Sample viewer

vx.netlux.org/Virus.DOS.Dutch_Tiny.Kennedy.333.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:53.446073232Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x606
0x12a63: je 0x12a8d
0x12a65: cmp dx, 0xb12
0x12a69: je 0x12a8d
0x12a6b: cmp dx, 0xb16
0x12a6f: je 0x12a8d
0x12a71: lea dx, word ptr [si + 0x20d]
0x12a75: xor cx, cx
0x12a77: mov ah, 0x4e
0x12a79: int 0x21
0x12a7b: jb 0x12a86
0x12a7d: call 0x12a97
0x12a80: jb 0x12a86
0x12a82: mov ah, 0x4f
0x12a84: jmp 0x12a79
0x12a86: mov ax, bp
0x12a88: add ax, 0x103
0x12a8b: jmp ax
0x12a8d: lea dx, word ptr [si + 0x220]
0x12a91: mov ah, 9
2018-12-17T23:00:53.449374315Z 78 PC: 12a7b | Find first file
2018-12-17T23:00:53.455600439Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.461356248Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.476772198Z 61 PC: 12aaf | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:00:53.483112226Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:00:53.489328694Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.495127347Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.49829091Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.503758482Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.513569228Z 61 PC: 12aaf | Open file (Filename = 'PRINT.COM')
2018-12-17T23:00:53.522351166Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 6)
2018-12-17T23:00:53.528848303Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.534058471Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.53834507Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.544024637Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.553995718Z 61 PC: 12aaf | Open file (Filename = 'HELLO.COM')
2018-12-17T23:00:53.562149368Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 7)
2018-12-17T23:00:53.56889745Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.592060216Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.599585937Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.60622822Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.618267606Z 61 PC: 12aaf | Open file (Filename = 'PHANG.COM')
2018-12-17T23:00:53.626104615Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 8)
2018-12-17T23:00:53.633581059Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.638093044Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.642251975Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.64985311Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.661218987Z 61 PC: 12aaf | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:00:53.669080379Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 9)
2018-12-17T23:00:53.676993966Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.681704901Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.684401335Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.691773176Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.702223336Z 61 PC: 12aaf | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:00:53.709745215Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 10)
2018-12-17T23:00:53.717694154Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.723974097Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.726790933Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.733360874Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.743567288Z 61 PC: 12aaf | Open file (Filename = 'PAH.COM')
2018-12-17T23:00:53.750314293Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 11)
2018-12-17T23:00:53.756996756Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.768561459Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.775789123Z 67 PC: 12a9f | Get or set file attributes
2018-12-17T23:00:53.781668319Z 67 PC: 12aaa | Get or set file attributes
2018-12-17T23:00:53.792759198Z 61 PC: 12aaf | Open file (Filename = 'TEST.COM')
2018-12-17T23:00:53.79973398Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 12)
2018-12-17T23:00:53.806370842Z 66 PC: 12ad6 | Move file pointer
2018-12-17T23:00:53.808998817Z 63 PC: 12adf | Read file or device (Read 2 bytes on handle 12)
2018-12-17T23:00:53.812295698Z 67 PC: 12b4d | Get or set file attributes
2018-12-17T23:00:53.818347154Z 79 PC: 12a7b | Find next file
2018-12-17T23:00:53.834419363Z 90 PC: 170a3 | Create unique file
2018-12-17T23:00:53.846607345Z 62 PC: 170ad | Close file
2018-12-17T23:00:53.848803903Z 90 PC: 170b4 | Create unique file
2018-12-17T23:00:53.860745616Z 89 PC: 16f9c | Get extended error info
2018-12-17T23:00:53.863474174Z 65 PC: 1700d | Delete file (Filename = '!')
2018-12-17T23:00:53.86551028Z 65 PC: 17014 | Delete file (Filename = '6Q"��!�O"=��u�}=')
2018-12-17T23:00:53.868505693Z 64 PC: 19838 | Write file or device (Write 3 bytes on handle 2)
2018-12-17T23:00:53.871324691Z 64 PC: 19838 | Write file or device (Write 2 bytes on handle 2)
2018-12-17T23:00:53.873273279Z 100 PC: 19d8b | Set wait for external event flag
2018-12-17T23:00:53.874313751Z 46 PC: 13d69 | Set verify flag

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:46.631962148Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x606
0x12a63: je 0x12a8d
0x12a65: cmp dx, 0xb12
0x12a69: je 0x12a8d
0x12a6b: cmp dx, 0xb16
0x12a6f: je 0x12a8d
0x12a71: lea dx, word ptr [si + 0x20d]
0x12a75: xor cx, cx
0x12a77: mov ah, 0x4e
0x12a79: int 0x21
0x12a7b: jb 0x12a86
0x12a7d: call 0x12a97
0x12a80: jb 0x12a86
0x12a82: mov ah, 0x4f
0x12a84: jmp 0x12a79
0x12a86: mov ax, bp
0x12a88: add ax, 0x103
0x12a8b: jmp ax
0x12a8d: lea dx, word ptr [si + 0x220]
0x12a91: mov ah, 9
2018-12-25T12:38:46.635130205Z 78 PC: 12a7b | Find first file
2018-12-25T12:38:46.641321101Z 67 PC: 12a9f | Get or set file attributes
2018-12-25T12:38:46.646851101Z 67 PC: 12aaa | Get or set file attributes
2018-12-25T12:38:46.667078646Z 61 PC: 12aaf | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:38:46.673664782Z 63 PC: 12abe | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:38:46.679999226Z 67 PC: 12b4d | Get or set file attributes
2018-12-25T12:38:46.68690012Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:38:46.689693948Z 67 PC: 12a9f | Get or set file attributes (See above)
2018-12-25T12:38:46.695185368Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:38:46.702985944Z 61 PC: 12aaf | Open file (See above)
2018-12-25T12:38:46.710348885Z 63 PC: 12abe | Read file or device (See above)
2018-12-25T12:38:46.71452555Z 67 PC: 12b4d | Get or set file attributes (See above)
2018-12-25T12:38:46.720075365Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:38:46.725003961Z 67 PC: 12a9f | Get or set file attributes (See above)
2018-12-25T12:38:46.728479582Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:38:46.734617003Z 61 PC: 12aaf | Open file (See above)
2018-12-25T12:38:46.739657261Z 63 PC: 12abe | Read file or device (See above)
2018-12-25T12:38:46.743664807Z 67 PC: 12b4d | Get or set file attributes (See above)
2018-12-25T12:38:46.746428149Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:38:46.748719995Z 67 PC: 12a9f | Get or set file attributes (See above)
2018-12-25T12:38:46.757385341Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:38:46.768619751Z 61 PC: 12aaf | Open file (See above)
2018-12-25T12:38:46.779901719Z 63 PC: 12abe | Read file or device (See above)
2018-12-25T12:38:46.786050156Z 67 PC: 12b4d | Get or set file attributes (See above)
2018-12-25T12:38:46.790712534Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:38:46.794004974Z 67 PC: 12a9f | Get or set file attributes (See above)
2018-12-25T12:38:46.799189963Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:38:46.808286931Z 61 PC: 12aaf | Open file (See above)
2018-12-25T12:38:46.814944934Z 63 PC: 12abe | Read file or device (See above)
2018-12-25T12:38:46.820371216Z 67 PC: 12b4d | Get or set file attributes (See above)
2018-12-25T12:38:46.82332024Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:38:46.826371999Z 67 PC: 12a9f | Get or set file attributes (See above)
2018-12-25T12:38:46.83009429Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:38:46.836211078Z 61 PC: 12aaf | Open file (See above)
2018-12-25T12:38:46.843397353Z 63 PC: 12abe | Read file or device (See above)
2018-12-25T12:38:46.847995095Z 67 PC: 12b4d | Get or set file attributes (See above)
2018-12-25T12:38:46.854975057Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:38:46.856656709Z 67 PC: 12a9f | Get or set file attributes (See above)
2018-12-25T12:38:46.860557788Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:38:46.866824433Z 61 PC: 12aaf | Open file (See above)
2018-12-25T12:38:46.872538512Z 63 PC: 12abe | Read file or device (See above)
2018-12-25T12:38:46.879531892Z 67 PC: 12b4d | Get or set file attributes (See above)
2018-12-25T12:38:46.883948048Z 79 PC: 12a7b | Find next file (See above)
2018-12-25T12:38:46.886680325Z 67 PC: 12a9f | Get or set file attributes (See above)
2018-12-25T12:38:46.897380688Z 67 PC: 12aaa | Get or set file attributes (See above)
2018-12-25T12:38:46.904866839Z 61 PC: 12aaf | Open file (See above)
2018-12-25T12:38:46.912903026Z 63 PC: 12abe | Read file or device (See above)
2018-12-25T12:38:46.918594808Z 66 PC: 12ad6 | Move file pointer
2018-12-25T12:38:46.920034966Z 63 PC: 12adf | Read file or device (Read 2 bytes on handle 12)
2018-12-25T12:38:46.92239604Z 67 PC: 12b4d | Get or set file attributes (See above)
2018-12-25T12:38:46.928432364Z 79 PC: 12a7b | Find next file (See above)

{"DateBased":true,"Day":6,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:47.019183338Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x606
0x12a63: je 0x12a8d
0x12a65: cmp dx, 0xb12
0x12a69: je 0x12a8d
0x12a6b: cmp dx, 0xb16
0x12a6f: je 0x12a8d
0x12a71: lea dx, word ptr [si + 0x20d]
0x12a75: xor cx, cx
0x12a77: mov ah, 0x4e
0x12a79: int 0x21
0x12a7b: jb 0x12a86
0x12a7d: call 0x12a97
0x12a80: jb 0x12a86
0x12a82: mov ah, 0x4f
0x12a84: jmp 0x12a79
0x12a86: mov ax, bp
0x12a88: add ax, 0x103
0x12a8b: jmp ax
0x12a8d: lea dx, word ptr [si + 0x220]
0x12a91: mov ah, 9
2018-12-25T12:38:47.021409375Z 9 PC: 12a95 | Display string (String= 'Kennedy er d�d - l�nge leve "The Dead Kennedys" ')

{"DateBased":true,"Day":18,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:23.765844883Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x606
0x12a63: je 0x12a8d
0x12a65: cmp dx, 0xb12
0x12a69: je 0x12a8d
0x12a6b: cmp dx, 0xb16
0x12a6f: je 0x12a8d
0x12a71: lea dx, word ptr [si + 0x20d]
0x12a75: xor cx, cx
0x12a77: mov ah, 0x4e
0x12a79: int 0x21
0x12a7b: jb 0x12a86
0x12a7d: call 0x12a97
0x12a80: jb 0x12a86
0x12a82: mov ah, 0x4f
0x12a84: jmp 0x12a79
0x12a86: mov ax, bp
0x12a88: add ax, 0x103
0x12a8b: jmp ax
0x12a8d: lea dx, word ptr [si + 0x220]
0x12a91: mov ah, 9
2018-12-25T13:07:23.769742882Z 9 PC: 12a95 | Display string (String= 'Kennedy er d�d - l�nge leve "The Dead Kennedys" ')

{"DateBased":true,"Day":22,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13688,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:47.232472605Z 42 PC: 12a5f | Get date 0x12a5f: cmp dx, 0x606
0x12a63: je 0x12a8d
0x12a65: cmp dx, 0xb12
0x12a69: je 0x12a8d
0x12a6b: cmp dx, 0xb16
0x12a6f: je 0x12a8d
0x12a71: lea dx, word ptr [si + 0x20d]
0x12a75: xor cx, cx
0x12a77: mov ah, 0x4e
0x12a79: int 0x21
0x12a7b: jb 0x12a86
0x12a7d: call 0x12a97
0x12a80: jb 0x12a86
0x12a82: mov ah, 0x4f
0x12a84: jmp 0x12a79
0x12a86: mov ax, bp
0x12a88: add ax, 0x103
0x12a8b: jmp ax
0x12a8d: lea dx, word ptr [si + 0x220]
0x12a91: mov ah, 9
2018-12-25T12:38:47.235695719Z 9 PC: 12a95 | Display string (String= 'Kennedy er d�d - l�nge leve "The Dead Kennedys" ')
2018-12-25T12:38:47.273652528Z 61 PC: 16f07 | Open file (Filename = '�J�!X��!Z')
2018-12-25T12:38:47.278432304Z 60 PC: 16f6d | Create or truncate file
2018-12-25T12:38:47.284472544Z 89 PC: 16f9c | Get extended error info
2018-12-25T12:38:47.287225343Z 64 PC: 19838 | Write file or device (Write 255 bytes on handle 2)
2018-12-25T12:38:47.296580415Z 64 PC: 19838 | Write file or device (See above)
2018-12-25T12:38:47.301706933Z 100 PC: 19d8b | Set wait for external event flag
2018-12-25T12:38:47.30281626Z 46 PC: 13d69 | Set verify flag