Sample viewer

vx.netlux.org/Virus.DOS.Satanic.1345

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:57:58.451807925Z 42 PC: 12aa1 | Get date 0x12aa1: cmp al, 5
0x12aa3: jne 0x12ab5
0x12aa5: cmp cx, 0x7c8
0x12aa9: ja 0x12ab0
0x12aab: cmp dh, 0xa
0x12aae: jb 0x12ab5
0x12ab0: mov byte ptr [0x15d], 1
0x12ab5: mov bx, word ptr [3]
0x12ab9: push cs
0x12aba: pop ds
0x12abb: mov dx, 0x56
0x12abe: test byte ptr [0x14d], 1
0x12ac3: je 0x12ac8
0x12ac5: add dx, 0x20
0x12ac8: sub bx, dx
0x12aca: mov ah, 0x4a
0x12acc: int 0x21
0x12ace: mov ah, 0x48
0x12ad0: dec dx
0x12ad1: mov bx, dx
2018-12-17T22:57:58.455251829Z 74 PC: 12ace | Reallocate memory
2018-12-17T22:57:58.457565588Z 72 PC: 12ad5 | Allocate memory
2018-12-17T22:57:58.45981156Z 53 PC: 9f775 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:58.461520583Z 37 PC: 9f787 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:58.4640517Z 53 PC: 9f78c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:58.465846925Z 37 PC: 9f79e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:57:58.477200638Z 67 PC: 14545 | Get or set file attributes
2018-12-17T22:57:58.482753906Z 81 PC: 144ef | Get current PSP
2018-12-17T22:57:58.483813789Z 67 PC: 14595 | Get or set file attributes
2018-12-17T22:57:58.494230349Z 25 PC: 14820 | Get default drive
2018-12-17T22:57:58.496879889Z 14 PC: 14826 | Set default drive (Drive = 'A')
2018-12-17T22:57:58.501575476Z 68 PC: 14799 | I/O control for devices (Set for = '�AB���� ��A')
2018-12-17T22:57:58.504160685Z 68 PC: 147a7 | I/O control for devices (Set for = '�AB���� ��A')
2018-12-17T22:57:58.507373996Z 68 PC: 147c3 | I/O control for devices (Set for = '')
2018-12-17T22:57:58.510922175Z 68 PC: 14799 | I/O control for devices (Set for = 'P����h*P��0P����P�P�����)P�v���WV��')
2018-12-17T22:57:58.513449396Z 68 PC: 14799 | I/O control for devices (Set for = '� ��')
2018-12-17T22:57:58.517173095Z 68 PC: 14799 | I/O control for devices (Set for = '� ��')

{"DateBased":true,"Day":3,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12729,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:06.977856388Z 42 PC: 12aa1 | Get date 0x12aa1: cmp al, 5
0x12aa3: jne 0x12ab5
0x12aa5: cmp cx, 0x7c8
0x12aa9: ja 0x12ab0
0x12aab: cmp dh, 0xa
0x12aae: jb 0x12ab5
0x12ab0: mov byte ptr [0x15d], 1
0x12ab5: mov bx, word ptr [3]
0x12ab9: push cs
0x12aba: pop ds
0x12abb: mov dx, 0x56
0x12abe: test byte ptr [0x14d], 1
0x12ac3: je 0x12ac8
0x12ac5: add dx, 0x20
0x12ac8: sub bx, dx
0x12aca: mov ah, 0x4a
0x12acc: int 0x21
0x12ace: mov ah, 0x48
0x12ad0: dec dx
0x12ad1: mov bx, dx
2018-12-25T12:36:06.981266763Z 74 PC: 12ace | Reallocate memory
2018-12-25T12:36:06.982981424Z 72 PC: 12ad5 | Allocate memory
2018-12-25T12:36:06.984892002Z 53 PC: 9f575 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:06.987215025Z 37 PC: 9f587 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:06.988955549Z 53 PC: 9f58c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:06.990441275Z 37 PC: 9f59e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12729,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:07.020805646Z 42 PC: 12aa1 | Get date 0x12aa1: cmp al, 5
0x12aa3: jne 0x12ab5
0x12aa5: cmp cx, 0x7c8
0x12aa9: ja 0x12ab0
0x12aab: cmp dh, 0xa
0x12aae: jb 0x12ab5
0x12ab0: mov byte ptr [0x15d], 1
0x12ab5: mov bx, word ptr [3]
0x12ab9: push cs
0x12aba: pop ds
0x12abb: mov dx, 0x56
0x12abe: test byte ptr [0x14d], 1
0x12ac3: je 0x12ac8
0x12ac5: add dx, 0x20
0x12ac8: sub bx, dx
0x12aca: mov ah, 0x4a
0x12acc: int 0x21
0x12ace: mov ah, 0x48
0x12ad0: dec dx
0x12ad1: mov bx, dx
2018-12-25T12:36:07.023649835Z 74 PC: 12ace | Reallocate memory
2018-12-25T12:36:07.025439226Z 72 PC: 12ad5 | Allocate memory
2018-12-25T12:36:07.027389598Z 53 PC: 9f575 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:07.029996907Z 37 PC: 9f587 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:07.031087629Z 53 PC: 9f58c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:07.032175804Z 37 PC: 9f59e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12729,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:07.321307752Z 42 PC: 12aa1 | Get date 0x12aa1: cmp al, 5
0x12aa3: jne 0x12ab5
0x12aa5: cmp cx, 0x7c8
0x12aa9: ja 0x12ab0
0x12aab: cmp dh, 0xa
0x12aae: jb 0x12ab5
0x12ab0: mov byte ptr [0x15d], 1
0x12ab5: mov bx, word ptr [3]
0x12ab9: push cs
0x12aba: pop ds
0x12abb: mov dx, 0x56
0x12abe: test byte ptr [0x14d], 1
0x12ac3: je 0x12ac8
0x12ac5: add dx, 0x20
0x12ac8: sub bx, dx
0x12aca: mov ah, 0x4a
0x12acc: int 0x21
0x12ace: mov ah, 0x48
0x12ad0: dec dx
0x12ad1: mov bx, dx
2018-12-25T12:36:07.323324529Z 74 PC: 12ace | Reallocate memory
2018-12-25T12:36:07.324552678Z 72 PC: 12ad5 | Allocate memory
2018-12-25T12:36:07.325745317Z 53 PC: 9f775 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:07.327280207Z 37 PC: 9f787 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:07.328246924Z 53 PC: 9f78c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:07.329115617Z 37 PC: 9f79e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:07.337406102Z 67 PC: 14545 | Get or set file attributes
2018-12-25T12:36:07.341493036Z 81 PC: 144ef | Get current PSP
2018-12-25T12:36:07.342418966Z 67 PC: 14595 | Get or set file attributes
2018-12-25T12:36:07.353793166Z 25 PC: 14820 | Get default drive
2018-12-25T12:36:07.354693053Z 14 PC: 14826 | Set default drive (Drive = 'A')
2018-12-25T12:36:07.355861927Z 68 PC: 14799 | I/O control for devices (Set for = '�AB���� ��A')
2018-12-25T12:36:07.357898936Z 68 PC: 147a7 | I/O control for devices (Set for = '�AB���� ��A')
2018-12-25T12:36:07.359178844Z 68 PC: 147c3 | I/O control for devices (Set for = '')
2018-12-25T12:36:07.360891867Z 68 PC: 14799 | I/O control for devices (See above)
2018-12-25T12:36:07.362768906Z 68 PC: 14799 | I/O control for devices (See above)
2018-12-25T12:36:07.364547523Z 68 PC: 14799 | I/O control for devices (See above)

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12729,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:08.838588215Z 42 PC: 12aa1 | Get date 0x12aa1: cmp al, 5
0x12aa3: jne 0x12ab5
0x12aa5: cmp cx, 0x7c8
0x12aa9: ja 0x12ab0
0x12aab: cmp dh, 0xa
0x12aae: jb 0x12ab5
0x12ab0: mov byte ptr [0x15d], 1
0x12ab5: mov bx, word ptr [3]
0x12ab9: push cs
0x12aba: pop ds
0x12abb: mov dx, 0x56
0x12abe: test byte ptr [0x14d], 1
0x12ac3: je 0x12ac8
0x12ac5: add dx, 0x20
0x12ac8: sub bx, dx
0x12aca: mov ah, 0x4a
0x12acc: int 0x21
0x12ace: mov ah, 0x48
0x12ad0: dec dx
0x12ad1: mov bx, dx
2018-12-25T12:36:08.841928763Z 74 PC: 12ace | Reallocate memory
2018-12-25T12:36:08.843616201Z 72 PC: 12ad5 | Allocate memory
2018-12-25T12:36:08.845534448Z 53 PC: 9f775 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:08.847889243Z 37 PC: 9f787 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:08.849421098Z 53 PC: 9f78c | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:08.850918895Z 37 PC: 9f79e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:08.865780766Z 67 PC: 14545 | Get or set file attributes
2018-12-25T12:36:08.872027488Z 81 PC: 144ef | Get current PSP
2018-12-25T12:36:08.873508712Z 67 PC: 14595 | Get or set file attributes
2018-12-25T12:36:08.88335469Z 25 PC: 14820 | Get default drive
2018-12-25T12:36:08.890924108Z 14 PC: 14826 | Set default drive (Drive = 'A')
2018-12-25T12:36:08.893333053Z 68 PC: 14799 | I/O control for devices (Set for = '�AB���� ��A')
2018-12-25T12:36:08.895746111Z 68 PC: 147a7 | I/O control for devices (Set for = '�AB���� ��A')
2018-12-25T12:36:08.898028947Z 68 PC: 147c3 | I/O control for devices (Set for = '')
2018-12-25T12:36:08.900632811Z 68 PC: 14799 | I/O control for devices (See above)
2018-12-25T12:36:08.90298616Z 68 PC: 14799 | I/O control for devices (See above)
2018-12-25T12:36:08.906453872Z 68 PC: 14799 | I/O control for devices (See above)