \| Get time 0x17f67: cmp cl, ch 0x17f69: jne 0x17f72 0x17f6b: cmp cl, dh 0x17f6d: jne 0x17f72 0x17f6f: call 0x27ee5 0x17f72: mov si, 0x15e3 0x17f75: cmp word ptr cs:[0xe088], 0x61 0x17f7b: jne 0x17f85 0x17f7d: add si, word ptr cs:[0xe040] 0x17f82: jmp 0x17f8a 0x17f84: nop 0x17f85: sub si, word ptr cs:[0xe040] 0x17f8a: mov di, 0xe400 0x17f8d: cld 0x17f8e: mov cx, 0x20 0x17f91: rep movsb byte ptr es:[di], byte ptr [si] 0x17f93: call 0x18dc8 0x17f96: call 0x18d70 0x17f99: mov ah, 0x19 0x17f9b: int 0x21
2018-12-25T11:42:59.900362345Z	47	PC: 18dd1 \| Get disk transfer address
2018-12-25T11:42:59.902014728Z	26	PC: 18de2 \| Set disk transfer address
2018-12-25T11:42:59.903205479Z	25	PC: 17f9d \| Get default drive
2018-12-25T11:42:59.904215846Z	87	PC: 17fc8 \| Get or set file date and time
2018-12-25T11:42:59.906472234Z	25	PC: 18064 \| Get default drive
2018-12-25T11:42:59.908486372Z	26	PC: 1826e \| Set disk transfer address
2018-12-25T11:42:59.910333031Z	78	PC: 1828c \| Find first file
2018-12-25T11:42:59.916382754Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.917384495Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.922491622Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.924076146Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.929567333Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.93065362Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.936519679Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.937446793Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.942403502Z	26	PC: 1826e \| Set disk transfer address (See above)
2018-12-25T11:42:59.944066313Z	78	PC: 1828c \| Find first file (See above)
2018-12-25T11:42:59.949076972Z	26	PC: 18df7 \| Set disk transfer address
2018-12-25T11:42:59.951027488Z	87	PC: 18718 \| Get or set file date and time
2018-12-25T11:42:59.952935542Z	53	PC: 18785 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:59.954040915Z	37	PC: 18795 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:59.955406856Z	9	PC: 17bc0 \| Display string (Could not find end pointer)
2018-12-25T11:42:59.961767438Z	76	PC: 17bc4 \| Terminate with return code (Return code = '36')