Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1444

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:50.034601925Z	42	PC: 17538 \| Get date 0x17538: cmp cx, 0x7cc 0x1753c: jne 0x17548 0x1753e: cmp dh, 3 0x17541: ja 0x17548 0x17543: cmp dl, 0x14 0x17546: jb 0x17591 0x17548: mov al, 0xff 0x1754a: mov ah, 0xf 0x1754c: xchg al, ah 0x1754e: nop 0x1754f: int 0x21 0x17551: cmp ax, 0x101 0x17554: jne 0x1755a 0x17556: call 0x17595 0x17559: nop 0x1755a: mov ax, 0x3521 0x1755d: nop 0x1755e: int 0x21 0x17560: cmp word ptr es:[0xa], 0x4254 0x17567: jne 0x17575
2018-12-17T23:09:50.037572786Z	255	PC: 17551 \| UNKNOWN!
2018-12-17T23:09:50.038630094Z	53	PC: 17560 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:50.040024367Z	240	PC: 1758f \| UNKNOWN!
2018-12-17T23:09:50.041716819Z	44	PC: 1748d \| Get time 0x1748d: cmp cl, 6 0x17490: jne 0x174c7 0x17492: mov ax, 0xb800 0x17495: mov es, ax 0x17497: mov cx, 0x30 0x1749a: push cx 0x1749b: mov cx, 0x7c0 0x1749e: xor si, si 0x174a0: mov ah, byte ptr es:[si] 0x174a3: cmp ah, 0x77 0x174a6: jb 0x174b5 0x174a8: dec ah 0x174aa: mov byte ptr es:[si], ah 0x174ad: mov byte ptr es:[si + 1], 0x79 0x174b2: jmp 0x174bf 0x174b4: nop 0x174b5: inc ah 0x174b7: mov byte ptr es:[si], ah 0x174ba: mov byte ptr es:[si + 1], 0x8f 0x174bf: inc si
2018-12-17T23:09:50.064788734Z	48	PC: 12a4c \| Get DOS version
2018-12-17T23:09:50.066000251Z	53	PC: 12ba8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:50.067623377Z	53	PC: 12bb5 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:09:50.069663163Z	53	PC: 12bc2 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:09:50.071242713Z	53	PC: 12bcf \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:09:50.073063683Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:50.074782762Z	74	PC: 12b19 \| Reallocate memory
2018-12-17T23:09:50.078635297Z	37	PC: 172ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:09:50.080862681Z	37	PC: 172ff \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:09:50.082655129Z	51	PC: 27f61 \| Get or set Ctrl-Break
2018-12-17T23:09:50.09142023Z	37	PC: 12bef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:09:50.094443856Z	37	PC: 12bfa \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T23:09:50.096629467Z	37	PC: 12c05 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T23:09:50.098708623Z	37	PC: 12c10 \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T23:09:50.101406817Z	76	PC: 12b98 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16656,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:38.331878182Z	42	PC: 17538 \| Get date 0x17538: cmp cx, 0x7cc 0x1753c: jne 0x17548 0x1753e: cmp dh, 3 0x17541: ja 0x17548 0x17543: cmp dl, 0x14 0x17546: jb 0x17591 0x17548: mov al, 0xff 0x1754a: mov ah, 0xf 0x1754c: xchg al, ah 0x1754e: nop 0x1754f: int 0x21 0x17551: cmp ax, 0x101 0x17554: jne 0x1755a 0x17556: call 0x17595 0x17559: nop 0x1755a: mov ax, 0x3521 0x1755d: nop 0x1755e: int 0x21 0x17560: cmp word ptr es:[0xa], 0x4254 0x17567: jne 0x17575
2018-12-25T12:53:38.335379609Z	255	PC: 17551 \| UNKNOWN!
2018-12-25T12:53:38.336450329Z	53	PC: 17560 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:38.337887679Z	240	PC: 1758f \| UNKNOWN!
2018-12-25T12:53:38.340203915Z	44	PC: 1748d \| Get time 0x1748d: cmp cl, 6 0x17490: jne 0x174c7 0x17492: mov ax, 0xb800 0x17495: mov es, ax 0x17497: mov cx, 0x30 0x1749a: push cx 0x1749b: mov cx, 0x7c0 0x1749e: xor si, si 0x174a0: mov ah, byte ptr es:[si] 0x174a3: cmp ah, 0x77 0x174a6: jb 0x174b5 0x174a8: dec ah 0x174aa: mov byte ptr es:[si], ah 0x174ad: mov byte ptr es:[si + 1], 0x79 0x174b2: jmp 0x174bf 0x174b4: nop 0x174b5: inc ah 0x174b7: mov byte ptr es:[si], ah 0x174ba: mov byte ptr es:[si + 1], 0x8f 0x174bf: inc si
2018-12-25T12:53:38.370817188Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:53:38.372699845Z	53	PC: 12ba8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.374560322Z	53	PC: 12bb5 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.377649593Z	53	PC: 12bc2 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.380453552Z	53	PC: 12bcf \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.391619595Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.394884584Z	74	PC: 12b19 \| Reallocate memory
2018-12-25T12:53:38.399606118Z	37	PC: 172ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:38.402245103Z	37	PC: 172ff \| Set interrupt vector (See above)
2018-12-25T12:53:38.405395643Z	51	PC: 27f61 \| Get or set Ctrl-Break
2018-12-25T12:53:38.416565093Z	37	PC: 12bef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.418963381Z	37	PC: 12bfa \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.427221655Z	37	PC: 12c05 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.429638668Z	37	PC: 12c10 \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.43208809Z	76	PC: 12b98 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":16656,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:38.384706592Z	42	PC: 17538 \| Get date 0x17538: cmp cx, 0x7cc 0x1753c: jne 0x17548 0x1753e: cmp dh, 3 0x17541: ja 0x17548 0x17543: cmp dl, 0x14 0x17546: jb 0x17591 0x17548: mov al, 0xff 0x1754a: mov ah, 0xf 0x1754c: xchg al, ah 0x1754e: nop 0x1754f: int 0x21 0x17551: cmp ax, 0x101 0x17554: jne 0x1755a 0x17556: call 0x17595 0x17559: nop 0x1755a: mov ax, 0x3521 0x1755d: nop 0x1755e: int 0x21 0x17560: cmp word ptr es:[0xa], 0x4254 0x17567: jne 0x17575
2018-12-25T12:53:38.387681579Z	255	PC: 17551 \| UNKNOWN!
2018-12-25T12:53:38.388436469Z	53	PC: 17560 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:38.389560404Z	240	PC: 1758f \| UNKNOWN!
2018-12-25T12:53:38.391164374Z	44	PC: 1748d \| Get time 0x1748d: cmp cl, 6 0x17490: jne 0x174c7 0x17492: mov ax, 0xb800 0x17495: mov es, ax 0x17497: mov cx, 0x30 0x1749a: push cx 0x1749b: mov cx, 0x7c0 0x1749e: xor si, si 0x174a0: mov ah, byte ptr es:[si] 0x174a3: cmp ah, 0x77 0x174a6: jb 0x174b5 0x174a8: dec ah 0x174aa: mov byte ptr es:[si], ah 0x174ad: mov byte ptr es:[si + 1], 0x79 0x174b2: jmp 0x174bf 0x174b4: nop 0x174b5: inc ah 0x174b7: mov byte ptr es:[si], ah 0x174ba: mov byte ptr es:[si + 1], 0x8f 0x174bf: inc si
2018-12-25T12:53:38.414981756Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:53:38.416033603Z	53	PC: 12ba8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.417478147Z	53	PC: 12bb5 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.419174663Z	53	PC: 12bc2 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.420367006Z	53	PC: 12bcf \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.422149284Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.423464117Z	74	PC: 12b19 \| Reallocate memory
2018-12-25T12:53:38.427049441Z	37	PC: 172ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:38.430090089Z	37	PC: 172ff \| Set interrupt vector (See above)
2018-12-25T12:53:38.431412765Z	51	PC: 27f61 \| Get or set Ctrl-Break
2018-12-25T12:53:38.440039019Z	37	PC: 12bef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.443410398Z	37	PC: 12bfa \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.445739412Z	37	PC: 12c05 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.447869217Z	37	PC: 12c10 \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.450142513Z	76	PC: 12b98 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":16656,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:38.410384418Z	42	PC: 17538 \| Get date 0x17538: cmp cx, 0x7cc 0x1753c: jne 0x17548 0x1753e: cmp dh, 3 0x17541: ja 0x17548 0x17543: cmp dl, 0x14 0x17546: jb 0x17591 0x17548: mov al, 0xff 0x1754a: mov ah, 0xf 0x1754c: xchg al, ah 0x1754e: nop 0x1754f: int 0x21 0x17551: cmp ax, 0x101 0x17554: jne 0x1755a 0x17556: call 0x17595 0x17559: nop 0x1755a: mov ax, 0x3521 0x1755d: nop 0x1755e: int 0x21 0x17560: cmp word ptr es:[0xa], 0x4254 0x17567: jne 0x17575
2018-12-25T12:53:38.414223697Z	255	PC: 17551 \| UNKNOWN!
2018-12-25T12:53:38.416490271Z	53	PC: 17560 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:38.418263824Z	240	PC: 1758f \| UNKNOWN!
2018-12-25T12:53:38.420859521Z	44	PC: 1748d \| Get time 0x1748d: cmp cl, 6 0x17490: jne 0x174c7 0x17492: mov ax, 0xb800 0x17495: mov es, ax 0x17497: mov cx, 0x30 0x1749a: push cx 0x1749b: mov cx, 0x7c0 0x1749e: xor si, si 0x174a0: mov ah, byte ptr es:[si] 0x174a3: cmp ah, 0x77 0x174a6: jb 0x174b5 0x174a8: dec ah 0x174aa: mov byte ptr es:[si], ah 0x174ad: mov byte ptr es:[si + 1], 0x79 0x174b2: jmp 0x174bf 0x174b4: nop 0x174b5: inc ah 0x174b7: mov byte ptr es:[si], ah 0x174ba: mov byte ptr es:[si + 1], 0x8f 0x174bf: inc si
2018-12-25T12:53:38.51074662Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:53:38.511983704Z	53	PC: 12ba8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.513434699Z	53	PC: 12bb5 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.515111917Z	53	PC: 12bc2 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.516238831Z	53	PC: 12bcf \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.517384651Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.523113585Z	74	PC: 12b19 \| Reallocate memory
2018-12-25T12:53:38.526981459Z	37	PC: 172ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:38.541516535Z	37	PC: 172ff \| Set interrupt vector (See above)
2018-12-25T12:53:38.54975924Z	51	PC: 27f61 \| Get or set Ctrl-Break
2018-12-25T12:53:38.572486716Z	37	PC: 12bef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.575070659Z	37	PC: 12bfa \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.578901768Z	37	PC: 12c05 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.581602135Z	37	PC: 12c10 \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.584460304Z	76	PC: 12b98 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":16656,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:38.44048448Z	42	PC: 17538 \| Get date 0x17538: cmp cx, 0x7cc 0x1753c: jne 0x17548 0x1753e: cmp dh, 3 0x17541: ja 0x17548 0x17543: cmp dl, 0x14 0x17546: jb 0x17591 0x17548: mov al, 0xff 0x1754a: mov ah, 0xf 0x1754c: xchg al, ah 0x1754e: nop 0x1754f: int 0x21 0x17551: cmp ax, 0x101 0x17554: jne 0x1755a 0x17556: call 0x17595 0x17559: nop 0x1755a: mov ax, 0x3521 0x1755d: nop 0x1755e: int 0x21 0x17560: cmp word ptr es:[0xa], 0x4254 0x17567: jne 0x17575
2018-12-25T12:53:38.443842846Z	255	PC: 17551 \| UNKNOWN!
2018-12-25T12:53:38.445838999Z	53	PC: 17560 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:38.447864267Z	240	PC: 1758f \| UNKNOWN!
2018-12-25T12:53:38.455650959Z	44	PC: 1748d \| Get time 0x1748d: cmp cl, 6 0x17490: jne 0x174c7 0x17492: mov ax, 0xb800 0x17495: mov es, ax 0x17497: mov cx, 0x30 0x1749a: push cx 0x1749b: mov cx, 0x7c0 0x1749e: xor si, si 0x174a0: mov ah, byte ptr es:[si] 0x174a3: cmp ah, 0x77 0x174a6: jb 0x174b5 0x174a8: dec ah 0x174aa: mov byte ptr es:[si], ah 0x174ad: mov byte ptr es:[si + 1], 0x79 0x174b2: jmp 0x174bf 0x174b4: nop 0x174b5: inc ah 0x174b7: mov byte ptr es:[si], ah 0x174ba: mov byte ptr es:[si + 1], 0x8f 0x174bf: inc si
2018-12-25T12:53:38.550254538Z	48	PC: 12a4c \| Get DOS version
2018-12-25T12:53:38.551767497Z	53	PC: 12ba8 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.553554576Z	53	PC: 12bb5 \| Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.556473002Z	53	PC: 12bc2 \| Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.558009941Z	53	PC: 12bcf \| Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.559933609Z	37	PC: 12be3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.562459323Z	74	PC: 12b19 \| Reallocate memory
2018-12-25T12:53:38.56657833Z	37	PC: 172ff \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:38.568034725Z	37	PC: 172ff \| Set interrupt vector (See above)
2018-12-25T12:53:38.570041784Z	51	PC: 27f61 \| Get or set Ctrl-Break
2018-12-25T12:53:38.580473677Z	37	PC: 12bef \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:53:38.583387946Z	37	PC: 12bfa \| Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T12:53:38.589785603Z	37	PC: 12c05 \| Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:53:38.592730669Z	37	PC: 12c10 \| Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T12:53:38.5956608Z	76	PC: 12b98 \| Terminate with return code (Return code = '1')