Sample viewer

vx.netlux.org/Virus.DOS.Moran.2720

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:21.940206447Z 81 PC: 1753d | Get current PSP
2018-12-17T23:02:21.944208105Z 224 PC: 1767b | UNKNOWN!
2018-12-17T23:02:21.94512556Z 53 PC: 176de | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:02:21.946271787Z 37 PC: 176ee | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:02:21.94809147Z 53 PC: 176f3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:21.949301894Z 37 PC: 17703 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:21.950584608Z 53 PC: 17708 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:02:21.952640767Z 37 PC: 17718 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:02:21.95416911Z 81 PC: 1776e | Get current PSP
2018-12-17T23:02:21.955797081Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-17T23:02:21.963687434Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-17T23:02:21.966090253Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-17T23:02:21.96866863Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-17T23:02:21.971895677Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T23:02:21.973942054Z 48 PC: 13763 | Get DOS version
2018-12-17T23:02:21.976038579Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-17T23:02:21.982949931Z 64 PC: 139e5 | Write file or device (Write 9 bytes on handle 1)
2018-12-17T23:02:21.986363902Z 64 PC: 139e5 | Write file or device (Write 17 bytes on handle 1)
2018-12-17T23:02:21.991727913Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14175,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:05.189788141Z 81 PC: 1753d | Get current PSP
2018-12-25T12:40:05.193881333Z 224 PC: 1767b | UNKNOWN!
2018-12-25T12:40:05.194853438Z 53 PC: 176de | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:40:05.196030267Z 37 PC: 176ee | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:40:05.197798671Z 53 PC: 176f3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:05.199604559Z 37 PC: 17703 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:05.20112457Z 53 PC: 17708 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:40:05.203035656Z 37 PC: 17718 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:40:05.204637809Z 81 PC: 1776e | Get current PSP
2018-12-25T12:40:05.206175692Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T12:40:05.208272449Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T12:40:05.210091249Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T12:40:05.211977417Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T12:40:05.213869688Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:40:05.215708954Z 48 PC: 13763 | Get DOS version
2018-12-25T12:40:05.217637619Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T12:40:05.230474327Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:40:05.235752453Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:40:05.241093709Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14175,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:05.367535035Z 81 PC: 1753d | Get current PSP
2018-12-25T12:40:05.369846021Z 224 PC: 1767b | UNKNOWN!
2018-12-25T12:40:05.370614943Z 53 PC: 176de | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:40:05.37153625Z 37 PC: 176ee | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:40:05.372821281Z 53 PC: 176f3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:05.37362133Z 37 PC: 17703 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:05.374469911Z 53 PC: 17708 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:40:05.37581378Z 37 PC: 17718 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:40:05.376665385Z 81 PC: 1776e | Get current PSP
2018-12-25T12:40:05.377493406Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T12:40:05.379001167Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T12:40:05.379967051Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T12:40:05.381036388Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T12:40:05.382395078Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:40:05.383527081Z 48 PC: 13763 | Get DOS version
2018-12-25T12:40:05.38464418Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T12:40:05.388477443Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:40:05.391321628Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:40:05.394142033Z 76 PC: 147f8 | Terminate with return code (Return code = '4')

{"DateBased":true,"Day":8,"Month":6,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14175,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:05.415653047Z 81 PC: 1753d | Get current PSP
2018-12-25T12:40:05.418320048Z 224 PC: 1767b | UNKNOWN!
2018-12-25T12:40:05.419210616Z 53 PC: 176de | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:40:05.420593485Z 37 PC: 176ee | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:40:05.42251277Z 53 PC: 176f3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:05.423788061Z 37 PC: 17703 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:05.424768813Z 53 PC: 17708 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:40:05.42723647Z 37 PC: 17718 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:40:05.428612093Z 81 PC: 1776e | Get current PSP
2018-12-25T12:40:05.429878326Z 99 PC: 13726 | Get DBCS lead byte table pointer
2018-12-25T12:40:05.431685137Z 68 PC: 13740 | I/O control for devices (Set for = '')
2018-12-25T12:40:05.433056783Z 68 PC: 1374b | I/O control for devices (Set for = '')
2018-12-25T12:40:05.434590336Z 68 PC: 13756 | I/O control for devices (Set for = '')
2018-12-25T12:40:05.436615687Z 68 PC: 1375e | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:40:05.438379378Z 48 PC: 13763 | Get DOS version
2018-12-25T12:40:05.439945909Z 64 PC: 139e5 | Write file or device (Write 29 bytes on handle 2)
2018-12-25T12:40:05.445648792Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:40:05.455072007Z 64 PC: 139e5 | Write file or device (See above)
2018-12-25T12:40:05.4595867Z 76 PC: 147f8 | Terminate with return code (Return code = '4')