Sample viewer

vx.netlux.org/Virus.DOS.Pirat.380

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:00.772489491Z 26 PC: 12e4d | Set disk transfer address
2018-12-17T23:07:00.773968955Z 25 PC: 12e51 | Get default drive
2018-12-17T23:07:00.775435838Z 14 PC: 12e5c | Set default drive (Drive = 'C')
2018-12-17T23:07:00.776944293Z 71 PC: 12e67 | Get current directory
2018-12-17T23:07:00.779322297Z 78 PC: 12e7c | Find first file
2018-12-17T23:07:00.785059692Z 67 PC: 12ea7 | Get or set file attributes
2018-12-17T23:07:01.132311621Z 61 PC: 12eac | Open file (Filename = 'COMMAND.COM')
2018-12-17T23:07:01.140308747Z 63 PC: 12ebb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:07:01.144424717Z 66 PC: 12ec4 | Move file pointer
2018-12-17T23:07:01.146854596Z 64 PC: 12ed1 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:07:01.150645151Z 64 PC: 12eda | Write file or device (Write 375 bytes on handle 5)
2018-12-17T23:07:01.157338223Z 66 PC: 12eed | Move file pointer
2018-12-17T23:07:01.159594647Z 64 PC: 12ef7 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:07:01.162762769Z 87 PC: 12f08 | Get or set file date and time
2018-12-17T23:07:01.164621282Z 62 PC: 12f0c | Close file
2018-12-17T23:07:01.172349634Z 67 PC: 12f1a | Get or set file attributes
2018-12-17T23:07:01.181755881Z 79 PC: 12e82 | Find next file
2018-12-17T23:07:01.184450144Z 59 PC: 12f35 | Change current directory
2018-12-17T23:07:01.188780027Z 14 PC: 12f3b | Set default drive (Drive = 'C')
2018-12-17T23:07:01.190318335Z 78 PC: 12e7c | Find first file
2018-12-17T23:07:01.195746859Z 79 PC: 12e82 | Find next file
2018-12-17T23:07:01.198573781Z 59 PC: 12f4c | Change current directory
2018-12-17T23:07:01.201781592Z 14 PC: 12f5e | Set default drive (Drive = 'A')
2018-12-17T23:07:01.203404153Z 42 PC: 12f62 | Get date 0x12f62: cmp dx, 0x101
0x12f66: je 0x12f70
0x12f68: cmp dx, 0xc1f
0x12f6c: je 0x12f70
0x12f6e: jmp 0x12f86
0x12f70: mov cx, 0x19
0x12f73: push si
0x12f74: add si, 0x15d
0x12f78: add si, cx
0x12f7a: mov dl, byte ptr [si]
0x12f7c: add dl, 0x40
0x12f7f: mov ah, 2
0x12f81: int 0x21
0x12f83: pop si
0x12f84: loop 0x12f73
0x12f86: mov di, 0x100
0x12f89: push di
0x12f8a: ret
0x12f8b: loope 0x12f6d
0x12f8d: xor ch, byte ptr [bx]
2018-12-17T23:07:01.206100501Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=1000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-17T23:07:01.218456442Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:13.491087372Z 26 PC: 12e4d | Set disk transfer address
2018-12-25T12:44:13.492732173Z 25 PC: 12e51 | Get default drive
2018-12-25T12:44:13.494078936Z 14 PC: 12e5c | Set default drive (Drive = 'C')
2018-12-25T12:44:13.495383996Z 71 PC: 12e67 | Get current directory
2018-12-25T12:44:13.497886888Z 78 PC: 12e7c | Find first file
2018-12-25T12:44:13.505435156Z 67 PC: 12ea7 | Get or set file attributes
2018-12-25T12:44:14.182305745Z 61 PC: 12eac | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:44:14.189525461Z 63 PC: 12ebb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:44:14.192911258Z 66 PC: 12ec4 | Move file pointer
2018-12-25T12:44:14.194419202Z 64 PC: 12ed1 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:44:14.197832343Z 64 PC: 12eda | Write file or device (Write 375 bytes on handle 5)
2018-12-25T12:44:14.205317863Z 66 PC: 12eed | Move file pointer
2018-12-25T12:44:14.206768322Z 64 PC: 12ef7 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:44:14.21037639Z 87 PC: 12f08 | Get or set file date and time
2018-12-25T12:44:14.212538679Z 62 PC: 12f0c | Close file
2018-12-25T12:44:14.220634743Z 67 PC: 12f1a | Get or set file attributes
2018-12-25T12:44:14.230587697Z 79 PC: 12e82 | Find next file
2018-12-25T12:44:14.23358509Z 59 PC: 12f35 | Change current directory
2018-12-25T12:44:14.2380696Z 14 PC: 12f3b | Set default drive (Drive = 'C')
2018-12-25T12:44:14.239514022Z 78 PC: 12e7c | Find first file (See above)
2018-12-25T12:44:14.246264058Z 79 PC: 12e82 | Find next file (See above)
2018-12-25T12:44:14.250268716Z 59 PC: 12f4c | Change current directory
2018-12-25T12:44:14.252700367Z 14 PC: 12f5e | Set default drive (Drive = 'A')
2018-12-25T12:44:14.255103819Z 42 PC: 12f62 | Get date 0x12f62: cmp dx, 0x101
0x12f66: je 0x12f70
0x12f68: cmp dx, 0xc1f
0x12f6c: je 0x12f70
0x12f6e: jmp 0x12f86
0x12f70: mov cx, 0x19
0x12f73: push si
0x12f74: add si, 0x15d
0x12f78: add si, cx
0x12f7a: mov dl, byte ptr [si]
0x12f7c: add dl, 0x40
0x12f7f: mov ah, 2
0x12f81: int 0x21
0x12f83: pop si
0x12f84: loop 0x12f73
0x12f86: mov di, 0x100
0x12f89: push di
0x12f8a: ret
0x12f8b: loope 0x12f6d
0x12f8d: xor ch, byte ptr [bx]
2018-12-25T12:44:14.258179506Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=1000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T12:44:14.27201716Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":31,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:13.523049715Z 26 PC: 12e4d | Set disk transfer address
2018-12-25T12:44:13.524949961Z 25 PC: 12e51 | Get default drive
2018-12-25T12:44:13.526048855Z 14 PC: 12e5c | Set default drive (Drive = 'C')
2018-12-25T12:44:13.527224528Z 71 PC: 12e67 | Get current directory
2018-12-25T12:44:13.529657534Z 78 PC: 12e7c | Find first file
2018-12-25T12:44:13.535287043Z 67 PC: 12ea7 | Get or set file attributes
2018-12-25T12:44:13.855798164Z 61 PC: 12eac | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:44:13.862155552Z 63 PC: 12ebb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:44:13.865369917Z 66 PC: 12ec4 | Move file pointer
2018-12-25T12:44:13.867135409Z 64 PC: 12ed1 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:44:13.870590466Z 64 PC: 12eda | Write file or device (Write 375 bytes on handle 5)
2018-12-25T12:44:13.877843379Z 66 PC: 12eed | Move file pointer
2018-12-25T12:44:13.87955631Z 64 PC: 12ef7 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:44:13.882644539Z 87 PC: 12f08 | Get or set file date and time
2018-12-25T12:44:13.885455343Z 62 PC: 12f0c | Close file
2018-12-25T12:44:13.891947125Z 67 PC: 12f1a | Get or set file attributes
2018-12-25T12:44:13.91469742Z 79 PC: 12e82 | Find next file
2018-12-25T12:44:13.918241044Z 59 PC: 12f35 | Change current directory
2018-12-25T12:44:13.921846494Z 14 PC: 12f3b | Set default drive (Drive = 'C')
2018-12-25T12:44:13.923284173Z 78 PC: 12e7c | Find first file (See above)
2018-12-25T12:44:13.928937456Z 79 PC: 12e82 | Find next file (See above)
2018-12-25T12:44:13.932040004Z 59 PC: 12f4c | Change current directory
2018-12-25T12:44:13.933826647Z 14 PC: 12f5e | Set default drive (Drive = 'A')
2018-12-25T12:44:13.935081926Z 42 PC: 12f62 | Get date 0x12f62: cmp dx, 0x101
0x12f66: je 0x12f70
0x12f68: cmp dx, 0xc1f
0x12f6c: je 0x12f70
0x12f6e: jmp 0x12f86
0x12f70: mov cx, 0x19
0x12f73: push si
0x12f74: add si, 0x15d
0x12f78: add si, cx
0x12f7a: mov dl, byte ptr [si]
0x12f7c: add dl, 0x40
0x12f7f: mov ah, 2
0x12f81: int 0x21
0x12f83: pop si
0x12f84: loop 0x12f73
0x12f86: mov di, 0x100
0x12f89: push di
0x12f8a: ret
0x12f8b: loope 0x12f6d
0x12f8d: xor ch, byte ptr [bx]
2018-12-25T12:44:13.937478849Z 2 PC: 12f83 | Character output (Char = '4c')
2018-12-25T12:44:13.93950691Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.950768612Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.966751529Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.968760807Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.97075963Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.973565908Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.977034444Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.979867741Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.982717392Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.985332185Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.987238048Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.988980133Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.991330271Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.993423279Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.995386821Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:13.997524733Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.000514408Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.002718989Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.004906099Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.007989819Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.010175744Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.012377362Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.015489996Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.017707302Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.019936395Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=1000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T12:44:14.031419218Z 76 PC: 12b3a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15714,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:13.576537397Z 26 PC: 12e4d | Set disk transfer address
2018-12-25T12:44:13.577726491Z 25 PC: 12e51 | Get default drive
2018-12-25T12:44:13.579294896Z 14 PC: 12e5c | Set default drive (Drive = 'C')
2018-12-25T12:44:13.580706165Z 71 PC: 12e67 | Get current directory
2018-12-25T12:44:13.584260334Z 78 PC: 12e7c | Find first file
2018-12-25T12:44:13.590773806Z 67 PC: 12ea7 | Get or set file attributes
2018-12-25T12:44:14.182617199Z 61 PC: 12eac | Open file (Filename = 'COMMAND.COM')
2018-12-25T12:44:14.190736853Z 63 PC: 12ebb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:44:14.195464461Z 66 PC: 12ec4 | Move file pointer
2018-12-25T12:44:14.197488692Z 64 PC: 12ed1 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:44:14.201546436Z 64 PC: 12eda | Write file or device (Write 375 bytes on handle 5)
2018-12-25T12:44:14.211340348Z 66 PC: 12eed | Move file pointer
2018-12-25T12:44:14.212772044Z 64 PC: 12ef7 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:44:14.215152541Z 87 PC: 12f08 | Get or set file date and time
2018-12-25T12:44:14.217635037Z 62 PC: 12f0c | Close file
2018-12-25T12:44:14.223403431Z 67 PC: 12f1a | Get or set file attributes
2018-12-25T12:44:14.233802374Z 79 PC: 12e82 | Find next file
2018-12-25T12:44:14.236670624Z 59 PC: 12f35 | Change current directory
2018-12-25T12:44:14.239510041Z 14 PC: 12f3b | Set default drive (Drive = 'C')
2018-12-25T12:44:14.240576843Z 78 PC: 12e7c | Find first file (See above)
2018-12-25T12:44:14.244163668Z 79 PC: 12e82 | Find next file (See above)
2018-12-25T12:44:14.247582796Z 59 PC: 12f4c | Change current directory
2018-12-25T12:44:14.249387158Z 14 PC: 12f5e | Set default drive (Drive = 'A')
2018-12-25T12:44:14.250476091Z 42 PC: 12f62 | Get date 0x12f62: cmp dx, 0x101
0x12f66: je 0x12f70
0x12f68: cmp dx, 0xc1f
0x12f6c: je 0x12f70
0x12f6e: jmp 0x12f86
0x12f70: mov cx, 0x19
0x12f73: push si
0x12f74: add si, 0x15d
0x12f78: add si, cx
0x12f7a: mov dl, byte ptr [si]
0x12f7c: add dl, 0x40
0x12f7f: mov ah, 2
0x12f81: int 0x21
0x12f83: pop si
0x12f84: loop 0x12f73
0x12f86: mov di, 0x100
0x12f89: push di
0x12f8a: ret
0x12f8b: loope 0x12f6d
0x12f8d: xor ch, byte ptr [bx]
2018-12-25T12:44:14.253389729Z 2 PC: 12f83 | Character output (Char = '4c')
2018-12-25T12:44:14.256089671Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.258479582Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.261645307Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.263919471Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.266072854Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.268840718Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.271257038Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.273674818Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.27692413Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.279640818Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.282885661Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.285856556Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.288959387Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.291225079Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.294070016Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.304293638Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.306616252Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.308782575Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.311659942Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.313868808Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.316052135Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.318481718Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.320721772Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.323039628Z 2 PC: 12f83 | Character output (See above)
2018-12-25T12:44:14.325683188Z 9 PC: 12b36 | Display string (String= ' YOU HAVE JUST RELEASED A VIRUS! Entry=3h, Size=1000, Stack=0, Overlay(0)=0 not loaded, Fill=FFFF* COM file, code at start, JMP at start, SS:SP != CS:IP ')
2018-12-25T12:44:14.338118662Z 76 PC: 12b3a | Terminate with return code (Return code = '36')