Sample viewer

vx.netlux.org/Virus.DOS.Cossiga.891

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:02:52.949717721Z 26 PC: 12e8f | Set disk transfer address
2018-12-17T22:02:52.951604713Z 71 PC: 12e98 | Get current directory
2018-12-17T22:02:52.954823603Z 59 PC: 12ea4 | Change current directory
2018-12-17T22:02:52.959149659Z 78 PC: 12eae | Find first file
2018-12-17T22:02:52.982224626Z 78 PC: 12ed2 | Find first file
2018-12-17T22:02:52.993283193Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:52.995881125Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:52.998931862Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:53.000646574Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:53.002646002Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:53.005523964Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:53.007835109Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:53.010258698Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:53.013060247Z 79 PC: 12ee1 | Find next file
2018-12-17T22:02:53.015158017Z 42 PC: 12eea | Get date 0x12eea: mov ax, si
0x12eec: and dl, al
0x12eee: mov bp, dx
0x12ef0: and bp, 0xff
0x12ef4: cmp bp, 0
0x12ef7: je 0x12f05
0x12ef9: jmp 0x12ec5
0x12efb: mov dx, 0x38e
0x12efe: mov bp, 0
0x12f01: mov ah, 0x3b
0x12f03: int 0x21
0x12f05: mov cx, 0x20
0x12f08: mov si, 0
0x12f0b: mov dx, 0x3c0
0x12f0e: mov ah, 0x4e
0x12f10: int 0x21
0x12f12: cmp ax, 0x12
0x12f15: jne 0x12f1b
0x12f17: inc bp
0x12f18: jmp 0x12f92
2018-12-17T22:02:53.017131127Z 78 PC: 12f12 | Find first file
2018-12-17T22:02:53.022963265Z 61 PC: 12f39 | Open file (Filename = '')
2018-12-17T22:02:53.029602913Z 66 PC: 12f4e | Move file pointer
2018-12-17T22:02:53.030880262Z 63 PC: 12f58 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:02:53.037493661Z 62 PC: 12f75 | Close file
2018-12-17T22:02:53.0400511Z 78 PC: 12f12 | Find first file
2018-12-17T22:02:53.045919365Z 79 PC: 12f24 | Find next file
2018-12-17T22:02:53.048244408Z 66 PC: 1302b | Move file pointer
2018-12-17T22:02:53.050361067Z 64 PC: 13035 | Write file or device (Write 24 bytes on handle 5)
2018-12-17T22:02:53.05214668Z 66 PC: 13040 | Move file pointer
2018-12-17T22:02:53.053956497Z 64 PC: 13052 | Write file or device (Write 896 bytes on handle 5)
2018-12-17T22:02:53.056903186Z 87 PC: 1305d | Get or set file date and time
2018-12-17T22:02:53.058562104Z 62 PC: 13061 | Close file
2018-12-17T22:02:53.060121395Z 59 PC: 13068 | Change current directory
2018-12-17T22:02:53.065998606Z 59 PC: 1306f | Change current directory
2018-12-17T22:02:53.067666409Z 42 PC: 13073 | Get date 0x13073: cmp cx, 0x7c7
0x13077: jg 0x13089
0x13079: cmp dh, 0xa
0x1307c: jge 0x13081
0x1307e: jmp 0x1309b
0x13080: nop
0x13081: cmp dl, 0x11
0x13084: jge 0x13089
0x13086: jmp 0x1309b
0x13088: nop
0x13089: call 0x130ca
0x1308c: mov ax, 4
0x1308f: int 0x10
0x13091: mov ah, 9
0x13093: mov dx, 0x3e2
0x13096: int 0x21
0x13098: jmp 0x130c6
0x1309a: nop
0x1309b: pop si
0x1309c: pop bx
2018-12-17T22:02:53.075698601Z 9 PC: 13098 | Display string (Could not find end pointer)
2018-12-17T22:02:53.079662469Z 76 PC: 130ca | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1436,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:32.262672538Z 26 PC: 12e8f | Set disk transfer address
2018-12-25T11:43:32.263821832Z 71 PC: 12e98 | Get current directory
2018-12-25T11:43:32.266561649Z 59 PC: 12ea4 | Change current directory
2018-12-25T11:43:32.270412172Z 78 PC: 12eae | Find first file
2018-12-25T11:43:32.276956114Z 78 PC: 12ed2 | Find first file
2018-12-25T11:43:32.282575604Z 79 PC: 12ee1 | Find next file
2018-12-25T11:43:32.284805795Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.287634218Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.290053817Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.292416978Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.295114664Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.297487462Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.299822042Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.302909849Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.317173564Z 42 PC: 12eea | Get date 0x12eea: mov ax, si
0x12eec: and dl, al
0x12eee: mov bp, dx
0x12ef0: and bp, 0xff
0x12ef4: cmp bp, 0
0x12ef7: je 0x12f05
0x12ef9: jmp 0x12ec5
0x12efb: mov dx, 0x38e
0x12efe: mov bp, 0
0x12f01: mov ah, 0x3b
0x12f03: int 0x21
0x12f05: mov cx, 0x20
0x12f08: mov si, 0
0x12f0b: mov dx, 0x3c0
0x12f0e: mov ah, 0x4e
0x12f10: int 0x21
0x12f12: cmp ax, 0x12
0x12f15: jne 0x12f1b
0x12f17: inc bp
0x12f18: jmp 0x12f92
2018-12-25T11:43:32.319229977Z 78 PC: 12f12 | Find first file
2018-12-25T11:43:32.325811885Z 61 PC: 12f39 | Open file (Filename = '')
2018-12-25T11:43:32.331884365Z 66 PC: 12f4e | Move file pointer
2018-12-25T11:43:32.332997025Z 63 PC: 12f58 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:32.339704027Z 62 PC: 12f75 | Close file
2018-12-25T11:43:32.341325493Z 78 PC: 12f12 | Find first file (See above)
2018-12-25T11:43:32.347708741Z 79 PC: 12f24 | Find next file
2018-12-25T11:43:32.350201625Z 66 PC: 1302b | Move file pointer
2018-12-25T11:43:32.351312862Z 64 PC: 13035 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:43:32.352270117Z 66 PC: 13040 | Move file pointer
2018-12-25T11:43:32.354183248Z 64 PC: 13052 | Write file or device (Write 896 bytes on handle 5)
2018-12-25T11:43:32.356093445Z 87 PC: 1305d | Get or set file date and time
2018-12-25T11:43:32.35740181Z 62 PC: 13061 | Close file
2018-12-25T11:43:32.358675807Z 59 PC: 13068 | Change current directory
2018-12-25T11:43:32.362530005Z 59 PC: 1306f | Change current directory
2018-12-25T11:43:32.364010448Z 42 PC: 13073 | Get date 0x13073: cmp cx, 0x7c7
0x13077: jg 0x13089
0x13079: cmp dh, 0xa
0x1307c: jge 0x13081
0x1307e: jmp 0x1309b
0x13080: nop
0x13081: cmp dl, 0x11
0x13084: jge 0x13089
0x13086: jmp 0x1309b
0x13088: nop
0x13089: call 0x130ca
0x1308c: mov ax, 4
0x1308f: int 0x10
0x13091: mov ah, 9
0x13093: mov dx, 0x3e2
0x13096: int 0x21
0x13098: jmp 0x130c6
0x1309a: nop
0x1309b: pop si
0x1309c: pop bx
2018-12-25T11:43:32.366020313Z 74 PC: 12af3 | Reallocate memory
2018-12-25T11:43:32.3676452Z 26 PC: 12b07 | Set disk transfer address
2018-12-25T11:43:32.37837804Z 76 PC: 12ae3 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1436,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:32.264679068Z 26 PC: 12e8f | Set disk transfer address
2018-12-25T11:43:32.266353681Z 71 PC: 12e98 | Get current directory
2018-12-25T11:43:32.269057758Z 59 PC: 12ea4 | Change current directory
2018-12-25T11:43:32.272864667Z 78 PC: 12eae | Find first file
2018-12-25T11:43:32.282429151Z 78 PC: 12ed2 | Find first file
2018-12-25T11:43:32.288255045Z 79 PC: 12ee1 | Find next file
2018-12-25T11:43:32.290586966Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.293719113Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.296458503Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.298825675Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.30136036Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.304069119Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.306513245Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.308866487Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.31115322Z 42 PC: 12eea | Get date 0x12eea: mov ax, si
0x12eec: and dl, al
0x12eee: mov bp, dx
0x12ef0: and bp, 0xff
0x12ef4: cmp bp, 0
0x12ef7: je 0x12f05
0x12ef9: jmp 0x12ec5
0x12efb: mov dx, 0x38e
0x12efe: mov bp, 0
0x12f01: mov ah, 0x3b
0x12f03: int 0x21
0x12f05: mov cx, 0x20
0x12f08: mov si, 0
0x12f0b: mov dx, 0x3c0
0x12f0e: mov ah, 0x4e
0x12f10: int 0x21
0x12f12: cmp ax, 0x12
0x12f15: jne 0x12f1b
0x12f17: inc bp
0x12f18: jmp 0x12f92
2018-12-25T11:43:32.31317147Z 78 PC: 12f12 | Find first file
2018-12-25T11:43:32.323676575Z 61 PC: 12f39 | Open file (Filename = '')
2018-12-25T11:43:32.335730916Z 66 PC: 12f4e | Move file pointer
2018-12-25T11:43:32.336939758Z 63 PC: 12f58 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:32.345935569Z 62 PC: 12f75 | Close file
2018-12-25T11:43:32.348071996Z 78 PC: 12f12 | Find first file (See above)
2018-12-25T11:43:32.353933833Z 79 PC: 12f24 | Find next file
2018-12-25T11:43:32.356068397Z 66 PC: 1302b | Move file pointer
2018-12-25T11:43:32.357931994Z 64 PC: 13035 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:43:32.35927772Z 66 PC: 13040 | Move file pointer
2018-12-25T11:43:32.36052002Z 64 PC: 13052 | Write file or device (Write 896 bytes on handle 5)
2018-12-25T11:43:32.362217564Z 87 PC: 1305d | Get or set file date and time
2018-12-25T11:43:32.363510714Z 62 PC: 13061 | Close file
2018-12-25T11:43:32.364760826Z 59 PC: 13068 | Change current directory
2018-12-25T11:43:32.368928399Z 59 PC: 1306f | Change current directory
2018-12-25T11:43:32.370446983Z 42 PC: 13073 | Get date 0x13073: cmp cx, 0x7c7
0x13077: jg 0x13089
0x13079: cmp dh, 0xa
0x1307c: jge 0x13081
0x1307e: jmp 0x1309b
0x13080: nop
0x13081: cmp dl, 0x11
0x13084: jge 0x13089
0x13086: jmp 0x1309b
0x13088: nop
0x13089: call 0x130ca
0x1308c: mov ax, 4
0x1308f: int 0x10
0x13091: mov ah, 9
0x13093: mov dx, 0x3e2
0x13096: int 0x21
0x13098: jmp 0x130c6
0x1309a: nop
0x1309b: pop si
0x1309c: pop bx
2018-12-25T11:43:32.372405699Z 74 PC: 12af3 | Reallocate memory
2018-12-25T11:43:32.374176933Z 26 PC: 12b07 | Set disk transfer address
2018-12-25T11:43:32.396823069Z 76 PC: 12ae3 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":17,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1436,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:32.333695493Z 26 PC: 12e8f | Set disk transfer address
2018-12-25T11:43:32.335690066Z 71 PC: 12e98 | Get current directory
2018-12-25T11:43:32.338441578Z 59 PC: 12ea4 | Change current directory
2018-12-25T11:43:32.342256765Z 78 PC: 12eae | Find first file
2018-12-25T11:43:32.353727725Z 78 PC: 12ed2 | Find first file
2018-12-25T11:43:32.359394484Z 79 PC: 12ee1 | Find next file
2018-12-25T11:43:32.361728936Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.364198658Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.366669614Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.369058066Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.371503623Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.374632715Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.37697782Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.379311228Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.382307338Z 42 PC: 12eea | Get date 0x12eea: mov ax, si
0x12eec: and dl, al
0x12eee: mov bp, dx
0x12ef0: and bp, 0xff
0x12ef4: cmp bp, 0
0x12ef7: je 0x12f05
0x12ef9: jmp 0x12ec5
0x12efb: mov dx, 0x38e
0x12efe: mov bp, 0
0x12f01: mov ah, 0x3b
0x12f03: int 0x21
0x12f05: mov cx, 0x20
0x12f08: mov si, 0
0x12f0b: mov dx, 0x3c0
0x12f0e: mov ah, 0x4e
0x12f10: int 0x21
0x12f12: cmp ax, 0x12
0x12f15: jne 0x12f1b
0x12f17: inc bp
0x12f18: jmp 0x12f92
2018-12-25T11:43:32.384366852Z 78 PC: 12f12 | Find first file
2018-12-25T11:43:32.389950397Z 61 PC: 12f39 | Open file (Filename = '')
2018-12-25T11:43:32.397305282Z 66 PC: 12f4e | Move file pointer
2018-12-25T11:43:32.398733826Z 63 PC: 12f58 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:32.405327947Z 62 PC: 12f75 | Close file
2018-12-25T11:43:32.407330405Z 78 PC: 12f12 | Find first file (See above)
2018-12-25T11:43:32.413627621Z 79 PC: 12f24 | Find next file
2018-12-25T11:43:32.416393282Z 66 PC: 1302b | Move file pointer
2018-12-25T11:43:32.418246505Z 64 PC: 13035 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:43:32.419607224Z 66 PC: 13040 | Move file pointer
2018-12-25T11:43:32.420962624Z 64 PC: 13052 | Write file or device (Write 896 bytes on handle 5)
2018-12-25T11:43:32.422782551Z 87 PC: 1305d | Get or set file date and time
2018-12-25T11:43:32.429355933Z 62 PC: 13061 | Close file
2018-12-25T11:43:32.430868668Z 59 PC: 13068 | Change current directory
2018-12-25T11:43:32.438738263Z 59 PC: 1306f | Change current directory
2018-12-25T11:43:32.440442858Z 42 PC: 13073 | Get date 0x13073: cmp cx, 0x7c7
0x13077: jg 0x13089
0x13079: cmp dh, 0xa
0x1307c: jge 0x13081
0x1307e: jmp 0x1309b
0x13080: nop
0x13081: cmp dl, 0x11
0x13084: jge 0x13089
0x13086: jmp 0x1309b
0x13088: nop
0x13089: call 0x130ca
0x1308c: mov ax, 4
0x1308f: int 0x10
0x13091: mov ah, 9
0x13093: mov dx, 0x3e2
0x13096: int 0x21
0x13098: jmp 0x130c6
0x1309a: nop
0x1309b: pop si
0x1309c: pop bx
2018-12-25T11:43:32.448627257Z 9 PC: 13098 | Display string (Could not find end pointer)
2018-12-25T11:43:32.454587392Z 76 PC: 130ca | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1436,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:32.734110117Z 26 PC: 12e8f | Set disk transfer address
2018-12-25T11:43:32.735458596Z 71 PC: 12e98 | Get current directory
2018-12-25T11:43:32.738400498Z 59 PC: 12ea4 | Change current directory
2018-12-25T11:43:32.741318453Z 78 PC: 12eae | Find first file
2018-12-25T11:43:32.752100012Z 78 PC: 12ed2 | Find first file
2018-12-25T11:43:32.7576567Z 79 PC: 12ee1 | Find next file
2018-12-25T11:43:32.759997841Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.762815194Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.765158242Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.767490819Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.769561192Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.771469648Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.773084989Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.775391889Z 79 PC: 12ee1 | Find next file (See above)
2018-12-25T11:43:32.777530331Z 42 PC: 12eea | Get date 0x12eea: mov ax, si
0x12eec: and dl, al
0x12eee: mov bp, dx
0x12ef0: and bp, 0xff
0x12ef4: cmp bp, 0
0x12ef7: je 0x12f05
0x12ef9: jmp 0x12ec5
0x12efb: mov dx, 0x38e
0x12efe: mov bp, 0
0x12f01: mov ah, 0x3b
0x12f03: int 0x21
0x12f05: mov cx, 0x20
0x12f08: mov si, 0
0x12f0b: mov dx, 0x3c0
0x12f0e: mov ah, 0x4e
0x12f10: int 0x21
0x12f12: cmp ax, 0x12
0x12f15: jne 0x12f1b
0x12f17: inc bp
0x12f18: jmp 0x12f92
2018-12-25T11:43:32.779456461Z 78 PC: 12f12 | Find first file
2018-12-25T11:43:32.785406834Z 61 PC: 12f39 | Open file (Filename = '')
2018-12-25T11:43:32.791674635Z 66 PC: 12f4e | Move file pointer
2018-12-25T11:43:32.792825973Z 63 PC: 12f58 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:43:32.799473481Z 62 PC: 12f75 | Close file
2018-12-25T11:43:32.801248567Z 78 PC: 12f12 | Find first file (See above)
2018-12-25T11:43:32.806915713Z 79 PC: 12f24 | Find next file
2018-12-25T11:43:32.809087715Z 66 PC: 1302b | Move file pointer
2018-12-25T11:43:32.810663342Z 64 PC: 13035 | Write file or device (Write 24 bytes on handle 5)
2018-12-25T11:43:32.812032201Z 66 PC: 13040 | Move file pointer
2018-12-25T11:43:32.814055419Z 64 PC: 13052 | Write file or device (Write 896 bytes on handle 5)
2018-12-25T11:43:32.815831735Z 87 PC: 1305d | Get or set file date and time
2018-12-25T11:43:32.817097921Z 62 PC: 13061 | Close file
2018-12-25T11:43:32.818349936Z 59 PC: 13068 | Change current directory
2018-12-25T11:43:32.82267392Z 59 PC: 1306f | Change current directory
2018-12-25T11:43:32.823842434Z 42 PC: 13073 | Get date 0x13073: cmp cx, 0x7c7
0x13077: jg 0x13089
0x13079: cmp dh, 0xa
0x1307c: jge 0x13081
0x1307e: jmp 0x1309b
0x13080: nop
0x13081: cmp dl, 0x11
0x13084: jge 0x13089
0x13086: jmp 0x1309b
0x13088: nop
0x13089: call 0x130ca
0x1308c: mov ax, 4
0x1308f: int 0x10
0x13091: mov ah, 9
0x13093: mov dx, 0x3e2
0x13096: int 0x21
0x13098: jmp 0x130c6
0x1309a: nop
0x1309b: pop si
0x1309c: pop bx
2018-12-25T11:43:32.829612858Z 9 PC: 13098 | Display string (Could not find end pointer)
2018-12-25T11:43:32.83318933Z 76 PC: 130ca | Terminate with return code (Return code = '36')