Sample viewer

vx.netlux.org/Virus.DOS.Corrupted.IronMaiden

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:54.533444414Z	26	PC: 12abe \| Set disk transfer address
2018-12-17T23:00:54.535276422Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:54.538165706Z	37	PC: 12ad7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:54.539596558Z	25	PC: 12af5 \| Get default drive
2018-12-17T23:00:54.540909095Z	78	PC: 12b12 \| Find first file
2018-12-17T23:00:54.546876476Z	14	PC: 12c5b \| Set default drive (Drive = 'C')
2018-12-17T23:00:54.548693467Z	78	PC: 12b12 \| Find first file
2018-12-17T23:00:54.553841571Z	14	PC: 12c70 \| Set default drive (Drive = 'A')
2018-12-17T23:00:54.556095581Z	42	PC: 12c75 \| Get date 0x12c75: cmp cx, 0x7c6 0x12c79: jl 0x12cb1 0x12c7b: cmp cx, 0x7d0 0x12c7f: je 0x12cb1 0x12c81: cmp dh, 8 0x12c84: jl 0x12cb1 0x12c86: cmp dl, 0x10 0x12c89: jl 0x12cb1 0x12c8b: cmp al, 4 0x12c8d: jne 0x12cb1 0x12c8f: mov ah, 0x2c 0x12c91: int 0x21 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf
2018-12-17T23:00:54.559123825Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:54.560658832Z	26	PC: 12cd9 \| Set disk transfer address
2018-12-17T23:00:54.562658257Z	9	PC: 12aa3 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":8,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:48.429182027Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:38:48.430852171Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.43539862Z	37	PC: 12ad7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.437076488Z	25	PC: 12af5 \| Get default drive
2018-12-25T12:38:48.439141006Z	78	PC: 12b12 \| Find first file
2018-12-25T12:38:48.446854656Z	14	PC: 12c5b \| Set default drive (Drive = 'C')
2018-12-25T12:38:48.44812758Z	78	PC: 12b12 \| Find first file (See above)
2018-12-25T12:38:48.466604091Z	14	PC: 12c70 \| Set default drive (Drive = 'A')
2018-12-25T12:38:48.467798935Z	42	PC: 12c75 \| Get date 0x12c75: cmp cx, 0x7c6 0x12c79: jl 0x12cb1 0x12c7b: cmp cx, 0x7d0 0x12c7f: je 0x12cb1 0x12c81: cmp dh, 8 0x12c84: jl 0x12cb1 0x12c86: cmp dl, 0x10 0x12c89: jl 0x12cb1 0x12c8b: cmp al, 4 0x12c8d: jne 0x12cb1 0x12c8f: mov ah, 0x2c 0x12c91: int 0x21 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf
2018-12-25T12:38:48.469911201Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.473634494Z	26	PC: 12cd9 \| Set disk transfer address
2018-12-25T12:38:48.475034047Z	9	PC: 12aa3 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":16,"Month":8,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:48.432851262Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:38:48.434233596Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.435395471Z	37	PC: 12ad7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.449239795Z	25	PC: 12af5 \| Get default drive
2018-12-25T12:38:48.450768178Z	78	PC: 12b12 \| Find first file
2018-12-25T12:38:48.457214098Z	14	PC: 12c5b \| Set default drive (Drive = 'C')
2018-12-25T12:38:48.458987996Z	78	PC: 12b12 \| Find first file (See above)
2018-12-25T12:38:48.4643845Z	14	PC: 12c70 \| Set default drive (Drive = 'A')
2018-12-25T12:38:48.466486791Z	42	PC: 12c75 \| Get date 0x12c75: cmp cx, 0x7c6 0x12c79: jl 0x12cb1 0x12c7b: cmp cx, 0x7d0 0x12c7f: je 0x12cb1 0x12c81: cmp dh, 8 0x12c84: jl 0x12cb1 0x12c86: cmp dl, 0x10 0x12c89: jl 0x12cb1 0x12c8b: cmp al, 4 0x12c8d: jne 0x12cb1 0x12c8f: mov ah, 0x2c 0x12c91: int 0x21 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf
2018-12-25T12:38:48.469031855Z	44	PC: 12c93 \| Get time 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf 0x12ca4: pop dx 0x12ca5: shr dx, 1 0x12ca7: mov cx, 0xb 0x12caa: mov al, 2 0x12cac: int 0x26 0x12cae: popf 0x12caf: pop di 0x12cb0: push di 0x12cb1: mov dx, word ptr [di + 0x24e] 0x12cb5: mov ax, word ptr [di + 0x250] 0x12cb9: push ax 0x12cba: pop ds
2018-12-25T12:38:48.482152872Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.484266682Z	26	PC: 12cd9 \| Set disk transfer address
2018-12-25T12:38:48.486330993Z	9	PC: 12aa3 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":17,"Month":8,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:24.85433798Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T13:07:24.856500902Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:24.857675515Z	37	PC: 12ad7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:24.858685641Z	25	PC: 12af5 \| Get default drive
2018-12-25T13:07:24.860053162Z	78	PC: 12b12 \| Find first file
2018-12-25T13:07:24.864321505Z	14	PC: 12c5b \| Set default drive (Drive = 'C')
2018-12-25T13:07:24.86546297Z	78	PC: 12b12 \| Find first file (See above)
2018-12-25T13:07:24.869626531Z	14	PC: 12c70 \| Set default drive (Drive = 'A')
2018-12-25T13:07:24.87127091Z	42	PC: 12c75 \| Get date 0x12c75: cmp cx, 0x7c6 0x12c79: jl 0x12cb1 0x12c7b: cmp cx, 0x7d0 0x12c7f: je 0x12cb1 0x12c81: cmp dh, 8 0x12c84: jl 0x12cb1 0x12c86: cmp dl, 0x10 0x12c89: jl 0x12cb1 0x12c8b: cmp al, 4 0x12c8d: jne 0x12cb1 0x12c8f: mov ah, 0x2c 0x12c91: int 0x21 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf
2018-12-25T13:07:24.873329311Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:24.874554747Z	26	PC: 12cd9 \| Set disk transfer address
2018-12-25T13:07:24.875894309Z	9	PC: 12aa3 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:48.826549828Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:38:48.829609219Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.831271403Z	37	PC: 12ad7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.832900489Z	25	PC: 12af5 \| Get default drive
2018-12-25T12:38:48.834789285Z	78	PC: 12b12 \| Find first file
2018-12-25T12:38:48.840332835Z	14	PC: 12c5b \| Set default drive (Drive = 'C')
2018-12-25T12:38:48.841720776Z	78	PC: 12b12 \| Find first file (See above)
2018-12-25T12:38:48.846088999Z	14	PC: 12c70 \| Set default drive (Drive = 'A')
2018-12-25T12:38:48.848776776Z	42	PC: 12c75 \| Get date 0x12c75: cmp cx, 0x7c6 0x12c79: jl 0x12cb1 0x12c7b: cmp cx, 0x7d0 0x12c7f: je 0x12cb1 0x12c81: cmp dh, 8 0x12c84: jl 0x12cb1 0x12c86: cmp dl, 0x10 0x12c89: jl 0x12cb1 0x12c8b: cmp al, 4 0x12c8d: jne 0x12cb1 0x12c8f: mov ah, 0x2c 0x12c91: int 0x21 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf
2018-12-25T12:38:48.851621212Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:48.853265899Z	26	PC: 12cd9 \| Set disk transfer address
2018-12-25T12:38:48.85585696Z	9	PC: 12aa3 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:49.727949873Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:38:49.73038682Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:49.732859985Z	37	PC: 12ad7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:49.734666146Z	25	PC: 12af5 \| Get default drive
2018-12-25T12:38:49.737674203Z	78	PC: 12b12 \| Find first file
2018-12-25T12:38:49.742345256Z	14	PC: 12c5b \| Set default drive (Drive = 'C')
2018-12-25T12:38:49.743613132Z	78	PC: 12b12 \| Find first file (See above)
2018-12-25T12:38:49.752277206Z	14	PC: 12c70 \| Set default drive (Drive = 'A')
2018-12-25T12:38:49.753552956Z	42	PC: 12c75 \| Get date 0x12c75: cmp cx, 0x7c6 0x12c79: jl 0x12cb1 0x12c7b: cmp cx, 0x7d0 0x12c7f: je 0x12cb1 0x12c81: cmp dh, 8 0x12c84: jl 0x12cb1 0x12c86: cmp dl, 0x10 0x12c89: jl 0x12cb1 0x12c8b: cmp al, 4 0x12c8d: jne 0x12cb1 0x12c8f: mov ah, 0x2c 0x12c91: int 0x21 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf
2018-12-25T12:38:49.755991914Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:49.758103355Z	26	PC: 12cd9 \| Set disk transfer address
2018-12-25T12:38:49.763011592Z	9	PC: 12aa3 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:49.810263643Z	26	PC: 12abe \| Set disk transfer address
2018-12-25T12:38:49.812133879Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:49.813352419Z	37	PC: 12ad7 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:49.814558855Z	25	PC: 12af5 \| Get default drive
2018-12-25T12:38:49.816407187Z	78	PC: 12b12 \| Find first file
2018-12-25T12:38:49.82121681Z	14	PC: 12c5b \| Set default drive (Drive = 'C')
2018-12-25T12:38:49.822433284Z	78	PC: 12b12 \| Find first file (See above)
2018-12-25T12:38:49.828251694Z	14	PC: 12c70 \| Set default drive (Drive = 'A')
2018-12-25T12:38:49.840531808Z	42	PC: 12c75 \| Get date 0x12c75: cmp cx, 0x7c6 0x12c79: jl 0x12cb1 0x12c7b: cmp cx, 0x7d0 0x12c7f: je 0x12cb1 0x12c81: cmp dh, 8 0x12c84: jl 0x12cb1 0x12c86: cmp dl, 0x10 0x12c89: jl 0x12cb1 0x12c8b: cmp al, 4 0x12c8d: jne 0x12cb1 0x12c8f: mov ah, 0x2c 0x12c91: int 0x21 0x12c93: shl dl, 1 0x12c95: shl dl, 1 0x12c97: xor dh, dh 0x12c99: mov cx, 2 0x12c9c: mov al, byte ptr [di + 0x24d] 0x12ca0: push dx 0x12ca1: int 0x26 0x12ca3: popf
2018-12-25T12:38:49.842137874Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:49.843353071Z	26	PC: 12cd9 \| Set disk transfer address
2018-12-25T12:38:49.844848942Z	9	PC: 12aa3 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')