Sample viewer

vx.netlux.org/Virus.DOS.Andry.2900

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:47.842373626Z	9	PC: 12a85 \| Display string (String= ' Pengaktif Virus Andry Christian - Drk Lve & Ldy Lve ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1424,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:31.44587048Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:43:31.451410871Z	41	PC: 94fae \| Parse filename
2018-12-25T11:43:31.455045611Z	41	PC: 9502f \| Parse filename
2018-12-25T11:43:31.456927374Z	41	PC: 9504c \| Parse filename
2018-12-25T11:43:31.460705618Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T11:43:31.463577551Z	71	PC: 986f3 \| Get current directory
2018-12-25T11:43:31.467851556Z	78	PC: 986fe \| Find first file
2018-12-25T11:43:31.486310519Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:43:31.490424833Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:43:31.50221006Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:43:31.50906288Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:43:31.510741992Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:43:31.511876695Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.513570643Z	62	PC: 122ab \| Close file
2018-12-25T11:43:31.515846495Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.520764724Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.52228751Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.524414893Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.526263979Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.527806868Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.529407084Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.531563082Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.537118305Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.538751352Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.544943206Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.547548113Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.549837096Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.551961386Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.553955329Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T11:43:31.555374718Z	56	PC: 94df9 \| Get or set country info
2018-12-25T11:43:31.557815548Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:43:31.561551649Z	25	PC: 94e62 \| Get default drive
2018-12-25T11:43:31.563242728Z	71	PC: 970dd \| Get current directory
2018-12-25T11:43:31.566336816Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:43:31.568916824Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T11:43:31.572093858Z	93	PC: 94f20 \| File sharing functions
2018-12-25T11:43:31.573219975Z	93	PC: 94f27 \| File sharing functions
2018-12-25T11:43:31.574952261Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T11:43:46.493407968Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:43:47.848399028Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:43:47.951279095Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:43:47.961416147Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T11:43:47.964927794Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T11:43:47.966914818Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T11:43:47.969523776Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T11:43:47.972052622Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:43:47.980954291Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:43:47.991292077Z	71	PC: 9856c \| Get current directory
2018-12-25T11:43:47.995732546Z	73	PC: 97c09 \| Release memory
2018-12-25T11:43:48.00521007Z	75	PC: 11821 \| Execute program
2018-12-25T11:43:48.021198526Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T11:43:48.027725569Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1424,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:31.444317298Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:43:31.453054039Z	41	PC: 94fae \| Parse filename
2018-12-25T11:43:31.480424738Z	41	PC: 9502f \| Parse filename
2018-12-25T11:43:31.481872739Z	41	PC: 9504c \| Parse filename
2018-12-25T11:43:31.483448749Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T11:43:31.485875515Z	71	PC: 986f3 \| Get current directory
2018-12-25T11:43:31.490216096Z	78	PC: 986fe \| Find first file
2018-12-25T11:43:31.500601811Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:43:31.504637057Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:43:31.516101632Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:43:31.52187604Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:43:31.523767675Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:43:31.525487546Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:43:31.526750415Z	62	PC: 122ab \| Close file
2018-12-25T11:43:31.529394003Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.531435619Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.533345344Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.535051134Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.536669558Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.538114207Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.539485958Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.541717425Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.544530517Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.546496075Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.555680487Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.557622119Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.559771844Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.56235967Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:43:31.564315008Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T11:43:31.565482724Z	56	PC: 94df9 \| Get or set country info
2018-12-25T11:43:31.570820896Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:43:31.581015481Z	25	PC: 94e62 \| Get default drive
2018-12-25T11:43:31.582820885Z	71	PC: 970dd \| Get current directory
2018-12-25T11:43:31.58824744Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:43:31.591787322Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T11:43:31.594049181Z	93	PC: 94f20 \| File sharing functions
2018-12-25T11:43:31.596110661Z	93	PC: 94f27 \| File sharing functions
2018-12-25T11:43:31.598883096Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T11:43:46.491051215Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:43:47.846236512Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:43:47.949139742Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:43:47.957996514Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T11:43:47.962345129Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T11:43:47.964441609Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T11:43:47.967390843Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T11:43:47.970243725Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:43:47.978924623Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:43:47.989375009Z	71	PC: 9856c \| Get current directory
2018-12-25T11:43:47.993917647Z	73	PC: 97c09 \| Release memory
2018-12-25T11:43:47.998593293Z	75	PC: 11821 \| Execute program
2018-12-25T11:43:48.014345094Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T11:43:48.019948885Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1424,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:31.505383596Z	9	PC: 12a85 \| Display string (String= ' Pengaktif Virus Andry Christian - Drk Lve & Ldy Lve ')