Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1449

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:44.927592456Z	42	PC: 17d2e \| Get date 0x17d2e: cmp cx, 0x7cc 0x17d32: jne 0x17d3e 0x17d34: cmp dh, 0xc 0x17d37: ja 0x17d3e 0x17d39: cmp dl, 0xc 0x17d3c: jb 0x17d87 0x17d3e: mov al, 0xff 0x17d40: mov ah, 0xf 0x17d42: xchg al, ah 0x17d44: nop 0x17d45: int 0x21 0x17d47: cmp ax, 0x101 0x17d4a: jne 0x17d50 0x17d4c: call 0x17d8b 0x17d4f: nop 0x17d50: mov ax, 0x3521 0x17d53: nop 0x17d54: int 0x21 0x17d56: cmp word ptr es:[0xa], 0x4254 0x17d5d: jne 0x17d6b
2018-12-17T22:58:44.93062668Z	255	PC: 17d47 \| UNKNOWN!
2018-12-17T22:58:44.931856917Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:44.933093832Z	240	PC: 17d85 \| UNKNOWN!
2018-12-17T22:58:44.935134672Z	44	PC: 17c83 \| Get time 0x17c83: cmp cl, 6 0x17c86: jne 0x17cbd 0x17c88: mov ax, 0xb800 0x17c8b: mov es, ax 0x17c8d: mov cx, 0x30 0x17c90: push cx 0x17c91: mov cx, 0x7c0 0x17c94: xor si, si 0x17c96: mov ah, byte ptr es:[si] 0x17c99: cmp ah, 0x77 0x17c9c: jb 0x17cab 0x17c9e: dec ah 0x17ca0: mov byte ptr es:[si], ah 0x17ca3: mov byte ptr es:[si + 1], 0x79 0x17ca8: jmp 0x17cb5 0x17caa: nop 0x17cab: inc ah 0x17cad: mov byte ptr es:[si], ah 0x17cb0: mov byte ptr es:[si + 1], 0x8f 0x17cb5: inc si
2018-12-17T22:58:44.937355168Z	48	PC: 12a4c \| Get DOS version
2018-12-17T22:58:44.938513935Z	53	PC: 12bc3 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:44.940288035Z	53	PC: 12bd0 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:58:44.942000312Z	53	PC: 12bdd \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:58:44.943191272Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:58:44.944999094Z	37	PC: 12bfe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:44.94633192Z	74	PC: 12ad9 \| Reallocate memory
2018-12-17T22:58:44.948409731Z	68	PC: 12e88 \| I/O control for devices (Set for = '')
2018-12-17T22:58:44.965436703Z	74	PC: 14605 \| Reallocate memory
2018-12-17T22:58:44.967339999Z	74	PC: 14605 \| Reallocate memory
2018-12-17T22:58:44.969148567Z	68	PC: 12e88 \| I/O control for devices (Set for = 'Borland C++ - Copyright 1991 Borland Intl.')
2018-12-17T22:58:44.989401461Z	64	PC: 1524a \| Write file or device (Write 22 bytes on handle 1)
2018-12-17T22:58:44.992668404Z	37	PC: 12c0a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:58:44.993743749Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:58:44.995540013Z	37	PC: 12c20 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:58:44.996803043Z	37	PC: 12c2b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:58:44.998465231Z	76	PC: 12bb4 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12972,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:09.209531829Z	42	PC: 17d2e \| Get date 0x17d2e: cmp cx, 0x7cc 0x17d32: jne 0x17d3e 0x17d34: cmp dh, 0xc 0x17d37: ja 0x17d3e 0x17d39: cmp dl, 0xc 0x17d3c: jb 0x17d87 0x17d3e: mov al, 0xff 0x17d40: mov ah, 0xf 0x17d42: xchg al, ah 0x17d44: nop 0x17d45: int 0x21 0x17d47: cmp ax, 0x101 0x17d4a: jne 0x17d50 0x17d4c: call 0x17d8b 0x17d4f: nop 0x17d50: mov ax, 0x3521 0x17d53: nop 0x17d54: int 0x21 0x17d56: cmp word ptr es:[0xa], 0x4254 0x17d5d: jne 0x17d6b
2018-12-25T12:37:09.212626976Z	255	PC: 17d47 \| UNKNOWN!
2018-12-25T12:37:09.213660174Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:09.215116118Z	240	PC: 17d85 \| UNKNOWN!
2018-12-25T12:37:09.21742956Z	44	PC: 17c83 \| Get time 0x17c83: cmp cl, 6 0x17c86: jne 0x17cbd 0x17c88: mov ax, 0xb800 0x17c8b: mov es, ax 0x17c8d: mov cx, 0x30 0x17c90: push cx 0x17c91: mov cx, 0x7c0 0x17c94: xor si, si 0x17c96: mov ah, byte ptr es:[si] 0x17c99: cmp ah, 0x77 0x17c9c: jb 0x17cab 0x17c9e: dec ah 0x17ca0: mov byte ptr es:[si], ah 0x17ca3: mov byte ptr es:[si + 1], 0x79 0x17ca8: jmp 0x17cb5 0x17caa: nop 0x17cab: inc ah 0x17cad: mov byte ptr es:[si], ah 0x17cb0: mov byte ptr es:[si + 1], 0x8f 0x17cb5: inc si
2018-12-25T12:37:09.219934665Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:37:09.221374009Z	53	PC: 12bc3 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:09.223011156Z	53	PC: 12bd0 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:09.224340195Z	53	PC: 12bdd \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:09.225493114Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:09.227326583Z	37	PC: 12bfe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:09.228745207Z	74	PC: 12ad9 \| Reallocate memory
2018-12-25T12:37:09.230788067Z	68	PC: 12e88 \| I/O control for devices (Set for = '')
2018-12-25T12:37:09.233461886Z	74	PC: 14605 \| Reallocate memory
2018-12-25T12:37:09.235471661Z	74	PC: 14605 \| Reallocate memory (See above)
2018-12-25T12:37:09.237109111Z	68	PC: 12e88 \| I/O control for devices (See above)
2018-12-25T12:37:09.242635557Z	64	PC: 1524a \| Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:37:09.248663826Z	37	PC: 12c0a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:09.249805793Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:09.251138427Z	37	PC: 12c20 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:09.253684508Z	37	PC: 12c2b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:09.255679088Z	76	PC: 12bb4 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12972,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:09.288457352Z	42	PC: 17d2e \| Get date 0x17d2e: cmp cx, 0x7cc 0x17d32: jne 0x17d3e 0x17d34: cmp dh, 0xc 0x17d37: ja 0x17d3e 0x17d39: cmp dl, 0xc 0x17d3c: jb 0x17d87 0x17d3e: mov al, 0xff 0x17d40: mov ah, 0xf 0x17d42: xchg al, ah 0x17d44: nop 0x17d45: int 0x21 0x17d47: cmp ax, 0x101 0x17d4a: jne 0x17d50 0x17d4c: call 0x17d8b 0x17d4f: nop 0x17d50: mov ax, 0x3521 0x17d53: nop 0x17d54: int 0x21 0x17d56: cmp word ptr es:[0xa], 0x4254 0x17d5d: jne 0x17d6b
2018-12-25T12:37:09.291520505Z	255	PC: 17d47 \| UNKNOWN!
2018-12-25T12:37:09.292109832Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:09.293229595Z	240	PC: 17d85 \| UNKNOWN!
2018-12-25T12:37:09.294934385Z	44	PC: 17c83 \| Get time 0x17c83: cmp cl, 6 0x17c86: jne 0x17cbd 0x17c88: mov ax, 0xb800 0x17c8b: mov es, ax 0x17c8d: mov cx, 0x30 0x17c90: push cx 0x17c91: mov cx, 0x7c0 0x17c94: xor si, si 0x17c96: mov ah, byte ptr es:[si] 0x17c99: cmp ah, 0x77 0x17c9c: jb 0x17cab 0x17c9e: dec ah 0x17ca0: mov byte ptr es:[si], ah 0x17ca3: mov byte ptr es:[si + 1], 0x79 0x17ca8: jmp 0x17cb5 0x17caa: nop 0x17cab: inc ah 0x17cad: mov byte ptr es:[si], ah 0x17cb0: mov byte ptr es:[si + 1], 0x8f 0x17cb5: inc si
2018-12-25T12:37:09.307228437Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:37:09.308324879Z	53	PC: 12bc3 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:09.309786798Z	53	PC: 12bd0 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:09.310859353Z	53	PC: 12bdd \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:09.311758029Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:09.312824551Z	37	PC: 12bfe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:09.314243258Z	74	PC: 12ad9 \| Reallocate memory
2018-12-25T12:37:09.316204767Z	68	PC: 12e88 \| I/O control for devices (Set for = '')
2018-12-25T12:37:09.318165469Z	74	PC: 14605 \| Reallocate memory
2018-12-25T12:37:09.320129146Z	74	PC: 14605 \| Reallocate memory (See above)
2018-12-25T12:37:09.321749058Z	68	PC: 12e88 \| I/O control for devices (See above)
2018-12-25T12:37:09.326514912Z	64	PC: 1524a \| Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:37:09.331490518Z	37	PC: 12c0a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:09.333177237Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:09.334136939Z	37	PC: 12c20 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:09.335475671Z	37	PC: 12c2b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:09.33642495Z	76	PC: 12bb4 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":12972,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:10.043311757Z	42	PC: 17d2e \| Get date 0x17d2e: cmp cx, 0x7cc 0x17d32: jne 0x17d3e 0x17d34: cmp dh, 0xc 0x17d37: ja 0x17d3e 0x17d39: cmp dl, 0xc 0x17d3c: jb 0x17d87 0x17d3e: mov al, 0xff 0x17d40: mov ah, 0xf 0x17d42: xchg al, ah 0x17d44: nop 0x17d45: int 0x21 0x17d47: cmp ax, 0x101 0x17d4a: jne 0x17d50 0x17d4c: call 0x17d8b 0x17d4f: nop 0x17d50: mov ax, 0x3521 0x17d53: nop 0x17d54: int 0x21 0x17d56: cmp word ptr es:[0xa], 0x4254 0x17d5d: jne 0x17d6b
2018-12-25T12:37:10.047135895Z	255	PC: 17d47 \| UNKNOWN!
2018-12-25T12:37:10.048231835Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.049910967Z	240	PC: 17d85 \| UNKNOWN!
2018-12-25T12:37:10.051856613Z	44	PC: 17c83 \| Get time 0x17c83: cmp cl, 6 0x17c86: jne 0x17cbd 0x17c88: mov ax, 0xb800 0x17c8b: mov es, ax 0x17c8d: mov cx, 0x30 0x17c90: push cx 0x17c91: mov cx, 0x7c0 0x17c94: xor si, si 0x17c96: mov ah, byte ptr es:[si] 0x17c99: cmp ah, 0x77 0x17c9c: jb 0x17cab 0x17c9e: dec ah 0x17ca0: mov byte ptr es:[si], ah 0x17ca3: mov byte ptr es:[si + 1], 0x79 0x17ca8: jmp 0x17cb5 0x17caa: nop 0x17cab: inc ah 0x17cad: mov byte ptr es:[si], ah 0x17cb0: mov byte ptr es:[si + 1], 0x8f 0x17cb5: inc si
2018-12-25T12:37:10.119844165Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:37:10.121665026Z	53	PC: 12bc3 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:10.131626591Z	53	PC: 12bd0 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:10.133571757Z	53	PC: 12bdd \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:10.136681405Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:10.13823096Z	37	PC: 12bfe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:10.141532178Z	74	PC: 12ad9 \| Reallocate memory
2018-12-25T12:37:10.144348148Z	68	PC: 12e88 \| I/O control for devices (Set for = '')
2018-12-25T12:37:10.14721076Z	74	PC: 14605 \| Reallocate memory
2018-12-25T12:37:10.153733027Z	74	PC: 14605 \| Reallocate memory (See above)
2018-12-25T12:37:10.155621806Z	68	PC: 12e88 \| I/O control for devices (See above)
2018-12-25T12:37:10.162153641Z	64	PC: 1524a \| Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:37:10.16916077Z	37	PC: 12c0a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:10.171157101Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:10.172716029Z	37	PC: 12c20 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:10.175067453Z	37	PC: 12c2b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:10.176598079Z	76	PC: 12bb4 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":12972,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:10.281510201Z	42	PC: 17d2e \| Get date 0x17d2e: cmp cx, 0x7cc 0x17d32: jne 0x17d3e 0x17d34: cmp dh, 0xc 0x17d37: ja 0x17d3e 0x17d39: cmp dl, 0xc 0x17d3c: jb 0x17d87 0x17d3e: mov al, 0xff 0x17d40: mov ah, 0xf 0x17d42: xchg al, ah 0x17d44: nop 0x17d45: int 0x21 0x17d47: cmp ax, 0x101 0x17d4a: jne 0x17d50 0x17d4c: call 0x17d8b 0x17d4f: nop 0x17d50: mov ax, 0x3521 0x17d53: nop 0x17d54: int 0x21 0x17d56: cmp word ptr es:[0xa], 0x4254 0x17d5d: jne 0x17d6b
2018-12-25T12:37:10.284403195Z	255	PC: 17d47 \| UNKNOWN!
2018-12-25T12:37:10.285119236Z	53	PC: 17d56 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:10.286277664Z	240	PC: 17d85 \| UNKNOWN!
2018-12-25T12:37:10.287923999Z	44	PC: 17c83 \| Get time 0x17c83: cmp cl, 6 0x17c86: jne 0x17cbd 0x17c88: mov ax, 0xb800 0x17c8b: mov es, ax 0x17c8d: mov cx, 0x30 0x17c90: push cx 0x17c91: mov cx, 0x7c0 0x17c94: xor si, si 0x17c96: mov ah, byte ptr es:[si] 0x17c99: cmp ah, 0x77 0x17c9c: jb 0x17cab 0x17c9e: dec ah 0x17ca0: mov byte ptr es:[si], ah 0x17ca3: mov byte ptr es:[si + 1], 0x79 0x17ca8: jmp 0x17cb5 0x17caa: nop 0x17cab: inc ah 0x17cad: mov byte ptr es:[si], ah 0x17cb0: mov byte ptr es:[si + 1], 0x8f 0x17cb5: inc si
2018-12-25T12:37:10.3434589Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:37:10.344577854Z	53	PC: 12bc3 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:10.346632633Z	53	PC: 12bd0 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:10.348295246Z	53	PC: 12bdd \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:10.350846305Z	53	PC: 12bea \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:10.352959672Z	37	PC: 12bfe \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:10.354326089Z	74	PC: 12ad9 \| Reallocate memory
2018-12-25T12:37:10.356325267Z	68	PC: 12e88 \| I/O control for devices (Set for = '')
2018-12-25T12:37:10.358518113Z	74	PC: 14605 \| Reallocate memory
2018-12-25T12:37:10.362451441Z	74	PC: 14605 \| Reallocate memory (See above)
2018-12-25T12:37:10.364577644Z	68	PC: 12e88 \| I/O control for devices (See above)
2018-12-25T12:37:10.369562089Z	64	PC: 1524a \| Write file or device (Write 22 bytes on handle 1)
2018-12-25T12:37:10.374726462Z	37	PC: 12c0a \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:37:10.375735547Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:37:10.376744058Z	37	PC: 12c20 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:37:10.37877122Z	37	PC: 12c2b \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:37:10.379952197Z	76	PC: 12bb4 \| Terminate with return code (Return code = '1')