Sample viewer

vx.netlux.org/Virus.DOS.ErrorVirus.1215

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:29.974695958Z	42	PC: 1480e \| Get date 0x1480e: cmp dh, 9 0x14811: jne 0x1482f 0x14813: mov ax, 3 0x14816: int 0x10 0x14818: mov ax, 0x1301 0x1481b: mov bx, 4 0x1481e: mov dx, 0xc11 0x14821: mov bp, 0x32d 0x14824: mov cx, 0x2c 0x14827: int 0x10 0x14829: xor ax, ax 0x1482b: xor bx, bx 0x1482d: jmp 0x14829 0x1482f: mov ah, 0x19 0x14831: mov bx, 0x409 0x14834: mov cx, 0x76 0x14837: int 0x21 0x14839: cmp cx, 0x2323 0x1483d: jne 0x14878 0x1483f: mov bx, 0x409
2018-12-17T23:10:29.978808354Z	25	PC: 14839 \| Get default drive
2018-12-17T23:10:29.979928979Z	72	PC: 1487f \| Allocate memory
2018-12-17T23:10:29.981598171Z	74	PC: 1488c \| Reallocate memory
2018-12-17T23:10:29.984239754Z	74	PC: 14894 \| Reallocate memory
2018-12-17T23:10:29.986520392Z	72	PC: 1489b \| Allocate memory
2018-12-17T23:10:29.988843696Z	53	PC: 148d1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:29.99143412Z	37	PC: 148e3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:29.992667239Z	53	PC: 148e8 \| Get interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T23:10:29.994090918Z	9	PC: 12a86 \| Display string (Could not find end pointer)
2018-12-17T23:10:29.999816659Z	48	PC: 12a8f \| Get DOS version
2018-12-17T23:10:30.001197178Z	53	PC: 9f687 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:30.002396404Z	37	PC: 9f69f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:30.004074728Z	61	PC: 9f751 \| Open file (Filename = 'Ɣ�')
2018-12-17T23:10:30.011799263Z	66	PC: 9f767 \| Move file pointer
2018-12-17T23:10:30.013478451Z	66	PC: 9f781 \| Move file pointer
2018-12-17T23:10:30.015270872Z	63	PC: 9f790 \| Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:10:30.018107968Z	62	PC: 9f897 \| Close file
2018-12-17T23:10:30.020094888Z	37	PC: 9f714 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:30.021405236Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T23:10:30.028742957Z	93	PC: 12afe \| File sharing functions
2018-12-17T23:10:30.030547653Z	9	PC: 12a86 \| Display string (String= 'Size change=04CFh/01231d. ')
2018-12-17T23:10:30.035100989Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16874,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:08.605466639Z	42	PC: 1480e \| Get date 0x1480e: cmp dh, 9 0x14811: jne 0x1482f 0x14813: mov ax, 3 0x14816: int 0x10 0x14818: mov ax, 0x1301 0x1481b: mov bx, 4 0x1481e: mov dx, 0xc11 0x14821: mov bp, 0x32d 0x14824: mov cx, 0x2c 0x14827: int 0x10 0x14829: xor ax, ax 0x1482b: xor bx, bx 0x1482d: jmp 0x14829 0x1482f: mov ah, 0x19 0x14831: mov bx, 0x409 0x14834: mov cx, 0x76 0x14837: int 0x21 0x14839: cmp cx, 0x2323 0x1483d: jne 0x14878 0x1483f: mov bx, 0x409
2018-12-25T12:54:08.608552141Z	25	PC: 14839 \| Get default drive
2018-12-25T12:54:08.611033616Z	72	PC: 1487f \| Allocate memory
2018-12-25T12:54:08.612500009Z	74	PC: 1488c \| Reallocate memory
2018-12-25T12:54:08.61451228Z	74	PC: 14894 \| Reallocate memory
2018-12-25T12:54:08.615799889Z	72	PC: 1489b \| Allocate memory
2018-12-25T12:54:08.617272443Z	53	PC: 148d1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:08.619095799Z	37	PC: 148e3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:08.620292204Z	53	PC: 148e8 \| Get interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:54:08.621644264Z	9	PC: 12a86 \| Display string (Could not find end pointer)
2018-12-25T12:54:08.62768549Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:54:08.628880255Z	53	PC: 9f687 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.629971139Z	37	PC: 9f69f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.631743712Z	61	PC: 9f751 \| Open file (Filename = 'Ɣ�')
2018-12-25T12:54:08.638306156Z	66	PC: 9f767 \| Move file pointer
2018-12-25T12:54:08.639719485Z	66	PC: 9f781 \| Move file pointer
2018-12-25T12:54:08.641382725Z	63	PC: 9f790 \| Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:54:08.644059798Z	62	PC: 9f897 \| Close file
2018-12-25T12:54:08.645781751Z	37	PC: 9f714 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:54:08.647284554Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:54:08.653965728Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:54:08.656731551Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:54:08.673148475Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16874,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:08.627799355Z	42	PC: 1480e \| Get date 0x1480e: cmp dh, 9 0x14811: jne 0x1482f 0x14813: mov ax, 3 0x14816: int 0x10 0x14818: mov ax, 0x1301 0x1481b: mov bx, 4 0x1481e: mov dx, 0xc11 0x14821: mov bp, 0x32d 0x14824: mov cx, 0x2c 0x14827: int 0x10 0x14829: xor ax, ax 0x1482b: xor bx, bx 0x1482d: jmp 0x14829 0x1482f: mov ah, 0x19 0x14831: mov bx, 0x409 0x14834: mov cx, 0x76 0x14837: int 0x21 0x14839: cmp cx, 0x2323 0x1483d: jne 0x14878 0x1483f: mov bx, 0x409