Sample viewer

vx.netlux.org/Virus.DOS.BigMouse.900.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:21:00.318463445Z 42 PC: 9f89d | Get date 0x9f89d: cmp dx, 0xb17
0x9f8a1: jne 0x9f8b0
0x9f8a3: mov ah, 9
0x9f8a5: mov dx, 0x436
0x9f8a8: add dx, si
0x9f8aa: int 0x21
0x9f8ac: mov ah, 8
0x9f8ae: int 0x21
0x9f8b0: cld
0x9f8b1: mov bx, es
0x9f8b3: mov cx, bx
0x9f8b5: add bx, 0x10
0x9f8b8: add word ptr [si + 0x419], bx
0x9f8bc: add bx, word ptr [si + 0x41b]
0x9f8c0: pop ax
0x9f8c1: cli
0x9f8c2: mov ss, bx
0x9f8c4: mov sp, word ptr [si + 0x41d]
0x9f8c8: sti
0x9f8c9: mov ds, cx
2018-12-17T22:21:00.327181508Z 48 PC: 12a4c | Get DOS version
2018-12-17T22:21:00.329298625Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:00.331068906Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:21:00.332452812Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:21:00.343753723Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:21:00.345152295Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:00.346619028Z 74 PC: 12af7 | Reallocate memory
2018-12-17T22:21:00.349438015Z 68 PC: 12f7d | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-17T22:21:00.351961897Z 68 PC: 12f7d | I/O control for devices (Set for = '')
2018-12-17T22:21:00.354882101Z 64 PC: 144ce | Write file or device (Write 39 bytes on handle 1)
2018-12-17T22:21:00.359393515Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.362752613Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.368244052Z 64 PC: 144ce | Write file or device (Write 44 bytes on handle 1)
2018-12-17T22:21:00.37488791Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.38384303Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.389534202Z 64 PC: 144ce | Write file or device (Write 44 bytes on handle 1)
2018-12-17T22:21:00.394242648Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.397351542Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.403285619Z 64 PC: 144ce | Write file or device (Write 43 bytes on handle 1)
2018-12-17T22:21:00.406466736Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.414712003Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.419853422Z 64 PC: 144ce | Write file or device (Write 42 bytes on handle 1)
2018-12-17T22:21:00.424669292Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.431650423Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.436897804Z 64 PC: 144ce | Write file or device (Write 44 bytes on handle 1)
2018-12-17T22:21:00.441659566Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.447216723Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.460828474Z 64 PC: 144ce | Write file or device (Write 30 bytes on handle 1)
2018-12-17T22:21:00.464504486Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.468266831Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.477775785Z 64 PC: 144ce | Write file or device (Write 40 bytes on handle 1)
2018-12-17T22:21:00.486938555Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.490004079Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.495941658Z 64 PC: 144ce | Write file or device (Write 34 bytes on handle 1)
2018-12-17T22:21:00.501693463Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.506471093Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.52529921Z 67 PC: 134fb | Get or set file attributes
2018-12-17T22:21:00.53251921Z 61 PC: 13e6f | Open file (Filename = 'setup.exe')
2018-12-17T22:21:00.547620125Z 64 PC: 144ce | Write file or device (Write 32 bytes on handle 1)
2018-12-17T22:21:00.555684694Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.559657698Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.570373186Z 64 PC: 144ce | Write file or device (Write 66 bytes on handle 1)
2018-12-17T22:21:00.578372864Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.581470841Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.587834267Z 64 PC: 144ce | Write file or device (Write 12 bytes on handle 1)
2018-12-17T22:21:00.592291158Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.595719615Z 64 PC: 144ce | Write file or device (Write 1 bytes on handle 1)
2018-12-17T22:21:00.605051075Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:21:00.608802385Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-17T22:21:00.610634347Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:21:00.612491828Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-17T22:21:00.614767532Z 62 PC: 13536 | Close file
2018-12-17T22:21:00.61822277Z 62 PC: 13536 | Close file
2018-12-17T22:21:00.620848651Z 62 PC: 13536 | Close file
2018-12-17T22:21:00.623661657Z 62 PC: 13536 | Close file
2018-12-17T22:21:00.627142398Z 62 PC: 13536 | Close file
2018-12-17T22:21:00.631106774Z 76 PC: 12be3 | Terminate with return code (Return code = '10')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3660,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:47.612355068Z 42 PC: 9f89d | Get date 0x9f89d: cmp dx, 0xb17
0x9f8a1: jne 0x9f8b0
0x9f8a3: mov ah, 9
0x9f8a5: mov dx, 0x436
0x9f8a8: add dx, si
0x9f8aa: int 0x21
0x9f8ac: mov ah, 8
0x9f8ae: int 0x21
0x9f8b0: cld
0x9f8b1: mov bx, es
0x9f8b3: mov cx, bx
0x9f8b5: add bx, 0x10
0x9f8b8: add word ptr [si + 0x419], bx
0x9f8bc: add bx, word ptr [si + 0x41b]
0x9f8c0: pop ax
0x9f8c1: cli
0x9f8c2: mov ss, bx
0x9f8c4: mov sp, word ptr [si + 0x41d]
0x9f8c8: sti
0x9f8c9: mov ds, cx
2018-12-25T11:49:47.619991255Z 48 PC: 12a4c | Get DOS version
2018-12-25T11:49:47.621180185Z 53 PC: 12bf2 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:47.622394493Z 53 PC: 12bff | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:49:47.625186352Z 53 PC: 12c0c | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:49:47.626761387Z 53 PC: 12c19 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:49:47.628320785Z 37 PC: 12c2d | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:47.631150224Z 74 PC: 12af7 | Reallocate memory
2018-12-25T11:49:47.634000238Z 68 PC: 12f7d | I/O control for devices (Set for = 'pyright 1991 Borland Intl.')
2018-12-25T11:49:47.636172724Z 68 PC: 12f7d | I/O control for devices (See above)
2018-12-25T11:49:47.638435729Z 64 PC: 144ce | Write file or device (Write 39 bytes on handle 1)
2018-12-25T11:49:47.646445994Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.64945709Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.654388595Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.658945393Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.662308069Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.667007857Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.672709853Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.675432222Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.67989711Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.685656122Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.688563582Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.693044084Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.697899517Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.700691633Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.705499633Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.712621922Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.718201129Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.723467029Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.728798482Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.731358572Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.735588952Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.738724366Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.740580591Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.743317255Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.747333795Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.749806115Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.756091522Z 67 PC: 134fb | Get or set file attributes
2018-12-25T11:49:47.763938159Z 61 PC: 13e6f | Open file (Filename = 'setup.exe')
2018-12-25T11:49:47.768073629Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.770312846Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.772377841Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.77584028Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.779470378Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.781327297Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.787218744Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.791347757Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.79390886Z 64 PC: 144ce | Write file or device (See above)
2018-12-25T11:49:47.7992053Z 37 PC: 12c39 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:49:47.800433758Z 37 PC: 12c44 | Set interrupt vector (Interrupt = '4' AKA 'Auxiliary output')
2018-12-25T11:49:47.801869879Z 37 PC: 12c4f | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:49:47.803369302Z 37 PC: 12c5a | Set interrupt vector (Interrupt = '6' AKA 'Direct console I/O')
2018-12-25T11:49:47.804731776Z 62 PC: 13536 | Close file
2018-12-25T11:49:47.806766687Z 62 PC: 13536 | Close file (See above)
2018-12-25T11:49:47.808801003Z 62 PC: 13536 | Close file (See above)
2018-12-25T11:49:47.810584918Z 62 PC: 13536 | Close file (See above)
2018-12-25T11:49:47.81319074Z 62 PC: 13536 | Close file (See above)
2018-12-25T11:49:47.828348034Z 76 PC: 12be3 | Terminate with return code (Return code = '10')

{"DateBased":true,"Day":23,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3660,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:47.644976668Z 42 PC: 9f89d | Get date 0x9f89d: cmp dx, 0xb17
0x9f8a1: jne 0x9f8b0
0x9f8a3: mov ah, 9
0x9f8a5: mov dx, 0x436
0x9f8a8: add dx, si
0x9f8aa: int 0x21
0x9f8ac: mov ah, 8
0x9f8ae: int 0x21
0x9f8b0: cld
0x9f8b1: mov bx, es
0x9f8b3: mov cx, bx
0x9f8b5: add bx, 0x10
0x9f8b8: add word ptr [si + 0x419], bx
0x9f8bc: add bx, word ptr [si + 0x41b]
0x9f8c0: pop ax
0x9f8c1: cli
0x9f8c2: mov ss, bx
0x9f8c4: mov sp, word ptr [si + 0x41d]
0x9f8c8: sti
0x9f8c9: mov ds, cx
2018-12-25T11:49:47.6475895Z 9 PC: 9f8ac | Display string (Could not find end pointer)
2018-12-25T11:49:47.653003035Z 8 PC: 9f8b0 | Console input without echo