Sample viewer

vx.netlux.org/Virus.DOS.Stereo.367

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:01:26.352208385Z	37	PC: 12a48 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:01:26.353910434Z	42	PC: 12a79 \| Get date 0x12a79: cmp dl, 0xf 0x12a7c: je 0x12a80 0x12a7e: jmp 0x12a9a 0x12a80: mov ah, 9 0x12a82: mov dx, 0x191 0x12a85: int 0x21 0x12a87: mov dx, 0x1cc 0x12a8a: int 0x21 0x12a8c: call 0x12a91 0x12a8f: int 0x20 0x12a91: mov ah, 0x3b 0x12a93: mov dx, 0x17e 0x12a96: int 0x21 0x12a98: jae 0x12a4e 0x12a9a: ret 0x12a9b: int 0x20 0x12a9d: mov dx, word ptr [bp + 0x26d] 0x12aa1: lea bx, word ptr [bp + 0x10e] 0x12aa5: mov cx, 0x27 0x12aa8: xor word ptr [bx], dx
2018-12-17T23:01:26.35625591Z	78	PC: 12a58 \| Find first file
2018-12-17T23:01:26.361043617Z	61	PC: 12a62 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:01:26.366730913Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.370964682Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.382038538Z	79	PC: 12a58 \| Find next file
2018-12-17T23:01:26.383893403Z	61	PC: 12a62 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:01:26.391553416Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.395782917Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.401165093Z	79	PC: 12a58 \| Find next file
2018-12-17T23:01:26.403606287Z	61	PC: 12a62 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:01:26.407750263Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.411883582Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.417609701Z	79	PC: 12a58 \| Find next file
2018-12-17T23:01:26.419580037Z	61	PC: 12a62 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:01:26.424259542Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.442680694Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.448210812Z	79	PC: 12a58 \| Find next file
2018-12-17T23:01:26.450073407Z	61	PC: 12a62 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:01:26.457884885Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.465121761Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.472811746Z	79	PC: 12a58 \| Find next file
2018-12-17T23:01:26.479195044Z	61	PC: 12a62 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:26.490919163Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.497219177Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.505285066Z	79	PC: 12a58 \| Find next file
2018-12-17T23:01:26.507754649Z	61	PC: 12a62 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:01:26.51450765Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.52147728Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.532707244Z	79	PC: 12a58 \| Find next file
2018-12-17T23:01:26.535527828Z	61	PC: 12a62 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:01:26.542756008Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-17T23:01:26.547784625Z	62	PC: 12a71 \| Close file
2018-12-17T23:01:26.555747589Z	79	PC: 12a58 \| Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13872,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:15.095227344Z	37	PC: 12a48 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:39:15.097629447Z	42	PC: 12a79 \| Get date 0x12a79: cmp dl, 0xf 0x12a7c: je 0x12a80 0x12a7e: jmp 0x12a9a 0x12a80: mov ah, 9 0x12a82: mov dx, 0x191 0x12a85: int 0x21 0x12a87: mov dx, 0x1cc 0x12a8a: int 0x21 0x12a8c: call 0x12a91 0x12a8f: int 0x20 0x12a91: mov ah, 0x3b 0x12a93: mov dx, 0x17e 0x12a96: int 0x21 0x12a98: jae 0x12a4e 0x12a9a: ret 0x12a9b: int 0x20 0x12a9d: mov dx, word ptr [bp + 0x26d] 0x12aa1: lea bx, word ptr [bp + 0x10e] 0x12aa5: mov cx, 0x27 0x12aa8: xor word ptr [bx], dx
2018-12-25T12:39:15.100787949Z	78	PC: 12a58 \| Find first file
2018-12-25T12:39:15.108469826Z	61	PC: 12a62 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:39:15.116237702Z	64	PC: 12a6d \| Write file or device (Write 367 bytes on handle 5)
2018-12-25T12:39:15.12447248Z	62	PC: 12a71 \| Close file
2018-12-25T12:39:15.139653107Z	79	PC: 12a58 \| Find next file (See above)
2018-12-25T12:39:15.14265644Z	61	PC: 12a62 \| Open file (See above)
2018-12-25T12:39:15.15161834Z	64	PC: 12a6d \| Write file or device (See above)
2018-12-25T12:39:15.159340755Z	62	PC: 12a71 \| Close file (See above)
2018-12-25T12:39:15.168282321Z	79	PC: 12a58 \| Find next file (See above)
2018-12-25T12:39:15.172951001Z	61	PC: 12a62 \| Open file (See above)
2018-12-25T12:39:15.180640174Z	64	PC: 12a6d \| Write file or device (See above)
2018-12-25T12:39:15.189019447Z	62	PC: 12a71 \| Close file (See above)
2018-12-25T12:39:15.198946967Z	79	PC: 12a58 \| Find next file (See above)
2018-12-25T12:39:15.202009742Z	61	PC: 12a62 \| Open file (See above)
2018-12-25T12:39:15.210060742Z	64	PC: 12a6d \| Write file or device (See above)
2018-12-25T12:39:15.218986512Z	62	PC: 12a71 \| Close file (See above)
2018-12-25T12:39:15.228155059Z	79	PC: 12a58 \| Find next file (See above)
2018-12-25T12:39:15.231299455Z	61	PC: 12a62 \| Open file (See above)
2018-12-25T12:39:15.238702497Z	64	PC: 12a6d \| Write file or device (See above)
2018-12-25T12:39:15.247130252Z	62	PC: 12a71 \| Close file (See above)
2018-12-25T12:39:15.255440137Z	79	PC: 12a58 \| Find next file (See above)
2018-12-25T12:39:15.258386366Z	61	PC: 12a62 \| Open file (See above)
2018-12-25T12:39:15.267029097Z	64	PC: 12a6d \| Write file or device (See above)
2018-12-25T12:39:15.274517134Z	62	PC: 12a71 \| Close file (See above)
2018-12-25T12:39:15.287034942Z	79	PC: 12a58 \| Find next file (See above)
2018-12-25T12:39:15.290729521Z	61	PC: 12a62 \| Open file (See above)
2018-12-25T12:39:15.298145151Z	64	PC: 12a6d \| Write file or device (See above)
2018-12-25T12:39:15.306118607Z	62	PC: 12a71 \| Close file (See above)
2018-12-25T12:39:15.31552934Z	79	PC: 12a58 \| Find next file (See above)
2018-12-25T12:39:15.318764301Z	61	PC: 12a62 \| Open file (See above)
2018-12-25T12:39:15.32627544Z	64	PC: 12a6d \| Write file or device (See above)
2018-12-25T12:39:15.330541998Z	62	PC: 12a71 \| Close file (See above)
2018-12-25T12:39:15.339777368Z	79	PC: 12a58 \| Find next file (See above)

{"DateBased":true,"Day":15,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13872,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:39:15.169229851Z	37	PC: 12a48 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:39:15.170942765Z	42	PC: 12a79 \| Get date 0x12a79: cmp dl, 0xf 0x12a7c: je 0x12a80 0x12a7e: jmp 0x12a9a 0x12a80: mov ah, 9 0x12a82: mov dx, 0x191 0x12a85: int 0x21 0x12a87: mov dx, 0x1cc 0x12a8a: int 0x21 0x12a8c: call 0x12a91 0x12a8f: int 0x20 0x12a91: mov ah, 0x3b 0x12a93: mov dx, 0x17e 0x12a96: int 0x21 0x12a98: jae 0x12a4e 0x12a9a: ret 0x12a9b: int 0x20 0x12a9d: mov dx, word ptr [bp + 0x26d] 0x12aa1: lea bx, word ptr [bp + 0x10e] 0x12aa5: mov cx, 0x27 0x12aa8: xor word ptr [bx], dx
2018-12-25T12:39:15.17410741Z	9	PC: 12a87 \| Display string (String= 'StereolaB! Le plus GranD Groupe du MondE!! ECOUTE-LES!!! ')
2018-12-25T12:39:15.18044724Z	9	PC: 12a8c \| Display string (String= 'STEREOLAB.Seaya __ Virus designed by Del_Armgo with Help of... ')
2018-12-25T12:39:15.186862237Z	59	PC: 12a98 \| Change current directory