Sample viewer

vx.netlux.org/Virus.DOS.Party.557.b

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:55.117091507Z	71	PC: 12a76 \| Get current directory
2018-12-17T22:22:55.121386887Z	53	PC: 12bba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:22:55.122889157Z	53	PC: 12a88 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:22:55.124319367Z	37	PC: 12bca \| Set interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:22:55.125750959Z	26	PC: 12aa2 \| Set disk transfer address
2018-12-17T22:22:55.127359672Z	78	PC: 12bca \| Find first file
2018-12-17T22:22:55.155287438Z	61	PC: 12bca \| Open file (Filename = '')
2018-12-17T22:22:55.163919088Z	63	PC: 12bca \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:22:55.180529541Z	64	PC: 12bca \| Write file or device (Write 557 bytes on handle 5)
2018-12-17T22:22:55.198128862Z	64	PC: 12bca \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:22:55.205820322Z	62	PC: 12bca \| Close file
2018-12-17T22:22:55.216985334Z	59	PC: 12b19 \| Change current directory
2018-12-17T22:22:55.219839369Z	26	PC: 12b20 \| Set disk transfer address
2018-12-17T22:22:55.221578592Z	37	PC: 12bca \| Set interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:22:55.223651787Z	42	PC: 12b32 \| Get date 0x12b32: cmp dx, 0x701 0x12b36: jne 0x12b40 0x12b38: mov ah, 9 0x12b3a: lea dx, word ptr [si + 0x2e8] 0x12b3e: int 0x21 0x12b40: push 0x100 0x12b43: ret 0x12b44: mov ax, word ptr es:[di + 0x11] 0x12b48: mov word ptr es:[di + 0x15], ax 0x12b4c: sub ax, 3 0x12b4f: mov word ptr [si + 0x2e5], ax 0x12b53: mov ah, 0x40 0x12b55: mov cx, 0x22d 0x12b58: lea dx, word ptr [si + 0x104] 0x12b5c: call 0x12bc3 0x12b5f: mov word ptr es:[di + 0x15], 0 0x12b65: mov ah, 0x40 0x12b67: mov cx, 4 0x12b6a: lea dx, word ptr [si + 0x2e4] 0x12b6e: call 0x12bc3

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4020,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:49.251983374Z	71	PC: 12a76 \| Get current directory
2018-12-25T11:50:49.256141917Z	53	PC: 12bba \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:50:49.258160616Z	53	PC: 12a88 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-25T11:50:49.259348859Z	37	PC: 12bca \| Set interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-25T11:50:49.261135889Z	26	PC: 12aa2 \| Set disk transfer address
2018-12-25T11:50:49.26213896Z	78	PC: 12bca \| Find first file (See above)
2018-12-25T11:50:49.268234667Z	61	PC: 12bca \| Open file (See above)
2018-12-25T11:50:49.280748078Z	63	PC: 12bca \| Read file or device (See above)
2018-12-25T11:50:49.287727899Z	64	PC: 12bca \| Write file or device (See above)
2018-12-25T11:50:49.301100564Z	64	PC: 12bca \| Write file or device (See above)
2018-12-25T11:50:49.307511122Z	62	PC: 12bca \| Close file (See above)
2018-12-25T11:50:49.315628983Z	59	PC: 12b19 \| Change current directory
2018-12-25T11:50:49.317644193Z	26	PC: 12b20 \| Set disk transfer address
2018-12-25T11:50:49.318806296Z	37	PC: 12bca \| Set interrupt vector (See above)
2018-12-25T11:50:49.320730418Z	42	PC: 12b32 \| Get date 0x12b32: cmp dx, 0x701 0x12b36: jne 0x12b40 0x12b38: mov ah, 9 0x12b3a: lea dx, word ptr [si + 0x2e8] 0x12b3e: int 0x21 0x12b40: push 0x100 0x12b43: ret 0x12b44: mov ax, word ptr es:[di + 0x11] 0x12b48: mov word ptr es:[di + 0x15], ax 0x12b4c: sub ax, 3 0x12b4f: mov word ptr [si + 0x2e5], ax 0x12b53: mov ah, 0x40 0x12b55: mov cx, 0x22d 0x12b58: lea dx, word ptr [si + 0x104] 0x12b5c: call 0x12bc3 0x12b5f: mov word ptr es:[di + 0x15], 0 0x12b65: mov ah, 0x40 0x12b67: mov cx, 4 0x12b6a: lea dx, word ptr [si + 0x2e4] 0x12b6e: call 0x12bc3

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4020,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:49.188072496Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:50:49.194241591Z	41	PC: 94fae \| Parse filename
2018-12-25T11:50:49.203184614Z	41	PC: 9502f \| Parse filename
2018-12-25T11:50:49.206122202Z	41	PC: 9504c \| Parse filename
2018-12-25T11:50:49.210097756Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T11:50:49.212482975Z	71	PC: 986f3 \| Get current directory
2018-12-25T11:50:49.216046681Z	78	PC: 986fe \| Find first file
2018-12-25T11:50:49.226217732Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:50:49.235999184Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:50:49.24658849Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:50:49.252155887Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:50:49.253774626Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:50:49.254869245Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:50:49.255996582Z	62	PC: 122ab \| Close file
2018-12-25T11:50:49.260756984Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.262356428Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.26399636Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.265813173Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.269435436Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.271249415Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.278568545Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.280864281Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.283255677Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.285514568Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.293346348Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.2950105Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.296609708Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.298468007Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:50:49.300695266Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T11:50:49.302707233Z	56	PC: 94df9 \| Get or set country info
2018-12-25T11:50:49.306051297Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:49.31091152Z	25	PC: 94e62 \| Get default drive
2018-12-25T11:50:49.313031029Z	71	PC: 970dd \| Get current directory
2018-12-25T11:50:49.317798394Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:50:49.322336719Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T11:50:49.324852051Z	93	PC: 94f20 \| File sharing functions
2018-12-25T11:50:49.326798117Z	93	PC: 94f27 \| File sharing functions
2018-12-25T11:50:49.331931785Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T11:51:04.235415856Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:51:05.589594106Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:51:05.691756412Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:51:05.706351989Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T11:51:05.709781516Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T11:51:05.711172074Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T11:51:05.713093375Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T11:51:05.721326942Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:51:05.729685512Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:51:05.739029276Z	71	PC: 9856c \| Get current directory
2018-12-25T11:51:05.742655665Z	73	PC: 97c09 \| Release memory
2018-12-25T11:51:05.744208386Z	75	PC: 11821 \| Execute program
2018-12-25T11:51:05.758087081Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T11:51:05.762962771Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')