Sample viewer

vx.netlux.org/Virus.DOS.Kerstin.923.a

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:08:29.48283868Z	74	PC: 14aca \| Reallocate memory
2018-12-17T22:08:29.484553365Z	250	PC: 14ad4 \| UNKNOWN!
2018-12-17T22:08:29.485345918Z	72	PC: 14af7 \| Allocate memory
2018-12-17T22:08:29.487222614Z	47	PC: 14b39 \| Get disk transfer address
2018-12-17T22:08:29.489171133Z	72	PC: 14b44 \| Allocate memory
2018-12-17T22:08:29.490608645Z	26	PC: 14b4c \| Set disk transfer address
2018-12-17T22:08:29.491657561Z	78	PC: 14b6b \| Find first file
2018-12-17T22:08:29.498152875Z	67	PC: 14c15 \| Get or set file attributes
2018-12-17T22:08:29.514907657Z	61	PC: 14c1e \| Open file (Filename = '\TEST.EXE')
2018-12-17T22:08:29.522891712Z	63	PC: 14c2e \| Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:08:29.526443474Z	66	PC: 14cd7 \| Move file pointer
2018-12-17T22:08:29.528065055Z	64	PC: 14ce3 \| Write file or device (Write 26 bytes on handle 5)
2018-12-17T22:08:29.531227309Z	66	PC: 14cec \| Move file pointer
2018-12-17T22:08:29.532739125Z	64	PC: 14cfa \| Write file or device (Write 923 bytes on handle 5)
2018-12-17T22:08:29.542455479Z	87	PC: 14d10 \| Get or set file date and time
2018-12-17T22:08:29.54461059Z	62	PC: 14d14 \| Close file
2018-12-17T22:08:29.553078595Z	67	PC: 14d28 \| Get or set file attributes
2018-12-17T22:08:29.564372005Z	79	PC: 14b73 \| Find next file
2018-12-17T22:08:29.567094457Z	78	PC: 14bbb \| Find first file
2018-12-17T22:08:29.573347811Z	47	PC: 14beb \| Get disk transfer address
2018-12-17T22:08:29.575352159Z	73	PC: 14bef \| Release memory
2018-12-17T22:08:29.576883487Z	26	PC: 14bf7 \| Set disk transfer address
2018-12-17T22:08:29.578179954Z	42	PC: 14b0f \| Get date 0x14b0f: cmp dx, 0x910 0x14b13: jne 0x14b18 0x14b15: call 0x14d2b 0x14b18: mov ah, 0x49 0x14b1a: int 0x21 0x14b1c: popaw 0x14b1d: pop es 0x14b1e: pop ds 0x14b1f: mov ah, 0x4a 0x14b21: pop bx 0x14b22: int 0x21 0x14b24: jae 0x14b2a 0x14b26: mov ah, 0x4a 0x14b28: int 0x21 0x14b2a: retf 0x14b2b: mov ah, 0x4c 0x14b2d: int 0x21 0x14b2f: cld 0x14b30: mov al, 0x5c 0x14b32: stosb byte ptr es:[di], al
2018-12-17T22:08:29.581428003Z	73	PC: 14b1c \| Release memory
2018-12-17T22:08:29.58289828Z	74	PC: 14b24 \| Reallocate memory
2018-12-17T22:08:29.584984607Z	74	PC: 14b2a \| Reallocate memory
2018-12-17T22:08:29.587455702Z	53	PC: 14920 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:08:29.588971653Z	37	PC: 14936 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:08:29.590437947Z	37	PC: 1493b \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:08:29.593078625Z	26	PC: 1405d \| Set disk transfer address
2018-12-17T22:08:29.594114871Z	98	PC: 1464d \| Get current PSP
2018-12-17T22:08:29.594892742Z	74	PC: 14657 \| Reallocate memory
2018-12-17T22:08:29.597406613Z	88	PC: 1465c \| case 0xGet or set allocation strateg:
2018-12-17T22:08:29.598621916Z	72	PC: 14673 \| Allocate memory
2018-12-17T22:08:29.601526622Z	9	PC: 13d6c \| Display string (Could not find end pointer)
2018-12-17T22:08:29.606462336Z	2	PC: 13d72 \| Character output (Char = '24')
2018-12-17T22:08:29.609127308Z	9	PC: 149cc \| Display string (String= '39. ')
2018-12-17T22:08:29.611621759Z	9	PC: 13fcd \| Display string (String= ' AVITXT Add Text Comments to AVI Version 1.1 Copyright (c) 1994. All rights reserved. Bob Williamson, CIS 76570,2752. Shareware registration (800) 242-4775 or (713) 524-6394. AMEX, VISA, or M/C ')
2018-12-17T22:08:29.61915384Z	37	PC: 14960 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:08:29.620687104Z	76	PC: 13dc9 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2067,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:51.439757426Z	74	PC: 14aca \| Reallocate memory
2018-12-25T11:44:51.441749772Z	250	PC: 14ad4 \| UNKNOWN!
2018-12-25T11:44:51.443307405Z	72	PC: 14af7 \| Allocate memory
2018-12-25T11:44:51.445290187Z	47	PC: 14b39 \| Get disk transfer address
2018-12-25T11:44:51.44682308Z	72	PC: 14b44 \| Allocate memory
2018-12-25T11:44:51.449752163Z	26	PC: 14b4c \| Set disk transfer address
2018-12-25T11:44:51.451166441Z	78	PC: 14b6b \| Find first file
2018-12-25T11:44:51.45774799Z	67	PC: 14c15 \| Get or set file attributes
2018-12-25T11:44:51.477189775Z	61	PC: 14c1e \| Open file (Filename = '\TEST.EXE')
2018-12-25T11:44:51.485113073Z	63	PC: 14c2e \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:44:51.488601243Z	66	PC: 14cd7 \| Move file pointer
2018-12-25T11:44:51.491764866Z	64	PC: 14ce3 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:44:51.495070538Z	66	PC: 14cec \| Move file pointer
2018-12-25T11:44:51.497020866Z	64	PC: 14cfa \| Write file or device (Write 923 bytes on handle 5)
2018-12-25T11:44:51.507000582Z	87	PC: 14d10 \| Get or set file date and time
2018-12-25T11:44:51.512089117Z	62	PC: 14d14 \| Close file
2018-12-25T11:44:51.521100843Z	67	PC: 14d28 \| Get or set file attributes
2018-12-25T11:44:51.532778228Z	79	PC: 14b73 \| Find next file
2018-12-25T11:44:51.535679063Z	78	PC: 14bbb \| Find first file
2018-12-25T11:44:51.542850163Z	47	PC: 14beb \| Get disk transfer address
2018-12-25T11:44:51.54458623Z	73	PC: 14bef \| Release memory
2018-12-25T11:44:51.546620375Z	26	PC: 14bf7 \| Set disk transfer address
2018-12-25T11:44:51.548389289Z	42	PC: 14b0f \| Get date 0x14b0f: cmp dx, 0x910 0x14b13: jne 0x14b18 0x14b15: call 0x14d2b 0x14b18: mov ah, 0x49 0x14b1a: int 0x21 0x14b1c: popaw 0x14b1d: pop es 0x14b1e: pop ds 0x14b1f: mov ah, 0x4a 0x14b21: pop bx 0x14b22: int 0x21 0x14b24: jae 0x14b2a 0x14b26: mov ah, 0x4a 0x14b28: int 0x21 0x14b2a: retf 0x14b2b: mov ah, 0x4c 0x14b2d: int 0x21 0x14b2f: cld 0x14b30: mov al, 0x5c 0x14b32: stosb byte ptr es:[di], al
2018-12-25T11:44:51.551458204Z	73	PC: 14b1c \| Release memory
2018-12-25T11:44:51.553753873Z	74	PC: 14b24 \| Reallocate memory
2018-12-25T11:44:51.555705182Z	74	PC: 14b2a \| Reallocate memory
2018-12-25T11:44:51.557346266Z	53	PC: 14920 \| Get interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:44:51.560334796Z	37	PC: 14936 \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:44:51.56240202Z	37	PC: 1493b \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:44:51.563767837Z	26	PC: 1405d \| Set disk transfer address
2018-12-25T11:44:51.566271254Z	98	PC: 1464d \| Get current PSP
2018-12-25T11:44:51.567623044Z	74	PC: 14657 \| Reallocate memory
2018-12-25T11:44:51.569584576Z	88	PC: 1465c \| case 0xGet or set allocation strateg:
2018-12-25T11:44:51.571956884Z	72	PC: 14673 \| Allocate memory
2018-12-25T11:44:51.576385972Z	9	PC: 13d6c \| Display string (Could not find end pointer)
2018-12-25T11:44:51.582014921Z	2	PC: 13d72 \| Character output (Char = '24')
2018-12-25T11:44:51.58560675Z	9	PC: 149cc \| Display string (String= '39. ')
2018-12-25T11:44:51.588807308Z	9	PC: 13fcd \| Display string (String= ' AVITXT Add Text Comments to AVI Version 1.1 Copyright (c) 1994. All rights reserved. Bob Williamson, CIS 76570,2752. Shareware registration (800) 242-4775 or (713) 524-6394. AMEX, VISA, or M/C ')
2018-12-25T11:44:51.595332162Z	37	PC: 14960 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:44:51.597280061Z	76	PC: 13dc9 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":16,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2067,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:51.768092709Z	74	PC: 14aca \| Reallocate memory
2018-12-25T11:44:51.770401575Z	250	PC: 14ad4 \| UNKNOWN!
2018-12-25T11:44:51.77118448Z	72	PC: 14af7 \| Allocate memory
2018-12-25T11:44:51.772584709Z	47	PC: 14b39 \| Get disk transfer address
2018-12-25T11:44:51.773995027Z	72	PC: 14b44 \| Allocate memory
2018-12-25T11:44:51.776258621Z	26	PC: 14b4c \| Set disk transfer address
2018-12-25T11:44:51.777580075Z	78	PC: 14b6b \| Find first file
2018-12-25T11:44:51.783914886Z	67	PC: 14c15 \| Get or set file attributes
2018-12-25T11:44:51.800634955Z	61	PC: 14c1e \| Open file (Filename = '\TEST.EXE')
2018-12-25T11:44:51.806975771Z	63	PC: 14c2e \| Read file or device (Read 26 bytes on handle 5)
2018-12-25T11:44:51.809638955Z	66	PC: 14cd7 \| Move file pointer
2018-12-25T11:44:51.811566759Z	64	PC: 14ce3 \| Write file or device (Write 26 bytes on handle 5)
2018-12-25T11:44:51.814407199Z	66	PC: 14cec \| Move file pointer
2018-12-25T11:44:51.816004818Z	64	PC: 14cfa \| Write file or device (Write 923 bytes on handle 5)
2018-12-25T11:44:51.824263126Z	87	PC: 14d10 \| Get or set file date and time
2018-12-25T11:44:51.825625736Z	62	PC: 14d14 \| Close file
2018-12-25T11:44:51.833364129Z	67	PC: 14d28 \| Get or set file attributes
2018-12-25T11:44:51.843786052Z	79	PC: 14b73 \| Find next file
2018-12-25T11:44:51.846197098Z	78	PC: 14bbb \| Find first file
2018-12-25T11:44:51.851633798Z	47	PC: 14beb \| Get disk transfer address
2018-12-25T11:44:51.857100963Z	73	PC: 14bef \| Release memory
2018-12-25T11:44:51.858354278Z	26	PC: 14bf7 \| Set disk transfer address
2018-12-25T11:44:51.859268741Z	42	PC: 14b0f \| Get date 0x14b0f: cmp dx, 0x910 0x14b13: jne 0x14b18 0x14b15: call 0x14d2b 0x14b18: mov ah, 0x49 0x14b1a: int 0x21 0x14b1c: popaw 0x14b1d: pop es 0x14b1e: pop ds 0x14b1f: mov ah, 0x4a 0x14b21: pop bx 0x14b22: int 0x21 0x14b24: jae 0x14b2a 0x14b26: mov ah, 0x4a 0x14b28: int 0x21 0x14b2a: retf 0x14b2b: mov ah, 0x4c 0x14b2d: int 0x21 0x14b2f: cld 0x14b30: mov al, 0x5c 0x14b32: stosb byte ptr es:[di], al
2018-12-25T11:44:51.861959967Z	9	PC: 14d48 \| Display string (Could not find end pointer)