Sample viewer

vx.netlux.org/Virus.DOS.BackFormat.1855

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T01:31:00.88701169Z	61	PC: 18cc8 \| Open file (Filename = 'W2АПXXє ґ Н!йєы.Ж<')
2018-12-25T01:31:00.893202869Z	63	PC: 18cda \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T01:31:00.895590113Z	66	PC: 18cfe \| Move file pointer
2018-12-25T01:31:00.897629554Z	63	PC: 18d0d \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T01:31:00.902727137Z	87	PC: 18d3b \| Get or set file date and time
2018-12-25T01:31:00.904403148Z	66	PC: 18d4c \| Move file pointer
2018-12-25T01:31:00.906242272Z	66	PC: 18d6f \| Move file pointer
2018-12-25T01:31:00.908192315Z	98	PC: 18d75 \| Get current PSP
2018-12-25T01:31:00.909336154Z	48	PC: 18d8b \| Get DOS version
2018-12-25T01:31:00.910690824Z	82	PC: 18da2 \| Get DOS internal pointers (SYSVARS)
2018-12-25T01:31:00.91256908Z	64	PC: 18dda \| Write file or device (Write 1855 bytes on handle 5)
2018-12-25T01:31:00.918787795Z	66	PC: 18de6 \| Move file pointer
2018-12-25T01:31:00.920446098Z	64	PC: 18df0 \| Write file or device (Write 32 bytes on handle 5)
2018-12-25T01:31:00.923400448Z	87	PC: 18dfd \| Get or set file date and time
2018-12-25T01:31:00.925863599Z	62	PC: 18e11 \| Close file
2018-12-25T01:31:00.931721152Z	42	PC: 12c65 \| Get date 0x12c65: cmp dh, 6 0x12c68: ja 0x12c70 0x12c6a: mov byte ptr cs:[0x7fc], 0xeb 0x12c70: inc word ptr cs:[0x81d] 0x12c75: push cs 0x12c76: pop es 0x12c77: mov bx, 0xa0 0x12c7a: mov ah, 0x4a 0x12c7c: int 0x21 0x12c7e: mov ah, 0x52 0x12c80: int 0x21 0x12c82: mov ax, word ptr es:[bx - 2] 0x12c86: mov ds, ax 0x12c88: add ax, word ptr [3] 0x12c8c: inc ax 0x12c8d: mov dx, cs 0x12c8f: dec dx 0x12c90: cmp ax, dx 0x12c92: jne 0x12c9a 0x12c94: add word ptr [3], 0xa1
2018-12-25T01:31:00.934065537Z	74	PC: 12c7e \| Reallocate memory
2018-12-25T01:31:00.935718476Z	82	PC: 12c82 \| Get DOS internal pointers (SYSVARS)
2018-12-25T01:31:00.937735029Z	73	PC: 12cae \| Release memory
2018-12-25T01:31:00.939690061Z	75	PC: 12d11 \| Execute program
2018-12-25T01:31:00.953821098Z	37	PC: 1346f \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-25T01:31:00.961031602Z	9	PC: 134ca \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1337,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:24.643391733Z	61	PC: 18cc8 \| Open file (Filename = 'W2АПXXє ґ Н!йєы.Ж<')
2018-12-25T11:43:24.651095527Z	63	PC: 18cda \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:24.654083352Z	66	PC: 18cfe \| Move file pointer
2018-12-25T11:43:24.655633221Z	63	PC: 18d0d \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:24.662712206Z	87	PC: 18d3b \| Get or set file date and time
2018-12-25T11:43:24.664682046Z	66	PC: 18d4c \| Move file pointer
2018-12-25T11:43:24.666623545Z	66	PC: 18d6f \| Move file pointer
2018-12-25T11:43:24.668720353Z	98	PC: 18d75 \| Get current PSP
2018-12-25T11:43:24.670619093Z	48	PC: 18d8b \| Get DOS version
2018-12-25T11:43:24.672066247Z	82	PC: 18da2 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:24.673708485Z	64	PC: 18dda \| Write file or device (Write 1855 bytes on handle 5)
2018-12-25T11:43:25.01053447Z	66	PC: 18de6 \| Move file pointer
2018-12-25T11:43:25.012585638Z	64	PC: 18df0 \| Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:25.016063265Z	87	PC: 18dfd \| Get or set file date and time
2018-12-25T11:43:25.018861414Z	62	PC: 18e11 \| Close file
2018-12-25T11:43:25.027015522Z	42	PC: 12c65 \| Get date 0x12c65: cmp dh, 6 0x12c68: ja 0x12c70 0x12c6a: mov byte ptr cs:[0x7fc], 0xeb 0x12c70: inc word ptr cs:[0x81d] 0x12c75: push cs 0x12c76: pop es 0x12c77: mov bx, 0xa0 0x12c7a: mov ah, 0x4a 0x12c7c: int 0x21 0x12c7e: mov ah, 0x52 0x12c80: int 0x21 0x12c82: mov ax, word ptr es:[bx - 2] 0x12c86: mov ds, ax 0x12c88: add ax, word ptr [3] 0x12c8c: inc ax 0x12c8d: mov dx, cs 0x12c8f: dec dx 0x12c90: cmp ax, dx 0x12c92: jne 0x12c9a 0x12c94: add word ptr [3], 0xa1
2018-12-25T11:43:25.029521117Z	74	PC: 12c7e \| Reallocate memory
2018-12-25T11:43:25.031762995Z	82	PC: 12c82 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:25.033093281Z	73	PC: 12cae \| Release memory
2018-12-25T11:43:25.034594794Z	75	PC: 12d11 \| Execute program
2018-12-25T11:43:25.054871537Z	37	PC: 1346f \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-25T11:43:25.064510259Z	9	PC: 134ca \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1337,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:24.762785694Z	61	PC: 18cc8 \| Open file (Filename = 'W2АПXXє ґ Н!йєы.Ж<')
2018-12-25T11:43:24.77062968Z	63	PC: 18cda \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:24.773161289Z	66	PC: 18cfe \| Move file pointer
2018-12-25T11:43:24.774431879Z	63	PC: 18d0d \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:43:24.781031823Z	87	PC: 18d3b \| Get or set file date and time
2018-12-25T11:43:24.783106749Z	66	PC: 18d4c \| Move file pointer
2018-12-25T11:43:24.785083294Z	66	PC: 18d6f \| Move file pointer
2018-12-25T11:43:24.788316936Z	98	PC: 18d75 \| Get current PSP
2018-12-25T11:43:24.789950309Z	48	PC: 18d8b \| Get DOS version
2018-12-25T11:43:24.791969867Z	82	PC: 18da2 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:24.801494849Z	64	PC: 18dda \| Write file or device (Write 1855 bytes on handle 5)
2018-12-25T11:43:25.42764128Z	66	PC: 18de6 \| Move file pointer
2018-12-25T11:43:25.429464707Z	64	PC: 18df0 \| Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:43:25.433333503Z	87	PC: 18dfd \| Get or set file date and time
2018-12-25T11:43:25.434829332Z	62	PC: 18e11 \| Close file
2018-12-25T11:43:25.442165851Z	42	PC: 12c65 \| Get date 0x12c65: cmp dh, 6 0x12c68: ja 0x12c70 0x12c6a: mov byte ptr cs:[0x7fc], 0xeb 0x12c70: inc word ptr cs:[0x81d] 0x12c75: push cs 0x12c76: pop es 0x12c77: mov bx, 0xa0 0x12c7a: mov ah, 0x4a 0x12c7c: int 0x21 0x12c7e: mov ah, 0x52 0x12c80: int 0x21 0x12c82: mov ax, word ptr es:[bx - 2] 0x12c86: mov ds, ax 0x12c88: add ax, word ptr [3] 0x12c8c: inc ax 0x12c8d: mov dx, cs 0x12c8f: dec dx 0x12c90: cmp ax, dx 0x12c92: jne 0x12c9a 0x12c94: add word ptr [3], 0xa1
2018-12-25T11:43:25.444795235Z	74	PC: 12c7e \| Reallocate memory
2018-12-25T11:43:25.447534886Z	82	PC: 12c82 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:43:25.449448655Z	73	PC: 12cae \| Release memory
2018-12-25T11:43:25.451520482Z	75	PC: 12d11 \| Execute program
2018-12-25T11:43:25.465951468Z	37	PC: 1346f \| Set interrupt vector (Interrupt = '97' AKA 'Reserved')
2018-12-25T11:43:25.471354067Z	9	PC: 134ca \| Display string (Could not find end pointer)