Sample viewer

vx.netlux.org/Virus.DOS.Riot.Sectors.401

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:32.019767191Z	42	PC: 13038 \| Get date 0x13038: cmp dl, 1 0x1303b: jne 0x13060 0x1303d: mov ax, 0x4301 0x13040: xor cx, cx 0x13042: lea dx, word ptr [bp + 0x20b] 0x13046: int 0x21 0x13048: mov ah, 0x3c 0x1304a: int 0x21 0x1304c: xchg ax, bx 0x1304d: mov ah, 0x40 0x1304f: mov cx, 0x7a 0x13052: lea dx, word ptr [bp + 0x21b] 0x13056: int 0x21 0x13058: mov ah, 0x3e 0x1305a: lea dx, word ptr [bp + 0x20b] 0x1305e: int 0x21 0x13060: lea si, word ptr [bp + 0x207] 0x13064: mov di, 0x100 0x13067: push di 0x13068: movsw word ptr es:[di], word ptr [si]
2018-12-17T23:11:32.022881768Z	26	PC: 13072 \| Set disk transfer address
2018-12-17T23:11:32.025750423Z	78	PC: 1307a \| Find first file
2018-12-17T23:11:32.032588213Z	61	PC: 1308d \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:11:32.039831997Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.042474277Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.049676421Z	66	PC: 130b0 \| Move file pointer
2018-12-17T23:11:32.051507615Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.054293455Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.068516805Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.07193846Z	61	PC: 1308d \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:11:32.080462793Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.082461081Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.089470433Z	66	PC: 130b0 \| Move file pointer
2018-12-17T23:11:32.091512664Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.093911345Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.349462016Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.352753256Z	61	PC: 1308d \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:11:32.360722413Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.362506038Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.369624526Z	66	PC: 130b0 \| Move file pointer
2018-12-17T23:11:32.372642402Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.374505786Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.390649098Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.395927284Z	61	PC: 1308d \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:11:32.404078845Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.406338344Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.415059967Z	66	PC: 130b0 \| Move file pointer
2018-12-17T23:11:32.417030173Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.418960774Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.427800739Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.431639649Z	61	PC: 1308d \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:11:32.439373003Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.441055688Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.448756601Z	66	PC: 130b0 \| Move file pointer
2018-12-17T23:11:32.450500491Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.452307039Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.460414356Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.463547509Z	61	PC: 1308d \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:11:32.470919584Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.474060521Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.481766454Z	66	PC: 130b0 \| Move file pointer
2018-12-17T23:11:32.483828271Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.486897985Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.494763127Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.497994885Z	61	PC: 1308d \| Open file (Filename = 'PAH.COM')
2018-12-17T23:11:32.506247125Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.50858961Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.516283311Z	66	PC: 130b0 \| Move file pointer
2018-12-17T23:11:32.518561185Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.521062519Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.529114622Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.532228048Z	61	PC: 1308d \| Open file (Filename = 'TEST.COM')
2018-12-17T23:11:32.540598681Z	87	PC: 13093 \| Get or set file date and time
2018-12-17T23:11:32.542402514Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T23:11:32.545514606Z	87	PC: 130e9 \| Get or set file date and time
2018-12-17T23:11:32.548227108Z	62	PC: 130ed \| Close file
2018-12-17T23:11:32.558681179Z	79	PC: 1307a \| Find next file
2018-12-17T23:11:32.561149041Z	26	PC: 13083 \| Set disk transfer address
2018-12-17T23:11:32.563392109Z	9	PC: 12a4b \| Display string (String= 'This program is VIRUS infected! ')
2018-12-17T23:11:32.567823754Z	76	PC: 12ff8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17218,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:16.295292007Z	42	PC: 13038 \| Get date 0x13038: cmp dl, 1 0x1303b: jne 0x13060 0x1303d: mov ax, 0x4301 0x13040: xor cx, cx 0x13042: lea dx, word ptr [bp + 0x20b] 0x13046: int 0x21 0x13048: mov ah, 0x3c 0x1304a: int 0x21 0x1304c: xchg ax, bx 0x1304d: mov ah, 0x40 0x1304f: mov cx, 0x7a 0x13052: lea dx, word ptr [bp + 0x21b] 0x13056: int 0x21 0x13058: mov ah, 0x3e 0x1305a: lea dx, word ptr [bp + 0x20b] 0x1305e: int 0x21 0x13060: lea si, word ptr [bp + 0x207] 0x13064: mov di, 0x100 0x13067: push di 0x13068: movsw word ptr es:[di], word ptr [si]
2018-12-25T12:55:16.297912382Z	67	PC: 13048 \| Get or set file attributes
2018-12-25T12:55:16.304273077Z	60	PC: 1304c \| Create or truncate file
2018-12-25T12:55:16.666437485Z	64	PC: 13058 \| Write file or device (Write 122 bytes on handle 5)
2018-12-25T12:55:16.681360359Z	62	PC: 13060 \| Close file
2018-12-25T12:55:16.68956796Z	26	PC: 13072 \| Set disk transfer address
2018-12-25T12:55:16.690668715Z	78	PC: 1307a \| Find first file
2018-12-25T12:55:16.697246954Z	61	PC: 1308d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:16.705037445Z	87	PC: 13093 \| Get or set file date and time
2018-12-25T12:55:16.706696904Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:16.714201896Z	66	PC: 130b0 \| Move file pointer
2018-12-25T12:55:16.716284379Z	87	PC: 130e9 \| Get or set file date and time
2018-12-25T12:55:16.717995314Z	62	PC: 130ed \| Close file
2018-12-25T12:55:16.732038125Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.73562413Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.74324602Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.744790064Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.752448544Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.75387587Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.755387199Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.763664835Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.766668782Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.774239643Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.776422357Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.783909439Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.785453483Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.787668364Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.795908039Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.798719181Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.806102601Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.807881049Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.814952625Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.816471932Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.818139286Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.82599508Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.828664694Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.836136311Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.83742435Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.845098316Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.846642716Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.848822122Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.854471574Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.857676959Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.864817009Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.866035454Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.873581109Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.875187896Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.87688754Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.889558845Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.892591596Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.89995237Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.90216628Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.909750782Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.911169911Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.913248548Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.921769413Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.92489589Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.932279318Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.934098684Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.937097229Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.939216872Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.947429703Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.949946074Z	26	PC: 13083 \| Set disk transfer address
2018-12-25T12:55:16.951056346Z	9	PC: 12a4b \| Display string (String= 'This program is VIRUS infected! ')
2018-12-25T12:55:16.957996278Z	76	PC: 12ff8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17218,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:55:16.336416784Z	42	PC: 13038 \| Get date 0x13038: cmp dl, 1 0x1303b: jne 0x13060 0x1303d: mov ax, 0x4301 0x13040: xor cx, cx 0x13042: lea dx, word ptr [bp + 0x20b] 0x13046: int 0x21 0x13048: mov ah, 0x3c 0x1304a: int 0x21 0x1304c: xchg ax, bx 0x1304d: mov ah, 0x40 0x1304f: mov cx, 0x7a 0x13052: lea dx, word ptr [bp + 0x21b] 0x13056: int 0x21 0x13058: mov ah, 0x3e 0x1305a: lea dx, word ptr [bp + 0x20b] 0x1305e: int 0x21 0x13060: lea si, word ptr [bp + 0x207] 0x13064: mov di, 0x100 0x13067: push di 0x13068: movsw word ptr es:[di], word ptr [si]
2018-12-25T12:55:16.338978793Z	26	PC: 13072 \| Set disk transfer address
2018-12-25T12:55:16.340042986Z	78	PC: 1307a \| Find first file
2018-12-25T12:55:16.343823117Z	61	PC: 1308d \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:55:16.348323677Z	87	PC: 13093 \| Get or set file date and time
2018-12-25T12:55:16.349986045Z	63	PC: 130a0 \| Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:55:16.356861314Z	66	PC: 130b0 \| Move file pointer
2018-12-25T12:55:16.359043048Z	87	PC: 130e9 \| Get or set file date and time
2018-12-25T12:55:16.3607818Z	62	PC: 130ed \| Close file
2018-12-25T12:55:16.666845007Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.669563809Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.677434542Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.678799887Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.690931554Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.695637632Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.698345755Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.708067771Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.71132906Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.719621735Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.720912261Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.728310116Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.730907603Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.732327502Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.739676273Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.742971258Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.750281257Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.751768774Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.75887291Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.760720732Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.762102843Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.770330546Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.773370684Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.780967879Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.783098575Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.790478456Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.791761983Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.793412046Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.801193667Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.804158603Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.81140098Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.812988983Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.820603143Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.822175459Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.824760308Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.832156964Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.83496003Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.8433Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.844827745Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.851535601Z	66	PC: 130b0 \| Move file pointer (See above)
2018-12-25T12:55:16.853532496Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.856413774Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.864385895Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.867922185Z	61	PC: 1308d \| Open file (See above)
2018-12-25T12:55:16.875241613Z	87	PC: 13093 \| Get or set file date and time (See above)
2018-12-25T12:55:16.876707454Z	63	PC: 130a0 \| Read file or device (See above)
2018-12-25T12:55:16.879776121Z	87	PC: 130e9 \| Get or set file date and time (See above)
2018-12-25T12:55:16.881757996Z	62	PC: 130ed \| Close file (See above)
2018-12-25T12:55:16.889630435Z	79	PC: 1307a \| Find next file (See above)
2018-12-25T12:55:16.89225544Z	26	PC: 13083 \| Set disk transfer address
2018-12-25T12:55:16.893875378Z	9	PC: 12a4b \| Display string (String= 'This program is VIRUS infected! ')
2018-12-25T12:55:16.900110719Z	76	PC: 12ff8 \| Terminate with return code (Return code = '0')