Sample viewer

vx.netlux.org/Virus.DOS.Teraz.4004

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:40.76149133Z	255	PC: 12bdf \| UNKNOWN!
2018-12-17T22:01:40.763520562Z	42	PC: 12bfe \| Get date 0x12bfe: cmp dl, 7 0x12c01: je 0x12c08 0x12c03: cmp dl, 0x17 0x12c06: jne 0x12c21 0x12c08: mov byte ptr cs:[0xdac], 1 0x12c0e: nop 0x12c0f: cmp cx, 0x7ca 0x12c13: jne 0x12c21 0x12c15: cmp dh, 7 0x12c18: jae 0x12c21 0x12c1a: mov byte ptr cs:[0xdad], 0 0x12c20: nop 0x12c21: call 0x13b57 0x12c24: call 0x13b2b 0x12c27: push cs 0x12c28: pop ds 0x12c29: cmp byte ptr [0xa8], 1 0x12c2e: je 0x12c55 0x12c30: pop es 0x12c31: pop ds
2018-12-17T22:01:40.766081676Z	82	PC: 13055 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:01:40.770020616Z	255	PC: 9f0ce \| UNKNOWN!
2018-12-17T22:01:40.773495079Z	81	PC: 9f4d4 \| Get current PSP
2018-12-17T22:01:40.776197848Z	73	PC: 9f4d4 \| Release memory
2018-12-17T22:01:40.779023083Z	9	PC: 9f4d4 \| Display string (Could not find end pointer)
2018-12-17T22:01:40.794939383Z	53	PC: 9f4d4 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:01:40.797738012Z	37	PC: 9f4d4 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:01:40.80051802Z	49	PC: 9f4d4 \| Terminate and stay resident (Return code = '0' \| Memory size = '12')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1302,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:22.167441229Z	255	PC: 12bdf \| UNKNOWN!
2018-12-25T11:43:22.169568841Z	42	PC: 12bfe \| Get date 0x12bfe: cmp dl, 7 0x12c01: je 0x12c08 0x12c03: cmp dl, 0x17 0x12c06: jne 0x12c21 0x12c08: mov byte ptr cs:[0xdac], 1 0x12c0e: nop 0x12c0f: cmp cx, 0x7ca 0x12c13: jne 0x12c21 0x12c15: cmp dh, 7 0x12c18: jae 0x12c21 0x12c1a: mov byte ptr cs:[0xdad], 0 0x12c20: nop 0x12c21: call 0x13b57 0x12c24: call 0x13b2b 0x12c27: push cs 0x12c28: pop ds 0x12c29: cmp byte ptr [0xa8], 1 0x12c2e: je 0x12c55 0x12c30: pop es 0x12c31: pop ds
2018-12-25T11:43:22.172201775Z	82	PC: 13055 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:22.176311035Z	255	PC: 9f0ce \| UNKNOWN!
2018-12-25T11:43:22.17916965Z	81	PC: 9f4d4 \| Get current PSP
2018-12-25T11:43:22.182486371Z	73	PC: 9f4d4 \| Release memory (See above)
2018-12-25T11:43:22.185520456Z	9	PC: 9f4d4 \| Display string (See above)
2018-12-25T11:43:22.195578728Z	53	PC: 9f4d4 \| Get interrupt vector (See above)
2018-12-25T11:43:22.200590325Z	37	PC: 9f4d4 \| Set interrupt vector (See above)
2018-12-25T11:43:22.203979188Z	49	PC: 9f4d4 \| Terminate and stay resident (See above)

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1302,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:22.258989018Z	255	PC: 12bdf \| UNKNOWN!
2018-12-25T11:43:22.260198898Z	42	PC: 12bfe \| Get date 0x12bfe: cmp dl, 7 0x12c01: je 0x12c08 0x12c03: cmp dl, 0x17 0x12c06: jne 0x12c21 0x12c08: mov byte ptr cs:[0xdac], 1 0x12c0e: nop 0x12c0f: cmp cx, 0x7ca 0x12c13: jne 0x12c21 0x12c15: cmp dh, 7 0x12c18: jae 0x12c21 0x12c1a: mov byte ptr cs:[0xdad], 0 0x12c20: nop 0x12c21: call 0x13b57 0x12c24: call 0x13b2b 0x12c27: push cs 0x12c28: pop ds 0x12c29: cmp byte ptr [0xa8], 1 0x12c2e: je 0x12c55 0x12c30: pop es 0x12c31: pop ds
2018-12-25T11:43:22.263139763Z	82	PC: 13055 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:22.267779288Z	255	PC: 9f0ce \| UNKNOWN!
2018-12-25T11:43:22.270992656Z	81	PC: 9f4d4 \| Get current PSP
2018-12-25T11:43:22.274780077Z	73	PC: 9f4d4 \| Release memory (See above)
2018-12-25T11:43:22.286678105Z	9	PC: 9f4d4 \| Display string (See above)
2018-12-25T11:43:22.296804733Z	53	PC: 9f4d4 \| Get interrupt vector (See above)
2018-12-25T11:43:22.303010936Z	37	PC: 9f4d4 \| Set interrupt vector (See above)
2018-12-25T11:43:22.3065717Z	49	PC: 9f4d4 \| Terminate and stay resident (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1302,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:22.49296217Z	255	PC: 12bdf \| UNKNOWN!
2018-12-25T11:43:22.49412358Z	42	PC: 12bfe \| Get date 0x12bfe: cmp dl, 7 0x12c01: je 0x12c08 0x12c03: cmp dl, 0x17 0x12c06: jne 0x12c21 0x12c08: mov byte ptr cs:[0xdac], 1 0x12c0e: nop 0x12c0f: cmp cx, 0x7ca 0x12c13: jne 0x12c21 0x12c15: cmp dh, 7 0x12c18: jae 0x12c21 0x12c1a: mov byte ptr cs:[0xdad], 0 0x12c20: nop 0x12c21: call 0x13b57 0x12c24: call 0x13b2b 0x12c27: push cs 0x12c28: pop ds 0x12c29: cmp byte ptr [0xa8], 1 0x12c2e: je 0x12c55 0x12c30: pop es 0x12c31: pop ds
2018-12-25T11:43:22.496637385Z	82	PC: 13055 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:22.501029801Z	255	PC: 9f0ce \| UNKNOWN!
2018-12-25T11:43:22.504051685Z	81	PC: 9f4d4 \| Get current PSP
2018-12-25T11:43:22.506665771Z	73	PC: 9f4d4 \| Release memory (See above)
2018-12-25T11:43:22.509327724Z	9	PC: 9f4d4 \| Display string (See above)
2018-12-25T11:43:22.51826928Z	53	PC: 9f4d4 \| Get interrupt vector (See above)
2018-12-25T11:43:22.521530845Z	37	PC: 9f4d4 \| Set interrupt vector (See above)
2018-12-25T11:43:22.524292128Z	49	PC: 9f4d4 \| Terminate and stay resident (See above)