Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.453

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:42.943833073Z	53	PC: 152b2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:42.945385903Z	37	PC: 152c3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:42.946917925Z	26	PC: 1518b \| Set disk transfer address
2018-12-17T23:04:42.949267513Z	78	PC: 151b6 \| Find first file
2018-12-17T23:04:42.960520387Z	61	PC: 151c3 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:04:42.968514983Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:42.972037006Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:42.97475571Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:42.978104418Z	61	PC: 151c3 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:04:42.986428593Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:42.988682452Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:42.991151255Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:42.99470049Z	61	PC: 151c3 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:04:43.003995211Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:43.0061318Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:43.008622634Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:43.012707046Z	61	PC: 151c3 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:04:43.019809313Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:43.021410023Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:43.024531674Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:43.027357288Z	61	PC: 151c3 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:04:43.034437555Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:43.038191094Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:43.040472304Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:43.043856669Z	61	PC: 151c3 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:04:43.051926656Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:43.053564707Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:43.05584748Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:43.059256451Z	61	PC: 151c3 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:04:43.066960972Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:43.068768561Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:43.070904148Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:43.074676492Z	61	PC: 151c3 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:04:43.082440293Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:43.084111987Z	44	PC: 151f5 \| Get time 0x151f5: cmp dx, 0x100 0x151f9: jbe 0x151f1 0x151fb: mov word ptr ds:[bp + 0x19f], dx 0x15200: and dx, 7 0x15203: add dx, dx 0x15205: mov word ptr [0], dx 0x15209: mov ax, 0x4200 0x1520c: call 0x15287 0x1520f: mov ah, 0x3f 0x15211: lea dx, word ptr [bp + 0x341] 0x15215: mov di, dx 0x15217: mov cx, 4 0x1521a: int 0x21 0x1521c: mov al, 0x4d 0x1521e: repne scasb al, byte ptr es:[di] 0x15220: je 0x151df 0x15222: mov ax, 0x4202 0x15225: call 0x15287 0x15228: sub ax, 3 0x1522b: mov word ptr ds:[bp + 0x33e], ax
2018-12-17T23:04:43.087312787Z	66	PC: 1528d \| Move file pointer
2018-12-17T23:04:43.089198805Z	63	PC: 1521c \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:04:43.092371341Z	62	PC: 151e3 \| Close file
2018-12-17T23:04:43.095412681Z	79	PC: 151b6 \| Find next file
2018-12-17T23:04:43.098133739Z	26	PC: 1519f \| Set disk transfer address
2018-12-17T23:04:43.099625624Z	37	PC: 152d3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:04:43.103756323Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T23:04:43.106301069Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T23:04:43.118269908Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":14962,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:14.132046317Z	53	PC: 152b2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:14.133767132Z	37	PC: 152c3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:14.135623201Z	26	PC: 1518b \| Set disk transfer address
2018-12-25T12:42:14.137270362Z	78	PC: 151b6 \| Find first file
2018-12-25T12:42:14.144381566Z	61	PC: 151c3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:14.157145729Z	66	PC: 1528d \| Move file pointer
2018-12-25T12:42:14.158821703Z	62	PC: 151e3 \| Close file
2018-12-25T12:42:14.160969601Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.164803473Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.178132481Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.179485204Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.18240913Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.18526938Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.192795344Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.195136551Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.197196867Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.200229747Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.208069733Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.210473661Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.212949144Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.224326514Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.2337149Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.235480574Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.238295697Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.242210597Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.250640447Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.252794831Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.256215306Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.259465578Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.267244819Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.26983481Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.273131075Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.276324937Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.284700682Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.290856453Z	44	PC: 151f5 \| Get time 0x151f5: cmp dx, 0x100 0x151f9: jbe 0x151f1 0x151fb: mov word ptr ds:[bp + 0x19f], dx 0x15200: and dx, 7 0x15203: add dx, dx 0x15205: mov word ptr [0], dx 0x15209: mov ax, 0x4200 0x1520c: call 0x15287 0x1520f: mov ah, 0x3f 0x15211: lea dx, word ptr [bp + 0x341] 0x15215: mov di, dx 0x15217: mov cx, 4 0x1521a: int 0x21 0x1521c: mov al, 0x4d 0x1521e: repne scasb al, byte ptr es:[di] 0x15220: je 0x151df 0x15222: mov ax, 0x4202 0x15225: call 0x15287 0x15228: sub ax, 3 0x1522b: mov word ptr ds:[bp + 0x33e], ax
2018-12-25T12:42:14.293483772Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.295034662Z	63	PC: 1521c \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:14.305225851Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.308246102Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.311387897Z	26	PC: 1519f \| Set disk transfer address
2018-12-25T12:42:14.314019366Z	37	PC: 152d3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:14.317542096Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:42:14.32007942Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:42:14.333588219Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":14962,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:14.137452751Z	53	PC: 152b2 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:14.139167049Z	37	PC: 152c3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:14.141537725Z	26	PC: 1518b \| Set disk transfer address
2018-12-25T12:42:14.143139655Z	78	PC: 151b6 \| Find first file
2018-12-25T12:42:14.150209079Z	61	PC: 151c3 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:14.158349628Z	66	PC: 1528d \| Move file pointer
2018-12-25T12:42:14.159998662Z	62	PC: 151e3 \| Close file
2018-12-25T12:42:14.162427918Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.166487327Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.174538165Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.176069147Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.183456566Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.186621165Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.19425306Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.21143082Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.213755929Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.219274964Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.228113941Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.230840814Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.232844431Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.23605271Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.244228509Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.24620991Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.248573526Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.25288881Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.260385878Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.262219728Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.266585432Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.269718615Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.277176176Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.279379172Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.2814367Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.284301873Z	61	PC: 151c3 \| Open file (See above)
2018-12-25T12:42:14.294318382Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.296652582Z	44	PC: 151f5 \| Get time 0x151f5: cmp dx, 0x100 0x151f9: jbe 0x151f1 0x151fb: mov word ptr ds:[bp + 0x19f], dx 0x15200: and dx, 7 0x15203: add dx, dx 0x15205: mov word ptr [0], dx 0x15209: mov ax, 0x4200 0x1520c: call 0x15287 0x1520f: mov ah, 0x3f 0x15211: lea dx, word ptr [bp + 0x341] 0x15215: mov di, dx 0x15217: mov cx, 4 0x1521a: int 0x21 0x1521c: mov al, 0x4d 0x1521e: repne scasb al, byte ptr es:[di] 0x15220: je 0x151df 0x15222: mov ax, 0x4202 0x15225: call 0x15287 0x15228: sub ax, 3 0x1522b: mov word ptr ds:[bp + 0x33e], ax
2018-12-25T12:42:14.299620485Z	66	PC: 1528d \| Move file pointer (See above)
2018-12-25T12:42:14.301701021Z	63	PC: 1521c \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:42:14.306258965Z	62	PC: 151e3 \| Close file (See above)
2018-12-25T12:42:14.30864644Z	79	PC: 151b6 \| Find next file (See above)
2018-12-25T12:42:14.3117417Z	26	PC: 1519f \| Set disk transfer address
2018-12-25T12:42:14.314369964Z	37	PC: 152d3 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:42:14.318167145Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:42:14.320622309Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:42:14.336678161Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')