Sample viewer

vx.netlux.org/Virus.DOS.Vein.321

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:30.916610736Z	42	PC: 12a44 \| Get date 0x12a44: cmp al, 3 0x12a46: je 0x12a4a 0x12a48: jmp 0x12a5b 0x12a4a: xor cx, cx 0x12a4c: mov ah, 9 0x12a4e: mov dx, 0x157 0x12a51: int 0x21 0x12a53: mov ah, 0x4c 0x12a55: mov al, 0 0x12a57: int 0x21 0x12a59: nop 0x12a5a: nop 0x12a5b: nop 0x12a5c: mov ah, 0x4e 0x12a5e: xor cx, cx 0x12a60: mov dx, 0x1d7 0x12a63: int 0x21 0x12a65: jae 0x12a69 0x12a67: jmp 0x12a92 0x12a69: mov ax, 0x3d02
2018-12-17T22:58:30.919348542Z	78	PC: 12a65 \| Find first file
2018-12-17T22:58:30.926531222Z	61	PC: 12a71 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:30.933513245Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:30.935126728Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 22272)
2018-12-17T22:58:30.937449565Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:30.939470383Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:30.941316442Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:30.950271004Z	61	PC: 12a71 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:30.957771481Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:30.959831543Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 6)
2018-12-17T22:58:30.968190505Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:30.970453037Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:30.983947863Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:30.987323507Z	61	PC: 12a71 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:30.999023418Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:31.003107755Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 22272)
2018-12-17T22:58:31.007053932Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:31.009462269Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:31.01108012Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:31.017152073Z	61	PC: 12a71 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:31.026987499Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:31.029418479Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 6)
2018-12-17T22:58:31.037024124Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:31.04245407Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:31.051234133Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:31.054658089Z	61	PC: 12a71 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:31.063881806Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:31.065768272Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 22272)
2018-12-17T22:58:31.067605655Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:31.070745617Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:31.072481409Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:31.075478422Z	61	PC: 12a71 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:31.083868382Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:31.085756111Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 6)
2018-12-17T22:58:31.093141132Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:31.095512358Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:31.104104277Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:31.107045967Z	61	PC: 12a71 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:58:31.114108081Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:31.116742632Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 22272)
2018-12-17T22:58:31.118344694Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:31.120459429Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:31.123022787Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:31.125932355Z	61	PC: 12a71 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:58:31.134192361Z	87	PC: 12a76 \| Get or set file date and time
2018-12-17T22:58:31.136981182Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 6)
2018-12-17T22:58:31.145136111Z	87	PC: 12a8a \| Get or set file date and time
2018-12-17T22:58:31.147042704Z	62	PC: 12a8e \| Close file
2018-12-17T22:58:31.156151906Z	79	PC: 12a65 \| Find next file
2018-12-17T22:58:31.160326803Z	76	PC: 12a97 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12904,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:55.545012167Z	42	PC: 12a44 \| Get date 0x12a44: cmp al, 3 0x12a46: je 0x12a4a 0x12a48: jmp 0x12a5b 0x12a4a: xor cx, cx 0x12a4c: mov ah, 9 0x12a4e: mov dx, 0x157 0x12a51: int 0x21 0x12a53: mov ah, 0x4c 0x12a55: mov al, 0 0x12a57: int 0x21 0x12a59: nop 0x12a5a: nop 0x12a5b: nop 0x12a5c: mov ah, 0x4e 0x12a5e: xor cx, cx 0x12a60: mov dx, 0x1d7 0x12a63: int 0x21 0x12a65: jae 0x12a69 0x12a67: jmp 0x12a92 0x12a69: mov ax, 0x3d02
2018-12-25T12:36:55.548346625Z	78	PC: 12a65 \| Find first file
2018-12-25T12:36:55.555815324Z	61	PC: 12a71 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:55.562838823Z	87	PC: 12a76 \| Get or set file date and time
2018-12-25T12:36:55.564723731Z	64	PC: 12a83 \| Write file or device (Write 321 bytes on handle 22272)
2018-12-25T12:36:55.566556194Z	87	PC: 12a8a \| Get or set file date and time
2018-12-25T12:36:55.568245547Z	62	PC: 12a8e \| Close file
2018-12-25T12:36:55.569913756Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.572851529Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:36:55.579784942Z	87	PC: 12a76 \| Get or set file date and time (See above)
2018-12-25T12:36:55.581248556Z	64	PC: 12a83 \| Write file or device (See above)
2018-12-25T12:36:55.588612478Z	87	PC: 12a8a \| Get or set file date and time (See above)
2018-12-25T12:36:55.590517859Z	62	PC: 12a8e \| Close file (See above)
2018-12-25T12:36:55.605140761Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.609068382Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:36:55.616276394Z	87	PC: 12a76 \| Get or set file date and time (See above)
2018-12-25T12:36:55.617988686Z	64	PC: 12a83 \| Write file or device (See above)
2018-12-25T12:36:55.620152968Z	87	PC: 12a8a \| Get or set file date and time (See above)
2018-12-25T12:36:55.621856476Z	62	PC: 12a8e \| Close file (See above)
2018-12-25T12:36:55.62348439Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.62749559Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:36:55.635232516Z	87	PC: 12a76 \| Get or set file date and time (See above)
2018-12-25T12:36:55.636820252Z	64	PC: 12a83 \| Write file or device (See above)
2018-12-25T12:36:55.644813484Z	87	PC: 12a8a \| Get or set file date and time (See above)
2018-12-25T12:36:55.646577526Z	62	PC: 12a8e \| Close file (See above)
2018-12-25T12:36:55.654442386Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.657509525Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:36:55.664759199Z	87	PC: 12a76 \| Get or set file date and time (See above)
2018-12-25T12:36:55.666482147Z	64	PC: 12a83 \| Write file or device (See above)
2018-12-25T12:36:55.668035718Z	87	PC: 12a8a \| Get or set file date and time (See above)
2018-12-25T12:36:55.670310559Z	62	PC: 12a8e \| Close file (See above)
2018-12-25T12:36:55.671850989Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.674509613Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:36:55.682002465Z	87	PC: 12a76 \| Get or set file date and time (See above)
2018-12-25T12:36:55.683689197Z	64	PC: 12a83 \| Write file or device (See above)
2018-12-25T12:36:55.691347513Z	87	PC: 12a8a \| Get or set file date and time (See above)
2018-12-25T12:36:55.693807265Z	62	PC: 12a8e \| Close file (See above)
2018-12-25T12:36:55.702391775Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.705544284Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:36:55.713198133Z	87	PC: 12a76 \| Get or set file date and time (See above)
2018-12-25T12:36:55.715144974Z	64	PC: 12a83 \| Write file or device (See above)
2018-12-25T12:36:55.717302772Z	87	PC: 12a8a \| Get or set file date and time (See above)
2018-12-25T12:36:55.720112008Z	62	PC: 12a8e \| Close file (See above)
2018-12-25T12:36:55.722066031Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.72521618Z	61	PC: 12a71 \| Open file (See above)
2018-12-25T12:36:55.732992489Z	87	PC: 12a76 \| Get or set file date and time (See above)
2018-12-25T12:36:55.735857804Z	64	PC: 12a83 \| Write file or device (See above)
2018-12-25T12:36:55.743584997Z	87	PC: 12a8a \| Get or set file date and time (See above)
2018-12-25T12:36:55.74559244Z	62	PC: 12a8e \| Close file (See above)
2018-12-25T12:36:55.936296938Z	79	PC: 12a65 \| Find next file (See above)
2018-12-25T12:36:55.939385464Z	76	PC: 12a97 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12904,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:55.608288478Z	42	PC: 12a44 \| Get date 0x12a44: cmp al, 3 0x12a46: je 0x12a4a 0x12a48: jmp 0x12a5b 0x12a4a: xor cx, cx 0x12a4c: mov ah, 9 0x12a4e: mov dx, 0x157 0x12a51: int 0x21 0x12a53: mov ah, 0x4c 0x12a55: mov al, 0 0x12a57: int 0x21 0x12a59: nop 0x12a5a: nop 0x12a5b: nop 0x12a5c: mov ah, 0x4e 0x12a5e: xor cx, cx 0x12a60: mov dx, 0x1d7 0x12a63: int 0x21 0x12a65: jae 0x12a69 0x12a67: jmp 0x12a92 0x12a69: mov ax, 0x3d02
2018-12-25T12:36:55.610776768Z	9	PC: 12a53 \| Display string (String= 'Enjoy knowledge before it too becomes a crime. KNOWLEDGE virus v1.0 by: VEiN 1995 GReeTZ 2 aLL N #Virus and Tara J******* :)')
2018-12-25T12:36:55.617880113Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')