Sample viewer

vx.netlux.org/Virus.DOS.Small.394.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:01.492497903Z	48	PC: 12b16 \| Get DOS version
2018-12-17T23:10:01.494889996Z	75	PC: 12b24 \| Execute program
2018-12-17T23:10:01.496759235Z	53	PC: 12b3f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:01.498662507Z	80	PC: 12ba6 \| Set current PSP
2018-12-17T23:10:01.500654295Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:01.502115521Z	26	PC: 12be4 \| Set disk transfer address
2018-12-17T23:10:01.50364377Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-17T23:10:01.506731036Z	76	PC: 13217 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16724,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.522649156Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:53:37.523960204Z	75	PC: 12b24 \| Execute program
2018-12-25T12:53:37.525021319Z	53	PC: 12b3f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.525845259Z	80	PC: 12ba6 \| Set current PSP
2018-12-25T12:53:37.527120628Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.527938949Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:53:37.528708151Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:53:37.530445638Z	53	PC: 12bff \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:53:37.531231219Z	37	PC: 12c13 \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:53:37.609541216Z	53	PC: 12c40 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:37.611166027Z	37	PC: 12c55 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:37.614269368Z	76	PC: 13217 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16724,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.633786074Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:53:37.635357576Z	75	PC: 12b24 \| Execute program
2018-12-25T12:53:37.636344473Z	53	PC: 12b3f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.637142107Z	80	PC: 12ba6 \| Set current PSP
2018-12-25T12:53:37.638360214Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.639160971Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:53:37.639915013Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:53:37.641547387Z	76	PC: 13217 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16724,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.819867559Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:53:37.821641989Z	75	PC: 12b24 \| Execute program
2018-12-25T12:53:37.822951136Z	53	PC: 12b3f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.824016916Z	80	PC: 12ba6 \| Set current PSP
2018-12-25T12:53:37.825536882Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.826568654Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:53:37.827633157Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:53:37.830124848Z	76	PC: 13217 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":10,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16724,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.865818738Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:53:37.867094299Z	75	PC: 12b24 \| Execute program
2018-12-25T12:53:37.86948308Z	53	PC: 12b3f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.870747869Z	80	PC: 12ba6 \| Set current PSP
2018-12-25T12:53:37.871853592Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:37.873318258Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:53:37.874335363Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:53:37.955666904Z	53	PC: 12c40 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:37.957790424Z	37	PC: 12c55 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:37.959746387Z	76	PC: 13217 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16724,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:38.028784513Z	48	PC: 12b16 \| Get DOS version
2018-12-25T12:53:38.030179312Z	75	PC: 12b24 \| Execute program
2018-12-25T12:53:38.031456674Z	53	PC: 12b3f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:38.032505077Z	80	PC: 12ba6 \| Set current PSP
2018-12-25T12:53:38.03407923Z	37	PC: 12bdc \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:38.03509906Z	26	PC: 12be4 \| Set disk transfer address
2018-12-25T12:53:38.036101141Z	42	PC: 12beb \| Get date 0x12beb: cmp cx, 0x7c4 0x12bef: ja 0x12c56 0x12bf1: je 0x12c1d 0x12bf3: cmp cx, 0x7bc 0x12bf7: jne 0x12c56 0x12bf9: push ds 0x12bfa: mov ax, 0x3528 0x12bfd: int 0x21 0x12bff: mov word ptr cs:[0x13b], bx 0x12c04: mov word ptr cs:[0x13d], es 0x12c09: mov ax, 0x2528 0x12c0c: mov dx, 0x722 0x12c0f: push cs 0x12c10: pop ds 0x12c11: int 0x21 0x12c13: pop ds 0x12c14: or byte ptr cs:[0x157], 8 0x12c1a: jmp 0x12c22 0x12c1c: nop 0x12c1d: cmp dh, 0xa
2018-12-25T12:53:38.038438355Z	76	PC: 13217 \| Terminate with return code (Return code = '1')