Sample viewer

vx.netlux.org/Virus.DOS.Koko.1780

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:09:28.708530467Z	255	PC: 14721 \| UNKNOWN!
2018-12-17T22:09:28.70979479Z	53	PC: 14771 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:28.71118675Z	42	PC: 14812 \| Get date 0x14812: cmp dx, 0x71d 0x14816: je 0x1481f 0x14818: cmp dx, 0x20f 0x1481c: je 0x1481f 0x1481e: ret 0x1481f: push dx 0x14820: push cs 0x14821: pop ds 0x14822: xor si, si 0x14824: xor dx, dx 0x14826: mov ah, 0xe 0x14828: mov cx, 0x88 0x1482b: mov al, byte ptr [si + 0x4a3] 0x1482f: sub al, 0x60 0x14831: add dl, al 0x14833: int 0x10 0x14835: inc si 0x14836: loop 0x1482b 0x14838: cmp dl, 0x53 0x1483b: jne 0x14849
2018-12-17T22:09:28.712653526Z	98	PC: 147b8 \| Get current PSP
2018-12-17T22:09:28.713818021Z	74	PC: 12af5 \| Reallocate memory
2018-12-17T22:09:28.715179847Z	48	PC: 12b0f \| Get DOS version
2018-12-17T22:09:28.716217828Z	55	PC: 12b1b \| Get or set switch character
2018-12-17T22:09:28.717914962Z	64	PC: 14034 \| Write file or device (Write 17 bytes on handle 2)
2018-12-17T22:09:28.720817504Z	64	PC: 14034 \| Write file or device (Write 16 bytes on handle 2)
2018-12-17T22:09:28.723443378Z	64	PC: 14034 \| Write file or device (Write 2 bytes on handle 2)
2018-12-17T22:09:28.726275333Z	64	PC: 14034 \| Write file or device (Write 27 bytes on handle 2)
2018-12-17T22:09:28.730429163Z	64	PC: 14034 \| Write file or device (Write 2 bytes on handle 2)
2018-12-17T22:09:28.733002756Z	64	PC: 14034 \| Write file or device (Write 2 bytes on handle 2)
2018-12-17T22:09:28.735602456Z	37	PC: 14079 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:09:28.737529856Z	25	PC: 13f0c \| Get default drive
2018-12-17T22:09:28.738538199Z	68	PC: 14107 \| I/O control for devices (Set for = '�')
2018-12-17T22:09:28.740613362Z	25	PC: 140b9 \| Get default drive
2018-12-17T22:09:28.742156968Z	14	PC: 140c4 \| Set default drive (Drive = 'A')
2018-12-17T22:09:28.743321896Z	31	PC: 140ce \| Get disk parameter block for default drive
2018-12-17T22:09:28.745686095Z	14	PC: 140de \| Set default drive (Drive = 'A')
2018-12-17T22:09:28.747973Z	2	PC: 13f7e \| Character output (Char = '55')
2018-12-17T22:09:28.750095976Z	2	PC: 13f7e \| Character output (Char = '6e')
2018-12-17T22:09:28.752109346Z	2	PC: 13f7e \| Character output (Char = '61')
2018-12-17T22:09:28.754637643Z	2	PC: 13f7e \| Character output (Char = '62')
2018-12-17T22:09:28.757323053Z	2	PC: 13f7e \| Character output (Char = '6c')
2018-12-17T22:09:28.759483697Z	2	PC: 13f7e \| Character output (Char = '65')
2018-12-17T22:09:28.763709659Z	2	PC: 13f7e \| Character output (Char = '20')
2018-12-17T22:09:28.765811525Z	2	PC: 13f7e \| Character output (Char = '74')
2018-12-17T22:09:28.767866686Z	2	PC: 13f7e \| Character output (Char = '6f')
2018-12-17T22:09:28.770158979Z	2	PC: 13f7e \| Character output (Char = '20')
2018-12-17T22:09:28.772328994Z	2	PC: 13f7e \| Character output (Char = '72')
2018-12-17T22:09:28.775216456Z	2	PC: 13f7e \| Character output (Char = '65')
2018-12-17T22:09:28.777508141Z	2	PC: 13f7e \| Character output (Char = '61')
2018-12-17T22:09:28.780100871Z	2	PC: 13f7e \| Character output (Char = '64')
2018-12-17T22:09:28.782296399Z	2	PC: 13f7e \| Character output (Char = '20')
2018-12-17T22:09:28.785293508Z	2	PC: 13f7e \| Character output (Char = '66')
2018-12-17T22:09:28.787427234Z	2	PC: 13f7e \| Character output (Char = '72')
2018-12-17T22:09:28.789472055Z	2	PC: 13f7e \| Character output (Char = '6f')
2018-12-17T22:09:28.791690883Z	2	PC: 13f7e \| Character output (Char = '6d')
2018-12-17T22:09:28.793896969Z	2	PC: 13f7e \| Character output (Char = '20')
2018-12-17T22:09:28.795893759Z	2	PC: 13f7e \| Character output (Char = '64')
2018-12-17T22:09:28.798373155Z	2	PC: 13f7e \| Character output (Char = '72')
2018-12-17T22:09:28.800350725Z	2	PC: 13f7e \| Character output (Char = '69')
2018-12-17T22:09:28.802431969Z	2	PC: 13f7e \| Character output (Char = '76')
2018-12-17T22:09:28.804612082Z	2	PC: 13f7e \| Character output (Char = '65')
2018-12-17T22:09:28.811321778Z	2	PC: 13f7e \| Character output (Char = '20')
2018-12-17T22:09:28.813429967Z	2	PC: 13f7e \| Character output (Char = '41')
2018-12-17T22:09:28.815146721Z	2	PC: 13f7e \| Character output (Char = '0d')
2018-12-17T22:09:28.817375056Z	2	PC: 13f7e \| Character output (Char = '0a')
2018-12-17T22:09:28.820065798Z	76	PC: 12b69 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2178,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:04.518456559Z	255	PC: 14721 \| UNKNOWN!
2018-12-25T11:45:04.519510506Z	53	PC: 14771 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:04.520398087Z	42	PC: 14812 \| Get date 0x14812: cmp dx, 0x71d 0x14816: je 0x1481f 0x14818: cmp dx, 0x20f 0x1481c: je 0x1481f 0x1481e: ret 0x1481f: push dx 0x14820: push cs 0x14821: pop ds 0x14822: xor si, si 0x14824: xor dx, dx 0x14826: mov ah, 0xe 0x14828: mov cx, 0x88 0x1482b: mov al, byte ptr [si + 0x4a3] 0x1482f: sub al, 0x60 0x14831: add dl, al 0x14833: int 0x10 0x14835: inc si 0x14836: loop 0x1482b 0x14838: cmp dl, 0x53 0x1483b: jne 0x14849
2018-12-25T11:45:04.522085533Z	98	PC: 147b8 \| Get current PSP
2018-12-25T11:45:04.52330037Z	74	PC: 12af5 \| Reallocate memory
2018-12-25T11:45:04.524345429Z	48	PC: 12b0f \| Get DOS version
2018-12-25T11:45:04.525169662Z	55	PC: 12b1b \| Get or set switch character
2018-12-25T11:45:04.526919551Z	64	PC: 14034 \| Write file or device (Write 17 bytes on handle 2)
2018-12-25T11:45:04.529116313Z	64	PC: 14034 \| Write file or device (See above)
2018-12-25T11:45:04.531227755Z	64	PC: 14034 \| Write file or device (See above)
2018-12-25T11:45:04.533801104Z	64	PC: 14034 \| Write file or device (See above)
2018-12-25T11:45:04.537742689Z	64	PC: 14034 \| Write file or device (See above)
2018-12-25T11:45:04.541856711Z	64	PC: 14034 \| Write file or device (See above)
2018-12-25T11:45:04.54646086Z	37	PC: 14079 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:45:04.547768705Z	25	PC: 13f0c \| Get default drive
2018-12-25T11:45:04.548666223Z	68	PC: 14107 \| I/O control for devices (Set for = '�')
2018-12-25T11:45:04.550926859Z	25	PC: 140b9 \| Get default drive
2018-12-25T11:45:04.551839936Z	14	PC: 140c4 \| Set default drive (Drive = 'A')
2018-12-25T11:45:04.552938296Z	31	PC: 140ce \| Get disk parameter block for default drive
2018-12-25T11:45:04.555661577Z	14	PC: 140de \| Set default drive (Drive = 'A')
2018-12-25T11:45:04.55685606Z	2	PC: 13f7e \| Character output (Char = '55')
2018-12-25T11:45:04.558677931Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.561185319Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.563142006Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.56507427Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.567618773Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.569619303Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.571530542Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.574092164Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.576376125Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.578453746Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.581830196Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.583863134Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.585875149Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.589135986Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.591408435Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.593787555Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.596595611Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.598742342Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.600673658Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.602757603Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.60475459Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.606653934Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.608845747Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.612358294Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.614544002Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.616953789Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.619000962Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.620721535Z	2	PC: 13f7e \| Character output (See above)
2018-12-25T11:45:04.624955433Z	76	PC: 12b69 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":15,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2178,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:04.538413676Z	255	PC: 14721 \| UNKNOWN!
2018-12-25T11:45:04.540125691Z	53	PC: 14771 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:04.541505773Z	42	PC: 14812 \| Get date 0x14812: cmp dx, 0x71d 0x14816: je 0x1481f 0x14818: cmp dx, 0x20f 0x1481c: je 0x1481f 0x1481e: ret 0x1481f: push dx 0x14820: push cs 0x14821: pop ds 0x14822: xor si, si 0x14824: xor dx, dx 0x14826: mov ah, 0xe 0x14828: mov cx, 0x88 0x1482b: mov al, byte ptr [si + 0x4a3] 0x1482f: sub al, 0x60 0x14831: add dl, al 0x14833: int 0x10 0x14835: inc si 0x14836: loop 0x1482b 0x14838: cmp dl, 0x53 0x1483b: jne 0x14849

{"DateBased":true,"Day":29,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2178,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:04.565249055Z	255	PC: 14721 \| UNKNOWN!
2018-12-25T11:45:04.567278784Z	53	PC: 14771 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:04.56966198Z	42	PC: 14812 \| Get date 0x14812: cmp dx, 0x71d 0x14816: je 0x1481f 0x14818: cmp dx, 0x20f 0x1481c: je 0x1481f 0x1481e: ret 0x1481f: push dx 0x14820: push cs 0x14821: pop ds 0x14822: xor si, si 0x14824: xor dx, dx 0x14826: mov ah, 0xe 0x14828: mov cx, 0x88 0x1482b: mov al, byte ptr [si + 0x4a3] 0x1482f: sub al, 0x60 0x14831: add dl, al 0x14833: int 0x10 0x14835: inc si 0x14836: loop 0x1482b 0x14838: cmp dl, 0x53 0x1483b: jne 0x14849
2018-12-25T11:45:04.582526821Z	25	PC: 14852 \| Get default drive