Sample viewer

vx.netlux.org/Virus.DOS.Search.512.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:05.370028137Z	42	PC: 12acc \| Get date 0x12acc: cmp dh, 5 0x12acf: jl 0x12ae7 0x12ad1: cmp dl, 5 0x12ad4: jl 0x12ae7 0x12ad6: jmp 0x12ad9 0x12ad8: nop 0x12ad9: mov ah, 0 0x12adb: int 0x16 0x12add: mov ah, 0xf 0x12adf: int 0x10 0x12ae1: mov ah, 0 0x12ae3: int 0x10 0x12ae5: int 0x19 0x12ae7: call 0x12c45 0x12aea: call 0x12c32 0x12aed: mov si, bp 0x12aef: add si, 0x1e6 0x12af3: lodsw ax, word ptr [si] 0x12af4: cmp ax, 5 0x12af7: jg 0x12afc

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15093,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:33.401779086Z	42	PC: 12acc \| Get date 0x12acc: cmp dh, 5 0x12acf: jl 0x12ae7 0x12ad1: cmp dl, 5 0x12ad4: jl 0x12ae7 0x12ad6: jmp 0x12ad9 0x12ad8: nop 0x12ad9: mov ah, 0 0x12adb: int 0x16 0x12add: mov ah, 0xf 0x12adf: int 0x10 0x12ae1: mov ah, 0 0x12ae3: int 0x10 0x12ae5: int 0x19 0x12ae7: call 0x12c45 0x12aea: call 0x12c32 0x12aed: mov si, bp 0x12aef: add si, 0x1e6 0x12af3: lodsw ax, word ptr [si] 0x12af4: cmp ax, 5 0x12af7: jg 0x12afc
2018-12-25T12:42:33.416179041Z	26	PC: 12c4f \| Set disk transfer address
2018-12-25T12:42:33.417585873Z	78	PC: 12c3f \| Find first file
2018-12-25T12:42:33.424482996Z	61	PC: 12c24 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:33.432807871Z	63	PC: 12b0e \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:42:33.440393232Z	66	PC: 12b18 \| Move file pointer
2018-12-25T12:42:33.442238737Z	64	PC: 12b62 \| Write file or device (Write 512 bytes on handle 5)
2018-12-25T12:42:33.459039947Z	66	PC: 12b6c \| Move file pointer
2018-12-25T12:42:33.461817156Z	64	PC: 12b7a \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:42:33.47033935Z	62	PC: 12b7f \| Close file
2018-12-25T12:42:33.480264287Z	79	PC: 12b48 \| Find next file
2018-12-25T12:42:33.485551053Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:33.492961691Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:33.500100255Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:33.50215346Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:33.511647061Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:33.513204869Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:33.520919784Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:33.543076196Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:33.546805244Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:33.554675423Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:33.563616056Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:33.565724847Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:33.575251765Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:33.580550022Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:33.588596022Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:33.598486294Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:33.603154894Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:33.611201749Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:33.619709883Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:33.622303615Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:33.63219216Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:33.633465765Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:33.638249181Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:33.644821348Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:33.647111365Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:33.652484261Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:33.657980647Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:33.659508699Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:33.665601059Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:33.667293225Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:33.672157701Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:33.677946273Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:33.681131754Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:33.685468807Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:33.690614348Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:33.692456607Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:33.698241783Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:33.699541751Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:33.704609138Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:33.711227947Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:33.714622059Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:33.722315995Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:33.730810266Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:33.732856966Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:33.742012167Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:33.744337147Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:33.75240204Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:33.762138959Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:33.765956229Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:33.773690938Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:33.776964905Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:33.779674056Z	78	PC: 12b44 \| Find first file
2018-12-25T12:42:33.786574355Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:33.78958727Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15093,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:33.663601315Z	42	PC: 12acc \| Get date 0x12acc: cmp dh, 5 0x12acf: jl 0x12ae7 0x12ad1: cmp dl, 5 0x12ad4: jl 0x12ae7 0x12ad6: jmp 0x12ad9 0x12ad8: nop 0x12ad9: mov ah, 0 0x12adb: int 0x16 0x12add: mov ah, 0xf 0x12adf: int 0x10 0x12ae1: mov ah, 0 0x12ae3: int 0x10 0x12ae5: int 0x19 0x12ae7: call 0x12c45 0x12aea: call 0x12c32 0x12aed: mov si, bp 0x12aef: add si, 0x1e6 0x12af3: lodsw ax, word ptr [si] 0x12af4: cmp ax, 5 0x12af7: jg 0x12afc
2018-12-25T12:42:33.668198384Z	26	PC: 12c4f \| Set disk transfer address
2018-12-25T12:42:33.669247049Z	78	PC: 12c3f \| Find first file
2018-12-25T12:42:33.673495775Z	61	PC: 12c24 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:42:33.678607266Z	63	PC: 12b0e \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:42:33.68417706Z	66	PC: 12b18 \| Move file pointer
2018-12-25T12:42:33.685413474Z	64	PC: 12b62 \| Write file or device (Write 512 bytes on handle 5)
2018-12-25T12:42:34.493431959Z	66	PC: 12b6c \| Move file pointer
2018-12-25T12:42:34.494797773Z	64	PC: 12b7a \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:42:34.501231976Z	62	PC: 12b7f \| Close file
2018-12-25T12:42:34.509711875Z	79	PC: 12b48 \| Find next file
2018-12-25T12:42:34.517089748Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:34.522191953Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:34.527026596Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:34.528668144Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:34.534104723Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:34.535182835Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:34.540068347Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:34.548442715Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:34.550897921Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:34.557811675Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:34.578830186Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:34.580610707Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:34.602417092Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:34.603735697Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:34.610845992Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:34.620644518Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:34.623530362Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:34.630211366Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:34.644836309Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:34.646436203Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:34.654925945Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:34.657489802Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:34.664250335Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:34.672403265Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:34.676035985Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:34.682846316Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:34.688885462Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:34.690443829Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:34.698889411Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:34.700509337Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:34.707306839Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:34.71616153Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:34.719001339Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:34.725588304Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:34.732653997Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:34.73434455Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:34.742667037Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:34.745533217Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:34.752096073Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:34.76039398Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:34.764006524Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:34.770935352Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:34.777335728Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:34.779721584Z	64	PC: 12b62 \| Write file or device (See above)
2018-12-25T12:42:34.788043262Z	66	PC: 12b6c \| Move file pointer (See above)
2018-12-25T12:42:34.789652573Z	64	PC: 12b7a \| Write file or device (See above)
2018-12-25T12:42:34.796234591Z	62	PC: 12b7f \| Close file (See above)
2018-12-25T12:42:34.805847783Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:34.808675939Z	61	PC: 12c24 \| Open file (See above)
2018-12-25T12:42:34.8152814Z	63	PC: 12b0e \| Read file or device (See above)
2018-12-25T12:42:34.819078892Z	66	PC: 12b18 \| Move file pointer (See above)
2018-12-25T12:42:34.820772087Z	78	PC: 12b44 \| Find first file
2018-12-25T12:42:34.827063166Z	79	PC: 12b48 \| Find next file (See above)
2018-12-25T12:42:34.830387222Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":5,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15093,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:33.851511545Z	42	PC: 12acc \| Get date 0x12acc: cmp dh, 5 0x12acf: jl 0x12ae7 0x12ad1: cmp dl, 5 0x12ad4: jl 0x12ae7 0x12ad6: jmp 0x12ad9 0x12ad8: nop 0x12ad9: mov ah, 0 0x12adb: int 0x16 0x12add: mov ah, 0xf 0x12adf: int 0x10 0x12ae1: mov ah, 0 0x12ae3: int 0x10 0x12ae5: int 0x19 0x12ae7: call 0x12c45 0x12aea: call 0x12c32 0x12aed: mov si, bp 0x12aef: add si, 0x1e6 0x12af3: lodsw ax, word ptr [si] 0x12af4: cmp ax, 5 0x12af7: jg 0x12afc