Sample viewer

vx.netlux.org/Virus.DOS.Pac-Man.Blinky.1302

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:28.37097621Z	37	PC: 12bc8 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:06:28.372658353Z	37	PC: 12bcc \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:06:28.375558695Z	47	PC: 12e5f \| Get disk transfer address
2018-12-17T23:06:28.377143986Z	26	PC: 12e6e \| Set disk transfer address
2018-12-17T23:06:28.378691686Z	53	PC: 12e73 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:28.381754324Z	37	PC: 12e83 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:28.38347031Z	78	PC: 12b88 \| Find first file
2018-12-17T23:06:28.391662802Z	61	PC: 12b10 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:06:28.400055982Z	63	PC: 12b25 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T23:06:28.407691477Z	66	PC: 12b3a \| Move file pointer
2018-12-17T23:06:28.409526517Z	64	PC: 12b50 \| Write file or device (Write 1709 bytes on handle 5)
2018-12-17T23:06:28.427855166Z	87	PC: 12b67 \| Get or set file date and time
2018-12-17T23:06:28.429981224Z	62	PC: 12b6b \| Close file
2018-12-17T23:06:28.448391285Z	79	PC: 12b90 \| Find next file
2018-12-17T23:06:28.453454134Z	61	PC: 12b10 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:06:28.461445839Z	63	PC: 12b25 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T23:06:28.469336995Z	66	PC: 12b3a \| Move file pointer
2018-12-17T23:06:28.471283885Z	64	PC: 12b50 \| Write file or device (Write 1329 bytes on handle 5)
2018-12-17T23:06:28.482468573Z	87	PC: 12b67 \| Get or set file date and time
2018-12-17T23:06:28.484450038Z	62	PC: 12b6b \| Close file
2018-12-17T23:06:28.493805417Z	79	PC: 12b90 \| Find next file
2018-12-17T23:06:28.500846224Z	61	PC: 12b10 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:06:28.508336747Z	63	PC: 12b25 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-17T23:06:28.516143293Z	66	PC: 12b3a \| Move file pointer
2018-12-17T23:06:28.519079413Z	64	PC: 12b50 \| Write file or device (Write 1394 bytes on handle 5)
2018-12-17T23:06:28.528396009Z	87	PC: 12b67 \| Get or set file date and time
2018-12-17T23:06:28.530084724Z	62	PC: 12b6b \| Close file
2018-12-17T23:06:28.537549088Z	25	PC: 12e26 \| Get default drive
2018-12-17T23:06:28.54136916Z	42	PC: 12e92 \| Get date 0x12e92: cmp dl, 1 0x12e95: jne 0x12ea2 0x12e97: cmp al, 3 0x12e99: jne 0x12ea2 0x12e9b: mov ah, 9 0x12e9d: mov dx, 0x175 0x12ea0: int 0x21 0x12ea2: push ds 0x12ea3: mov dx, word ptr [0x131] 0x12ea7: mov ds, dx 0x12ea9: mov dx, word ptr [0x133] 0x12ead: mov ah, 0x1a 0x12eaf: int 0x21 0x12eb1: pop ds 0x12eb2: mov ax, 0x2524 0x12eb5: mov dx, word ptr [0x137] 0x12eb9: push ds 0x12eba: mov ds, word ptr [0x135] 0x12ebe: int 0x21 0x12ec0: pop ds
2018-12-17T23:06:28.543559888Z	26	PC: 12eb1 \| Set disk transfer address
2018-12-17T23:06:28.546139788Z	37	PC: 12ec0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15535,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:44.064624124Z	37	PC: 12bc8 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:44.066808604Z	37	PC: 12bcc \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:44.070587454Z	47	PC: 12e5f \| Get disk transfer address
2018-12-25T12:43:44.072453703Z	26	PC: 12e6e \| Set disk transfer address
2018-12-25T12:43:44.07421786Z	53	PC: 12e73 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:44.077259315Z	37	PC: 12e83 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:44.078699774Z	78	PC: 12b88 \| Find first file
2018-12-25T12:43:44.087104346Z	61	PC: 12b10 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:44.095325701Z	63	PC: 12b25 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:43:44.102742498Z	66	PC: 12b3a \| Move file pointer
2018-12-25T12:43:44.104518323Z	64	PC: 12b50 \| Write file or device (Write 1709 bytes on handle 5)
2018-12-25T12:43:44.132679372Z	87	PC: 12b67 \| Get or set file date and time
2018-12-25T12:43:44.13497734Z	62	PC: 12b6b \| Close file
2018-12-25T12:43:44.144487457Z	79	PC: 12b90 \| Find next file
2018-12-25T12:43:44.150288111Z	61	PC: 12b10 \| Open file (See above)
2018-12-25T12:43:44.159262239Z	63	PC: 12b25 \| Read file or device (See above)
2018-12-25T12:43:44.167196605Z	66	PC: 12b3a \| Move file pointer (See above)
2018-12-25T12:43:44.168851384Z	64	PC: 12b50 \| Write file or device (See above)
2018-12-25T12:43:44.179168066Z	87	PC: 12b67 \| Get or set file date and time (See above)
2018-12-25T12:43:44.180952607Z	62	PC: 12b6b \| Close file (See above)
2018-12-25T12:43:44.189713917Z	79	PC: 12b90 \| Find next file (See above)
2018-12-25T12:43:44.194857996Z	61	PC: 12b10 \| Open file (See above)
2018-12-25T12:43:44.202228346Z	63	PC: 12b25 \| Read file or device (See above)
2018-12-25T12:43:44.210143098Z	66	PC: 12b3a \| Move file pointer (See above)
2018-12-25T12:43:44.212593941Z	64	PC: 12b50 \| Write file or device (See above)
2018-12-25T12:43:44.228653593Z	87	PC: 12b67 \| Get or set file date and time (See above)
2018-12-25T12:43:44.231331656Z	62	PC: 12b6b \| Close file (See above)
2018-12-25T12:43:44.240833301Z	25	PC: 12e26 \| Get default drive
2018-12-25T12:43:44.246351907Z	42	PC: 12e92 \| Get date 0x12e92: cmp dl, 1 0x12e95: jne 0x12ea2 0x12e97: cmp al, 3 0x12e99: jne 0x12ea2 0x12e9b: mov ah, 9 0x12e9d: mov dx, 0x175 0x12ea0: int 0x21 0x12ea2: push ds 0x12ea3: mov dx, word ptr [0x131] 0x12ea7: mov ds, dx 0x12ea9: mov dx, word ptr [0x133] 0x12ead: mov ah, 0x1a 0x12eaf: int 0x21 0x12eb1: pop ds 0x12eb2: mov ax, 0x2524 0x12eb5: mov dx, word ptr [0x137] 0x12eb9: push ds 0x12eba: mov ds, word ptr [0x135] 0x12ebe: int 0x21 0x12ec0: pop ds
2018-12-25T12:43:44.249429596Z	9	PC: 12ea2 \| Display string (String= ' The Pac-Man BLINKY Ghost is watching.. ')
2018-12-25T12:43:44.259173509Z	26	PC: 12eb1 \| Set disk transfer address
2018-12-25T12:43:44.26083445Z	37	PC: 12ec0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15535,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:27.713422422Z	37	PC: 12bc8 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T13:07:27.716045328Z	37	PC: 12bcc \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T13:07:27.717426621Z	47	PC: 12e5f \| Get disk transfer address
2018-12-25T13:07:27.71842003Z	26	PC: 12e6e \| Set disk transfer address
2018-12-25T13:07:27.71970911Z	53	PC: 12e73 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:27.722025925Z	37	PC: 12e83 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T13:07:27.723754742Z	78	PC: 12b88 \| Find first file
2018-12-25T13:07:27.732503699Z	61	PC: 12b10 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T13:07:27.741909556Z	63	PC: 12b25 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T13:07:27.749443587Z	66	PC: 12b3a \| Move file pointer
2018-12-25T13:07:27.751624393Z	64	PC: 12b50 \| Write file or device (Write 1709 bytes on handle 5)
2018-12-25T13:07:28.037820284Z	87	PC: 12b67 \| Get or set file date and time
2018-12-25T13:07:28.039629293Z	62	PC: 12b6b \| Close file
2018-12-25T13:07:28.053834567Z	79	PC: 12b90 \| Find next file
2018-12-25T13:07:28.0627609Z	61	PC: 12b10 \| Open file (See above)
2018-12-25T13:07:28.071013149Z	63	PC: 12b25 \| Read file or device (See above)
2018-12-25T13:07:28.078942296Z	66	PC: 12b3a \| Move file pointer (See above)
2018-12-25T13:07:28.081768893Z	64	PC: 12b50 \| Write file or device (See above)
2018-12-25T13:07:28.091743759Z	87	PC: 12b67 \| Get or set file date and time (See above)
2018-12-25T13:07:28.093337489Z	62	PC: 12b6b \| Close file (See above)
2018-12-25T13:07:28.101998286Z	79	PC: 12b90 \| Find next file (See above)
2018-12-25T13:07:28.10737517Z	61	PC: 12b10 \| Open file (See above)
2018-12-25T13:07:28.115058495Z	63	PC: 12b25 \| Read file or device (See above)
2018-12-25T13:07:28.123414454Z	66	PC: 12b3a \| Move file pointer (See above)
2018-12-25T13:07:28.127657424Z	64	PC: 12b50 \| Write file or device (See above)
2018-12-25T13:07:28.139608007Z	87	PC: 12b67 \| Get or set file date and time (See above)
2018-12-25T13:07:28.141700105Z	62	PC: 12b6b \| Close file (See above)
2018-12-25T13:07:28.152336403Z	25	PC: 12e26 \| Get default drive
2018-12-25T13:07:28.157543332Z	42	PC: 12e92 \| Get date 0x12e92: cmp dl, 1 0x12e95: jne 0x12ea2 0x12e97: cmp al, 3 0x12e99: jne 0x12ea2 0x12e9b: mov ah, 9 0x12e9d: mov dx, 0x175 0x12ea0: int 0x21 0x12ea2: push ds 0x12ea3: mov dx, word ptr [0x131] 0x12ea7: mov ds, dx 0x12ea9: mov dx, word ptr [0x133] 0x12ead: mov ah, 0x1a 0x12eaf: int 0x21 0x12eb1: pop ds 0x12eb2: mov ax, 0x2524 0x12eb5: mov dx, word ptr [0x137] 0x12eb9: push ds 0x12eba: mov ds, word ptr [0x135] 0x12ebe: int 0x21 0x12ec0: pop ds
2018-12-25T13:07:28.15994925Z	26	PC: 12eb1 \| Set disk transfer address
2018-12-25T13:07:28.161913426Z	37	PC: 12ec0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15535,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:44.661840862Z	37	PC: 12bc8 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:44.663090569Z	37	PC: 12bcc \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:43:44.664587781Z	47	PC: 12e5f \| Get disk transfer address
2018-12-25T12:43:44.665888408Z	26	PC: 12e6e \| Set disk transfer address
2018-12-25T12:43:44.667122294Z	53	PC: 12e73 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:44.669553509Z	37	PC: 12e83 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:44.67107681Z	78	PC: 12b88 \| Find first file
2018-12-25T12:43:44.679033715Z	61	PC: 12b10 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:43:44.686813939Z	63	PC: 12b25 \| Read file or device (Read 65535 bytes on handle 5)
2018-12-25T12:43:44.69402191Z	66	PC: 12b3a \| Move file pointer
2018-12-25T12:43:44.695316077Z	64	PC: 12b50 \| Write file or device (Write 1709 bytes on handle 5)
2018-12-25T12:43:44.71247486Z	87	PC: 12b67 \| Get or set file date and time
2018-12-25T12:43:44.71407008Z	62	PC: 12b6b \| Close file
2018-12-25T12:43:44.723130465Z	79	PC: 12b90 \| Find next file
2018-12-25T12:43:44.726146665Z	61	PC: 12b10 \| Open file (See above)
2018-12-25T12:43:44.730461388Z	63	PC: 12b25 \| Read file or device (See above)
2018-12-25T12:43:44.737477419Z	66	PC: 12b3a \| Move file pointer (See above)
2018-12-25T12:43:44.739581201Z	64	PC: 12b50 \| Write file or device (See above)
2018-12-25T12:43:44.745220174Z	87	PC: 12b67 \| Get or set file date and time (See above)
2018-12-25T12:43:44.746664243Z	62	PC: 12b6b \| Close file (See above)
2018-12-25T12:43:44.755532275Z	79	PC: 12b90 \| Find next file (See above)
2018-12-25T12:43:44.760008632Z	61	PC: 12b10 \| Open file (See above)
2018-12-25T12:43:44.767117112Z	63	PC: 12b25 \| Read file or device (See above)
2018-12-25T12:43:44.774562988Z	66	PC: 12b3a \| Move file pointer (See above)
2018-12-25T12:43:44.776751102Z	64	PC: 12b50 \| Write file or device (See above)
2018-12-25T12:43:44.785745185Z	87	PC: 12b67 \| Get or set file date and time (See above)
2018-12-25T12:43:44.787306964Z	62	PC: 12b6b \| Close file (See above)
2018-12-25T12:43:44.796470461Z	25	PC: 12e26 \| Get default drive
2018-12-25T12:43:44.801305211Z	42	PC: 12e92 \| Get date 0x12e92: cmp dl, 1 0x12e95: jne 0x12ea2 0x12e97: cmp al, 3 0x12e99: jne 0x12ea2 0x12e9b: mov ah, 9 0x12e9d: mov dx, 0x175 0x12ea0: int 0x21 0x12ea2: push ds 0x12ea3: mov dx, word ptr [0x131] 0x12ea7: mov ds, dx 0x12ea9: mov dx, word ptr [0x133] 0x12ead: mov ah, 0x1a 0x12eaf: int 0x21 0x12eb1: pop ds 0x12eb2: mov ax, 0x2524 0x12eb5: mov dx, word ptr [0x137] 0x12eb9: push ds 0x12eba: mov ds, word ptr [0x135] 0x12ebe: int 0x21 0x12ec0: pop ds
2018-12-25T12:43:44.803903044Z	26	PC: 12eb1 \| Set disk transfer address
2018-12-25T12:43:44.806361445Z	37	PC: 12ec0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')