Sample viewer

vx.netlux.org/Virus.DOS.Casino.2330

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:52.6467949Z 42 PC: 131c9 | Get date 0x131c9: cmp dl, 0xf
0x131cc: je 0x131d1
0x131ce: jmp 0x13373
0x131d1: cmp dh, 1
0x131d4: je 0x131e3
0x131d6: cmp dh, 4
0x131d9: je 0x131e3
0x131db: cmp dh, 8
0x131de: je 0x131e3
0x131e0: jmp 0x13373
0x131e3: call 0x1332b
0x131e6: push ds
0x131e7: pop es
0x131e8: mov si, 0x613
0x131eb: mov di, 0x613
0x131ee: mov cx, 0x305
0x131f1: cld
0x131f2: lodsb al, byte ptr [si]
0x131f3: sub al, 0x64
0x131f5: stosb byte ptr es:[di], al
2018-12-17T22:57:52.65405632Z 75 PC: 1337b | Execute program
2018-12-17T22:57:52.656234264Z 47 PC: 13399 | Get disk transfer address
2018-12-17T22:57:52.657958596Z 26 PC: 133a8 | Set disk transfer address
2018-12-17T22:57:52.659641649Z 78 PC: 133b2 | Find first file
2018-12-17T22:57:52.666503137Z 67 PC: 1303b | Get or set file attributes
2018-12-17T22:57:52.672464063Z 61 PC: 13052 | Open file (Filename = 'UWW')
2018-12-17T22:57:52.679302177Z 63 PC: 1305e | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:57:52.684192549Z 87 PC: 13081 | Get or set file date and time
2018-12-17T22:57:52.686522028Z 53 PC: 13142 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:52.688632997Z 37 PC: 13152 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:52.691686026Z 66 PC: 130b8 | Move file pointer
2018-12-17T22:57:52.693274362Z 63 PC: 130c2 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:57:52.696033678Z 66 PC: 130ce | Move file pointer
2018-12-17T22:57:52.699112305Z 64 PC: 130d8 | Write file or device (Write 2330 bytes on handle 5)
2018-12-17T22:57:53.358331949Z 66 PC: 130ee | Move file pointer
2018-12-17T22:57:53.360554958Z 64 PC: 13106 | Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:57:53.364836607Z 87 PC: 13113 | Get or set file date and time
2018-12-17T22:57:53.367119458Z 62 PC: 13117 | Close file
2018-12-17T22:57:53.376168277Z 37 PC: 13163 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:53.378396986Z 53 PC: 13142 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:53.381304642Z 37 PC: 13152 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:53.383183674Z 60 PC: 133cf | Create or truncate file
2018-12-17T22:57:53.402229717Z 64 PC: 133dd | Write file or device (Write 2330 bytes on handle 5)
2018-12-17T22:57:53.418451871Z 62 PC: 133e2 | Close file
2018-12-17T22:57:53.440137805Z 74 PC: 13404 | Reallocate memory
2018-12-17T22:57:53.442346106Z 75 PC: 13411 | Execute program
2018-12-17T22:57:53.459613044Z 65 PC: 96c84 | Delete file (Filename = '�����������������')
2018-12-17T22:57:53.474114143Z 53 PC: 96c89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:53.476114874Z 37 PC: 96c99 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:53.479175868Z 49 PC: 96c9e | Terminate and stay resident (Return code = '0' | Memory size = '194')
2018-12-17T22:57:53.487887013Z 37 PC: 13163 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:53.48957739Z 26 PC: 13430 | Set disk transfer address
2018-12-17T22:57:53.491537124Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12703,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:03.720673833Z 42 PC: 131c9 | Get date 0x131c9: cmp dl, 0xf
0x131cc: je 0x131d1
0x131ce: jmp 0x13373
0x131d1: cmp dh, 1
0x131d4: je 0x131e3
0x131d6: cmp dh, 4
0x131d9: je 0x131e3
0x131db: cmp dh, 8
0x131de: je 0x131e3
0x131e0: jmp 0x13373
0x131e3: call 0x1332b
0x131e6: push ds
0x131e7: pop es
0x131e8: mov si, 0x613
0x131eb: mov di, 0x613
0x131ee: mov cx, 0x305
0x131f1: cld
0x131f2: lodsb al, byte ptr [si]
0x131f3: sub al, 0x64
0x131f5: stosb byte ptr es:[di], al
2018-12-25T12:36:03.723551648Z 75 PC: 1337b | Execute program
2018-12-25T12:36:03.726139585Z 47 PC: 13399 | Get disk transfer address
2018-12-25T12:36:03.727459253Z 26 PC: 133a8 | Set disk transfer address
2018-12-25T12:36:03.728772427Z 78 PC: 133b2 | Find first file
2018-12-25T12:36:03.7369121Z 67 PC: 1303b | Get or set file attributes
2018-12-25T12:36:03.743094241Z 61 PC: 13052 | Open file (Filename = 'UWW')
2018-12-25T12:36:03.758606524Z 63 PC: 1305e | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:36:03.762598169Z 87 PC: 13081 | Get or set file date and time
2018-12-25T12:36:03.764424028Z 53 PC: 13142 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:03.765848797Z 37 PC: 13152 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:03.768386372Z 66 PC: 130b8 | Move file pointer
2018-12-25T12:36:03.770034835Z 63 PC: 130c2 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:36:03.77278277Z 66 PC: 130ce | Move file pointer
2018-12-25T12:36:03.777491683Z 64 PC: 130d8 | Write file or device (Write 2330 bytes on handle 5)
2018-12-25T12:36:04.10835843Z 66 PC: 130ee | Move file pointer
2018-12-25T12:36:04.110416616Z 64 PC: 13106 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:04.114297514Z 87 PC: 13113 | Get or set file date and time
2018-12-25T12:36:04.117267675Z 62 PC: 13117 | Close file
2018-12-25T12:36:04.125314307Z 37 PC: 13163 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:04.126639056Z 53 PC: 13142 | Get interrupt vector (See above)
2018-12-25T12:36:04.128909839Z 37 PC: 13152 | Set interrupt vector (See above)
2018-12-25T12:36:04.130248822Z 60 PC: 133cf | Create or truncate file
2018-12-25T12:36:04.149354171Z 64 PC: 133dd | Write file or device (Write 2330 bytes on handle 5)
2018-12-25T12:36:04.159517286Z 62 PC: 133e2 | Close file
2018-12-25T12:36:04.169128105Z 74 PC: 13404 | Reallocate memory
2018-12-25T12:36:04.171134114Z 75 PC: 13411 | Execute program
2018-12-25T12:36:04.188338851Z 65 PC: 96c84 | Delete file (Filename = '�����������������')
2018-12-25T12:36:04.201562226Z 53 PC: 96c89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.202967635Z 37 PC: 96c99 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.204896092Z 49 PC: 96c9e | Terminate and stay resident (Return code = '0' | Memory size = '194')
2018-12-25T12:36:04.208156924Z 37 PC: 13163 | Set interrupt vector (See above)
2018-12-25T12:36:04.21081128Z 26 PC: 13430 | Set disk transfer address
2018-12-25T12:36:04.212359209Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12703,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:04.110798853Z 42 PC: 131c9 | Get date 0x131c9: cmp dl, 0xf
0x131cc: je 0x131d1
0x131ce: jmp 0x13373
0x131d1: cmp dh, 1
0x131d4: je 0x131e3
0x131d6: cmp dh, 4
0x131d9: je 0x131e3
0x131db: cmp dh, 8
0x131de: je 0x131e3
0x131e0: jmp 0x13373
0x131e3: call 0x1332b
0x131e6: push ds
0x131e7: pop es
0x131e8: mov si, 0x613
0x131eb: mov di, 0x613
0x131ee: mov cx, 0x305
0x131f1: cld
0x131f2: lodsb al, byte ptr [si]
0x131f3: sub al, 0x64
0x131f5: stosb byte ptr es:[di], al
2018-12-25T12:36:04.113956129Z 25 PC: 1333b | Get default drive
2018-12-25T12:36:04.121149942Z 25 PC: 1334d | Get default drive
2018-12-25T12:36:04.137591328Z 9 PC: 131ff | Display string (Could not find end pointer)
2018-12-25T12:36:04.180309982Z 7 PC: 13203 | Direct console input without echo

{"DateBased":true,"Day":15,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12703,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:04.199516402Z 42 PC: 131c9 | Get date 0x131c9: cmp dl, 0xf
0x131cc: je 0x131d1
0x131ce: jmp 0x13373
0x131d1: cmp dh, 1
0x131d4: je 0x131e3
0x131d6: cmp dh, 4
0x131d9: je 0x131e3
0x131db: cmp dh, 8
0x131de: je 0x131e3
0x131e0: jmp 0x13373
0x131e3: call 0x1332b
0x131e6: push ds
0x131e7: pop es
0x131e8: mov si, 0x613
0x131eb: mov di, 0x613
0x131ee: mov cx, 0x305
0x131f1: cld
0x131f2: lodsb al, byte ptr [si]
0x131f3: sub al, 0x64
0x131f5: stosb byte ptr es:[di], al
2018-12-25T12:36:04.202642497Z 75 PC: 1337b | Execute program
2018-12-25T12:36:04.205100745Z 47 PC: 13399 | Get disk transfer address
2018-12-25T12:36:04.206592991Z 26 PC: 133a8 | Set disk transfer address
2018-12-25T12:36:04.208845492Z 78 PC: 133b2 | Find first file
2018-12-25T12:36:04.219692561Z 67 PC: 1303b | Get or set file attributes
2018-12-25T12:36:04.229787885Z 61 PC: 13052 | Open file (Filename = 'UWW')
2018-12-25T12:36:04.246887333Z 63 PC: 1305e | Read file or device (Read 1 bytes on handle 5)
2018-12-25T12:36:04.251804348Z 87 PC: 13081 | Get or set file date and time
2018-12-25T12:36:04.25385579Z 53 PC: 13142 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:04.256455433Z 37 PC: 13152 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:04.258268838Z 66 PC: 130b8 | Move file pointer
2018-12-25T12:36:04.260453692Z 63 PC: 130c2 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:36:04.265065326Z 66 PC: 130ce | Move file pointer
2018-12-25T12:36:04.267383885Z 64 PC: 130d8 | Write file or device (Write 2330 bytes on handle 5)
2018-12-25T12:36:04.595590873Z 66 PC: 130ee | Move file pointer
2018-12-25T12:36:04.597335031Z 64 PC: 13106 | Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:36:04.60166794Z 87 PC: 13113 | Get or set file date and time
2018-12-25T12:36:04.603333637Z 62 PC: 13117 | Close file
2018-12-25T12:36:04.610337201Z 37 PC: 13163 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:04.612603482Z 53 PC: 13142 | Get interrupt vector (See above)
2018-12-25T12:36:04.613774365Z 37 PC: 13152 | Set interrupt vector (See above)
2018-12-25T12:36:04.614921648Z 60 PC: 133cf | Create or truncate file
2018-12-25T12:36:04.633407652Z 64 PC: 133dd | Write file or device (Write 2330 bytes on handle 5)
2018-12-25T12:36:04.642450027Z 62 PC: 133e2 | Close file
2018-12-25T12:36:04.649966486Z 74 PC: 13404 | Reallocate memory
2018-12-25T12:36:04.652102645Z 75 PC: 13411 | Execute program
2018-12-25T12:36:04.666745481Z 65 PC: 96c84 | Delete file (Filename = '�����������������')
2018-12-25T12:36:04.678415945Z 53 PC: 96c89 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.680685211Z 37 PC: 96c99 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:04.68192991Z 49 PC: 96c9e | Terminate and stay resident (Return code = '0' | Memory size = '194')
2018-12-25T12:36:04.684407753Z 37 PC: 13163 | Set interrupt vector (See above)
2018-12-25T12:36:04.686912975Z 26 PC: 13430 | Set disk transfer address
2018-12-25T12:36:04.688460305Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":15,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12703,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:04.166864024Z 42 PC: 131c9 | Get date 0x131c9: cmp dl, 0xf
0x131cc: je 0x131d1
0x131ce: jmp 0x13373
0x131d1: cmp dh, 1
0x131d4: je 0x131e3
0x131d6: cmp dh, 4
0x131d9: je 0x131e3
0x131db: cmp dh, 8
0x131de: je 0x131e3
0x131e0: jmp 0x13373
0x131e3: call 0x1332b
0x131e6: push ds
0x131e7: pop es
0x131e8: mov si, 0x613
0x131eb: mov di, 0x613
0x131ee: mov cx, 0x305
0x131f1: cld
0x131f2: lodsb al, byte ptr [si]
0x131f3: sub al, 0x64
0x131f5: stosb byte ptr es:[di], al
2018-12-25T12:36:04.169942607Z 25 PC: 1333b | Get default drive
2018-12-25T12:36:04.177888856Z 25 PC: 1334d | Get default drive
2018-12-25T12:36:04.192459803Z 9 PC: 131ff | Display string (Could not find end pointer)
2018-12-25T12:36:04.237341691Z 7 PC: 13203 | Direct console input without echo

{"DateBased":true,"Day":15,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12703,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:04.320266786Z 42 PC: 131c9 | Get date 0x131c9: cmp dl, 0xf
0x131cc: je 0x131d1
0x131ce: jmp 0x13373
0x131d1: cmp dh, 1
0x131d4: je 0x131e3
0x131d6: cmp dh, 4
0x131d9: je 0x131e3
0x131db: cmp dh, 8
0x131de: je 0x131e3
0x131e0: jmp 0x13373
0x131e3: call 0x1332b
0x131e6: push ds
0x131e7: pop es
0x131e8: mov si, 0x613
0x131eb: mov di, 0x613
0x131ee: mov cx, 0x305
0x131f1: cld
0x131f2: lodsb al, byte ptr [si]
0x131f3: sub al, 0x64
0x131f5: stosb byte ptr es:[di], al
2018-12-25T12:36:04.323012483Z 25 PC: 1333b | Get default drive
2018-12-25T12:36:04.329842179Z 25 PC: 1334d | Get default drive
2018-12-25T12:36:04.595020576Z 9 PC: 131ff | Display string (Could not find end pointer)
2018-12-25T12:36:04.640381116Z 7 PC: 13203 | Direct console input without echo