Sample viewer

vx.netlux.org/Virus.DOS.Syst.1744

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:50.896818296Z 11 PC: 17ddb | Get input status
2018-12-17T22:10:50.900565097Z 74 PC: 17e26 | Reallocate memory
2018-12-17T22:10:50.902091971Z 74 PC: 17e38 | Reallocate memory
2018-12-17T22:10:50.903399575Z 72 PC: 17e3f | Allocate memory
2018-12-17T22:10:50.905505474Z 72 PC: 17e4a | Allocate memory
2018-12-17T22:10:50.906993516Z 74 PC: 17e84 | Reallocate memory
2018-12-17T22:10:50.908546493Z 74 PC: 9ef43 | Reallocate memory
2018-12-17T22:10:50.910725708Z 75 PC: 9ef6c | Execute program
2018-12-17T22:10:50.921409375Z 11 PC: 17f3b | Get input status
2018-12-17T22:10:50.926848406Z 48 PC: 166b1 | Get DOS version
2018-12-17T22:10:50.929753321Z 54 PC: 9f017 | Get free disk space
2018-12-17T22:10:50.935001498Z 67 PC: 9f069 | Get or set file attributes
2018-12-17T22:10:50.939030608Z 61 PC: 9f08f | Open file (Filename = '')
2018-12-17T22:10:50.943536739Z 67 PC: 9f0b6 | Get or set file attributes
2018-12-17T22:10:50.947646122Z 61 PC: 1674b | Open file (Filename = 'A:\V3.CFG')
2018-12-17T22:10:50.952830265Z 9 PC: 16c45 | Display string (String= ' This program is an unregistered version only for evaluation. Group users (company, government, etc.) are requested to register V3+. ')
2018-12-17T22:10:50.956267516Z 42 PC: 16886 | Get date 0x16886: cmp cx, 0x7cc
0x1688a: jb 0x168a5
0x1688c: ja 0x1689a
0x1688e: cmp dh, 8
0x16891: jb 0x168a5
0x16893: ja 0x1689a
0x16895: cmp dl, 7
0x16898: jb 0x168a5
0x1689a: mov ax, 0x12
0x1689d: call 0x16c61
0x168a0: jae 0x168a5
0x168a2: jmp 0x16bd8
0x168a5: mov ax, 2
0x168a8: call 0x16c37
0x168ab: xor ax, ax
0x168ad: mov es, ax
0x168af: mov ax, word ptr es:[0x413]
0x168b3: mov cl, 6
0x168b5: shl ax, cl
0x168b7: mov es, ax
2018-12-17T22:10:50.95796845Z 9 PC: 16c72 | Display string (String= 'ERROR: This program is out of date and should be replaced by new version.')
2018-12-17T22:10:50.960746246Z 9 PC: 16c7d | Display string (String= ' Continue anyway? (y/N) ')
2018-12-17T22:10:50.962873308Z 12 PC: 16ca1 | Flush input buffer and input

{"DateBased":true,"Day":7,"Month":8,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:31.008528629Z 11 PC: 17ddb | Get input status
2018-12-25T11:45:31.011714577Z 74 PC: 17e26 | Reallocate memory
2018-12-25T11:45:31.01320557Z 74 PC: 17e38 | Reallocate memory
2018-12-25T11:45:31.014379614Z 72 PC: 17e3f | Allocate memory
2018-12-25T11:45:31.016261508Z 72 PC: 17e4a | Allocate memory
2018-12-25T11:45:31.017895432Z 74 PC: 17e84 | Reallocate memory
2018-12-25T11:45:31.019445786Z 74 PC: 9ef43 | Reallocate memory
2018-12-25T11:45:31.020921754Z 75 PC: 9ef6c | Execute program
2018-12-25T11:45:31.03676051Z 11 PC: 17f3b | Get input status
2018-12-25T11:45:31.047308945Z 48 PC: 166b1 | Get DOS version
2018-12-25T11:45:31.050694556Z 54 PC: 9f017 | Get free disk space
2018-12-25T11:45:31.059373828Z 67 PC: 9f069 | Get or set file attributes
2018-12-25T11:45:31.064881948Z 61 PC: 9f08f | Open file (Filename = '')
2018-12-25T11:45:31.070643529Z 67 PC: 9f0b6 | Get or set file attributes
2018-12-25T11:45:31.077000586Z 61 PC: 1674b | Open file (Filename = 'A:\V3.CFG')
2018-12-25T11:45:31.086051981Z 9 PC: 16c45 | Display string (String= ' This program is an unregistered version only for evaluation. Group users (company, government, etc.) are requested to register V3+. ')
2018-12-25T11:45:31.090999106Z 42 PC: 16886 | Get date 0x16886: cmp cx, 0x7cc
0x1688a: jb 0x168a5
0x1688c: ja 0x1689a
0x1688e: cmp dh, 8
0x16891: jb 0x168a5
0x16893: ja 0x1689a
0x16895: cmp dl, 7
0x16898: jb 0x168a5
0x1689a: mov ax, 0x12
0x1689d: call 0x16c61
0x168a0: jae 0x168a5
0x168a2: jmp 0x16bd8
0x168a5: mov ax, 2
0x168a8: call 0x16c37
0x168ab: xor ax, ax
0x168ad: mov es, ax
0x168af: mov ax, word ptr es:[0x413]
0x168b3: mov cl, 6
0x168b5: shl ax, cl
0x168b7: mov es, ax
2018-12-25T11:45:31.093808838Z 9 PC: 16c72 | Display string (String= 'ERROR: This program is out of date and should be replaced by new version.')
2018-12-25T11:45:31.097606039Z 9 PC: 16c7d | Display string (String= ' Continue anyway? (y/N) ')
2018-12-25T11:45:31.101274302Z 12 PC: 16ca1 | Flush input buffer and input

{"DateBased":true,"Day":1,"Month":9,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:31.694757556Z 11 PC: 17ddb | Get input status
2018-12-25T11:45:31.698941594Z 74 PC: 17e26 | Reallocate memory
2018-12-25T11:45:31.700853393Z 74 PC: 17e38 | Reallocate memory
2018-12-25T11:45:31.702396331Z 72 PC: 17e3f | Allocate memory
2018-12-25T11:45:31.704138933Z 72 PC: 17e4a | Allocate memory
2018-12-25T11:45:31.706319027Z 74 PC: 17e84 | Reallocate memory
2018-12-25T11:45:31.708325497Z 74 PC: 9ef43 | Reallocate memory
2018-12-25T11:45:31.710041583Z 75 PC: 9ef6c | Execute program
2018-12-25T11:45:31.729150862Z 11 PC: 17f3b | Get input status
2018-12-25T11:45:31.739956738Z 48 PC: 166b1 | Get DOS version
2018-12-25T11:45:31.743270154Z 54 PC: 9f017 | Get free disk space
2018-12-25T11:45:31.755305581Z 67 PC: 9f069 | Get or set file attributes
2018-12-25T11:45:31.763251396Z 61 PC: 9f08f | Open file (Filename = '')
2018-12-25T11:45:31.7701696Z 67 PC: 9f0b6 | Get or set file attributes
2018-12-25T11:45:31.778543919Z 61 PC: 1674b | Open file (Filename = 'A:\V3.CFG')
2018-12-25T11:45:31.788208749Z 9 PC: 16c45 | Display string (String= ' This program is an unregistered version only for evaluation. Group users (company, government, etc.) are requested to register V3+. ')
2018-12-25T11:45:31.792914046Z 42 PC: 16886 | Get date 0x16886: cmp cx, 0x7cc
0x1688a: jb 0x168a5
0x1688c: ja 0x1689a
0x1688e: cmp dh, 8
0x16891: jb 0x168a5
0x16893: ja 0x1689a
0x16895: cmp dl, 7
0x16898: jb 0x168a5
0x1689a: mov ax, 0x12
0x1689d: call 0x16c61
0x168a0: jae 0x168a5
0x168a2: jmp 0x16bd8
0x168a5: mov ax, 2
0x168a8: call 0x16c37
0x168ab: xor ax, ax
0x168ad: mov es, ax
0x168af: mov ax, word ptr es:[0x413]
0x168b3: mov cl, 6
0x168b5: shl ax, cl
0x168b7: mov es, ax
2018-12-25T11:45:31.795595172Z 9 PC: 16c72 | Display string (String= 'ERROR: This program is out of date and should be replaced by new version.')
2018-12-25T11:45:31.800387366Z 9 PC: 16c7d | Display string (String= ' Continue anyway? (y/N) ')
2018-12-25T11:45:31.804398544Z 12 PC: 16ca1 | Flush input buffer and input

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:31.919755419Z 11 PC: 17ddb | Get input status
2018-12-25T11:45:31.922561531Z 74 PC: 17e26 | Reallocate memory
2018-12-25T11:45:31.924223798Z 74 PC: 17e38 | Reallocate memory
2018-12-25T11:45:31.925429009Z 72 PC: 17e3f | Allocate memory
2018-12-25T11:45:31.940169779Z 72 PC: 17e4a | Allocate memory
2018-12-25T11:45:31.941844755Z 74 PC: 17e84 | Reallocate memory
2018-12-25T11:45:31.943484897Z 74 PC: 9ef43 | Reallocate memory
2018-12-25T11:45:31.945154437Z 75 PC: 9ef6c | Execute program
2018-12-25T11:45:31.963179772Z 11 PC: 17f3b | Get input status
2018-12-25T11:45:31.97595633Z 48 PC: 166b1 | Get DOS version
2018-12-25T11:45:31.979661799Z 54 PC: 9f017 | Get free disk space
2018-12-25T11:45:31.99403753Z 67 PC: 9f069 | Get or set file attributes
2018-12-25T11:45:32.000572867Z 61 PC: 9f08f | Open file (Filename = '')
2018-12-25T11:45:32.007392767Z 67 PC: 9f0b6 | Get or set file attributes
2018-12-25T11:45:32.021372859Z 61 PC: 1674b | Open file (Filename = 'A:\V3.CFG')
2018-12-25T11:45:32.032993288Z 9 PC: 16c45 | Display string (String= ' This program is an unregistered version only for evaluation. Group users (company, government, etc.) are requested to register V3+. ')
2018-12-25T11:45:32.039930184Z 42 PC: 16886 | Get date 0x16886: cmp cx, 0x7cc
0x1688a: jb 0x168a5
0x1688c: ja 0x1689a
0x1688e: cmp dh, 8
0x16891: jb 0x168a5
0x16893: ja 0x1689a
0x16895: cmp dl, 7
0x16898: jb 0x168a5
0x1689a: mov ax, 0x12
0x1689d: call 0x16c61
0x168a0: jae 0x168a5
0x168a2: jmp 0x16bd8
0x168a5: mov ax, 2
0x168a8: call 0x16c37
0x168ab: xor ax, ax
0x168ad: mov es, ax
0x168af: mov ax, word ptr es:[0x413]
0x168b3: mov cl, 6
0x168b5: shl ax, cl
0x168b7: mov es, ax
2018-12-25T11:45:32.043644959Z 9 PC: 16c72 | Display string (String= 'ERROR: This program is out of date and should be replaced by new version.')
2018-12-25T11:45:32.048071914Z 9 PC: 16c7d | Display string (String= ' Continue anyway? (y/N) ')
2018-12-25T11:45:32.051933181Z 12 PC: 16ca1 | Flush input buffer and input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:32.141051612Z 11 PC: 17ddb | Get input status
2018-12-25T11:45:32.145483044Z 74 PC: 17e26 | Reallocate memory
2018-12-25T11:45:32.147892007Z 74 PC: 17e38 | Reallocate memory
2018-12-25T11:45:32.149694026Z 72 PC: 17e3f | Allocate memory
2018-12-25T11:45:32.151659656Z 72 PC: 17e4a | Allocate memory
2018-12-25T11:45:32.162346852Z 74 PC: 17e84 | Reallocate memory
2018-12-25T11:45:32.164412541Z 74 PC: 9ef43 | Reallocate memory
2018-12-25T11:45:32.166527288Z 75 PC: 9ef6c | Execute program
2018-12-25T11:45:32.185631746Z 11 PC: 17f3b | Get input status
2018-12-25T11:45:32.198975208Z 48 PC: 166b1 | Get DOS version
2018-12-25T11:45:32.203628813Z 54 PC: 9f017 | Get free disk space
2018-12-25T11:45:32.214699566Z 67 PC: 9f069 | Get or set file attributes
2018-12-25T11:45:32.221522939Z 61 PC: 9f08f | Open file (Filename = '')
2018-12-25T11:45:32.229349892Z 67 PC: 9f0b6 | Get or set file attributes
2018-12-25T11:45:32.23745021Z 61 PC: 1674b | Open file (Filename = 'A:\V3.CFG')
2018-12-25T11:45:32.247525179Z 9 PC: 16c45 | Display string (String= ' This program is an unregistered version only for evaluation. Group users (company, government, etc.) are requested to register V3+. ')
2018-12-25T11:45:32.252682479Z 42 PC: 16886 | Get date 0x16886: cmp cx, 0x7cc
0x1688a: jb 0x168a5
0x1688c: ja 0x1689a
0x1688e: cmp dh, 8
0x16891: jb 0x168a5
0x16893: ja 0x1689a
0x16895: cmp dl, 7
0x16898: jb 0x168a5
0x1689a: mov ax, 0x12
0x1689d: call 0x16c61
0x168a0: jae 0x168a5
0x168a2: jmp 0x16bd8
0x168a5: mov ax, 2
0x168a8: call 0x16c37
0x168ab: xor ax, ax
0x168ad: mov es, ax
0x168af: mov ax, word ptr es:[0x413]
0x168b3: mov cl, 6
0x168b5: shl ax, cl
0x168b7: mov es, ax
2018-12-25T11:45:32.255744851Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.269351857Z 48 PC: 169ae | Get DOS version
2018-12-25T11:45:32.270760409Z 82 PC: 169b6 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:45:32.272898587Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.27756762Z 9 PC: 16a01 | Display string (String= 'N p} pFAT12 FAT16 NO NAME �� ')
2018-12-25T11:45:32.280236319Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.283074041Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.289516309Z 76 PC: 16d97 | Terminate with return code (Return code = '2')
2018-12-25T11:45:32.293234455Z 73 PC: 9ef75 | Release memory
2018-12-25T11:45:32.295096034Z 77 PC: 9ef79 | Get program return code
2018-12-25T11:45:32.29715382Z 76 PC: 9ef7d | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:32.199026313Z 11 PC: 17ddb | Get input status
2018-12-25T11:45:32.203170878Z 74 PC: 17e26 | Reallocate memory
2018-12-25T11:45:32.204866605Z 74 PC: 17e38 | Reallocate memory
2018-12-25T11:45:32.206424161Z 72 PC: 17e3f | Allocate memory
2018-12-25T11:45:32.209088571Z 72 PC: 17e4a | Allocate memory
2018-12-25T11:45:32.211237202Z 74 PC: 17e84 | Reallocate memory
2018-12-25T11:45:32.213278565Z 74 PC: 9ef43 | Reallocate memory
2018-12-25T11:45:32.215053639Z 75 PC: 9ef6c | Execute program
2018-12-25T11:45:32.232709285Z 11 PC: 17f3b | Get input status
2018-12-25T11:45:32.243860885Z 48 PC: 166b1 | Get DOS version
2018-12-25T11:45:32.247709939Z 54 PC: 9f017 | Get free disk space
2018-12-25T11:45:32.258818658Z 67 PC: 9f069 | Get or set file attributes
2018-12-25T11:45:32.265411006Z 61 PC: 9f08f | Open file (Filename = '')
2018-12-25T11:45:32.272177727Z 67 PC: 9f0b6 | Get or set file attributes
2018-12-25T11:45:32.282947347Z 61 PC: 1674b | Open file (Filename = 'A:\V3.CFG')
2018-12-25T11:45:32.292328117Z 9 PC: 16c45 | Display string (String= ' This program is an unregistered version only for evaluation. Group users (company, government, etc.) are requested to register V3+. ')
2018-12-25T11:45:32.297076307Z 42 PC: 16886 | Get date 0x16886: cmp cx, 0x7cc
0x1688a: jb 0x168a5
0x1688c: ja 0x1689a
0x1688e: cmp dh, 8
0x16891: jb 0x168a5
0x16893: ja 0x1689a
0x16895: cmp dl, 7
0x16898: jb 0x168a5
0x1689a: mov ax, 0x12
0x1689d: call 0x16c61
0x168a0: jae 0x168a5
0x168a2: jmp 0x16bd8
0x168a5: mov ax, 2
0x168a8: call 0x16c37
0x168ab: xor ax, ax
0x168ad: mov es, ax
0x168af: mov ax, word ptr es:[0x413]
0x168b3: mov cl, 6
0x168b5: shl ax, cl
0x168b7: mov es, ax
2018-12-25T11:45:32.300767641Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.312678972Z 48 PC: 169ae | Get DOS version
2018-12-25T11:45:32.314297031Z 82 PC: 169b6 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:45:32.318725652Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.323136242Z 9 PC: 16a01 | Display string (String= 'N p} pFAT12 FAT16 NO NAME �� ')
2018-12-25T11:45:32.325693552Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.329699932Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.339020186Z 76 PC: 16d97 | Terminate with return code (Return code = '2')
2018-12-25T11:45:32.342344167Z 73 PC: 9ef75 | Release memory
2018-12-25T11:45:32.343800758Z 77 PC: 9ef79 | Get program return code
2018-12-25T11:45:32.345440733Z 76 PC: 9ef7d | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":8,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:32.190499014Z 11 PC: 17ddb | Get input status
2018-12-25T11:45:32.194254717Z 74 PC: 17e26 | Reallocate memory
2018-12-25T11:45:32.196489022Z 74 PC: 17e38 | Reallocate memory
2018-12-25T11:45:32.198366294Z 72 PC: 17e3f | Allocate memory
2018-12-25T11:45:32.200345564Z 72 PC: 17e4a | Allocate memory
2018-12-25T11:45:32.202950931Z 74 PC: 17e84 | Reallocate memory
2018-12-25T11:45:32.205181516Z 74 PC: 9ef43 | Reallocate memory
2018-12-25T11:45:32.207082356Z 75 PC: 9ef6c | Execute program
2018-12-25T11:45:32.225707236Z 11 PC: 17f3b | Get input status
2018-12-25T11:45:32.237035719Z 48 PC: 166b1 | Get DOS version
2018-12-25T11:45:32.24158436Z 54 PC: 9f017 | Get free disk space
2018-12-25T11:45:32.264681245Z 67 PC: 9f069 | Get or set file attributes
2018-12-25T11:45:32.271896987Z 61 PC: 9f08f | Open file (Filename = '')
2018-12-25T11:45:32.279674468Z 67 PC: 9f0b6 | Get or set file attributes
2018-12-25T11:45:32.287598483Z 61 PC: 1674b | Open file (Filename = 'A:\V3.CFG')
2018-12-25T11:45:32.29825611Z 9 PC: 16c45 | Display string (String= ' This program is an unregistered version only for evaluation. Group users (company, government, etc.) are requested to register V3+. ')
2018-12-25T11:45:32.303602331Z 42 PC: 16886 | Get date 0x16886: cmp cx, 0x7cc
0x1688a: jb 0x168a5
0x1688c: ja 0x1689a
0x1688e: cmp dh, 8
0x16891: jb 0x168a5
0x16893: ja 0x1689a
0x16895: cmp dl, 7
0x16898: jb 0x168a5
0x1689a: mov ax, 0x12
0x1689d: call 0x16c61
0x168a0: jae 0x168a5
0x168a2: jmp 0x16bd8
0x168a5: mov ax, 2
0x168a8: call 0x16c37
0x168ab: xor ax, ax
0x168ad: mov es, ax
0x168af: mov ax, word ptr es:[0x413]
0x168b3: mov cl, 6
0x168b5: shl ax, cl
0x168b7: mov es, ax
2018-12-25T11:45:32.308182155Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.322292299Z 48 PC: 169ae | Get DOS version
2018-12-25T11:45:32.324422416Z 82 PC: 169b6 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:45:32.326740322Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.345403788Z 9 PC: 16a01 | Display string (String= 'N p} pFAT12 FAT16 NO NAME �� ')
2018-12-25T11:45:32.348857811Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.352121048Z 9 PC: 16c45 | Display string (See above)
2018-12-25T11:45:32.358643473Z 76 PC: 16d97 | Terminate with return code (Return code = '2')
2018-12-25T11:45:32.362481238Z 73 PC: 9ef75 | Release memory
2018-12-25T11:45:32.364375835Z 77 PC: 9ef79 | Get program return code
2018-12-25T11:45:32.366924471Z 76 PC: 9ef7d | Terminate with return code (Return code = '2')