Sample viewer

vx.netlux.org/Virus.DOS.Sarampo.1470

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:17.99081218Z 237 PC: 12b84 | UNKNOWN!
2018-12-17T22:02:17.99191298Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:17.993418525Z 53 PC: 12bc4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:02:17.996216811Z 37 PC: 12c21 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:17.997689157Z 42 PC: 12c25 | Get date 0x12c25: cmp dx, 0x419
0x12c29: je 0x12c3a
0x12c2b: cmp dx, 0xc19
0x12c2f: je 0x12c3a
0x12c31: cmp dx, 0xa0c
0x12c35: je 0x12c3a
0x12c37: jmp 0x12c44
0x12c39: nop
0x12c3a: push es
0x12c3b: pop ds
0x12c3c: mov dx, 0x2fd
0x12c3f: mov ax, 0x251c
0x12c42: int 0x21
0x12c44: push cs
0x12c45: pop ds
0x12c46: ret
0x12c47: push bx
0x12c48: push cx
0x12c49: push dx
0x12c4a: push es
2018-12-17T22:02:18.000314811Z 53 PC: 13024 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:18.002920415Z 37 PC: 13040 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:18.004423959Z 67 PC: 12ddf | Get or set file attributes
2018-12-17T22:02:18.010011689Z 67 PC: 12ded | Get or set file attributes
2018-12-17T22:02:18.359003269Z 61 PC: 12dff | Open file (Filename = 'c:\command.com')
2018-12-17T22:02:18.366218518Z 87 PC: 12fcb | Get or set file date and time
2018-12-17T22:02:18.368075273Z 66 PC: 12e16 | Move file pointer
2018-12-17T22:02:18.369831997Z 63 PC: 12ff8 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:02:18.373856345Z 87 PC: 12feb | Get or set file date and time
2018-12-17T22:02:18.375727147Z 62 PC: 1301a | Close file
2018-12-17T22:02:18.381538529Z 61 PC: 12e47 | Open file (Filename = 'c:\command.com')
2018-12-17T22:02:18.389362175Z 87 PC: 12fcb | Get or set file date and time
2018-12-17T22:02:18.391088241Z 66 PC: 1300b | Move file pointer
2018-12-17T22:02:18.392780479Z 63 PC: 12ff8 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:02:18.396558856Z 87 PC: 12feb | Get or set file date and time
2018-12-17T22:02:18.398996005Z 87 PC: 12fcb | Get or set file date and time
2018-12-17T22:02:18.400911369Z 66 PC: 13015 | Move file pointer
2018-12-17T22:02:18.403987858Z 66 PC: 13015 | Move file pointer
2018-12-17T22:02:18.405770324Z 64 PC: 13001 | Write file or device (Write 1470 bytes on handle 5)
2018-12-17T22:02:18.423758317Z 66 PC: 1300b | Move file pointer
2018-12-17T22:02:18.434964512Z 64 PC: 13001 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:02:18.437957834Z 87 PC: 12feb | Get or set file date and time
2018-12-17T22:02:18.439332366Z 62 PC: 1301a | Close file
2018-12-17T22:02:18.452357479Z 67 PC: 12df7 | Get or set file attributes
2018-12-17T22:02:18.461704356Z 37 PC: 13056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:02:18.463309251Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1374,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:28.077357613Z 237 PC: 12b84 | UNKNOWN!
2018-12-25T11:43:28.078478019Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.080231751Z 53 PC: 12bc4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:28.081583133Z 37 PC: 12c21 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.08278275Z 42 PC: 12c25 | Get date 0x12c25: cmp dx, 0x419
0x12c29: je 0x12c3a
0x12c2b: cmp dx, 0xc19
0x12c2f: je 0x12c3a
0x12c31: cmp dx, 0xa0c
0x12c35: je 0x12c3a
0x12c37: jmp 0x12c44
0x12c39: nop
0x12c3a: push es
0x12c3b: pop ds
0x12c3c: mov dx, 0x2fd
0x12c3f: mov ax, 0x251c
0x12c42: int 0x21
0x12c44: push cs
0x12c45: pop ds
0x12c46: ret
0x12c47: push bx
0x12c48: push cx
0x12c49: push dx
0x12c4a: push es
2018-12-25T11:43:28.086177515Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:28.087606014Z 53 PC: 13024 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.088930511Z 37 PC: 13040 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.090692104Z 67 PC: 12ddf | Get or set file attributes
2018-12-25T11:43:28.096442397Z 67 PC: 12ded | Get or set file attributes
2018-12-25T11:43:28.434759906Z 61 PC: 12dff | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:28.443060267Z 87 PC: 12fcb | Get or set file date and time
2018-12-25T11:43:28.444828559Z 66 PC: 12e16 | Move file pointer
2018-12-25T11:43:28.446492603Z 63 PC: 12ff8 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:28.450161144Z 87 PC: 12feb | Get or set file date and time
2018-12-25T11:43:28.452193997Z 62 PC: 1301a | Close file
2018-12-25T11:43:28.458876018Z 61 PC: 12e47 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:28.4657057Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:28.46865478Z 66 PC: 1300b | Move file pointer
2018-12-25T11:43:28.470142307Z 63 PC: 12ff8 | Read file or device (See above)
2018-12-25T11:43:28.472982226Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:28.475634085Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:28.477248976Z 66 PC: 13015 | Move file pointer
2018-12-25T11:43:28.478986368Z 66 PC: 13015 | Move file pointer (See above)
2018-12-25T11:43:28.482097135Z 64 PC: 13001 | Write file or device (Write 1470 bytes on handle 5)
2018-12-25T11:43:28.691097747Z 66 PC: 1300b | Move file pointer (See above)
2018-12-25T11:43:28.692681632Z 64 PC: 13001 | Write file or device (See above)
2018-12-25T11:43:28.697171355Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:28.700161559Z 62 PC: 1301a | Close file (See above)
2018-12-25T11:43:28.812471138Z 67 PC: 12df7 | Get or set file attributes
2018-12-25T11:43:28.823046338Z 37 PC: 13056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.825640908Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1374,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:28.45929107Z 237 PC: 12b84 | UNKNOWN!
2018-12-25T11:43:28.460417Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.461880429Z 53 PC: 12bc4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:28.463325079Z 37 PC: 12c21 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.465109106Z 42 PC: 12c25 | Get date 0x12c25: cmp dx, 0x419
0x12c29: je 0x12c3a
0x12c2b: cmp dx, 0xc19
0x12c2f: je 0x12c3a
0x12c31: cmp dx, 0xa0c
0x12c35: je 0x12c3a
0x12c37: jmp 0x12c44
0x12c39: nop
0x12c3a: push es
0x12c3b: pop ds
0x12c3c: mov dx, 0x2fd
0x12c3f: mov ax, 0x251c
0x12c42: int 0x21
0x12c44: push cs
0x12c45: pop ds
0x12c46: ret
0x12c47: push bx
0x12c48: push cx
0x12c49: push dx
0x12c4a: push es
2018-12-25T11:43:28.468841643Z 53 PC: 13024 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.470476815Z 37 PC: 13040 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.472091571Z 67 PC: 12ddf | Get or set file attributes
2018-12-25T11:43:28.479385554Z 67 PC: 12ded | Get or set file attributes
2018-12-25T11:43:28.812399942Z 61 PC: 12dff | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:28.819349889Z 87 PC: 12fcb | Get or set file date and time
2018-12-25T11:43:28.822022905Z 66 PC: 12e16 | Move file pointer
2018-12-25T11:43:28.823569345Z 63 PC: 12ff8 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:28.826851776Z 87 PC: 12feb | Get or set file date and time
2018-12-25T11:43:28.829217675Z 62 PC: 1301a | Close file
2018-12-25T11:43:28.836276042Z 61 PC: 12e47 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:28.844555394Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:28.846931796Z 66 PC: 1300b | Move file pointer
2018-12-25T11:43:28.850084789Z 63 PC: 12ff8 | Read file or device (See above)
2018-12-25T11:43:28.853149588Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:28.855446692Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:28.858946696Z 66 PC: 13015 | Move file pointer
2018-12-25T11:43:28.861617981Z 66 PC: 13015 | Move file pointer (See above)
2018-12-25T11:43:28.863617481Z 64 PC: 13001 | Write file or device (Write 1470 bytes on handle 5)
2018-12-25T11:43:28.875159075Z 66 PC: 1300b | Move file pointer (See above)
2018-12-25T11:43:28.877107122Z 64 PC: 13001 | Write file or device (See above)
2018-12-25T11:43:28.880828326Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:28.883547015Z 62 PC: 1301a | Close file (See above)
2018-12-25T11:43:28.891908991Z 67 PC: 12df7 | Get or set file attributes
2018-12-25T11:43:28.904030992Z 37 PC: 13056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.920289939Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":25,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1374,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:28.597797615Z 237 PC: 12b84 | UNKNOWN!
2018-12-25T11:43:28.599178779Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.60052961Z 53 PC: 12bc4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:28.602018037Z 37 PC: 12c21 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.603672304Z 42 PC: 12c25 | Get date 0x12c25: cmp dx, 0x419
0x12c29: je 0x12c3a
0x12c2b: cmp dx, 0xc19
0x12c2f: je 0x12c3a
0x12c31: cmp dx, 0xa0c
0x12c35: je 0x12c3a
0x12c37: jmp 0x12c44
0x12c39: nop
0x12c3a: push es
0x12c3b: pop ds
0x12c3c: mov dx, 0x2fd
0x12c3f: mov ax, 0x251c
0x12c42: int 0x21
0x12c44: push cs
0x12c45: pop ds
0x12c46: ret
0x12c47: push bx
0x12c48: push cx
0x12c49: push dx
0x12c4a: push es
2018-12-25T11:43:28.606402589Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:28.607668217Z 53 PC: 13024 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.608780587Z 37 PC: 13040 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.610650886Z 67 PC: 12ddf | Get or set file attributes
2018-12-25T11:43:28.616148589Z 67 PC: 12ded | Get or set file attributes
2018-12-25T11:43:28.946690297Z 61 PC: 12dff | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:28.95406502Z 87 PC: 12fcb | Get or set file date and time
2018-12-25T11:43:28.955618052Z 66 PC: 12e16 | Move file pointer
2018-12-25T11:43:28.95729183Z 63 PC: 12ff8 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:28.961615852Z 87 PC: 12feb | Get or set file date and time
2018-12-25T11:43:28.964853537Z 62 PC: 1301a | Close file
2018-12-25T11:43:28.971244098Z 61 PC: 12e47 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:28.978319442Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:28.980454076Z 66 PC: 1300b | Move file pointer
2018-12-25T11:43:28.982185087Z 63 PC: 12ff8 | Read file or device (See above)
2018-12-25T11:43:28.985864385Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:28.988601639Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:28.990404627Z 66 PC: 13015 | Move file pointer
2018-12-25T11:43:28.992166519Z 66 PC: 13015 | Move file pointer (See above)
2018-12-25T11:43:28.994893418Z 64 PC: 13001 | Write file or device (Write 1470 bytes on handle 5)
2018-12-25T11:43:29.005456039Z 66 PC: 1300b | Move file pointer (See above)
2018-12-25T11:43:29.006908117Z 64 PC: 13001 | Write file or device (See above)
2018-12-25T11:43:29.011298996Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:29.012997679Z 62 PC: 1301a | Close file (See above)
2018-12-25T11:43:29.020927403Z 67 PC: 12df7 | Get or set file attributes
2018-12-25T11:43:29.030311859Z 37 PC: 13056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:29.032162449Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')

{"DateBased":true,"Day":12,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1374,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:28.956635809Z 237 PC: 12b84 | UNKNOWN!
2018-12-25T11:43:28.957845227Z 53 PC: 12bb8 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.959648812Z 53 PC: 12bc4 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:28.96142557Z 37 PC: 12c21 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:28.963037349Z 42 PC: 12c25 | Get date 0x12c25: cmp dx, 0x419
0x12c29: je 0x12c3a
0x12c2b: cmp dx, 0xc19
0x12c2f: je 0x12c3a
0x12c31: cmp dx, 0xa0c
0x12c35: je 0x12c3a
0x12c37: jmp 0x12c44
0x12c39: nop
0x12c3a: push es
0x12c3b: pop ds
0x12c3c: mov dx, 0x2fd
0x12c3f: mov ax, 0x251c
0x12c42: int 0x21
0x12c44: push cs
0x12c45: pop ds
0x12c46: ret
0x12c47: push bx
0x12c48: push cx
0x12c49: push dx
0x12c4a: push es
2018-12-25T11:43:28.96763185Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:28.970277971Z 53 PC: 13024 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.972280829Z 37 PC: 13040 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:28.974554023Z 67 PC: 12ddf | Get or set file attributes
2018-12-25T11:43:28.991901664Z 67 PC: 12ded | Get or set file attributes
2018-12-25T11:43:29.333056535Z 61 PC: 12dff | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:29.337927621Z 87 PC: 12fcb | Get or set file date and time
2018-12-25T11:43:29.339239013Z 66 PC: 12e16 | Move file pointer
2018-12-25T11:43:29.340426658Z 63 PC: 12ff8 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:43:29.342825373Z 87 PC: 12feb | Get or set file date and time
2018-12-25T11:43:29.34441646Z 62 PC: 1301a | Close file
2018-12-25T11:43:29.348796978Z 61 PC: 12e47 | Open file (Filename = 'c:\command.com')
2018-12-25T11:43:29.35330804Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:29.355122894Z 66 PC: 1300b | Move file pointer
2018-12-25T11:43:29.356715458Z 63 PC: 12ff8 | Read file or device (See above)
2018-12-25T11:43:29.359617133Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:29.362127962Z 87 PC: 12fcb | Get or set file date and time (See above)
2018-12-25T11:43:29.363982737Z 66 PC: 13015 | Move file pointer
2018-12-25T11:43:29.365322272Z 66 PC: 13015 | Move file pointer (See above)
2018-12-25T11:43:29.367130293Z 64 PC: 13001 | Write file or device (Write 1470 bytes on handle 5)
2018-12-25T11:43:29.376750815Z 66 PC: 1300b | Move file pointer (See above)
2018-12-25T11:43:29.377829574Z 64 PC: 13001 | Write file or device (See above)
2018-12-25T11:43:29.380430486Z 87 PC: 12feb | Get or set file date and time (See above)
2018-12-25T11:43:29.381648468Z 62 PC: 1301a | Close file (See above)
2018-12-25T11:43:29.389940602Z 67 PC: 12df7 | Get or set file attributes
2018-12-25T11:43:29.400836336Z 37 PC: 13056 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:29.402159577Z 9 PC: 12aa2 | Display string (String= 'Hello - This is a 100 COM test file, 1993 ')