Sample viewer

vx.netlux.org/Virus.DOS.BackFormat.2000.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:12:50.095416771Z	61	PC: 1de68 \| Open file (Filename = ' foundPrinter out of paper errorWrite fault errorRead fault errorGeneral failureSharing violationLock violationInvalid disk changeFCB unavailableSystem resource exhaustedCode page mismatchOut of inputInsufficient disk space‘¥²¼ÓÞ')
2018-12-17T22:12:50.102134317Z	63	PC: 1de7a \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:12:50.104934811Z	66	PC: 1de9e \| Move file pointer
2018-12-17T22:12:50.106587363Z	63	PC: 1dead \| Read file or device (Read 32 bytes on handle 5)
2018-12-17T22:12:50.122943562Z	87	PC: 1dedb \| Get or set file date and time
2018-12-17T22:12:50.124286258Z	66	PC: 1deec \| Move file pointer
2018-12-17T22:12:50.125712592Z	66	PC: 1df0f \| Move file pointer
2018-12-17T22:12:50.127853217Z	98	PC: 1df15 \| Get current PSP
2018-12-17T22:12:50.128777093Z	48	PC: 1df2b \| Get DOS version
2018-12-17T22:12:50.129982493Z	82	PC: 1df42 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:12:50.132473179Z	64	PC: 1df7a \| Write file or device (Write 1860 bytes on handle 5)
2018-12-17T22:12:50.477117719Z	66	PC: 1df86 \| Move file pointer
2018-12-17T22:12:50.478765172Z	64	PC: 1df90 \| Write file or device (Write 32 bytes on handle 5)
2018-12-17T22:12:50.482584965Z	87	PC: 1df9d \| Get or set file date and time
2018-12-17T22:12:50.483916893Z	62	PC: 1dfb1 \| Close file
2018-12-17T22:12:50.488388904Z	42	PC: 12c65 \| Get date 0x12c65: cmp dh, 6 0x12c68: ja 0x12c70 0x12c6a: mov byte ptr cs:[0x801], 0xeb 0x12c70: inc word ptr cs:[0x822] 0x12c75: push cs 0x12c76: pop es 0x12c77: mov bx, 0xa0 0x12c7a: mov ah, 0x4a 0x12c7c: int 0x21 0x12c7e: mov ah, 0x52 0x12c80: int 0x21 0x12c82: mov ax, word ptr es:[bx - 2] 0x12c86: mov ds, ax 0x12c88: add ax, word ptr [3] 0x12c8c: inc ax 0x12c8d: mov dx, cs 0x12c8f: dec dx 0x12c90: cmp ax, dx 0x12c92: jne 0x12c9a 0x12c94: add word ptr [3], 0xa1
2018-12-17T22:12:50.491047578Z	74	PC: 12c7e \| Reallocate memory
2018-12-17T22:12:50.492330157Z	82	PC: 12c82 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:12:50.493434494Z	73	PC: 12cae \| Release memory
2018-12-17T22:12:50.495248747Z	75	PC: 12d11 \| Execute program
2018-12-17T22:12:50.511238481Z	80	PC: 148b9 \| Set current PSP
2018-12-17T22:12:50.51197337Z	48	PC: 148bd \| Get DOS version
2018-12-17T22:12:50.513677932Z	2	PC: 1476c \| Character output (Char = '49')
2018-12-17T22:12:50.51568182Z	2	PC: 1476c \| Character output (Char = '6e')
2018-12-17T22:12:50.517681629Z	2	PC: 1476c \| Character output (Char = '63')
2018-12-17T22:12:50.519891791Z	2	PC: 1476c \| Character output (Char = '6f')
2018-12-17T22:12:50.521562431Z	2	PC: 1476c \| Character output (Char = '72')
2018-12-17T22:12:50.523137548Z	2	PC: 1476c \| Character output (Char = '72')
2018-12-17T22:12:50.525268576Z	2	PC: 1476c \| Character output (Char = '65')
2018-12-17T22:12:50.526765846Z	2	PC: 1476c \| Character output (Char = '63')
2018-12-17T22:12:50.528274964Z	2	PC: 1476c \| Character output (Char = '74')
2018-12-17T22:12:50.531076967Z	2	PC: 1476c \| Character output (Char = '20')
2018-12-17T22:12:50.532899065Z	2	PC: 1476c \| Character output (Char = '44')
2018-12-17T22:12:50.534547591Z	2	PC: 1476c \| Character output (Char = '4f')
2018-12-17T22:12:50.536656986Z	2	PC: 1476c \| Character output (Char = '53')
2018-12-17T22:12:50.538223211Z	2	PC: 1476c \| Character output (Char = '20')
2018-12-17T22:12:50.539772534Z	2	PC: 1476c \| Character output (Char = '76')
2018-12-17T22:12:50.54199959Z	2	PC: 1476c \| Character output (Char = '65')
2018-12-17T22:12:50.543819595Z	2	PC: 1476c \| Character output (Char = '72')
2018-12-17T22:12:50.545655554Z	2	PC: 1476c \| Character output (Char = '73')
2018-12-17T22:12:50.551368155Z	2	PC: 1476c \| Character output (Char = '69')
2018-12-17T22:12:50.552987463Z	2	PC: 1476c \| Character output (Char = '6f')
2018-12-17T22:12:50.554483793Z	2	PC: 1476c \| Character output (Char = '6e')
2018-12-17T22:12:50.556734278Z	2	PC: 1476c \| Character output (Char = '0d')
2018-12-17T22:12:50.558166585Z	2	PC: 1476c \| Character output (Char = '0a')
2018-12-17T22:12:50.561815902Z	77	PC: 12d15 \| Get program return code
2018-12-17T22:12:50.563612592Z	76	PC: 12d2a \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2547,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:01.958058487Z	61	PC: 1de68 \| Open file (Filename = ' foundPrinter out of paper errorWrite fault errorRead fault errorGeneral failureSharing violationLock violationInvalid disk changeFCB unavailableSystem resource exhaustedCode page mismatchOut of inputInsufficient disk space‘¥²¼ÓÞ')
2018-12-25T11:46:01.965192569Z	63	PC: 1de7a \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:46:01.968106923Z	66	PC: 1de9e \| Move file pointer
2018-12-25T11:46:01.969653192Z	63	PC: 1dead \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:46:01.976483647Z	87	PC: 1dedb \| Get or set file date and time
2018-12-25T11:46:01.978088613Z	66	PC: 1deec \| Move file pointer
2018-12-25T11:46:01.979594621Z	66	PC: 1df0f \| Move file pointer
2018-12-25T11:46:01.982112586Z	98	PC: 1df15 \| Get current PSP
2018-12-25T11:46:01.982842901Z	48	PC: 1df2b \| Get DOS version
2018-12-25T11:46:01.983905516Z	82	PC: 1df42 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:46:01.985202543Z	64	PC: 1df7a \| Write file or device (Write 1860 bytes on handle 5)
2018-12-25T11:46:02.700732978Z	66	PC: 1df86 \| Move file pointer
2018-12-25T11:46:02.702486425Z	64	PC: 1df90 \| Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:46:02.706433143Z	87	PC: 1df9d \| Get or set file date and time
2018-12-25T11:46:02.709065859Z	62	PC: 1dfb1 \| Close file
2018-12-25T11:46:02.719685951Z	42	PC: 12c65 \| Get date 0x12c65: cmp dh, 6 0x12c68: ja 0x12c70 0x12c6a: mov byte ptr cs:[0x801], 0xeb 0x12c70: inc word ptr cs:[0x822] 0x12c75: push cs 0x12c76: pop es 0x12c77: mov bx, 0xa0 0x12c7a: mov ah, 0x4a 0x12c7c: int 0x21 0x12c7e: mov ah, 0x52 0x12c80: int 0x21 0x12c82: mov ax, word ptr es:[bx - 2] 0x12c86: mov ds, ax 0x12c88: add ax, word ptr [3] 0x12c8c: inc ax 0x12c8d: mov dx, cs 0x12c8f: dec dx 0x12c90: cmp ax, dx 0x12c92: jne 0x12c9a 0x12c94: add word ptr [3], 0xa1
2018-12-25T11:46:02.722786891Z	74	PC: 12c7e \| Reallocate memory
2018-12-25T11:46:02.72582842Z	82	PC: 12c82 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:46:02.727267352Z	73	PC: 12cae \| Release memory
2018-12-25T11:46:02.72898038Z	75	PC: 12d11 \| Execute program
2018-12-25T11:46:02.749119763Z	80	PC: 148b9 \| Set current PSP
2018-12-25T11:46:02.750260844Z	48	PC: 148bd \| Get DOS version
2018-12-25T11:46:02.751573298Z	2	PC: 1476c \| Character output (Char = '49')
2018-12-25T11:46:02.754422032Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.756686573Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.759010063Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.762878194Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.7653779Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.768988971Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.773346003Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.775176079Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.776819394Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.778779513Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.781177586Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.783386346Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.78596306Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.789205074Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.791434377Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.793817151Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.796549468Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.799016843Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.801543591Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.804377361Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.806794311Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.80894242Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.815682476Z	77	PC: 12d15 \| Get program return code
2018-12-25T11:46:02.817049096Z	76	PC: 12d2a \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2547,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:02.225136012Z	61	PC: 1de68 \| Open file (Filename = ' foundPrinter out of paper errorWrite fault errorRead fault errorGeneral failureSharing violationLock violationInvalid disk changeFCB unavailableSystem resource exhaustedCode page mismatchOut of inputInsufficient disk space‘¥²¼ÓÞ')
2018-12-25T11:46:02.230216381Z	63	PC: 1de7a \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:46:02.232806282Z	66	PC: 1de9e \| Move file pointer
2018-12-25T11:46:02.233996463Z	63	PC: 1dead \| Read file or device (Read 32 bytes on handle 5)
2018-12-25T11:46:02.24094297Z	87	PC: 1dedb \| Get or set file date and time
2018-12-25T11:46:02.242370459Z	66	PC: 1deec \| Move file pointer
2018-12-25T11:46:02.243766518Z	66	PC: 1df0f \| Move file pointer
2018-12-25T11:46:02.245586495Z	98	PC: 1df15 \| Get current PSP
2018-12-25T11:46:02.246482002Z	48	PC: 1df2b \| Get DOS version
2018-12-25T11:46:02.247569882Z	82	PC: 1df42 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:46:02.249131631Z	64	PC: 1df7a \| Write file or device (Write 1860 bytes on handle 5)
2018-12-25T11:46:02.700066212Z	66	PC: 1df86 \| Move file pointer
2018-12-25T11:46:02.701783728Z	64	PC: 1df90 \| Write file or device (Write 32 bytes on handle 5)
2018-12-25T11:46:02.706602609Z	87	PC: 1df9d \| Get or set file date and time
2018-12-25T11:46:02.708601754Z	62	PC: 1dfb1 \| Close file
2018-12-25T11:46:02.716712689Z	42	PC: 12c65 \| Get date 0x12c65: cmp dh, 6 0x12c68: ja 0x12c70 0x12c6a: mov byte ptr cs:[0x801], 0xeb 0x12c70: inc word ptr cs:[0x822] 0x12c75: push cs 0x12c76: pop es 0x12c77: mov bx, 0xa0 0x12c7a: mov ah, 0x4a 0x12c7c: int 0x21 0x12c7e: mov ah, 0x52 0x12c80: int 0x21 0x12c82: mov ax, word ptr es:[bx - 2] 0x12c86: mov ds, ax 0x12c88: add ax, word ptr [3] 0x12c8c: inc ax 0x12c8d: mov dx, cs 0x12c8f: dec dx 0x12c90: cmp ax, dx 0x12c92: jne 0x12c9a 0x12c94: add word ptr [3], 0xa1
2018-12-25T11:46:02.720821861Z	74	PC: 12c7e \| Reallocate memory
2018-12-25T11:46:02.722677978Z	82	PC: 12c82 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:46:02.725143Z	73	PC: 12cae \| Release memory
2018-12-25T11:46:02.726809959Z	75	PC: 12d11 \| Execute program
2018-12-25T11:46:02.746901131Z	80	PC: 148b9 \| Set current PSP
2018-12-25T11:46:02.7481402Z	48	PC: 148bd \| Get DOS version
2018-12-25T11:46:02.749442419Z	2	PC: 1476c \| Character output (Char = '49')
2018-12-25T11:46:02.752099465Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.754268395Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.756598995Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.759803813Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.76202474Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.764056225Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.767300373Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.76946011Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.771925357Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.775245735Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.778469006Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.780823305Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.783896192Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.786517891Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.788774267Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.793611716Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.795864383Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.798209653Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.801150175Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.804019091Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.806340688Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.80860081Z	2	PC: 1476c \| Character output (See above)
2018-12-25T11:46:02.815370822Z	77	PC: 12d15 \| Get program return code
2018-12-25T11:46:02.816828747Z	76	PC: 12d2a \| Terminate with return code (Return code = '0')