Sample viewer

vx.netlux.org/Virus.DOS.Fichv.896

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:47.503406151Z 53 PC: 12a50 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:55:47.509496021Z 53 PC: 12a5d | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:55:47.510937553Z 37 PC: 12a79 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:55:47.512046715Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:55:47.514265286Z 37 PC: 12af9 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:55:47.515317656Z 37 PC: 12b0a | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:55:47.516374688Z 53 PC: 12b11 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:47.518147865Z 74 PC: 12d27 | Reallocate memory
2018-12-17T22:55:47.520089325Z 37 PC: 12d31 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:47.520918149Z 75 PC: 12d57 | Execute program
2018-12-17T22:55:47.530832025Z 53 PC: 12ee0 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:55:47.53255399Z 53 PC: 12eed | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:55:47.533917926Z 37 PC: 12f09 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:55:47.535139131Z 37 PC: 12f11 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:55:47.536702946Z 37 PC: 12f89 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:55:47.538026665Z 37 PC: 12f9a | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:55:47.538980779Z 53 PC: 12fa1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:47.540661803Z 54 PC: 12fc6 | Get free disk space
2018-12-17T22:55:47.546783422Z 78 PC: 12fd9 | Find first file
2018-12-17T22:55:47.551284984Z 79 PC: 12fed | Find next file
2018-12-17T22:55:47.553937354Z 79 PC: 12fed | Find next file
2018-12-17T22:55:47.555735918Z 79 PC: 12fed | Find next file
2018-12-17T22:55:47.557535092Z 79 PC: 12fed | Find next file
2018-12-17T22:55:47.559836942Z 79 PC: 12fed | Find next file
2018-12-17T22:55:47.561993528Z 79 PC: 12fed | Find next file
2018-12-17T22:55:47.563838609Z 79 PC: 12fed | Find next file
2018-12-17T22:55:47.569942973Z 37 PC: 1300c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:47.571270724Z 61 PC: 13014 | Open file (Filename = 'TEST.COM')
2018-12-17T22:55:47.577751067Z 87 PC: 1302b | Get or set file date and time
2018-12-17T22:55:47.579192901Z 63 PC: 13044 | Read file or device (Read 896 bytes on handle 5)
2018-12-17T22:55:47.587346234Z 66 PC: 1304f | Move file pointer
2018-12-17T22:55:47.588530988Z 64 PC: 13063 | Write file or device (Write 896 bytes on handle 5)
2018-12-17T22:55:48.44797554Z 66 PC: 1306c | Move file pointer
2018-12-17T22:55:48.454144009Z 64 PC: 130ac | Write file or device (Write 896 bytes on handle 5)
2018-12-17T22:55:48.461629859Z 87 PC: 130be | Get or set file date and time
2018-12-17T22:55:48.463401655Z 62 PC: 130c2 | Close file
2018-12-17T22:55:48.471630026Z 42 PC: 130e1 | Get date 0x130e1: cmp dh, 3
0x130e4: jne 0x1311e
0x130e6: mov dx, 0x55
0x130e9: mov ax, 0x6000
0x130ec: mov es, ax
0x130ee: xor ax, ax
0x130f0: xor di, di
0x130f2: mov si, 0x180
0x130f5: mov cx, 0x18
0x130f8: rep movsb byte ptr es:[di], byte ptr [si]
0x130fa: dec dx
0x130fb: cmp dx, 0
0x130fe: jne 0x130f2
0x13100: mov ah, 0x19
0x13102: int 0x21
0x13104: push ax
0x13105: pop dx
0x13106: mov dh, 1
0x13108: xor bx, bx
0x1310a: xor ch, ch
2018-12-17T22:55:48.473292885Z 9 PC: 12ed7 | Display string (String= ' Appat v1.0 Ce programme est infect� Par le virus Fichv 2.0 qui semble �tre apparent� au virus Pixel. Taille initiale du fichier 2048 octets. ')
2018-12-17T22:55:48.478590861Z 76 PC: 12edc | Terminate with return code (Return code = '0')
2018-12-17T22:55:48.481399742Z 49 PC: 12d6b | Terminate and stay resident (Return code = '1' | Memory size = '72')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12012,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:48.275941563Z 53 PC: 12a50 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.27846192Z 53 PC: 12a5d | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.279708219Z 37 PC: 12a79 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.280959777Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.283062651Z 37 PC: 12af9 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.284973941Z 37 PC: 12b0a | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.286213215Z 53 PC: 12b11 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:48.2916592Z 74 PC: 12d27 | Reallocate memory
2018-12-25T12:31:48.295269674Z 37 PC: 12d31 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:48.296883064Z 75 PC: 12d57 | Execute program
2018-12-25T12:31:48.310681228Z 53 PC: 12ee0 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.312578306Z 53 PC: 12eed | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.313781344Z 37 PC: 12f09 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.314951524Z 37 PC: 12f11 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.318289541Z 37 PC: 12f89 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.319585908Z 37 PC: 12f9a | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.320812976Z 53 PC: 12fa1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:48.322700545Z 54 PC: 12fc6 | Get free disk space
2018-12-25T12:31:48.331986552Z 78 PC: 12fd9 | Find first file
2018-12-25T12:31:48.338016562Z 79 PC: 12fed | Find next file
2018-12-25T12:31:48.345730663Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.34828908Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.350797448Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.354367962Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.356876841Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.359378618Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.364222695Z 37 PC: 1300c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:48.365701444Z 61 PC: 13014 | Open file (Filename = 'TEST.COM')
2018-12-25T12:31:48.371981407Z 87 PC: 1302b | Get or set file date and time
2018-12-25T12:31:48.373479238Z 63 PC: 13044 | Read file or device (Read 896 bytes on handle 5)
2018-12-25T12:31:48.381257246Z 66 PC: 1304f | Move file pointer
2018-12-25T12:31:48.38294827Z 64 PC: 13063 | Write file or device (Write 896 bytes on handle 5)
2018-12-25T12:31:48.397434295Z 66 PC: 1306c | Move file pointer
2018-12-25T12:31:48.400173615Z 64 PC: 130ac | Write file or device (Write 896 bytes on handle 5)
2018-12-25T12:31:48.407807777Z 87 PC: 130be | Get or set file date and time
2018-12-25T12:31:48.409143764Z 62 PC: 130c2 | Close file
2018-12-25T12:31:48.417134288Z 42 PC: 130e1 | Get date 0x130e1: cmp dh, 3
0x130e4: jne 0x1311e
0x130e6: mov dx, 0x55
0x130e9: mov ax, 0x6000
0x130ec: mov es, ax
0x130ee: xor ax, ax
0x130f0: xor di, di
0x130f2: mov si, 0x180
0x130f5: mov cx, 0x18
0x130f8: rep movsb byte ptr es:[di], byte ptr [si]
0x130fa: dec dx
0x130fb: cmp dx, 0
0x130fe: jne 0x130f2
0x13100: mov ah, 0x19
0x13102: int 0x21
0x13104: push ax
0x13105: pop dx
0x13106: mov dh, 1
0x13108: xor bx, bx
0x1310a: xor ch, ch
2018-12-25T12:31:48.419566938Z 9 PC: 12ed7 | Display string (String= ' Appat v1.0 Ce programme est infect� Par le virus Fichv 2.0 qui semble �tre apparent� au virus Pixel. Taille initiale du fichier 2048 octets. ')
2018-12-25T12:31:48.429781104Z 76 PC: 12edc | Terminate with return code (Return code = '0')
2018-12-25T12:31:48.432789398Z 49 PC: 12d6b | Terminate and stay resident (Return code = '1' | Memory size = '72')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12012,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:48.41026593Z 53 PC: 12a50 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.411223739Z 53 PC: 12a5d | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.413438495Z 37 PC: 12a79 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.414782841Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.415959022Z 37 PC: 12af9 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.416696353Z 37 PC: 12b0a | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.417883942Z 53 PC: 12b11 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:48.418852885Z 74 PC: 12d27 | Reallocate memory
2018-12-25T12:31:48.419704947Z 37 PC: 12d31 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:48.421152156Z 75 PC: 12d57 | Execute program
2018-12-25T12:31:48.435967637Z 53 PC: 12ee0 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.437079189Z 53 PC: 12eed | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.43884789Z 37 PC: 12f09 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.439971515Z 37 PC: 12f11 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.441321222Z 37 PC: 12f89 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:31:48.442466124Z 37 PC: 12f9a | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:31:48.44353556Z 53 PC: 12fa1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:48.444488104Z 54 PC: 12fc6 | Get free disk space
2018-12-25T12:31:48.450009049Z 78 PC: 12fd9 | Find first file
2018-12-25T12:31:48.454074255Z 79 PC: 12fed | Find next file
2018-12-25T12:31:48.455826636Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.457554058Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.46004978Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.461804808Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.463493173Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.465831475Z 79 PC: 12fed | Find next file (See above)
2018-12-25T12:31:48.467609297Z 37 PC: 1300c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:48.468509038Z 61 PC: 13014 | Open file (Filename = 'TEST.COM')
2018-12-25T12:31:48.474796226Z 87 PC: 1302b | Get or set file date and time
2018-12-25T12:31:48.476714867Z 63 PC: 13044 | Read file or device (Read 896 bytes on handle 5)
2018-12-25T12:31:48.485757423Z 66 PC: 1304f | Move file pointer
2018-12-25T12:31:48.489198102Z 64 PC: 13063 | Write file or device (Write 896 bytes on handle 5)
2018-12-25T12:31:48.640228155Z 66 PC: 1306c | Move file pointer
2018-12-25T12:31:48.642043256Z 64 PC: 130ac | Write file or device (Write 896 bytes on handle 5)
2018-12-25T12:31:48.651269226Z 87 PC: 130be | Get or set file date and time
2018-12-25T12:31:48.652914628Z 62 PC: 130c2 | Close file
2018-12-25T12:31:48.661995228Z 42 PC: 130e1 | Get date 0x130e1: cmp dh, 3
0x130e4: jne 0x1311e
0x130e6: mov dx, 0x55
0x130e9: mov ax, 0x6000
0x130ec: mov es, ax
0x130ee: xor ax, ax
0x130f0: xor di, di
0x130f2: mov si, 0x180
0x130f5: mov cx, 0x18
0x130f8: rep movsb byte ptr es:[di], byte ptr [si]
0x130fa: dec dx
0x130fb: cmp dx, 0
0x130fe: jne 0x130f2
0x13100: mov ah, 0x19
0x13102: int 0x21
0x13104: push ax
0x13105: pop dx
0x13106: mov dh, 1
0x13108: xor bx, bx
0x1310a: xor ch, ch
2018-12-25T12:31:48.665223107Z 25 PC: 13104 | Get default drive
2018-12-25T12:31:48.707114518Z 9 PC: 12ed7 | Display string (String= ' Appat v1.0 Ce programme est infect� Par le virus Fichv 2.0 qui semble �tre apparent� au virus Pixel. Taille initiale du fichier 2048 octets. ')
2018-12-25T12:31:48.719227639Z 76 PC: 12edc | Terminate with return code (Return code = '0')
2018-12-25T12:31:48.722779968Z 49 PC: 12d6b | Terminate and stay resident (Return code = '1' | Memory size = '72')