Sample viewer

vx.netlux.org/Virus.DOS.BrPI.Kobrin.491

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:08:49.809814056Z	26	PC: 12a4d \| Set disk transfer address
2018-12-17T22:08:49.814594171Z	53	PC: 12a54 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:08:49.816071144Z	37	PC: 12a67 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:08:49.817512209Z	42	PC: 12a6b \| Get date 0x12a6b: cmp dl, 0xb 0x12a6e: je 0x12a77 0x12a70: cmp dl, 0x17 0x12a73: je 0x12a77 0x12a75: jmp 0x12a88 0x12a77: jmp 0x12b61 0x12a7a: sub ch, byte ptr [0x4f43] 0x12a7e: dec bp 0x12a7f: add byte ptr [bx + si - 0x4ffe], dh 0x12a83: add dl, byte ptr [bx + 0x11] 0x12a86: push bp 0x12a87: add word ptr [bp + si + 0x13a], di 0x12a8b: mov cx, 0x23 0x12a8e: mov ah, 0x4e 0x12a90: int 0x21 0x12a92: jae 0x12a96 0x12a94: jmp 0x12ac1 0x12a96: mov cx, 0x20 0x12a99: mov al, 1 0x12a9b: mov ah, 0x43
2018-12-17T22:08:49.820619488Z	78	PC: 12a92 \| Find first file
2018-12-17T22:08:49.827562003Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-17T22:08:49.84406849Z	61	PC: 12aad \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:08:49.850705105Z	87	PC: 12acd \| Get or set file date and time
2018-12-17T22:08:49.852821967Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-17T22:08:49.859093429Z	66	PC: 12af1 \| Move file pointer
2018-12-17T22:08:49.860243761Z	62	PC: 12b3b \| Close file
2018-12-17T22:08:49.86270166Z	67	PC: 12b4d \| Get or set file attributes
2018-12-17T22:08:49.87275666Z	79	PC: 12b56 \| Find next file
2018-12-17T22:08:49.87560216Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-17T22:08:49.887189181Z	61	PC: 12aad \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:08:49.89426567Z	87	PC: 12acd \| Get or set file date and time
2018-12-17T22:08:49.895399876Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-17T22:08:49.902025507Z	66	PC: 12af1 \| Move file pointer
2018-12-17T22:08:49.903572132Z	62	PC: 12b3b \| Close file
2018-12-17T22:08:49.905379993Z	67	PC: 12b4d \| Get or set file attributes
2018-12-17T22:08:49.916273138Z	79	PC: 12b56 \| Find next file
2018-12-17T22:08:49.919031696Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-17T22:08:49.928781748Z	61	PC: 12aad \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:08:49.937218248Z	87	PC: 12acd \| Get or set file date and time
2018-12-17T22:08:49.941983529Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-17T22:08:49.94845955Z	66	PC: 12af1 \| Move file pointer
2018-12-17T22:08:49.950888266Z	62	PC: 12b3b \| Close file
2018-12-17T22:08:49.960069298Z	67	PC: 12b4d \| Get or set file attributes
2018-12-17T22:08:49.971119074Z	79	PC: 12b56 \| Find next file
2018-12-17T22:08:49.9742062Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-17T22:08:49.984657869Z	61	PC: 12aad \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:08:49.98937235Z	87	PC: 12acd \| Get or set file date and time
2018-12-17T22:08:49.990932702Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-17T22:08:49.995933082Z	66	PC: 12af1 \| Move file pointer
2018-12-17T22:08:49.996962414Z	62	PC: 12b3b \| Close file
2018-12-17T22:08:49.998191286Z	67	PC: 12b4d \| Get or set file attributes
2018-12-17T22:08:50.005034622Z	79	PC: 12b56 \| Find next file
2018-12-17T22:08:50.006975961Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-17T22:08:50.013135422Z	61	PC: 12aad \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:08:50.021473098Z	87	PC: 12acd \| Get or set file date and time
2018-12-17T22:08:50.02261768Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-17T22:08:50.026560642Z	66	PC: 12af1 \| Move file pointer
2018-12-17T22:08:50.028185892Z	62	PC: 12b3b \| Close file
2018-12-17T22:08:50.029749756Z	67	PC: 12b4d \| Get or set file attributes
2018-12-17T22:08:50.037678505Z	79	PC: 12b56 \| Find next file
2018-12-17T22:08:50.040912845Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-17T22:08:50.050670322Z	61	PC: 12aad \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:08:50.057179012Z	87	PC: 12acd \| Get or set file date and time
2018-12-17T22:08:50.059375699Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-17T22:08:50.065524257Z	66	PC: 12af1 \| Move file pointer
2018-12-17T22:08:50.066959583Z	62	PC: 12b3b \| Close file
2018-12-17T22:08:50.069841466Z	67	PC: 12b4d \| Get or set file attributes
2018-12-17T22:08:50.079775746Z	79	PC: 12b56 \| Find next file
2018-12-17T22:08:50.082489609Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-17T22:08:50.092360878Z	61	PC: 12aad \| Open file (Filename = 'PAH.COM')
2018-12-17T22:08:50.099376149Z	87	PC: 12acd \| Get or set file date and time
2018-12-17T22:08:50.100671693Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-17T22:08:50.107396401Z	66	PC: 12af1 \| Move file pointer
2018-12-17T22:08:50.109116137Z	62	PC: 12b3b \| Close file
2018-12-17T22:08:50.110812031Z	67	PC: 12b4d \| Get or set file attributes
2018-12-17T22:08:50.120659784Z	79	PC: 12b56 \| Find next file
2018-12-17T22:08:50.123325443Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2104,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:57.109255068Z	26	PC: 12a4d \| Set disk transfer address
2018-12-25T11:44:57.111256087Z	53	PC: 12a54 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.112525211Z	37	PC: 12a67 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.113618245Z	42	PC: 12a6b \| Get date 0x12a6b: cmp dl, 0xb 0x12a6e: je 0x12a77 0x12a70: cmp dl, 0x17 0x12a73: je 0x12a77 0x12a75: jmp 0x12a88 0x12a77: jmp 0x12b61 0x12a7a: sub ch, byte ptr [0x4f43] 0x12a7e: dec bp 0x12a7f: add byte ptr [bx + si - 0x4ffe], dh 0x12a83: add dl, byte ptr [bx + 0x11] 0x12a86: push bp 0x12a87: add word ptr [bp + si + 0x13a], di 0x12a8b: mov cx, 0x23 0x12a8e: mov ah, 0x4e 0x12a90: int 0x21 0x12a92: jae 0x12a96 0x12a94: jmp 0x12ac1 0x12a96: mov cx, 0x20 0x12a99: mov al, 1 0x12a9b: mov ah, 0x43
2018-12-25T11:44:57.116282563Z	78	PC: 12a92 \| Find first file
2018-12-25T11:44:57.122762359Z	67	PC: 12aa2 \| Get or set file attributes
2018-12-25T11:44:57.143296892Z	61	PC: 12aad \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:44:57.154796918Z	87	PC: 12acd \| Get or set file date and time
2018-12-25T11:44:57.155910769Z	63	PC: 12ae3 \| Read file or device (Read 491 bytes on handle 5)
2018-12-25T11:44:57.160198154Z	66	PC: 12af1 \| Move file pointer
2018-12-25T11:44:57.161638994Z	62	PC: 12b3b \| Close file
2018-12-25T11:44:57.163079927Z	67	PC: 12b4d \| Get or set file attributes
2018-12-25T11:44:57.169471345Z	79	PC: 12b56 \| Find next file
2018-12-25T11:44:57.171528463Z	67	PC: 12aa2 \| Get or set file attributes (See above)
2018-12-25T11:44:57.18102809Z	61	PC: 12aad \| Open file (See above)
2018-12-25T11:44:57.187505582Z	87	PC: 12acd \| Get or set file date and time (See above)
2018-12-25T11:44:57.189723612Z	63	PC: 12ae3 \| Read file or device (See above)
2018-12-25T11:44:57.196637021Z	66	PC: 12af1 \| Move file pointer (See above)
2018-12-25T11:44:57.198053891Z	62	PC: 12b3b \| Close file (See above)
2018-12-25T11:44:57.199966021Z	67	PC: 12b4d \| Get or set file attributes (See above)
2018-12-25T11:44:57.210751265Z	79	PC: 12b56 \| Find next file (See above)
2018-12-25T11:44:57.213524674Z	67	PC: 12aa2 \| Get or set file attributes (See above)
2018-12-25T11:44:57.226173521Z	61	PC: 12aad \| Open file (See above)
2018-12-25T11:44:57.230944299Z	87	PC: 12acd \| Get or set file date and time (See above)
2018-12-25T11:44:57.231994137Z	63	PC: 12ae3 \| Read file or device (See above)
2018-12-25T11:44:57.235907223Z	66	PC: 12af1 \| Move file pointer (See above)
2018-12-25T11:44:57.237427965Z	62	PC: 12b3b \| Close file (See above)
2018-12-25T11:44:57.238853932Z	67	PC: 12b4d \| Get or set file attributes (See above)
2018-12-25T11:44:57.245095354Z	79	PC: 12b56 \| Find next file (See above)
2018-12-25T11:44:57.248727163Z	67	PC: 12aa2 \| Get or set file attributes (See above)
2018-12-25T11:44:57.259287772Z	61	PC: 12aad \| Open file (See above)
2018-12-25T11:44:57.265877967Z	87	PC: 12acd \| Get or set file date and time (See above)
2018-12-25T11:44:57.267773741Z	63	PC: 12ae3 \| Read file or device (See above)
2018-12-25T11:44:57.284370108Z	66	PC: 12af1 \| Move file pointer (See above)
2018-12-25T11:44:57.285562546Z	62	PC: 12b3b \| Close file (See above)
2018-12-25T11:44:57.286965478Z	67	PC: 12b4d \| Get or set file attributes (See above)
2018-12-25T11:44:57.293979963Z	79	PC: 12b56 \| Find next file (See above)
2018-12-25T11:44:57.296062775Z	67	PC: 12aa2 \| Get or set file attributes (See above)
2018-12-25T11:44:57.302164566Z	61	PC: 12aad \| Open file (See above)
2018-12-25T11:44:57.308040056Z	87	PC: 12acd \| Get or set file date and time (See above)
2018-12-25T11:44:57.309148974Z	63	PC: 12ae3 \| Read file or device (See above)
2018-12-25T11:44:57.313153991Z	66	PC: 12af1 \| Move file pointer (See above)
2018-12-25T11:44:57.318747228Z	62	PC: 12b3b \| Close file (See above)
2018-12-25T11:44:57.320672127Z	67	PC: 12b4d \| Get or set file attributes (See above)
2018-12-25T11:44:57.328169843Z	79	PC: 12b56 \| Find next file (See above)
2018-12-25T11:44:57.330765154Z	67	PC: 12aa2 \| Get or set file attributes (See above)
2018-12-25T11:44:57.339389941Z	61	PC: 12aad \| Open file (See above)
2018-12-25T11:44:57.350966873Z	87	PC: 12acd \| Get or set file date and time (See above)
2018-12-25T11:44:57.354061971Z	63	PC: 12ae3 \| Read file or device (See above)
2018-12-25T11:44:57.361204117Z	66	PC: 12af1 \| Move file pointer (See above)
2018-12-25T11:44:57.362880148Z	62	PC: 12b3b \| Close file (See above)
2018-12-25T11:44:57.365668935Z	67	PC: 12b4d \| Get or set file attributes (See above)
2018-12-25T11:44:57.372136848Z	79	PC: 12b56 \| Find next file (See above)
2018-12-25T11:44:57.374074639Z	67	PC: 12aa2 \| Get or set file attributes (See above)
2018-12-25T11:44:57.38122032Z	61	PC: 12aad \| Open file (See above)
2018-12-25T11:44:57.386316074Z	87	PC: 12acd \| Get or set file date and time (See above)
2018-12-25T11:44:57.388611427Z	63	PC: 12ae3 \| Read file or device (See above)
2018-12-25T11:44:57.397539211Z	66	PC: 12af1 \| Move file pointer (See above)
2018-12-25T11:44:57.4008856Z	62	PC: 12b3b \| Close file (See above)
2018-12-25T11:44:57.402190734Z	67	PC: 12b4d \| Get or set file attributes (See above)
2018-12-25T11:44:57.409206232Z	79	PC: 12b56 \| Find next file (See above)
2018-12-25T11:44:57.412989619Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":11,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2104,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:57.111385916Z	26	PC: 12a4d \| Set disk transfer address
2018-12-25T11:44:57.113511215Z	53	PC: 12a54 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.11490699Z	37	PC: 12a67 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.116235949Z	42	PC: 12a6b \| Get date 0x12a6b: cmp dl, 0xb 0x12a6e: je 0x12a77 0x12a70: cmp dl, 0x17 0x12a73: je 0x12a77 0x12a75: jmp 0x12a88 0x12a77: jmp 0x12b61 0x12a7a: sub ch, byte ptr [0x4f43] 0x12a7e: dec bp 0x12a7f: add byte ptr [bx + si - 0x4ffe], dh 0x12a83: add dl, byte ptr [bx + 0x11] 0x12a86: push bp 0x12a87: add word ptr [bp + si + 0x13a], di 0x12a8b: mov cx, 0x23 0x12a8e: mov ah, 0x4e 0x12a90: int 0x21 0x12a92: jae 0x12a96 0x12a94: jmp 0x12ac1 0x12a96: mov cx, 0x20 0x12a99: mov al, 1 0x12a9b: mov ah, 0x43
2018-12-25T11:44:57.119066361Z	37	PC: 12b6a \| Set interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-25T11:44:57.472079184Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.473894777Z	77	PC: 12b9b \| Get program return code
2018-12-25T11:44:57.475700828Z	49	PC: 12ba2 \| Terminate and stay resident (Return code = '0' \| Memory size = '150')

{"DateBased":true,"Day":23,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2104,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:57.446433589Z	26	PC: 12a4d \| Set disk transfer address
2018-12-25T11:44:57.448459243Z	53	PC: 12a54 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.449550181Z	37	PC: 12a67 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.450565323Z	42	PC: 12a6b \| Get date 0x12a6b: cmp dl, 0xb 0x12a6e: je 0x12a77 0x12a70: cmp dl, 0x17 0x12a73: je 0x12a77 0x12a75: jmp 0x12a88 0x12a77: jmp 0x12b61 0x12a7a: sub ch, byte ptr [0x4f43] 0x12a7e: dec bp 0x12a7f: add byte ptr [bx + si - 0x4ffe], dh 0x12a83: add dl, byte ptr [bx + 0x11] 0x12a86: push bp 0x12a87: add word ptr [bp + si + 0x13a], di 0x12a8b: mov cx, 0x23 0x12a8e: mov ah, 0x4e 0x12a90: int 0x21 0x12a92: jae 0x12a96 0x12a94: jmp 0x12ac1 0x12a96: mov cx, 0x20 0x12a99: mov al, 1 0x12a9b: mov ah, 0x43
2018-12-25T11:44:57.453505433Z	37	PC: 12b6a \| Set interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-25T11:44:57.809423721Z	37	PC: 12c15 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:44:57.811284327Z	77	PC: 12b9b \| Get program return code
2018-12-25T11:44:57.813226161Z	49	PC: 12ba2 \| Terminate and stay resident (Return code = '0' \| Memory size = '150')