Sample viewer

vx.netlux.org/Virus.DOS.Prah.1487

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:30.369257023Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:06:30.371276609Z 37 PC: 12a93 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:06:30.372775325Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:06:30.374161836Z 61 PC: 12aa9 | Open file (Filename = 'in ... ')
2018-12-17T23:06:30.381490752Z 112 PC: 12ac0 | UNKNOWN!
2018-12-17T23:06:30.383118193Z 88 PC: 12ad0 | case 0xGet or set allocation strateg:
2018-12-17T23:06:30.384754202Z 72 PC: 12ad7 | Allocate memory
2018-12-17T23:06:30.386663858Z 74 PC: 12af0 | Reallocate memory
2018-12-17T23:06:30.389128123Z 72 PC: 12ad7 | Allocate memory
2018-12-17T23:06:30.390725564Z 53 PC: 12b0f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:30.391923835Z 37 PC: 12b1f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:30.393997145Z 88 PC: 12b26 | case 0xGet or set allocation strateg:
2018-12-17T23:06:30.39560792Z 47 PC: 9f81f | Get disk transfer address
2018-12-17T23:06:30.396988013Z 26 PC: 9f82c | Set disk transfer address
2018-12-17T23:06:30.39905101Z 78 PC: 9f835 | Find first file
2018-12-17T23:06:30.40846767Z 26 PC: 9f83b | Set disk transfer address
2018-12-17T23:06:30.409792327Z 61 PC: 9f84a | Open file (Filename = 'TBDRVXXX')
2018-12-17T23:06:30.416788585Z 53 PC: 9f8ab | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:30.418056008Z 37 PC: 9f8bb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:30.419169363Z 67 PC: 9f8c9 | Get or set file attributes
2018-12-17T23:06:30.762923021Z 61 PC: 9f8d6 | Open file (Filename = '���')
2018-12-17T23:06:30.770517544Z 63 PC: 9f8ea | Read file or device (Read 26 bytes on handle 5)
2018-12-17T23:06:30.777351263Z 66 PC: 9fa66 | Move file pointer
2018-12-17T23:06:30.779518968Z 63 PC: 9fa70 | Read file or device (Read 7 bytes on handle 5)
2018-12-17T23:06:30.786421151Z 66 PC: 9f9a7 | Move file pointer
2018-12-17T23:06:30.788605306Z 64 PC: 9fb19 | Write file or device (Write 1463 bytes on handle 5)
2018-12-17T23:06:30.801127209Z 66 PC: 9f9b3 | Move file pointer
2018-12-17T23:06:30.803603534Z 64 PC: 9f9bd | Write file or device (Write 26 bytes on handle 5)
2018-12-17T23:06:30.806348388Z 87 PC: 9f9ca | Get or set file date and time
2018-12-17T23:06:30.80807245Z 67 PC: 9fa40 | Get or set file attributes
2018-12-17T23:06:30.819038937Z 67 PC: 9fa40 | Get or set file attributes
2018-12-17T23:06:30.831488995Z 67 PC: 9fa40 | Get or set file attributes
2018-12-17T23:06:30.838458432Z 67 PC: 9fa40 | Get or set file attributes
2018-12-17T23:06:30.846109409Z 62 PC: 9fa0e | Close file
2018-12-17T23:06:30.853425205Z 67 PC: 9fa20 | Get or set file attributes
2018-12-17T23:06:30.863330813Z 37 PC: 9fa29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:06:30.865782771Z 67 PC: 12b56 | Get or set file attributes
2018-12-17T23:06:30.87260705Z 42 PC: 12b81 | Get date 0x12b81: cmp dx, 0x91b
0x12b85: jne 0x12bba
0x12b87: mov ax, 1
0x12b8a: int 0x10
0x12b8c: mov ah, 1
0x12b8e: mov cx, 0x6000
0x12b91: int 0x10
0x12b93: mov ax, 0x1300
0x12b96: mov bx, 0x8c
0x12b99: mov cx, 5
0x12b9c: mov dx, 0xc11
0x12b9f: mov bp, 0x1a6
0x12ba2: int 0x10
0x12ba4: mov ah, 1
0x12ba6: int 0x16
0x12ba8: je 0x12ba4
0x12baa: xor ax, ax
0x12bac: int 0x16
0x12bae: mov ax, 3
0x12bb1: int 0x10
2018-12-17T23:06:30.875150899Z 9 PC: 12a49 | Display string (Could not find end pointer)
2018-12-17T23:06:30.879947855Z 76 PC: 12a4e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15552,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.000322959Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.002081773Z 37 PC: 12a93 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.003462321Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.004853092Z 61 PC: 12aa9 | Open file (Filename = 'in ... ')
2018-12-25T12:43:45.012885967Z 112 PC: 12ac0 | UNKNOWN!
2018-12-25T12:43:45.013559525Z 88 PC: 12ad0 | case 0xGet or set allocation strateg:
2018-12-25T12:43:45.014913557Z 72 PC: 12ad7 | Allocate memory
2018-12-25T12:43:45.016589944Z 74 PC: 12af0 | Reallocate memory
2018-12-25T12:43:45.017882599Z 72 PC: 12ad7 | Allocate memory (See above)
2018-12-25T12:43:45.019330206Z 53 PC: 12b0f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:45.020409009Z 37 PC: 12b1f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:45.022124301Z 88 PC: 12b26 | case 0xGet or set allocation strateg:
2018-12-25T12:43:45.023806973Z 47 PC: 9f81f | Get disk transfer address
2018-12-25T12:43:45.0250053Z 26 PC: 9f82c | Set disk transfer address
2018-12-25T12:43:45.026784595Z 78 PC: 9f835 | Find first file
2018-12-25T12:43:45.037065202Z 26 PC: 9f83b | Set disk transfer address
2018-12-25T12:43:45.037944931Z 61 PC: 9f84a | Open file (Filename = 'TBDRVXXX')
2018-12-25T12:43:45.044964179Z 53 PC: 9f8ab | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.046241464Z 37 PC: 9f8bb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.047334511Z 67 PC: 9f8c9 | Get or set file attributes
2018-12-25T12:43:45.390992021Z 61 PC: 9f8d6 | Open file (Filename = '���')
2018-12-25T12:43:45.400435236Z 63 PC: 9f8ea | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:45.407881861Z 66 PC: 9fa66 | Move file pointer
2018-12-25T12:43:45.410569488Z 63 PC: 9fa70 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:43:45.417288976Z 66 PC: 9f9a7 | Move file pointer
2018-12-25T12:43:45.419322749Z 64 PC: 9fb19 | Write file or device (Write 1463 bytes on handle 5)
2018-12-25T12:43:45.430264975Z 66 PC: 9f9b3 | Move file pointer
2018-12-25T12:43:45.431573079Z 64 PC: 9f9bd | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:43:45.434328295Z 87 PC: 9f9ca | Get or set file date and time
2018-12-25T12:43:45.436517554Z 67 PC: 9fa40 | Get or set file attributes
2018-12-25T12:43:45.446646713Z 67 PC: 9fa40 | Get or set file attributes (See above)
2018-12-25T12:43:45.453368199Z 67 PC: 9fa40 | Get or set file attributes (See above)
2018-12-25T12:43:45.460599966Z 67 PC: 9fa40 | Get or set file attributes (See above)
2018-12-25T12:43:45.466981115Z 62 PC: 9fa0e | Close file
2018-12-25T12:43:45.473836026Z 67 PC: 9fa20 | Get or set file attributes
2018-12-25T12:43:45.484080161Z 37 PC: 9fa29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.485262998Z 67 PC: 12b56 | Get or set file attributes
2018-12-25T12:43:45.491931066Z 42 PC: 12b81 | Get date 0x12b81: cmp dx, 0x91b
0x12b85: jne 0x12bba
0x12b87: mov ax, 1
0x12b8a: int 0x10
0x12b8c: mov ah, 1
0x12b8e: mov cx, 0x6000
0x12b91: int 0x10
0x12b93: mov ax, 0x1300
0x12b96: mov bx, 0x8c
0x12b99: mov cx, 5
0x12b9c: mov dx, 0xc11
0x12b9f: mov bp, 0x1a6
0x12ba2: int 0x10
0x12ba4: mov ah, 1
0x12ba6: int 0x16
0x12ba8: je 0x12ba4
0x12baa: xor ax, ax
0x12bac: int 0x16
0x12bae: mov ax, 3
0x12bb1: int 0x10
2018-12-25T12:43:45.494547772Z 9 PC: 12a49 | Display string (Could not find end pointer)
2018-12-25T12:43:45.498625607Z 76 PC: 12a4e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":27,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15552,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:45.360706729Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.36306775Z 37 PC: 12a93 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.364615945Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:43:45.366130462Z 61 PC: 12aa9 | Open file (Filename = 'in ... ')
2018-12-25T12:43:45.373945758Z 112 PC: 12ac0 | UNKNOWN!
2018-12-25T12:43:45.375139477Z 88 PC: 12ad0 | case 0xGet or set allocation strateg:
2018-12-25T12:43:45.377879796Z 72 PC: 12ad7 | Allocate memory
2018-12-25T12:43:45.380643552Z 74 PC: 12af0 | Reallocate memory
2018-12-25T12:43:45.382714025Z 72 PC: 12ad7 | Allocate memory (See above)
2018-12-25T12:43:45.384767642Z 53 PC: 12b0f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:45.386433206Z 37 PC: 12b1f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:45.389525437Z 88 PC: 12b26 | case 0xGet or set allocation strateg:
2018-12-25T12:43:45.391357144Z 47 PC: 9f81f | Get disk transfer address
2018-12-25T12:43:45.392641387Z 26 PC: 9f82c | Set disk transfer address
2018-12-25T12:43:45.39746663Z 78 PC: 9f835 | Find first file
2018-12-25T12:43:45.409303432Z 26 PC: 9f83b | Set disk transfer address
2018-12-25T12:43:45.41048912Z 61 PC: 9f84a | Open file (Filename = 'TBDRVXXX')
2018-12-25T12:43:45.418293663Z 53 PC: 9f8ab | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.419768216Z 37 PC: 9f8bb | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:45.421121064Z 67 PC: 9f8c9 | Get or set file attributes
2018-12-25T12:43:48.464072641Z 61 PC: 9f8d6 | Open file (Filename = '���')
2018-12-25T12:43:48.472081013Z 63 PC: 9f8ea | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:43:48.478819952Z 66 PC: 9fa66 | Move file pointer
2018-12-25T12:43:48.480833871Z 63 PC: 9fa70 | Read file or device (Read 7 bytes on handle 5)
2018-12-25T12:43:48.487863736Z 66 PC: 9f9a7 | Move file pointer
2018-12-25T12:43:48.490109944Z 64 PC: 9fb19 | Write file or device (Write 1463 bytes on handle 5)
2018-12-25T12:43:48.531545463Z 66 PC: 9f9b3 | Move file pointer
2018-12-25T12:43:48.534222289Z 64 PC: 9f9bd | Write file or device (Write 26 bytes on handle 5)
2018-12-25T12:43:48.537725842Z 87 PC: 9f9ca | Get or set file date and time
2018-12-25T12:43:48.539392624Z 67 PC: 9fa40 | Get or set file attributes
2018-12-25T12:43:48.551284049Z 67 PC: 9fa40 | Get or set file attributes (See above)
2018-12-25T12:43:48.558550875Z 67 PC: 9fa40 | Get or set file attributes (See above)
2018-12-25T12:43:48.565781307Z 67 PC: 9fa40 | Get or set file attributes (See above)
2018-12-25T12:43:48.574234082Z 62 PC: 9fa0e | Close file
2018-12-25T12:43:48.749912813Z 67 PC: 9fa20 | Get or set file attributes
2018-12-25T12:43:48.892017109Z 37 PC: 9fa29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:43:48.894341501Z 67 PC: 12b56 | Get or set file attributes
2018-12-25T12:43:48.898856966Z 42 PC: 12b81 | Get date 0x12b81: cmp dx, 0x91b
0x12b85: jne 0x12bba
0x12b87: mov ax, 1
0x12b8a: int 0x10
0x12b8c: mov ah, 1
0x12b8e: mov cx, 0x6000
0x12b91: int 0x10
0x12b93: mov ax, 0x1300
0x12b96: mov bx, 0x8c
0x12b99: mov cx, 5
0x12b9c: mov dx, 0xc11
0x12b9f: mov bp, 0x1a6
0x12ba2: int 0x10
0x12ba4: mov ah, 1
0x12ba6: int 0x16
0x12ba8: je 0x12ba4
0x12baa: xor ax, ax
0x12bac: int 0x16
0x12bae: mov ax, 3
0x12bb1: int 0x10