Sample viewer

vx.netlux.org/Virus.DOS.LTS.297

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:15:42.251467453Z	26	PC: 12a61 \| Set disk transfer address
2018-12-17T22:15:42.253441293Z	37	PC: 12a6d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:15:42.254682367Z	78	PC: 12a77 \| Find first file
2018-12-17T22:15:42.260614406Z	61	PC: 12a91 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:15:42.268041329Z	63	PC: 12b34 \| Read file or device (Read 297 bytes on handle 5)
2018-12-17T22:15:42.274961561Z	66	PC: 12b34 \| Move file pointer
2018-12-17T22:15:42.276696366Z	64	PC: 12b34 \| Write file or device (Write 297 bytes on handle 5)
2018-12-17T22:15:42.291382706Z	66	PC: 12b34 \| Move file pointer
2018-12-17T22:15:42.293391233Z	64	PC: 12b34 \| Write file or device (Write 297 bytes on handle 5)
2018-12-17T22:15:42.300400224Z	62	PC: 12ada \| Close file
2018-12-17T22:15:42.318776896Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.321535846Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.333800284Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.336935016Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.33994165Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.342739931Z	61	PC: 12a91 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:15:42.366469897Z	63	PC: 12b34 \| Read file or device (Read 297 bytes on handle 5)
2018-12-17T22:15:42.385772846Z	66	PC: 12b34 \| Move file pointer
2018-12-17T22:15:42.387249449Z	64	PC: 12b34 \| Write file or device (Write 297 bytes on handle 5)
2018-12-17T22:15:42.395326856Z	66	PC: 12b34 \| Move file pointer
2018-12-17T22:15:42.397438338Z	64	PC: 12b34 \| Write file or device (Write 297 bytes on handle 5)
2018-12-17T22:15:42.40420369Z	62	PC: 12ada \| Close file
2018-12-17T22:15:42.41318314Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.416449151Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.419254735Z	61	PC: 12a91 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:15:42.425912025Z	63	PC: 12b34 \| Read file or device (Read 297 bytes on handle 5)
2018-12-17T22:15:42.429474157Z	62	PC: 12ada \| Close file
2018-12-17T22:15:42.431509234Z	79	PC: 12a77 \| Find next file
2018-12-17T22:15:42.434185138Z	42	PC: 12aef \| Get date 0x12aef: cmp dl, 2 0x12af2: jne 0x12af7 0x12af4: call 0x12b21 0x12af7: mov ah, 0x1a 0x12af9: mov dx, 0x80 0x12afc: int 0x21 0x12afe: push cs 0x12aff: pop es 0x12b00: mov si, 0x1ce 0x12b03: mov di, 0xfde8 0x12b06: push di 0x12b07: mov cx, 0x10 0x12b0a: cld 0x12b0b: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0d: ret 0x12b0e: mov si, word ptr [0x1fc] 0x12b12: mov di, 0x100 0x12b15: add si, di 0x12b17: push di 0x12b18: mov cx, 0x129
2018-12-17T22:15:42.437212419Z	26	PC: 12afe \| Set disk transfer address
2018-12-17T22:15:42.438636711Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2859,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:27.63227361Z	26	PC: 12a61 \| Set disk transfer address
2018-12-25T11:47:27.633577848Z	37	PC: 12a6d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:27.63458952Z	78	PC: 12a77 \| Find first file
2018-12-25T11:47:27.640385473Z	61	PC: 12a91 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:27.64704096Z	63	PC: 12b34 \| Read file or device (Read 297 bytes on handle 5)
2018-12-25T11:47:27.651039133Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:27.652034349Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:28.433317023Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:28.434943965Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:28.464851228Z	62	PC: 12ada \| Close file
2018-12-25T11:47:28.654035408Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:28.656696822Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:28.65912021Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:28.661582048Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:28.664966586Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:28.667667587Z	61	PC: 12a91 \| Open file (See above)
2018-12-25T11:47:28.674308258Z	63	PC: 12b34 \| Read file or device (See above)
2018-12-25T11:47:28.684096309Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:28.685782755Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:28.793052955Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:28.795241807Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:28.802081403Z	62	PC: 12ada \| Close file (See above)
2018-12-25T11:47:29.088349851Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.092711836Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.095162009Z	61	PC: 12a91 \| Open file (See above)
2018-12-25T11:47:29.101463627Z	63	PC: 12b34 \| Read file or device (See above)
2018-12-25T11:47:29.104837482Z	62	PC: 12ada \| Close file (See above)
2018-12-25T11:47:29.106572326Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.10881515Z	42	PC: 12aef \| Get date 0x12aef: cmp dl, 2 0x12af2: jne 0x12af7 0x12af4: call 0x12b21 0x12af7: mov ah, 0x1a 0x12af9: mov dx, 0x80 0x12afc: int 0x21 0x12afe: push cs 0x12aff: pop es 0x12b00: mov si, 0x1ce 0x12b03: mov di, 0xfde8 0x12b06: push di 0x12b07: mov cx, 0x10 0x12b0a: cld 0x12b0b: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0d: ret 0x12b0e: mov si, word ptr [0x1fc] 0x12b12: mov di, 0x100 0x12b15: add si, di 0x12b17: push di 0x12b18: mov cx, 0x129
2018-12-25T11:47:29.111262884Z	26	PC: 12afe \| Set disk transfer address
2018-12-25T11:47:29.112377721Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2859,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:28.004720949Z	26	PC: 12a61 \| Set disk transfer address
2018-12-25T11:47:28.006164377Z	37	PC: 12a6d \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:47:28.007239628Z	78	PC: 12a77 \| Find first file
2018-12-25T11:47:28.013002811Z	61	PC: 12a91 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:47:28.019656189Z	63	PC: 12b34 \| Read file or device (Read 297 bytes on handle 5)
2018-12-25T11:47:28.026158248Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:28.027379161Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:28.948711271Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:28.950310847Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:29.221956782Z	62	PC: 12ada \| Close file
2018-12-25T11:47:29.290587368Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.293370974Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.295908551Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.298623192Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.301145495Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.303800982Z	61	PC: 12a91 \| Open file (See above)
2018-12-25T11:47:29.310672518Z	63	PC: 12b34 \| Read file or device (See above)
2018-12-25T11:47:29.317335695Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:29.318701024Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:29.337279374Z	66	PC: 12b34 \| Move file pointer (See above)
2018-12-25T11:47:29.339946759Z	64	PC: 12b34 \| Write file or device (See above)
2018-12-25T11:47:29.346843758Z	62	PC: 12ada \| Close file (See above)
2018-12-25T11:47:29.386950284Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.398942952Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.402058184Z	61	PC: 12a91 \| Open file (See above)
2018-12-25T11:47:29.409167792Z	63	PC: 12b34 \| Read file or device (See above)
2018-12-25T11:47:29.412187729Z	62	PC: 12ada \| Close file (See above)
2018-12-25T11:47:29.413850352Z	79	PC: 12a77 \| Find next file (See above)
2018-12-25T11:47:29.416079858Z	42	PC: 12aef \| Get date 0x12aef: cmp dl, 2 0x12af2: jne 0x12af7 0x12af4: call 0x12b21 0x12af7: mov ah, 0x1a 0x12af9: mov dx, 0x80 0x12afc: int 0x21 0x12afe: push cs 0x12aff: pop es 0x12b00: mov si, 0x1ce 0x12b03: mov di, 0xfde8 0x12b06: push di 0x12b07: mov cx, 0x10 0x12b0a: cld 0x12b0b: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0d: ret 0x12b0e: mov si, word ptr [0x1fc] 0x12b12: mov di, 0x100 0x12b15: add si, di 0x12b17: push di 0x12b18: mov cx, 0x129
2018-12-25T11:47:29.419072328Z	9	PC: 12b28 \| Display string (String= '(C)Long Tall Silver ')