Sample viewer

vx.netlux.org/Virus.DOS.Sk.1004

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:36.030767503Z	98	PC: 12d31 \| Get current PSP
2018-12-17T22:17:36.032664046Z	25	PC: 12dfb \| Get default drive
2018-12-17T22:17:36.033837213Z	25	PC: 9f5c6 \| Get default drive
2018-12-17T22:17:36.035467817Z	42	PC: 9f628 \| Get date 0x9f628: cmp dl, 0x15 0x9f62b: jne 0x9f63e 0x9f62d: mov ax, 0x309 0x9f630: mov dx, 0 0x9f633: mov cx, 1 0x9f636: lea bx, word ptr [0x100] 0x9f63a: int 0x13 0x9f63c: jmp 0x9f64f 0x9f63e: mov ax, 0 0x9f641: mov ds, ax 0x9f643: inc word ptr [0x310] 0x9f647: cmp word ptr [0x310], 0x2ff 0x9f64d: jne 0x9f66e 0x9f64f: push cs 0x9f650: pop ds 0x9f651: mov bx, 0x390 0x9f654: mov ah, byte ptr [bx] 0x9f656: xor ah, 0x15 0x9f659: mov byte ptr [bx], ah 0x9f65b: inc bx
2018-12-17T22:17:36.037809826Z	47	PC: 9f674 \| Get disk transfer address
2018-12-17T22:17:36.039246141Z	26	PC: 9f683 \| Set disk transfer address
2018-12-17T22:17:36.040976828Z	78	PC: 9f68f \| Find first file
2018-12-17T22:17:36.048098032Z	61	PC: 9f69e \| Open file (Filename = '�>?!�u�?!')
2018-12-17T22:17:36.05503084Z	63	PC: 9f6c0 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.061511519Z	62	PC: 9f6e8 \| Close file
2018-12-17T22:17:36.063529576Z	79	PC: 9f6ee \| Find next file
2018-12-17T22:17:36.066621813Z	61	PC: 9f69e \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:17:36.078273559Z	63	PC: 9f6c0 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.084609172Z	62	PC: 9f6e8 \| Close file
2018-12-17T22:17:36.086711605Z	79	PC: 9f6ee \| Find next file
2018-12-17T22:17:36.089207374Z	61	PC: 9f69e \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:17:36.095422038Z	63	PC: 9f6c0 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.102197707Z	62	PC: 9f6e8 \| Close file
2018-12-17T22:17:36.103807725Z	79	PC: 9f6ee \| Find next file
2018-12-17T22:17:36.106588125Z	61	PC: 9f69e \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:17:36.113778604Z	63	PC: 9f6c0 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.120302585Z	62	PC: 9f6e8 \| Close file
2018-12-17T22:17:36.12204463Z	79	PC: 9f6ee \| Find next file
2018-12-17T22:17:36.125329311Z	61	PC: 9f69e \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:17:36.129452882Z	63	PC: 9f6c0 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.133934541Z	62	PC: 9f6e8 \| Close file
2018-12-17T22:17:36.136817051Z	79	PC: 9f6ee \| Find next file
2018-12-17T22:17:36.140172458Z	61	PC: 9f69e \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:17:36.146464244Z	63	PC: 9f6c0 \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:17:36.153341315Z	66	PC: 9f72e \| Move file pointer
2018-12-17T22:17:36.154663441Z	64	PC: 9f73c \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:17:36.157207297Z	66	PC: 9f745 \| Move file pointer
2018-12-17T22:17:36.15917359Z	64	PC: 9f755 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-17T22:17:36.207747286Z	62	PC: 9f75d \| Close file
2018-12-17T22:17:36.223159352Z	26	PC: 9f774 \| Set disk transfer address
2018-12-17T22:17:36.234695701Z	255	PC: 12e0f \| UNKNOWN!
2018-12-17T22:17:36.243112783Z	0	PC: 12a47 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3068,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:10.351800413Z	98	PC: 12d31 \| Get current PSP
2018-12-25T11:48:10.353043959Z	25	PC: 12dfb \| Get default drive
2018-12-25T11:48:10.35662173Z	25	PC: 9f5c6 \| Get default drive
2018-12-25T11:48:10.358784193Z	42	PC: 9f628 \| Get date 0x9f628: cmp dl, 0x15 0x9f62b: jne 0x9f63e 0x9f62d: mov ax, 0x309 0x9f630: mov dx, 0 0x9f633: mov cx, 1 0x9f636: lea bx, word ptr [0x100] 0x9f63a: int 0x13 0x9f63c: jmp 0x9f64f 0x9f63e: mov ax, 0 0x9f641: mov ds, ax 0x9f643: inc word ptr [0x310] 0x9f647: cmp word ptr [0x310], 0x2ff 0x9f64d: jne 0x9f66e 0x9f64f: push cs 0x9f650: pop ds 0x9f651: mov bx, 0x390 0x9f654: mov ah, byte ptr [bx] 0x9f656: xor ah, 0x15 0x9f659: mov byte ptr [bx], ah 0x9f65b: inc bx
2018-12-25T11:48:10.361124467Z	47	PC: 9f674 \| Get disk transfer address
2018-12-25T11:48:10.362970052Z	26	PC: 9f683 \| Set disk transfer address
2018-12-25T11:48:10.364218559Z	78	PC: 9f68f \| Find first file
2018-12-25T11:48:10.370759015Z	61	PC: 9f69e \| Open file (Filename = '�>?!�u�?!')
2018-12-25T11:48:10.378347217Z	63	PC: 9f6c0 \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T11:48:10.386124872Z	62	PC: 9f6e8 \| Close file
2018-12-25T11:48:10.388112536Z	79	PC: 9f6ee \| Find next file
2018-12-25T11:48:10.391546889Z	61	PC: 9f69e \| Open file (See above)
2018-12-25T11:48:10.398821646Z	63	PC: 9f6c0 \| Read file or device (See above)
2018-12-25T11:48:10.405925406Z	62	PC: 9f6e8 \| Close file (See above)
2018-12-25T11:48:10.408221366Z	79	PC: 9f6ee \| Find next file (See above)
2018-12-25T11:48:10.411143399Z	61	PC: 9f69e \| Open file (See above)
2018-12-25T11:48:10.418302544Z	63	PC: 9f6c0 \| Read file or device (See above)
2018-12-25T11:48:10.425684277Z	62	PC: 9f6e8 \| Close file (See above)
2018-12-25T11:48:10.427563049Z	79	PC: 9f6ee \| Find next file (See above)
2018-12-25T11:48:10.430283867Z	61	PC: 9f69e \| Open file (See above)
2018-12-25T11:48:10.43762402Z	63	PC: 9f6c0 \| Read file or device (See above)
2018-12-25T11:48:10.445572822Z	62	PC: 9f6e8 \| Close file (See above)
2018-12-25T11:48:10.447388332Z	79	PC: 9f6ee \| Find next file (See above)
2018-12-25T11:48:10.450077327Z	61	PC: 9f69e \| Open file (See above)
2018-12-25T11:48:10.45795105Z	63	PC: 9f6c0 \| Read file or device (See above)
2018-12-25T11:48:10.46538478Z	62	PC: 9f6e8 \| Close file (See above)
2018-12-25T11:48:10.467221612Z	79	PC: 9f6ee \| Find next file (See above)
2018-12-25T11:48:10.471173801Z	61	PC: 9f69e \| Open file (See above)
2018-12-25T11:48:10.47842648Z	63	PC: 9f6c0 \| Read file or device (See above)
2018-12-25T11:48:10.485746834Z	66	PC: 9f72e \| Move file pointer
2018-12-25T11:48:10.488309876Z	64	PC: 9f73c \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T11:48:10.491139515Z	66	PC: 9f745 \| Move file pointer
2018-12-25T11:48:10.492435228Z	64	PC: 9f755 \| Write file or device (Write 1004 bytes on handle 5)
2018-12-25T11:48:10.507997215Z	62	PC: 9f75d \| Close file
2018-12-25T11:48:10.518044759Z	26	PC: 9f774 \| Set disk transfer address
2018-12-25T11:48:10.5197242Z	255	PC: 12e0f \| UNKNOWN!
2018-12-25T11:48:10.529337131Z	0	PC: 12a47 \| Program terminate

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3068,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:10.626242662Z	98	PC: 12d31 \| Get current PSP
2018-12-25T11:48:10.627503725Z	25	PC: 12dfb \| Get default drive
2018-12-25T11:48:10.628942629Z	25	PC: 9f5c6 \| Get default drive
2018-12-25T11:48:10.63050135Z	42	PC: 9f628 \| Get date 0x9f628: cmp dl, 0x15 0x9f62b: jne 0x9f63e 0x9f62d: mov ax, 0x309 0x9f630: mov dx, 0 0x9f633: mov cx, 1 0x9f636: lea bx, word ptr [0x100] 0x9f63a: int 0x13 0x9f63c: jmp 0x9f64f 0x9f63e: mov ax, 0 0x9f641: mov ds, ax 0x9f643: inc word ptr [0x310] 0x9f647: cmp word ptr [0x310], 0x2ff 0x9f64d: jne 0x9f66e 0x9f64f: push cs 0x9f650: pop ds 0x9f651: mov bx, 0x390 0x9f654: mov ah, byte ptr [bx] 0x9f656: xor ah, 0x15 0x9f659: mov byte ptr [bx], ah 0x9f65b: inc bx
2018-12-25T11:48:10.641570124Z	9	PC: 9f669 \| Display string (String= 'Virus in memory !!! Created by 21.I.1990 - PMG\OTME - Tolbuhin ...')