Sample viewer

vx.netlux.org/Virus.DOS.Proh.1454

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:48.383036711Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:59:48.38469388Z 37 PC: 12a93 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:59:48.401568176Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:59:48.402844064Z 61 PC: 12aa9 | Open file (Filename = 'ain ... ')
2018-12-17T22:59:48.410420458Z 112 PC: 12ac0 | UNKNOWN!
2018-12-17T22:59:48.412719073Z 88 PC: 12ad0 | case 0xGet or set allocation strateg:
2018-12-17T22:59:48.414422902Z 72 PC: 12ad7 | Allocate memory
2018-12-17T22:59:48.416206633Z 74 PC: 12aef | Reallocate memory
2018-12-17T22:59:48.418415373Z 72 PC: 12ad7 | Allocate memory
2018-12-17T22:59:48.427669111Z 53 PC: 12b0e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:48.429112604Z 37 PC: 12b1e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:48.431619419Z 88 PC: 12b25 | case 0xGet or set allocation strateg:
2018-12-17T22:59:48.433522239Z 47 PC: 9f82e | Get disk transfer address
2018-12-17T22:59:48.435002393Z 26 PC: 9f83b | Set disk transfer address
2018-12-17T22:59:48.436439497Z 78 PC: 9f844 | Find first file
2018-12-17T22:59:48.448104036Z 26 PC: 9f84a | Set disk transfer address
2018-12-17T22:59:48.449489961Z 61 PC: 9f859 | Open file (Filename = 'TBDRVXXX')
2018-12-17T22:59:48.456502602Z 53 PC: 9f8b9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:48.458717963Z 37 PC: 9f8c9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:48.460809721Z 67 PC: 9f8d7 | Get or set file attributes
2018-12-17T22:59:48.792658883Z 61 PC: 9f8e4 | Open file (Filename = 'r���')
2018-12-17T22:59:48.801634734Z 63 PC: 9f8f8 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:59:48.808725404Z 66 PC: 9fa74 | Move file pointer
2018-12-17T22:59:48.810892392Z 63 PC: 9fa7e | Read file or device (Read 7 bytes on handle 5)
2018-12-17T22:59:48.819670029Z 66 PC: 9f9b5 | Move file pointer
2018-12-17T22:59:48.822724204Z 64 PC: 9fb27 | Write file or device (Write 1461 bytes on handle 5)
2018-12-17T22:59:48.835114308Z 66 PC: 9f9c1 | Move file pointer
2018-12-17T22:59:48.838190531Z 64 PC: 9f9cb | Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:59:48.842185796Z 87 PC: 9f9d8 | Get or set file date and time
2018-12-17T22:59:48.843991471Z 67 PC: 9fa4e | Get or set file attributes
2018-12-17T22:59:48.855212086Z 67 PC: 9fa4e | Get or set file attributes
2018-12-17T22:59:48.863101389Z 67 PC: 9fa4e | Get or set file attributes
2018-12-17T22:59:48.870760592Z 67 PC: 9fa4e | Get or set file attributes
2018-12-17T22:59:48.878422738Z 62 PC: 9fa1c | Close file
2018-12-17T22:59:48.886892647Z 67 PC: 9fa2e | Get or set file attributes
2018-12-17T22:59:48.898527214Z 37 PC: 9fa37 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:59:48.899880298Z 67 PC: 12b55 | Get or set file attributes
2018-12-17T22:59:48.907712256Z 42 PC: 12b80 | Get date 0x12b80: cmp dx, 0x91b
0x12b84: jne 0x12bb9
0x12b86: mov ax, 1
0x12b89: int 0x10
0x12b8b: mov ah, 1
0x12b8d: mov cx, 0x6000
0x12b90: int 0x10
0x12b92: mov ax, 0x1300
0x12b95: mov bx, 0x8c
0x12b98: mov cx, 5
0x12b9b: mov dx, 0xc11
0x12b9e: mov bp, 0x1a5
0x12ba1: int 0x10
0x12ba3: mov ah, 1
0x12ba5: int 0x16
0x12ba7: je 0x12ba3
0x12ba9: xor ax, ax
0x12bab: int 0x16
0x12bad: mov ax, 3
0x12bb0: int 0x10
2018-12-17T22:59:48.910505784Z 9 PC: 12a49 | Display string (Could not find end pointer)
2018-12-17T22:59:48.915279002Z 76 PC: 12a4e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13334,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:06.013169204Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:38:06.015230875Z 37 PC: 12a93 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:38:06.025191589Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:38:06.026530324Z 61 PC: 12aa9 | Open file (Filename = 'ain ... ')
2018-12-25T12:38:06.03065139Z 112 PC: 12ac0 | UNKNOWN!
2018-12-25T12:38:06.03190634Z 88 PC: 12ad0 | case 0xGet or set allocation strateg:
2018-12-25T12:38:06.033040079Z 72 PC: 12ad7 | Allocate memory
2018-12-25T12:38:06.034327339Z 74 PC: 12aef | Reallocate memory
2018-12-25T12:38:06.036552639Z 72 PC: 12ad7 | Allocate memory (See above)
2018-12-25T12:38:06.037744571Z 53 PC: 12b0e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:06.038742142Z 37 PC: 12b1e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:06.045963486Z 88 PC: 12b25 | case 0xGet or set allocation strateg:
2018-12-25T12:38:06.047515384Z 47 PC: 9f82e | Get disk transfer address
2018-12-25T12:38:06.048630818Z 26 PC: 9f83b | Set disk transfer address
2018-12-25T12:38:06.050606023Z 78 PC: 9f844 | Find first file
2018-12-25T12:38:06.060458226Z 26 PC: 9f84a | Set disk transfer address
2018-12-25T12:38:06.061894716Z 61 PC: 9f859 | Open file (Filename = 'TBDRVXXX')
2018-12-25T12:38:06.069554648Z 53 PC: 9f8b9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.071533634Z 37 PC: 9f8c9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.072615935Z 67 PC: 9f8d7 | Get or set file attributes
2018-12-25T12:38:06.74154428Z 61 PC: 9f8e4 | Open file (Filename = 'r���')
2018-12-25T12:38:06.756102947Z 63 PC: 9f8f8 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:38:06.762524237Z 66 PC: 9fa74 | Move file pointer
2018-12-25T12:38:06.763967584Z 63 PC: 9fa7e | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:38:06.771699748Z 66 PC: 9f9b5 | Move file pointer
2018-12-25T12:38:06.774127655Z 64 PC: 9fb27 | Write file or device (Write 1461 bytes on handle 5)
2018-12-25T12:38:06.784106068Z 66 PC: 9f9c1 | Move file pointer
2018-12-25T12:38:06.786991515Z 64 PC: 9f9cb | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:38:06.790193489Z 87 PC: 9f9d8 | Get or set file date and time
2018-12-25T12:38:06.79219613Z 67 PC: 9fa4e | Get or set file attributes
2018-12-25T12:38:06.803930198Z 67 PC: 9fa4e | Get or set file attributes (See above)
2018-12-25T12:38:06.810436415Z 67 PC: 9fa4e | Get or set file attributes (See above)
2018-12-25T12:38:06.817046756Z 67 PC: 9fa4e | Get or set file attributes (See above)
2018-12-25T12:38:06.824494204Z 62 PC: 9fa1c | Close file
2018-12-25T12:38:06.83138145Z 67 PC: 9fa2e | Get or set file attributes
2018-12-25T12:38:06.841031059Z 37 PC: 9fa37 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.843135979Z 67 PC: 12b55 | Get or set file attributes
2018-12-25T12:38:06.849514654Z 42 PC: 12b80 | Get date 0x12b80: cmp dx, 0x91b
0x12b84: jne 0x12bb9
0x12b86: mov ax, 1
0x12b89: int 0x10
0x12b8b: mov ah, 1
0x12b8d: mov cx, 0x6000
0x12b90: int 0x10
0x12b92: mov ax, 0x1300
0x12b95: mov bx, 0x8c
0x12b98: mov cx, 5
0x12b9b: mov dx, 0xc11
0x12b9e: mov bp, 0x1a5
0x12ba1: int 0x10
0x12ba3: mov ah, 1
0x12ba5: int 0x16
0x12ba7: je 0x12ba3
0x12ba9: xor ax, ax
0x12bab: int 0x16
0x12bad: mov ax, 3
0x12bb0: int 0x10
2018-12-25T12:38:06.85209815Z 9 PC: 12a49 | Display string (Could not find end pointer)
2018-12-25T12:38:06.856890504Z 76 PC: 12a4e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":27,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13334,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:06.018306739Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:38:06.020352517Z 37 PC: 12a93 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:38:06.021897209Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:38:06.023237281Z 61 PC: 12aa9 | Open file (Filename = 'ain ... ')
2018-12-25T12:38:06.030156607Z 112 PC: 12ac0 | UNKNOWN!
2018-12-25T12:38:06.031150938Z 88 PC: 12ad0 | case 0xGet or set allocation strateg:
2018-12-25T12:38:06.032782771Z 72 PC: 12ad7 | Allocate memory
2018-12-25T12:38:06.036016232Z 74 PC: 12aef | Reallocate memory
2018-12-25T12:38:06.037631781Z 72 PC: 12ad7 | Allocate memory (See above)
2018-12-25T12:38:06.039406989Z 53 PC: 12b0e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:06.041061589Z 37 PC: 12b1e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:06.054656866Z 88 PC: 12b25 | case 0xGet or set allocation strateg:
2018-12-25T12:38:06.057402815Z 47 PC: 9f82e | Get disk transfer address
2018-12-25T12:38:06.058956046Z 26 PC: 9f83b | Set disk transfer address
2018-12-25T12:38:06.060627712Z 78 PC: 9f844 | Find first file
2018-12-25T12:38:06.071763593Z 26 PC: 9f84a | Set disk transfer address
2018-12-25T12:38:06.073266939Z 61 PC: 9f859 | Open file (Filename = 'TBDRVXXX')
2018-12-25T12:38:06.080447585Z 53 PC: 9f8b9 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.081895104Z 37 PC: 9f8c9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.083071092Z 67 PC: 9f8d7 | Get or set file attributes
2018-12-25T12:38:06.746911765Z 61 PC: 9f8e4 | Open file (Filename = 'r���')
2018-12-25T12:38:06.759584632Z 63 PC: 9f8f8 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:38:06.765502496Z 66 PC: 9fa74 | Move file pointer
2018-12-25T12:38:06.76746174Z 63 PC: 9fa7e | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:38:06.773932627Z 66 PC: 9f9b5 | Move file pointer
2018-12-25T12:38:06.776987564Z 64 PC: 9fb27 | Write file or device (Write 1461 bytes on handle 5)
2018-12-25T12:38:06.788335374Z 66 PC: 9f9c1 | Move file pointer
2018-12-25T12:38:06.789725299Z 64 PC: 9f9cb | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:38:06.792485402Z 87 PC: 9f9d8 | Get or set file date and time
2018-12-25T12:38:06.794624999Z 67 PC: 9fa4e | Get or set file attributes
2018-12-25T12:38:06.804184453Z 67 PC: 9fa4e | Get or set file attributes (See above)
2018-12-25T12:38:06.810346005Z 67 PC: 9fa4e | Get or set file attributes (See above)
2018-12-25T12:38:06.816815738Z 67 PC: 9fa4e | Get or set file attributes (See above)
2018-12-25T12:38:06.82314124Z 62 PC: 9fa1c | Close file
2018-12-25T12:38:06.829916376Z 67 PC: 9fa2e | Get or set file attributes
2018-12-25T12:38:06.839918992Z 37 PC: 9fa37 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:06.841934113Z 67 PC: 12b55 | Get or set file attributes
2018-12-25T12:38:06.847753789Z 42 PC: 12b80 | Get date 0x12b80: cmp dx, 0x91b
0x12b84: jne 0x12bb9
0x12b86: mov ax, 1
0x12b89: int 0x10
0x12b8b: mov ah, 1
0x12b8d: mov cx, 0x6000
0x12b90: int 0x10
0x12b92: mov ax, 0x1300
0x12b95: mov bx, 0x8c
0x12b98: mov cx, 5
0x12b9b: mov dx, 0xc11
0x12b9e: mov bp, 0x1a5
0x12ba1: int 0x10
0x12ba3: mov ah, 1
0x12ba5: int 0x16
0x12ba7: je 0x12ba3
0x12ba9: xor ax, ax
0x12bab: int 0x16
0x12bad: mov ax, 3
0x12bb0: int 0x10