Sample viewer

vx.netlux.org/Virus.DOS.Austin.1353

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:41.377445458Z	26	PC: 1412f \| Set disk transfer address
2018-12-17T22:58:41.379102202Z	71	PC: 14138 \| Get current directory
2018-12-17T22:58:41.382083726Z	53	PC: 14303 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:41.383179315Z	37	PC: 14314 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:41.384658034Z	78	PC: 14146 \| Find first file
2018-12-17T22:58:41.398884664Z	61	PC: 1416f \| Open file (Filename = '�!;�r+�H�!r%P�+£`��X�N�O��I�!��')
2018-12-17T22:58:41.40394802Z	87	PC: 1417a \| Get or set file date and time
2018-12-17T22:58:41.405211665Z	63	PC: 1418d \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:58:41.407835397Z	87	PC: 14200 \| Get or set file date and time
2018-12-17T22:58:41.409089374Z	62	PC: 14204 \| Close file
2018-12-17T22:58:41.4210957Z	79	PC: 1415f \| Find next file
2018-12-17T22:58:41.424775036Z	59	PC: 14156 \| Change current directory
2018-12-17T22:58:41.426420258Z	78	PC: 14211 \| Find first file
2018-12-17T22:58:41.43109791Z	42	PC: 14288 \| Get date 0x14288: cmp dh, 3 0x1428b: jne 0x142c2 0x1428d: nop 0x1428e: nop 0x1428f: nop 0x14290: cmp dl, 0x10 0x14293: jne 0x142c2 0x14295: nop 0x14296: nop 0x14297: nop 0x14298: mov ah, 9 0x1429a: lea dx, word ptr [bp + 0x530] 0x1429e: int 0x21 0x142a0: mov ah, 1 0x142a2: mov dx, 0 0x142a5: int 0x17 0x142a7: lea si, word ptr [bp + 0x36f] 0x142ab: mov cx, 0x1c1 0x142ae: mov ah, 0 0x142b0: lodsb al, byte ptr [si]
2018-12-17T22:58:41.433678711Z	59	PC: 142ca \| Change current directory
2018-12-17T22:58:41.435238302Z	37	PC: 142d3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:41.436300318Z	26	PC: 142db \| Set disk transfer address
2018-12-17T22:58:41.438042773Z	48	PC: 12a6d \| Get DOS version
2018-12-17T22:58:41.439039747Z	9	PC: 12a84 \| Display string (Could not find end pointer)
2018-12-17T22:58:41.44526626Z	61	PC: 12cc4 \| Open file (Filename = '')
2018-12-17T22:58:41.452792095Z	9	PC: 12a92 \| Display string (Could not find end pointer)
2018-12-17T22:58:41.455180284Z	93	PC: 12b31 \| File sharing functions
2018-12-17T22:58:41.456805559Z	9	PC: 12b10 \| Display string (String= 'Size change=+0556h/01366d. Virus might be activ? ')
2018-12-17T22:58:41.46133907Z	76	PC: 12b16 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":16,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12952,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:04.672163287Z	26	PC: 1412f \| Set disk transfer address
2018-12-25T12:37:04.681853459Z	71	PC: 14138 \| Get current directory
2018-12-25T12:37:04.685138071Z	53	PC: 14303 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.686316047Z	37	PC: 14314 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.687745975Z	78	PC: 14146 \| Find first file
2018-12-25T12:37:04.695484982Z	61	PC: 1416f \| Open file (Filename = '�!;�r+�H�!r%P�+£`��X�N�O��I�!��')
2018-12-25T12:37:04.702767896Z	87	PC: 1417a \| Get or set file date and time
2018-12-25T12:37:04.704118805Z	63	PC: 1418d \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:37:04.70737875Z	87	PC: 14200 \| Get or set file date and time
2018-12-25T12:37:04.708880227Z	62	PC: 14204 \| Close file
2018-12-25T12:37:04.93013463Z	79	PC: 1415f \| Find next file
2018-12-25T12:37:04.935225316Z	59	PC: 14156 \| Change current directory
2018-12-25T12:37:04.937376247Z	78	PC: 14211 \| Find first file
2018-12-25T12:37:04.94568587Z	42	PC: 14288 \| Get date 0x14288: cmp dh, 3 0x1428b: jne 0x142c2 0x1428d: nop 0x1428e: nop 0x1428f: nop 0x14290: cmp dl, 0x10 0x14293: jne 0x142c2 0x14295: nop 0x14296: nop 0x14297: nop 0x14298: mov ah, 9 0x1429a: lea dx, word ptr [bp + 0x530] 0x1429e: int 0x21 0x142a0: mov ah, 1 0x142a2: mov dx, 0 0x142a5: int 0x17 0x142a7: lea si, word ptr [bp + 0x36f] 0x142ab: mov cx, 0x1c1 0x142ae: mov ah, 0 0x142b0: lodsb al, byte ptr [si]
2018-12-25T12:37:04.94972406Z	9	PC: 142a0 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12952,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:04.741781708Z	26	PC: 1412f \| Set disk transfer address
2018-12-25T12:37:04.743135535Z	71	PC: 14138 \| Get current directory
2018-12-25T12:37:04.74631555Z	53	PC: 14303 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.747511494Z	37	PC: 14314 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.749025756Z	78	PC: 14146 \| Find first file
2018-12-25T12:37:04.756354591Z	61	PC: 1416f \| Open file (Filename = '�!;�r+�H�!r%P�+£`��X�N�O��I�!��')
2018-12-25T12:37:04.763484414Z	87	PC: 1417a \| Get or set file date and time
2018-12-25T12:37:04.764945125Z	63	PC: 1418d \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:37:04.768025437Z	87	PC: 14200 \| Get or set file date and time
2018-12-25T12:37:04.769827971Z	62	PC: 14204 \| Close file
2018-12-25T12:37:04.929568398Z	79	PC: 1415f \| Find next file
2018-12-25T12:37:04.934299179Z	59	PC: 14156 \| Change current directory
2018-12-25T12:37:04.936728274Z	78	PC: 14211 \| Find first file
2018-12-25T12:37:04.943812289Z	42	PC: 14288 \| Get date 0x14288: cmp dh, 3 0x1428b: jne 0x142c2 0x1428d: nop 0x1428e: nop 0x1428f: nop 0x14290: cmp dl, 0x10 0x14293: jne 0x142c2 0x14295: nop 0x14296: nop 0x14297: nop 0x14298: mov ah, 9 0x1429a: lea dx, word ptr [bp + 0x530] 0x1429e: int 0x21 0x142a0: mov ah, 1 0x142a2: mov dx, 0 0x142a5: int 0x17 0x142a7: lea si, word ptr [bp + 0x36f] 0x142ab: mov cx, 0x1c1 0x142ae: mov ah, 0 0x142b0: lodsb al, byte ptr [si]
2018-12-25T12:37:04.947518009Z	59	PC: 142ca \| Change current directory
2018-12-25T12:37:04.949606734Z	37	PC: 142d3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.950798783Z	26	PC: 142db \| Set disk transfer address
2018-12-25T12:37:04.953153535Z	48	PC: 12a6d \| Get DOS version
2018-12-25T12:37:04.95428637Z	9	PC: 12a84 \| Display string (Could not find end pointer)
2018-12-25T12:37:04.96558981Z	61	PC: 12cc4 \| Open file (Filename = '')
2018-12-25T12:37:04.973679192Z	9	PC: 12a92 \| Display string (Could not find end pointer)
2018-12-25T12:37:04.978747793Z	93	PC: 12b31 \| File sharing functions
2018-12-25T12:37:04.981744639Z	9	PC: 12b10 \| Display string (String= 'Size change=+0556h/01366d. Virus might be activ? ')
2018-12-25T12:37:04.986811265Z	76	PC: 12b16 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12952,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:04.799037507Z	26	PC: 1412f \| Set disk transfer address
2018-12-25T12:37:04.801242924Z	71	PC: 14138 \| Get current directory
2018-12-25T12:37:04.804534749Z	53	PC: 14303 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.805698741Z	37	PC: 14314 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.806794714Z	78	PC: 14146 \| Find first file
2018-12-25T12:37:04.81348963Z	61	PC: 1416f \| Open file (Filename = '�!;�r+�H�!r%P�+£`��X�N�O��I�!��')
2018-12-25T12:37:04.820585602Z	87	PC: 1417a \| Get or set file date and time
2018-12-25T12:37:04.82184746Z	63	PC: 1418d \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:37:04.832256862Z	87	PC: 14200 \| Get or set file date and time
2018-12-25T12:37:04.834104491Z	62	PC: 14204 \| Close file
2018-12-25T12:37:04.929217877Z	79	PC: 1415f \| Find next file
2018-12-25T12:37:04.932427349Z	59	PC: 14156 \| Change current directory
2018-12-25T12:37:04.934493059Z	78	PC: 14211 \| Find first file
2018-12-25T12:37:04.941747626Z	42	PC: 14288 \| Get date 0x14288: cmp dh, 3 0x1428b: jne 0x142c2 0x1428d: nop 0x1428e: nop 0x1428f: nop 0x14290: cmp dl, 0x10 0x14293: jne 0x142c2 0x14295: nop 0x14296: nop 0x14297: nop 0x14298: mov ah, 9 0x1429a: lea dx, word ptr [bp + 0x530] 0x1429e: int 0x21 0x142a0: mov ah, 1 0x142a2: mov dx, 0 0x142a5: int 0x17 0x142a7: lea si, word ptr [bp + 0x36f] 0x142ab: mov cx, 0x1c1 0x142ae: mov ah, 0 0x142b0: lodsb al, byte ptr [si]
2018-12-25T12:37:04.944614282Z	59	PC: 142ca \| Change current directory
2018-12-25T12:37:04.947375735Z	37	PC: 142d3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.949756357Z	26	PC: 142db \| Set disk transfer address
2018-12-25T12:37:04.952219269Z	48	PC: 12a6d \| Get DOS version
2018-12-25T12:37:04.953620967Z	9	PC: 12a84 \| Display string (Could not find end pointer)
2018-12-25T12:37:04.966124766Z	61	PC: 12cc4 \| Open file (Filename = '')
2018-12-25T12:37:04.975859439Z	9	PC: 12a92 \| Display string (Could not find end pointer)
2018-12-25T12:37:04.979861224Z	93	PC: 12b31 \| File sharing functions
2018-12-25T12:37:04.982717686Z	9	PC: 12b10 \| Display string (String= 'Size change=+0556h/01366d. Virus might be activ? ')
2018-12-25T12:37:04.987753001Z	76	PC: 12b16 \| Terminate with return code (Return code = '1')