Sample viewer

vx.netlux.org/Virus.DOS.Fichv.903

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:24.040732138Z 53 PC: 12a5a | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:09:24.042105789Z 53 PC: 12a67 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:09:24.043452626Z 37 PC: 12a79 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:09:24.044840823Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:09:24.047102478Z 37 PC: 12af8 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:09:24.049090344Z 37 PC: 12b09 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:09:24.050994276Z 53 PC: 12b10 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:24.053393701Z 74 PC: 12d29 | Reallocate memory
2018-12-17T22:09:24.05472697Z 37 PC: 12d33 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:24.055709671Z 75 PC: 12d59 | Execute program
2018-12-17T22:09:24.069888934Z 53 PC: 12efa | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:09:24.07122927Z 53 PC: 12f07 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:09:24.072246807Z 37 PC: 12f19 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:09:24.073209295Z 37 PC: 12f21 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:09:24.074902078Z 37 PC: 12f98 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:09:24.075902481Z 37 PC: 12fa9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:09:24.076856983Z 53 PC: 12fb0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:24.07858357Z 54 PC: 12fd5 | Get free disk space
2018-12-17T22:09:24.087062Z 78 PC: 12fe8 | Find first file
2018-12-17T22:09:24.092709089Z 79 PC: 12ffc | Find next file
2018-12-17T22:09:24.09549102Z 79 PC: 12ffc | Find next file
2018-12-17T22:09:24.097150233Z 79 PC: 12ffc | Find next file
2018-12-17T22:09:24.098923238Z 79 PC: 12ffc | Find next file
2018-12-17T22:09:24.100906033Z 79 PC: 12ffc | Find next file
2018-12-17T22:09:24.102592958Z 79 PC: 12ffc | Find next file
2018-12-17T22:09:24.104968543Z 79 PC: 12ffc | Find next file
2018-12-17T22:09:24.108276854Z 37 PC: 1301b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:24.109302261Z 61 PC: 13026 | Open file (Filename = 'TEST.COM')
2018-12-17T22:09:24.115543111Z 87 PC: 1303d | Get or set file date and time
2018-12-17T22:09:24.117134986Z 63 PC: 13056 | Read file or device (Read 903 bytes on handle 5)
2018-12-17T22:09:24.123492025Z 66 PC: 13061 | Move file pointer
2018-12-17T22:09:24.124388416Z 64 PC: 13075 | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:09:24.135825862Z 66 PC: 1307e | Move file pointer
2018-12-17T22:09:24.136842817Z 64 PC: 130be | Write file or device (Write 903 bytes on handle 5)
2018-12-17T22:09:24.14689366Z 87 PC: 130d0 | Get or set file date and time
2018-12-17T22:09:24.148898779Z 62 PC: 130d4 | Close file
2018-12-17T22:09:24.153840996Z 42 PC: 130f3 | Get date 0x130f3: cmp dh, 3
0x130f6: jne 0x13130
0x130f8: mov dx, 0x55
0x130fb: mov ax, 0x6000
0x130fe: mov es, ax
0x13100: xor ax, ax
0x13102: xor di, di
0x13104: mov si, 0x17f
0x13107: mov cx, 0x18
0x1310a: rep movsb byte ptr es:[di], byte ptr [si]
0x1310c: dec dx
0x1310d: cmp dx, 0
0x13110: jne 0x13104
0x13112: mov ah, 0x19
0x13114: int 0x21
0x13116: push ax
0x13117: pop dx
0x13118: mov dh, 1
0x1311a: xor bx, bx
0x1311c: xor ch, ch
2018-12-17T22:09:24.155361479Z 48 PC: 12eef | Get DOS version
2018-12-17T22:09:24.156626608Z 26 PC: 139ec | Set disk transfer address
2018-12-17T22:09:24.157508217Z 78 PC: 139f5 | Find first file
2018-12-17T22:09:24.160976157Z 61 PC: 13a34 | Open file (Filename = 'LISEZMOI')
2018-12-17T22:09:24.165240395Z 9 PC: 130ec | Display string (String= 'Fichier introuvable')
2018-12-17T22:09:24.167768822Z 49 PC: 12d6d | Terminate and stay resident (Return code = '1' | Memory size = '73')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:02.892571328Z 53 PC: 12a5a | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:45:02.89488196Z 53 PC: 12a67 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:45:02.896275802Z 37 PC: 12a79 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:45:02.897605849Z 37 PC: 12a81 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:45:02.899744998Z 37 PC: 12af8 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:45:02.901354515Z 37 PC: 12b09 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:45:02.902952919Z 53 PC: 12b10 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.904817588Z 74 PC: 12d29 | Reallocate memory
2018-12-25T11:45:02.908749929Z 37 PC: 12d33 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.909795369Z 75 PC: 12d59 | Execute program
2018-12-25T11:45:02.935830965Z 53 PC: 12efa | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:45:02.938388936Z 53 PC: 12f07 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:45:02.939780875Z 37 PC: 12f19 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:45:02.941203185Z 37 PC: 12f21 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:45:02.943062438Z 37 PC: 12f98 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:45:02.945756285Z 37 PC: 12fa9 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:45:02.947101852Z 53 PC: 12fb0 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.953396114Z 54 PC: 12fd5 | Get free disk space
2018-12-25T11:45:02.970741633Z 78 PC: 12fe8 | Find first file
2018-12-25T11:45:02.985111846Z 79 PC: 12ffc | Find next file
2018-12-25T11:45:02.98839829Z 79 PC: 12ffc | Find next file (See above)
2018-12-25T11:45:02.995333758Z 79 PC: 12ffc | Find next file (See above)
2018-12-25T11:45:02.998626399Z 79 PC: 12ffc | Find next file (See above)
2018-12-25T11:45:03.002173592Z 79 PC: 12ffc | Find next file (See above)
2018-12-25T11:45:03.008116099Z 79 PC: 12ffc | Find next file (See above)
2018-12-25T11:45:03.011307371Z 79 PC: 12ffc | Find next file (See above)
2018-12-25T11:45:03.020955654Z 37 PC: 1301b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:03.022957319Z 61 PC: 13026 | Open file (Filename = 'TEST.COM')
2018-12-25T11:45:03.030628416Z 87 PC: 1303d | Get or set file date and time
2018-12-25T11:45:03.032647738Z 63 PC: 13056 | Read file or device (Read 903 bytes on handle 5)
2018-12-25T11:45:03.042186188Z 66 PC: 13061 | Move file pointer
2018-12-25T11:45:03.043935349Z 64 PC: 13075 | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:45:03.060130318Z 66 PC: 1307e | Move file pointer
2018-12-25T11:45:03.062946814Z 64 PC: 130be | Write file or device (Write 903 bytes on handle 5)
2018-12-25T11:45:03.07140453Z 87 PC: 130d0 | Get or set file date and time
2018-12-25T11:45:03.07317484Z 62 PC: 130d4 | Close file
2018-12-25T11:45:03.082460442Z 42 PC: 130f3 | Get date 0x130f3: cmp dh, 3
0x130f6: jne 0x13130
0x130f8: mov dx, 0x55
0x130fb: mov ax, 0x6000
0x130fe: mov es, ax
0x13100: xor ax, ax
0x13102: xor di, di
0x13104: mov si, 0x17f
0x13107: mov cx, 0x18
0x1310a: rep movsb byte ptr es:[di], byte ptr [si]
0x1310c: dec dx
0x1310d: cmp dx, 0
0x13110: jne 0x13104
0x13112: mov ah, 0x19
0x13114: int 0x21
0x13116: push ax
0x13117: pop dx
0x13118: mov dh, 1
0x1311a: xor bx, bx
0x1311c: xor ch, ch
2018-12-25T11:45:03.085441946Z 48 PC: 12eef | Get DOS version
2018-12-25T11:45:03.087291503Z 26 PC: 139ec | Set disk transfer address
2018-12-25T11:45:03.089206122Z 78 PC: 139f5 | Find first file
2018-12-25T11:45:03.096138891Z 61 PC: 13a34 | Open file (Filename = 'LISEZMOI')
2018-12-25T11:45:03.1037387Z 9 PC: 130ec | Display string (String= 'Fichier introuvable')
2018-12-25T11:45:03.108821303Z 49 PC: 12d6d | Terminate and stay resident (Return code = '1' | Memory size = '73')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2167,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:02.838540542Z 64 PC: 0 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:45:02.846797074Z 41 PC: 94fae | Parse filename
2018-12-25T11:45:02.851610855Z 41 PC: 9502f | Parse filename
2018-12-25T11:45:02.854195225Z 41 PC: 9504c | Parse filename
2018-12-25T11:45:02.857497868Z 26 PC: 984f7 | Set disk transfer address
2018-12-25T11:45:02.860684686Z 71 PC: 986f3 | Get current directory
2018-12-25T11:45:02.864177091Z 78 PC: 986fe | Find first file
2018-12-25T11:45:02.875682376Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:45:02.879719227Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:45:02.892801191Z 64 PC: 9a848 | Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:45:02.899418333Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:45:02.901204834Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:45:02.903657057Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:02.905274118Z 62 PC: 122ab | Close file
2018-12-25T11:45:02.90724372Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.920452296Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.922440078Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.924138151Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.926868048Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.928615805Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.930442854Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.932990872Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.93492891Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.936943821Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.93894142Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.94544109Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.948178496Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.950878648Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:45:02.954753571Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:45:02.957276127Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:45:02.959742923Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:45:02.969023627Z 25 PC: 94e62 | Get default drive
2018-12-25T11:45:02.971084212Z 71 PC: 970dd | Get current directory
2018-12-25T11:45:02.975888191Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:45:02.980459435Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:45:02.983683932Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:45:02.985874614Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:45:02.988755695Z 10 PC: 94f39 | Buffered keyboard input
2018-12-25T11:45:17.884453747Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:45:19.238494156Z 0 PC: 0 | Program terminate (See above)
2018-12-25T11:45:19.341043471Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:45:19.347267615Z 41 PC: 94fae | Parse filename (See above)
2018-12-25T11:45:19.350076696Z 41 PC: 9502f | Parse filename (See above)
2018-12-25T11:45:19.351685189Z 41 PC: 9504c | Parse filename (See above)
2018-12-25T11:45:19.355468525Z 26 PC: 984f7 | Set disk transfer address (See above)
2018-12-25T11:45:19.35754538Z 71 PC: 986f3 | Get current directory (See above)
2018-12-25T11:45:19.381852421Z 78 PC: 986fe | Find first file (See above)
2018-12-25T11:45:19.393018664Z 71 PC: 9856c | Get current directory
2018-12-25T11:45:19.396244978Z 73 PC: 97c09 | Release memory
2018-12-25T11:45:19.397886666Z 75 PC: 11821 | Execute program
2018-12-25T11:45:19.412573164Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T11:45:19.417319721Z 76 PC: 12a4b | Terminate with return code (Return code = '36')