Sample viewer

vx.netlux.org/Virus.DOS.AntiPC.1958

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:54.889277011Z	170	PC: 13961 \| UNKNOWN!
2018-12-17T23:03:54.891676089Z	44	PC: 138cd \| Get time 0x138cd: cmp ch, cl 0x138cf: jne 0x138ed 0x138d1: lea dx, word ptr [bp + 0x342] 0x138d5: mov si, 0x36 0x138d8: call 0x232a2 0x138db: lea dx, word ptr [bp + 0x342] 0x138df: mov ah, 9 0x138e1: int 0x21 0x138e3: lea dx, word ptr [bp + 0x342] 0x138e7: mov si, 0x36 0x138ea: call 0x232a2 0x138ed: cmp dh, 0xa 0x138f0: jae 0x13906 0x138f2: lea dx, word ptr [bp + 0x561] 0x138f6: mov si, 0x3d 0x138f9: call 0x232a2 0x138fc: mov ah, 9 0x138fe: int 0x21 0x13900: mov si, 0x3d 0x13903: call 0x232a2
2018-12-17T23:03:54.894957507Z	53	PC: 9ebca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:54.897475482Z	37	PC: 9ebde \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:54.899692954Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:03:54.909267418Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:03:54.910985112Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:03:54.920375241Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:03:54.922752997Z	9	PC: 12a86 \| Display string (String= 'Size change=07ACh/01964d. ')
2018-12-17T23:03:54.927261322Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14703,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:23.783792977Z	170	PC: 13961 \| UNKNOWN!
2018-12-25T12:41:23.785316226Z	44	PC: 138cd \| Get time 0x138cd: cmp ch, cl 0x138cf: jne 0x138ed 0x138d1: lea dx, word ptr [bp + 0x342] 0x138d5: mov si, 0x36 0x138d8: call 0x232a2 0x138db: lea dx, word ptr [bp + 0x342] 0x138df: mov ah, 9 0x138e1: int 0x21 0x138e3: lea dx, word ptr [bp + 0x342] 0x138e7: mov si, 0x36 0x138ea: call 0x232a2 0x138ed: cmp dh, 0xa 0x138f0: jae 0x13906 0x138f2: lea dx, word ptr [bp + 0x561] 0x138f6: mov si, 0x3d 0x138f9: call 0x232a2 0x138fc: mov ah, 9 0x138fe: int 0x21 0x13900: mov si, 0x3d 0x13903: call 0x232a2
2018-12-25T12:41:23.788494754Z	9	PC: 138e3 \| Display string (String= 'This is an Anti-PC Revue 2R Virus (C) 1997 by #13 ')
2018-12-25T12:41:23.79504998Z	53	PC: 9ebca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:23.796750948Z	37	PC: 9ebde \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:23.799548978Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:41:23.804370825Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:41:23.806130817Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:41:23.814799611Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:41:23.816909166Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:41:23.823220045Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":0,"TimeBased":true,"OriginalID":14703,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:24.576528509Z	170	PC: 13961 \| UNKNOWN!
2018-12-25T12:41:24.577936045Z	44	PC: 138cd \| Get time 0x138cd: cmp ch, cl 0x138cf: jne 0x138ed 0x138d1: lea dx, word ptr [bp + 0x342] 0x138d5: mov si, 0x36 0x138d8: call 0x232a2 0x138db: lea dx, word ptr [bp + 0x342] 0x138df: mov ah, 9 0x138e1: int 0x21 0x138e3: lea dx, word ptr [bp + 0x342] 0x138e7: mov si, 0x36 0x138ea: call 0x232a2 0x138ed: cmp dh, 0xa 0x138f0: jae 0x13906 0x138f2: lea dx, word ptr [bp + 0x561] 0x138f6: mov si, 0x3d 0x138f9: call 0x232a2 0x138fc: mov ah, 9 0x138fe: int 0x21 0x13900: mov si, 0x3d 0x13903: call 0x232a2
2018-12-25T12:41:24.581868788Z	9	PC: 13900 \| Display string (String= 'The Bulls have lost just 10 games last year...[MJ's work!] ')
2018-12-25T12:41:24.588089089Z	53	PC: 9ebca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:24.589453816Z	37	PC: 9ebde \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:24.591644628Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:41:24.597634206Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:41:24.598992012Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:41:24.610884812Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:41:24.613067794Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:41:24.617636833Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":11,"TimeBased":true,"OriginalID":14703,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:24.60772692Z	170	PC: 13961 \| UNKNOWN!
2018-12-25T12:41:24.609636543Z	44	PC: 138cd \| Get time 0x138cd: cmp ch, cl 0x138cf: jne 0x138ed 0x138d1: lea dx, word ptr [bp + 0x342] 0x138d5: mov si, 0x36 0x138d8: call 0x232a2 0x138db: lea dx, word ptr [bp + 0x342] 0x138df: mov ah, 9 0x138e1: int 0x21 0x138e3: lea dx, word ptr [bp + 0x342] 0x138e7: mov si, 0x36 0x138ea: call 0x232a2 0x138ed: cmp dh, 0xa 0x138f0: jae 0x13906 0x138f2: lea dx, word ptr [bp + 0x561] 0x138f6: mov si, 0x3d 0x138f9: call 0x232a2 0x138fc: mov ah, 9 0x138fe: int 0x21 0x13900: mov si, 0x3d 0x13903: call 0x232a2
2018-12-25T12:41:24.61209017Z	53	PC: 9ebca \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:24.613548585Z	37	PC: 9ebde \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:24.620231027Z	9	PC: 12a86 \| Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:41:24.62683676Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:41:24.627990294Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:41:24.635824189Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:41:24.637824794Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:41:24.642011729Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')