Sample viewer

vx.netlux.org/Virus.DOS.Cosenza.3205

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:12:23.279437069Z 42 PC: 150f7 | Get date 0x150f7: cmp dh, 0xb
0x150fa: jne 0x15108
0x150fc: mov ah, 0x2c
0x150fe: int 0x21
0x15100: cmp ch, 0xa
0x15103: jbe 0x15108
0x15105: jmp 0x15958
0x15108: push ds
0x15109: xor ax, ax
0x1510b: mov ds, ax
0x1510d: mov bx, 0x84
0x15110: push word ptr [bx]
0x15112: push word ptr [bx + 2]
0x15115: pop es
0x15116: pop bx
0x15117: pop ds
0x15118: cmp word ptr es:[bx], 0xdb86
0x1511d: jne 0x15122
0x1511f: jmp 0x1596d
0x15122: push ds
2018-12-17T22:12:23.283036699Z 48 PC: 13542 | Get DOS version
2018-12-17T22:12:23.283987559Z 74 PC: 1359c | Reallocate memory
2018-12-17T22:12:23.285037089Z 48 PC: 135f4 | Get DOS version
2018-12-17T22:12:23.286467734Z 53 PC: 135fc | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:23.287904249Z 37 PC: 1360e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:12:23.289946549Z 68 PC: 13692 | I/O control for devices (Set for = 'F�0��F�7�')
2018-12-17T22:12:23.291985232Z 68 PC: 13692 | I/O control for devices
2018-12-17T22:12:23.293492398Z 68 PC: 13692 | I/O control for devices
2018-12-17T22:12:23.294814945Z 68 PC: 13692 | I/O control for devices
2018-12-17T22:12:23.296581391Z 68 PC: 13692 | I/O control for devices
2018-12-17T22:12:23.29951841Z 37 PC: 14630 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:12:23.300926103Z 98 PC: 144dd | Get current PSP
2018-12-17T22:12:23.301904254Z 25 PC: 1463f | Get default drive
2018-12-17T22:12:23.303876429Z 15 PC: 144dd | Open file (Filename = '��2�r�� �t1��P�:P���+�P�6��P�����P�4P�P����^_��]�U��0�! �F��F�V�F�P�F�P�H���2,@�]�F��F�V�F�P�F�P�(���~�t,+�P�6��P�f���P�2P�P�T��+�P�6��F�.�i+�P�6��P�/���P�2P�P���+�P�6��P� ��+�P�^P�')
2018-12-17T22:12:23.309455981Z 16 PC: 144dd | Close file
2018-12-17T22:12:23.318374307Z 68 PC: 144dd | I/O control for devices (Set for = '��2�r�� �t1��P�:P���+�P�6��')
2018-12-17T22:12:23.3214851Z 96 PC: 1452e | Qualify filename
2018-12-17T22:12:23.325423415Z 71 PC: 144dd | Get current directory
2018-12-17T22:12:23.328266991Z 26 PC: 144dd | Set disk transfer address
2018-12-17T22:12:23.329936481Z 17 PC: 144dd | Find first file
2018-12-17T22:12:23.336053793Z 64 PC: 144dd | Write file or device (Write 21 bytes on handle 1)
2018-12-17T22:12:23.338598466Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.341596266Z 64 PC: 144dd | Write file or device (Write 4 bytes on handle 1)
2018-12-17T22:12:23.343499715Z 64 PC: 144dd | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:12:23.345329503Z 64 PC: 144dd | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:12:23.349324753Z 105 PC: 1452e | Get or set media id
2018-12-17T22:12:23.352692426Z 64 PC: 144dd | Write file or device (Write 32 bytes on handle 1)
2018-12-17T22:12:23.355417551Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.357949073Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.359962899Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.362330462Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.365096563Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.367335843Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.369434116Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.372001703Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.374155181Z 64 PC: 144dd | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:12:23.376091767Z 64 PC: 144dd | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:12:23.380727984Z 64 PC: 144dd | Write file or device (Write 57 bytes on handle 2)
2018-12-17T22:12:23.384995418Z 68 PC: 144dd | I/O control for devices (Set for = 'ft Corp')
2018-12-17T22:12:23.386687628Z 10 PC: 144dd | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2497,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:59.737931196Z 42 PC: 150f7 | Get date 0x150f7: cmp dh, 0xb
0x150fa: jne 0x15108
0x150fc: mov ah, 0x2c
0x150fe: int 0x21
0x15100: cmp ch, 0xa
0x15103: jbe 0x15108
0x15105: jmp 0x15958
0x15108: push ds
0x15109: xor ax, ax
0x1510b: mov ds, ax
0x1510d: mov bx, 0x84
0x15110: push word ptr [bx]
0x15112: push word ptr [bx + 2]
0x15115: pop es
0x15116: pop bx
0x15117: pop ds
0x15118: cmp word ptr es:[bx], 0xdb86
0x1511d: jne 0x15122
0x1511f: jmp 0x1596d
0x15122: push ds
2018-12-25T11:45:59.74230546Z 48 PC: 13542 | Get DOS version
2018-12-25T11:45:59.743736283Z 74 PC: 1359c | Reallocate memory
2018-12-25T11:45:59.74527416Z 48 PC: 135f4 | Get DOS version
2018-12-25T11:45:59.74767774Z 53 PC: 135fc | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:59.749284487Z 37 PC: 1360e | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:59.751008317Z 68 PC: 13692 | I/O control for devices (Set for = 'F�0��F�7�')
2018-12-25T11:45:59.752778387Z 68 PC: 13692 | I/O control for devices (See above)
2018-12-25T11:45:59.75432515Z 68 PC: 13692 | I/O control for devices (See above)
2018-12-25T11:45:59.755694923Z 68 PC: 13692 | I/O control for devices (See above)
2018-12-25T11:45:59.756922676Z 68 PC: 13692 | I/O control for devices (See above)
2018-12-25T11:45:59.76876196Z 37 PC: 14630 | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:45:59.769958741Z 98 PC: 144dd | Get current PSP
2018-12-25T11:45:59.770894095Z 25 PC: 1463f | Get default drive
2018-12-25T11:45:59.772359274Z 15 PC: 144dd | Open file (See above)
2018-12-25T11:45:59.776510842Z 16 PC: 144dd | Close file (See above)
2018-12-25T11:45:59.778249036Z 68 PC: 144dd | I/O control for devices (See above)
2018-12-25T11:45:59.780104692Z 96 PC: 1452e | Qualify filename
2018-12-25T11:45:59.782648244Z 71 PC: 144dd | Get current directory (See above)
2018-12-25T11:45:59.784697737Z 26 PC: 144dd | Set disk transfer address (See above)
2018-12-25T11:45:59.786250848Z 17 PC: 144dd | Find first file (See above)
2018-12-25T11:45:59.790370582Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.793344884Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.796405467Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.799713087Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.8027273Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.807497627Z 105 PC: 1452e | Get or set media id (See above)
2018-12-25T11:45:59.813516524Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.818008816Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.824696632Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.828373254Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.831381402Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.834453061Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.838026808Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.841338724Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.84523769Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.849193677Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.852434029Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.857375439Z 64 PC: 144dd | Write file or device (See above)
2018-12-25T11:45:59.871952175Z 68 PC: 144dd | I/O control for devices (See above)
2018-12-25T11:45:59.873642145Z 10 PC: 144dd | Buffered keyboard input (See above)

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2497,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:59.914690963Z 42 PC: 150f7 | Get date 0x150f7: cmp dh, 0xb
0x150fa: jne 0x15108
0x150fc: mov ah, 0x2c
0x150fe: int 0x21
0x15100: cmp ch, 0xa
0x15103: jbe 0x15108
0x15105: jmp 0x15958
0x15108: push ds
0x15109: xor ax, ax
0x1510b: mov ds, ax
0x1510d: mov bx, 0x84
0x15110: push word ptr [bx]
0x15112: push word ptr [bx + 2]
0x15115: pop es
0x15116: pop bx
0x15117: pop ds
0x15118: cmp word ptr es:[bx], 0xdb86
0x1511d: jne 0x15122
0x1511f: jmp 0x1596d
0x15122: push ds
2018-12-25T11:45:59.918439909Z 44 PC: 15100 | Get time 0x15100: cmp ch, 0xa
0x15103: jbe 0x15108
0x15105: jmp 0x15958
0x15108: push ds
0x15109: xor ax, ax
0x1510b: mov ds, ax
0x1510d: mov bx, 0x84
0x15110: push word ptr [bx]
0x15112: push word ptr [bx + 2]
0x15115: pop es
0x15116: pop bx
0x15117: pop ds
0x15118: cmp word ptr es:[bx], 0xdb86
0x1511d: jne 0x15122
0x1511f: jmp 0x1596d
0x15122: push ds
0x15123: pop dx
0x15124: mov ax, ds
0x15126: dec ax
0x15127: mov ds, ax
2018-12-25T11:45:59.920974238Z 2 PC: 1595e | Character output (Char = '07')
2018-12-25T11:45:59.923455737Z 9 PC: 15967 | Display string (Could not find end pointer)
2018-12-25T11:45:59.952428233Z 7 PC: 1596b | Direct console input without echo