Sample viewer

vx.netlux.org/Virus.DOS.Exterminator.429.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:07:31.938092899Z 78 PC: 12a4a | Find first file
2018-12-17T22:07:31.943636083Z 61 PC: 12a56 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:07:31.96153208Z 64 PC: 12aba | Write file or device (Write 429 bytes on handle 5)
2018-12-17T22:07:31.967261084Z 62 PC: 12abe | Close file
2018-12-17T22:07:31.978410059Z 62 PC: 12a66 | Close file
2018-12-17T22:07:31.981195902Z 42 PC: 12a70 | Get date 0x12a70: cmp al, 1
0x12a72: je 0x12a77
0x12a74: jmp 0x12aac
0x12a76: nop
0x12a77: mov byte ptr [0x187], 1
0x12a7c: nop
0x12a7d: mov al, 2
0x12a7f: mov cx, 0xa0
0x12a82: mov dx, 0
0x12a85: mov bx, 0
0x12a88: int 0x26
0x12a8a: popf
0x12a8b: mov byte ptr [0x185], 2
0x12a90: nop
0x12a91: mov al, 3
0x12a93: mov cx, 0xa0
0x12a96: mov dx, 0
0x12a99: mov bx, 0
0x12a9c: int 0x26
0x12a9e: popf
2018-12-17T22:07:31.984445459Z 9 PC: 12aa9 | Display string (String= ' Virix-Researchers Exterminator 2.0 (c) by Cracker Jack 1991 (IVRL) ')
2018-12-17T22:07:31.999076634Z 76 PC: 12ab0 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1965,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:37.468228925Z 78 PC: 12a4a | Find first file
2018-12-25T11:44:37.475490174Z 61 PC: 12a56 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:37.482037521Z 64 PC: 12aba | Write file or device (Write 429 bytes on handle 5)
2018-12-25T11:44:37.488734016Z 62 PC: 12abe | Close file
2018-12-25T11:44:37.502720469Z 62 PC: 12a66 | Close file
2018-12-25T11:44:37.504825018Z 42 PC: 12a70 | Get date 0x12a70: cmp al, 1
0x12a72: je 0x12a77
0x12a74: jmp 0x12aac
0x12a76: nop
0x12a77: mov byte ptr [0x187], 1
0x12a7c: nop
0x12a7d: mov al, 2
0x12a7f: mov cx, 0xa0
0x12a82: mov dx, 0
0x12a85: mov bx, 0
0x12a88: int 0x26
0x12a8a: popf
0x12a8b: mov byte ptr [0x185], 2
0x12a90: nop
0x12a91: mov al, 3
0x12a93: mov cx, 0xa0
0x12a96: mov dx, 0
0x12a99: mov bx, 0
0x12a9c: int 0x26
0x12a9e: popf
2018-12-25T11:44:37.507143094Z 76 PC: 12ab0 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1965,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:37.974513762Z 78 PC: 12a4a | Find first file
2018-12-25T11:44:37.982349363Z 61 PC: 12a56 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:37.990072536Z 64 PC: 12aba | Write file or device (Write 429 bytes on handle 5)
2018-12-25T11:44:37.997838972Z 62 PC: 12abe | Close file
2018-12-25T11:44:38.014787043Z 62 PC: 12a66 | Close file
2018-12-25T11:44:38.016739295Z 42 PC: 12a70 | Get date 0x12a70: cmp al, 1
0x12a72: je 0x12a77
0x12a74: jmp 0x12aac
0x12a76: nop
0x12a77: mov byte ptr [0x187], 1
0x12a7c: nop
0x12a7d: mov al, 2
0x12a7f: mov cx, 0xa0
0x12a82: mov dx, 0
0x12a85: mov bx, 0
0x12a88: int 0x26
0x12a8a: popf
0x12a8b: mov byte ptr [0x185], 2
0x12a90: nop
0x12a91: mov al, 3
0x12a93: mov cx, 0xa0
0x12a96: mov dx, 0
0x12a99: mov bx, 0
0x12a9c: int 0x26
0x12a9e: popf
2018-12-25T11:44:38.019969335Z 9 PC: 12aa9 | Display string (String= ' Virix-Researchers Exterminator 2.0 (c) by Cracker Jack 1991 (IVRL) ')
2018-12-25T11:44:38.028147411Z 76 PC: 12ab0 | Terminate with return code (Return code = '36')