Sample viewer

vx.netlux.org/Virus.DOS.Rape.485

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:18:36.842358833Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dl, 0x15 0x12a8e: jne 0x12ab3 0x12a90: xor ax, ax 0x12a92: int 0x10 0x12a94: mov ah, 9 0x12a96: mov dx, si 0x12a98: add dx, 0x19a 0x12a9c: int 0x21 0x12a9e: mov ax, 0x1a 0x12aa1: mov cx, 0xff 0x12aa4: xor dx, dx 0x12aa6: push ax 0x12aa7: int 0x26 0x12aa9: popf 0x12aaa: pop ax 0x12aab: dec ax 0x12aac: cmp ax, 2 0x12aaf: jg 0x12aa1 0x12ab1: jmp 0x12a9e 0x12ab3: mov bp, 0
2018-12-17T22:18:36.844816376Z	78	PC: 12ac2 \| Find first file
2018-12-17T22:18:36.850701532Z	67	PC: 12ad9 \| Get or set file attributes
2018-12-17T22:18:36.869586137Z	61	PC: 12adf \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:18:36.890170671Z	63	PC: 12af0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:18:36.896965997Z	66	PC: 12b19 \| Move file pointer
2018-12-17T22:18:36.898463943Z	87	PC: 12b7a \| Get or set file date and time
2018-12-17T22:18:36.90020416Z	62	PC: 12b7e \| Close file
2018-12-17T22:18:36.913532365Z	67	PC: 12b8a \| Get or set file attributes
2018-12-17T22:18:36.938635965Z	79	PC: 12b93 \| Find next file
2018-12-17T22:18:36.941922577Z	67	PC: 12ad9 \| Get or set file attributes
2018-12-17T22:18:36.952655184Z	61	PC: 12adf \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:18:36.959417787Z	63	PC: 12af0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:18:36.966354198Z	66	PC: 12b19 \| Move file pointer
2018-12-17T22:18:36.9692922Z	87	PC: 12b7a \| Get or set file date and time
2018-12-17T22:18:36.970955074Z	62	PC: 12b7e \| Close file
2018-12-17T22:18:36.978141833Z	67	PC: 12b8a \| Get or set file attributes
2018-12-17T22:18:36.988839972Z	79	PC: 12b93 \| Find next file
2018-12-17T22:18:36.991837065Z	67	PC: 12ad9 \| Get or set file attributes
2018-12-17T22:18:37.001695011Z	61	PC: 12adf \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:18:37.00937849Z	63	PC: 12af0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:18:37.016590585Z	66	PC: 12b19 \| Move file pointer
2018-12-17T22:18:37.018268102Z	87	PC: 12b7a \| Get or set file date and time
2018-12-17T22:18:37.020306289Z	62	PC: 12b7e \| Close file
2018-12-17T22:18:37.030452007Z	67	PC: 12b8a \| Get or set file attributes
2018-12-17T22:18:37.04006394Z	79	PC: 12b93 \| Find next file
2018-12-17T22:18:37.0443374Z	67	PC: 12ad9 \| Get or set file attributes
2018-12-17T22:18:37.054729284Z	61	PC: 12adf \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:18:37.061305214Z	63	PC: 12af0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:18:37.067613498Z	66	PC: 12b19 \| Move file pointer
2018-12-17T22:18:37.06967222Z	87	PC: 12b7a \| Get or set file date and time
2018-12-17T22:18:37.071704825Z	62	PC: 12b7e \| Close file
2018-12-17T22:18:37.079186972Z	67	PC: 12b8a \| Get or set file attributes
2018-12-17T22:18:37.091993148Z	79	PC: 12b93 \| Find next file
2018-12-17T22:18:37.096347496Z	67	PC: 12ad9 \| Get or set file attributes
2018-12-17T22:18:37.106111782Z	61	PC: 12adf \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:18:37.113755732Z	63	PC: 12af0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:18:37.120463178Z	66	PC: 12b19 \| Move file pointer
2018-12-17T22:18:37.122313062Z	87	PC: 12b7a \| Get or set file date and time
2018-12-17T22:18:37.124940238Z	62	PC: 12b7e \| Close file
2018-12-17T22:18:37.131754706Z	67	PC: 12b8a \| Get or set file attributes
2018-12-17T22:18:37.141401699Z	79	PC: 12b93 \| Find next file
2018-12-17T22:18:37.144777649Z	67	PC: 12ad9 \| Get or set file attributes
2018-12-17T22:18:37.154556732Z	61	PC: 12adf \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:18:37.166675591Z	63	PC: 12af0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:18:37.174135965Z	66	PC: 12b19 \| Move file pointer
2018-12-17T22:18:37.176468342Z	64	PC: 12b3a \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:18:37.17951711Z	66	PC: 12b44 \| Move file pointer
2018-12-17T22:18:37.187724237Z	64	PC: 12c52 \| Write file or device (Write 485 bytes on handle 5)
2018-12-17T22:18:37.19649695Z	87	PC: 12b7a \| Get or set file date and time
2018-12-17T22:18:37.198745944Z	62	PC: 12b7e \| Close file
2018-12-17T22:18:37.207432262Z	67	PC: 12b8a \| Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3190,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:40.320061067Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dl, 0x15 0x12a8e: jne 0x12ab3 0x12a90: xor ax, ax 0x12a92: int 0x10 0x12a94: mov ah, 9 0x12a96: mov dx, si 0x12a98: add dx, 0x19a 0x12a9c: int 0x21 0x12a9e: mov ax, 0x1a 0x12aa1: mov cx, 0xff 0x12aa4: xor dx, dx 0x12aa6: push ax 0x12aa7: int 0x26 0x12aa9: popf 0x12aaa: pop ax 0x12aab: dec ax 0x12aac: cmp ax, 2 0x12aaf: jg 0x12aa1 0x12ab1: jmp 0x12a9e 0x12ab3: mov bp, 0
2018-12-25T11:48:40.326510853Z	78	PC: 12ac2 \| Find first file
2018-12-25T11:48:40.337047276Z	67	PC: 12ad9 \| Get or set file attributes
2018-12-25T11:48:40.363401216Z	61	PC: 12adf \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:48:40.371011409Z	63	PC: 12af0 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:48:40.375072497Z	66	PC: 12b19 \| Move file pointer
2018-12-25T11:48:40.376126194Z	87	PC: 12b7a \| Get or set file date and time
2018-12-25T11:48:40.377930716Z	62	PC: 12b7e \| Close file
2018-12-25T11:48:40.382556188Z	67	PC: 12b8a \| Get or set file attributes
2018-12-25T11:48:40.401254246Z	79	PC: 12b93 \| Find next file
2018-12-25T11:48:40.404938283Z	67	PC: 12ad9 \| Get or set file attributes (See above)
2018-12-25T11:48:40.411609954Z	61	PC: 12adf \| Open file (See above)
2018-12-25T11:48:40.418071763Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T11:48:40.425189529Z	66	PC: 12b19 \| Move file pointer (See above)
2018-12-25T11:48:40.427340657Z	87	PC: 12b7a \| Get or set file date and time (See above)
2018-12-25T11:48:40.429234945Z	62	PC: 12b7e \| Close file (See above)
2018-12-25T11:48:40.44126932Z	67	PC: 12b8a \| Get or set file attributes (See above)
2018-12-25T11:48:40.451497485Z	79	PC: 12b93 \| Find next file (See above)
2018-12-25T11:48:40.454726301Z	67	PC: 12ad9 \| Get or set file attributes (See above)
2018-12-25T11:48:40.467738512Z	61	PC: 12adf \| Open file (See above)
2018-12-25T11:48:40.483767326Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T11:48:40.490422942Z	66	PC: 12b19 \| Move file pointer (See above)
2018-12-25T11:48:40.492080001Z	87	PC: 12b7a \| Get or set file date and time (See above)
2018-12-25T11:48:40.495300051Z	62	PC: 12b7e \| Close file (See above)
2018-12-25T11:48:40.502729557Z	67	PC: 12b8a \| Get or set file attributes (See above)
2018-12-25T11:48:40.512626134Z	79	PC: 12b93 \| Find next file (See above)
2018-12-25T11:48:40.516447896Z	67	PC: 12ad9 \| Get or set file attributes (See above)
2018-12-25T11:48:40.529774441Z	61	PC: 12adf \| Open file (See above)
2018-12-25T11:48:40.53734927Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T11:48:40.544077314Z	66	PC: 12b19 \| Move file pointer (See above)
2018-12-25T11:48:40.546364115Z	87	PC: 12b7a \| Get or set file date and time (See above)
2018-12-25T11:48:40.548021324Z	62	PC: 12b7e \| Close file (See above)
2018-12-25T11:48:40.556415534Z	67	PC: 12b8a \| Get or set file attributes (See above)
2018-12-25T11:48:40.567774234Z	79	PC: 12b93 \| Find next file (See above)
2018-12-25T11:48:40.570673767Z	67	PC: 12ad9 \| Get or set file attributes (See above)
2018-12-25T11:48:40.586185859Z	61	PC: 12adf \| Open file (See above)
2018-12-25T11:48:40.598027072Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T11:48:40.604317883Z	66	PC: 12b19 \| Move file pointer (See above)
2018-12-25T11:48:40.605702055Z	87	PC: 12b7a \| Get or set file date and time (See above)
2018-12-25T11:48:40.607718503Z	62	PC: 12b7e \| Close file (See above)
2018-12-25T11:48:40.614413192Z	67	PC: 12b8a \| Get or set file attributes (See above)
2018-12-25T11:48:40.624570966Z	79	PC: 12b93 \| Find next file (See above)
2018-12-25T11:48:40.627360706Z	67	PC: 12ad9 \| Get or set file attributes (See above)
2018-12-25T11:48:40.636874389Z	61	PC: 12adf \| Open file (See above)
2018-12-25T11:48:40.643253522Z	63	PC: 12af0 \| Read file or device (See above)
2018-12-25T11:48:40.650492456Z	66	PC: 12b19 \| Move file pointer (See above)
2018-12-25T11:48:40.651854507Z	64	PC: 12b3a \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:40.654330203Z	66	PC: 12b44 \| Move file pointer
2018-12-25T11:48:40.656686957Z	64	PC: 12c52 \| Write file or device (Write 485 bytes on handle 5)
2018-12-25T11:48:40.665325941Z	87	PC: 12b7a \| Get or set file date and time (See above)
2018-12-25T11:48:40.666783979Z	62	PC: 12b7e \| Close file (See above)
2018-12-25T11:48:40.675450822Z	67	PC: 12b8a \| Get or set file attributes (See above)

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3190,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:40.365721301Z	42	PC: 12a8b \| Get date 0x12a8b: cmp dl, 0x15 0x12a8e: jne 0x12ab3 0x12a90: xor ax, ax 0x12a92: int 0x10 0x12a94: mov ah, 9 0x12a96: mov dx, si 0x12a98: add dx, 0x19a 0x12a9c: int 0x21 0x12a9e: mov ax, 0x1a 0x12aa1: mov cx, 0xff 0x12aa4: xor dx, dx 0x12aa6: push ax 0x12aa7: int 0x26 0x12aa9: popf 0x12aaa: pop ax 0x12aab: dec ax 0x12aac: cmp ax, 2 0x12aaf: jg 0x12aa1 0x12ab1: jmp 0x12a9e 0x12ab3: mov bp, 0
2018-12-25T11:48:40.371487Z	9	PC: 12a9e \| Display string (String= '486 Virus - (C)1991 RABID, InternationalBy Zodiac - RABID Priest')