Sample viewer

vx.netlux.org/Virus.DOS.April4.751

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:34.922244406Z 53 PC: 18fb1 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:09:34.92363426Z 26 PC: 18d46 | Set disk transfer address
2018-12-17T23:09:34.924627227Z 37 PC: 18d51 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:09:34.925718801Z 53 PC: 18d64 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:34.927356275Z 37 PC: 18d7a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:34.928585758Z 78 PC: 18e01 | Find first file
2018-12-17T23:09:34.934866647Z 67 PC: 18e28 | Get or set file attributes
2018-12-17T23:09:34.94312706Z 67 PC: 18e39 | Get or set file attributes
2018-12-17T23:09:34.960881352Z 61 PC: 18e48 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:34.967420194Z 87 PC: 18e59 | Get or set file date and time
2018-12-17T23:09:34.972587385Z 66 PC: 18e74 | Move file pointer
2018-12-17T23:09:34.974040829Z 63 PC: 18e84 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T23:09:34.980298222Z 66 PC: 18e97 | Move file pointer
2018-12-17T23:09:34.982281404Z 64 PC: 18f06 | Write file or device (Write 751 bytes on handle 5)
2018-12-17T23:09:34.991159017Z 66 PC: 18f1b | Move file pointer
2018-12-17T23:09:34.993086454Z 64 PC: 18f2b | Write file or device (Write 3 bytes on handle 5)
2018-12-17T23:09:35.000581982Z 87 PC: 18f43 | Get or set file date and time
2018-12-17T23:09:35.00256265Z 62 PC: 18f4c | Close file
2018-12-17T23:09:35.010767446Z 67 PC: 18f5a | Get or set file attributes
2018-12-17T23:09:35.022879281Z 42 PC: 18f5e | Get date 0x18f5e: cmp dx, 0x404
0x18f62: jne 0x18f67
0x18f64: call 0x18f99
0x18f67: mov ax, 0x2503
0x18f6a: push ds
0x18f6b: mov dx, word ptr cs:[bp + 0x3e9]
0x18f70: mov ds, word ptr cs:[bp + 0x3eb]
0x18f75: int 0x21
0x18f77: mov ax, 0x2524
0x18f7a: mov dx, word ptr cs:[bp + 0x3e5]
0x18f7f: mov ds, word ptr cs:[bp + 0x3e7]
0x18f84: int 0x21
0x18f86: pop ds
0x18f87: mov ah, 0x1a
0x18f89: mov dx, 0x80
0x18f8c: int 0x21
0x18f8e: xor si, si
0x18f90: xor di, di
0x18f92: xor bp, bp
0x18f94: mov bx, 0x100
2018-12-17T23:09:35.025052105Z 37 PC: 18f77 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:09:35.026135001Z 37 PC: 18f86 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:35.027170578Z 26 PC: 18f8e | Set disk transfer address
2018-12-17T23:09:35.028583467Z 48 PC: 13777 | Get DOS version
2018-12-17T23:09:35.029701302Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16580,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:27.64455268Z 53 PC: 18fb1 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:53:27.646778441Z 26 PC: 18d46 | Set disk transfer address
2018-12-25T12:53:27.648264081Z 37 PC: 18d51 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:53:27.64947941Z 53 PC: 18d64 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:27.651641562Z 37 PC: 18d7a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:27.653125093Z 78 PC: 18e01 | Find first file
2018-12-25T12:53:27.659904081Z 67 PC: 18e28 | Get or set file attributes
2018-12-25T12:53:27.666438612Z 67 PC: 18e39 | Get or set file attributes
2018-12-25T12:53:27.683383156Z 61 PC: 18e48 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:27.690772892Z 87 PC: 18e59 | Get or set file date and time
2018-12-25T12:53:27.69212351Z 66 PC: 18e74 | Move file pointer
2018-12-25T12:53:27.69484426Z 63 PC: 18e84 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:27.7022069Z 66 PC: 18e97 | Move file pointer
2018-12-25T12:53:27.704122103Z 64 PC: 18f06 | Write file or device (Write 751 bytes on handle 5)
2018-12-25T12:53:27.715013742Z 66 PC: 18f1b | Move file pointer
2018-12-25T12:53:27.716542766Z 64 PC: 18f2b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:27.72402402Z 87 PC: 18f43 | Get or set file date and time
2018-12-25T12:53:27.726764334Z 62 PC: 18f4c | Close file
2018-12-25T12:53:27.735640342Z 67 PC: 18f5a | Get or set file attributes
2018-12-25T12:53:27.746516435Z 42 PC: 18f5e | Get date 0x18f5e: cmp dx, 0x404
0x18f62: jne 0x18f67
0x18f64: call 0x18f99
0x18f67: mov ax, 0x2503
0x18f6a: push ds
0x18f6b: mov dx, word ptr cs:[bp + 0x3e9]
0x18f70: mov ds, word ptr cs:[bp + 0x3eb]
0x18f75: int 0x21
0x18f77: mov ax, 0x2524
0x18f7a: mov dx, word ptr cs:[bp + 0x3e5]
0x18f7f: mov ds, word ptr cs:[bp + 0x3e7]
0x18f84: int 0x21
0x18f86: pop ds
0x18f87: mov ah, 0x1a
0x18f89: mov dx, 0x80
0x18f8c: int 0x21
0x18f8e: xor si, si
0x18f90: xor di, di
0x18f92: xor bp, bp
0x18f94: mov bx, 0x100
2018-12-25T12:53:27.749144991Z 37 PC: 18f77 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:53:27.750598037Z 37 PC: 18f86 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:27.751871043Z 26 PC: 18f8e | Set disk transfer address
2018-12-25T12:53:27.75312621Z 48 PC: 13777 | Get DOS version
2018-12-25T12:53:27.755831763Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')

{"DateBased":true,"Day":4,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16580,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:27.83293058Z 53 PC: 18fb1 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:53:27.835096803Z 26 PC: 18d46 | Set disk transfer address
2018-12-25T12:53:27.836284031Z 37 PC: 18d51 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:53:27.837474434Z 53 PC: 18d64 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:27.839185837Z 37 PC: 18d7a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:27.840495279Z 78 PC: 18e01 | Find first file
2018-12-25T12:53:27.848869537Z 67 PC: 18e28 | Get or set file attributes
2018-12-25T12:53:27.856465311Z 67 PC: 18e39 | Get or set file attributes
2018-12-25T12:53:27.872315468Z 61 PC: 18e48 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:27.879633958Z 87 PC: 18e59 | Get or set file date and time
2018-12-25T12:53:27.881752299Z 66 PC: 18e74 | Move file pointer
2018-12-25T12:53:27.883348239Z 63 PC: 18e84 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:53:27.89044841Z 66 PC: 18e97 | Move file pointer
2018-12-25T12:53:27.892211384Z 64 PC: 18f06 | Write file or device (Write 751 bytes on handle 5)
2018-12-25T12:53:27.902152729Z 66 PC: 18f1b | Move file pointer
2018-12-25T12:53:27.904118962Z 64 PC: 18f2b | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:53:27.911489208Z 87 PC: 18f43 | Get or set file date and time
2018-12-25T12:53:27.913452023Z 62 PC: 18f4c | Close file
2018-12-25T12:53:27.922146092Z 67 PC: 18f5a | Get or set file attributes
2018-12-25T12:53:27.93456151Z 42 PC: 18f5e | Get date 0x18f5e: cmp dx, 0x404
0x18f62: jne 0x18f67
0x18f64: call 0x18f99
0x18f67: mov ax, 0x2503
0x18f6a: push ds
0x18f6b: mov dx, word ptr cs:[bp + 0x3e9]
0x18f70: mov ds, word ptr cs:[bp + 0x3eb]
0x18f75: int 0x21
0x18f77: mov ax, 0x2524
0x18f7a: mov dx, word ptr cs:[bp + 0x3e5]
0x18f7f: mov ds, word ptr cs:[bp + 0x3e7]
0x18f84: int 0x21
0x18f86: pop ds
0x18f87: mov ah, 0x1a
0x18f89: mov dx, 0x80
0x18f8c: int 0x21
0x18f8e: xor si, si
0x18f90: xor di, di
0x18f92: xor bp, bp
0x18f94: mov bx, 0x100
2018-12-25T12:53:27.93814799Z 37 PC: 18f77 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:53:27.939656717Z 37 PC: 18f86 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:27.941175574Z 26 PC: 18f8e | Set disk transfer address
2018-12-25T12:53:27.943485943Z 48 PC: 13777 | Get DOS version
2018-12-25T12:53:27.945033509Z 9 PC: 13783 | Display string (String= 'Incorrect DOS version ')