Sample viewer

vx.netlux.org/Virus.DOS.Fgt.651.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:24:33.163518364Z 42 PC: 12c97 | Get date 0x12c97: cmp cx, 0x7c8
0x12c9b: jb 0x12cb5
0x12c9d: xor ah, ah
0x12c9f: int 0x1a
0x12ca1: and dx, 7
0x12ca4: cmp dx, 3
0x12ca7: jne 0x12cb5
0x12ca9: mov al, 0xe
0x12cab: out 0x70, al
0x12cad: jmp 0x12caf
0x12caf: jmp 0x12cb1
0x12cb1: mov al, 0xff
0x12cb3: out 0x71, al
0x12cb5: ret
0x12cb6: push ds
0x12cb7: push word ptr cs:[0x389]
0x12cbc: pop ds
0x12cbd: mov byte ptr [0x91], al
0x12cc0: mov byte ptr [0x92], 1
0x12cc5: pop ds
2018-12-17T22:24:33.166022394Z 47 PC: 12a67 | Get disk transfer address
2018-12-17T22:24:33.167877409Z 26 PC: 12a77 | Set disk transfer address
2018-12-17T22:24:33.169273705Z 37 PC: 12a82 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:24:33.170819287Z 78 PC: 12b8c | Find first file
2018-12-17T22:24:33.17685198Z 61 PC: 12bba | Open file (Filename = '')
2018-12-17T22:24:33.181428944Z 63 PC: 12bc8 | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:24:33.186980693Z 62 PC: 12bcd | Close file
2018-12-17T22:24:33.193882538Z 67 PC: 12c03 | Get or set file attributes
2018-12-17T22:24:33.208380986Z 61 PC: 12c0d | Open file (Filename = '')
2018-12-17T22:24:33.216307967Z 63 PC: 12c1b | Read file or device (Read 651 bytes on handle 5)
2018-12-17T22:24:33.221099054Z 66 PC: 12c27 | Move file pointer
2018-12-17T22:24:33.227747213Z 64 PC: 12c36 | Write file or device (Write 651 bytes on handle 5)
2018-12-17T22:24:33.233605965Z 66 PC: 12c42 | Move file pointer
2018-12-17T22:24:33.241665442Z 64 PC: 12c4c | Write file or device (Write 407 bytes on handle 5)
2018-12-17T22:24:33.253950153Z 87 PC: 12c59 | Get or set file date and time
2018-12-17T22:24:33.255602871Z 62 PC: 12c5d | Close file
2018-12-17T22:24:33.262175645Z 67 PC: 12c6b | Get or set file attributes
2018-12-17T22:24:33.270176626Z 78 PC: 12b8c | Find first file
2018-12-17T22:24:33.276637871Z 61 PC: 12bba | Open file (Filename = '')
2018-12-17T22:24:33.281838696Z 63 PC: 12bc8 | Read file or device (Read 10 bytes on handle 5)
2018-12-17T22:24:33.286475457Z 62 PC: 12bcd | Close file
2018-12-17T22:24:33.288253841Z 67 PC: 12c03 | Get or set file attributes
2018-12-17T22:24:33.63280264Z 61 PC: 12c0d | Open file (Filename = '')
2018-12-17T22:24:33.639699816Z 63 PC: 12c1b | Read file or device (Read 651 bytes on handle 5)
2018-12-17T22:24:33.643348217Z 66 PC: 12c27 | Move file pointer
2018-12-17T22:24:33.645385634Z 64 PC: 12c36 | Write file or device (Write 651 bytes on handle 5)
2018-12-17T22:24:33.657246326Z 66 PC: 12c42 | Move file pointer
2018-12-17T22:24:33.68218242Z 64 PC: 12c4c | Write file or device (Write 413 bytes on handle 5)
2018-12-17T22:24:33.689648358Z 87 PC: 12c59 | Get or set file date and time
2018-12-17T22:24:33.69186685Z 62 PC: 12c5d | Close file
2018-12-17T22:24:33.702246236Z 67 PC: 12c6b | Get or set file attributes
2018-12-17T22:24:33.717514357Z 26 PC: 12b24 | Set disk transfer address
2018-12-17T22:24:33.718943971Z 37 PC: 12b2e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4316,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:24.340832041Z 42 PC: 12c97 | Get date 0x12c97: cmp cx, 0x7c8
0x12c9b: jb 0x12cb5
0x12c9d: xor ah, ah
0x12c9f: int 0x1a
0x12ca1: and dx, 7
0x12ca4: cmp dx, 3
0x12ca7: jne 0x12cb5
0x12ca9: mov al, 0xe
0x12cab: out 0x70, al
0x12cad: jmp 0x12caf
0x12caf: jmp 0x12cb1
0x12cb1: mov al, 0xff
0x12cb3: out 0x71, al
0x12cb5: ret
0x12cb6: push ds
0x12cb7: push word ptr cs:[0x389]
0x12cbc: pop ds
0x12cbd: mov byte ptr [0x91], al
0x12cc0: mov byte ptr [0x92], 1
0x12cc5: pop ds
2018-12-25T11:51:24.348627704Z 47 PC: 12a67 | Get disk transfer address
2018-12-25T11:51:24.349591009Z 26 PC: 12a77 | Set disk transfer address
2018-12-25T11:51:24.352198873Z 37 PC: 12a82 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:24.359004615Z 78 PC: 12b8c | Find first file
2018-12-25T11:51:24.363783307Z 61 PC: 12bba | Open file (Filename = '')
2018-12-25T11:51:24.370081253Z 63 PC: 12bc8 | Read file or device (Read 10 bytes on handle 5)
2018-12-25T11:51:24.375217848Z 62 PC: 12bcd | Close file
2018-12-25T11:51:24.386058519Z 67 PC: 12c03 | Get or set file attributes
2018-12-25T11:51:25.066384592Z 61 PC: 12c0d | Open file (Filename = '')
2018-12-25T11:51:25.072783428Z 63 PC: 12c1b | Read file or device (Read 651 bytes on handle 5)
2018-12-25T11:51:25.128199335Z 66 PC: 12c27 | Move file pointer
2018-12-25T11:51:25.129305755Z 64 PC: 12c36 | Write file or device (Write 651 bytes on handle 5)
2018-12-25T11:51:25.157597324Z 66 PC: 12c42 | Move file pointer
2018-12-25T11:51:25.159324226Z 64 PC: 12c4c | Write file or device (Write 407 bytes on handle 5)
2018-12-25T11:51:25.192681929Z 87 PC: 12c59 | Get or set file date and time
2018-12-25T11:51:25.194013072Z 62 PC: 12c5d | Close file
2018-12-25T11:51:25.224105238Z 67 PC: 12c6b | Get or set file attributes
2018-12-25T11:51:25.261727601Z 78 PC: 12b8c | Find first file (See above)
2018-12-25T11:51:25.270372831Z 61 PC: 12bba | Open file (See above)
2018-12-25T11:51:25.27826865Z 63 PC: 12bc8 | Read file or device (See above)
2018-12-25T11:51:25.283621945Z 62 PC: 12bcd | Close file (See above)
2018-12-25T11:51:25.285274918Z 67 PC: 12c03 | Get or set file attributes (See above)
2018-12-25T11:51:27.013075444Z 61 PC: 12c0d | Open file (See above)
2018-12-25T11:51:27.019991705Z 63 PC: 12c1b | Read file or device (See above)
2018-12-25T11:51:27.022807149Z 66 PC: 12c27 | Move file pointer (See above)
2018-12-25T11:51:27.024453743Z 64 PC: 12c36 | Write file or device (See above)
2018-12-25T11:51:27.032074469Z 66 PC: 12c42 | Move file pointer (See above)
2018-12-25T11:51:27.033540362Z 64 PC: 12c4c | Write file or device (See above)
2018-12-25T11:51:27.040912585Z 87 PC: 12c59 | Get or set file date and time (See above)
2018-12-25T11:51:27.042746118Z 62 PC: 12c5d | Close file (See above)
2018-12-25T11:51:27.049408666Z 67 PC: 12c6b | Get or set file attributes (See above)
2018-12-25T11:51:27.060064096Z 26 PC: 12b24 | Set disk transfer address
2018-12-25T11:51:27.061536166Z 37 PC: 12b2e | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4316,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:24.685002051Z 26 PC: 12eb4 | Set disk transfer address
2018-12-25T11:51:24.701084827Z 78 PC: 12ebe | Find first file
2018-12-25T11:51:24.70699892Z 61 PC: 12f1f | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:24.713131829Z 63 PC: 12f35 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:24.722371371Z 66 PC: 12f65 | Move file pointer
2018-12-25T11:51:24.723650421Z 64 PC: 12f71 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:24.726167726Z 66 PC: 12f81 | Move file pointer
2018-12-25T11:51:24.72889725Z 64 PC: 12f8d | Write file or device (Write 623 bytes on handle 5)
2018-12-25T11:51:25.935019684Z 87 PC: 12f9a | Get or set file date and time
2018-12-25T11:51:25.936618002Z 62 PC: 12f9e | Close file
2018-12-25T11:51:26.284230714Z 79 PC: 12ec7 | Find next file
2018-12-25T11:51:26.287023269Z 61 PC: 12f1f | Open file (See above)
2018-12-25T11:51:26.29340383Z 63 PC: 12f35 | Read file or device (See above)
2018-12-25T11:51:26.29972054Z 66 PC: 12f65 | Move file pointer (See above)
2018-12-25T11:51:26.3017247Z 64 PC: 12f71 | Write file or device (See above)
2018-12-25T11:51:26.304478706Z 66 PC: 12f81 | Move file pointer (See above)
2018-12-25T11:51:26.305830617Z 64 PC: 12f8d | Write file or device (See above)
2018-12-25T11:51:26.663860006Z 87 PC: 12f9a | Get or set file date and time (See above)
2018-12-25T11:51:26.665828353Z 62 PC: 12f9e | Close file (See above)
2018-12-25T11:51:26.803843993Z 79 PC: 12ec7 | Find next file (See above)
2018-12-25T11:51:26.807792983Z 61 PC: 12f1f | Open file (See above)
2018-12-25T11:51:26.814272401Z 63 PC: 12f35 | Read file or device (See above)
2018-12-25T11:51:26.820553986Z 66 PC: 12f65 | Move file pointer (See above)
2018-12-25T11:51:26.823600773Z 64 PC: 12f71 | Write file or device (See above)
2018-12-25T11:51:26.826082242Z 66 PC: 12f81 | Move file pointer (See above)
2018-12-25T11:51:26.827325173Z 64 PC: 12f8d | Write file or device (See above)
2018-12-25T11:51:26.854484981Z 87 PC: 12f9a | Get or set file date and time (See above)
2018-12-25T11:51:26.856257827Z 62 PC: 12f9e | Close file (See above)
2018-12-25T11:51:26.889576723Z 79 PC: 12ec7 | Find next file (See above)
2018-12-25T11:51:26.892282873Z 61 PC: 12f1f | Open file (See above)
2018-12-25T11:51:26.898851278Z 63 PC: 12f35 | Read file or device (See above)
2018-12-25T11:51:26.905216885Z 66 PC: 12f65 | Move file pointer (See above)
2018-12-25T11:51:26.906645889Z 64 PC: 12f71 | Write file or device (See above)
2018-12-25T11:51:26.90991601Z 66 PC: 12f81 | Move file pointer (See above)
2018-12-25T11:51:26.911326795Z 64 PC: 12f8d | Write file or device (See above)
2018-12-25T11:51:26.930459028Z 87 PC: 12f9a | Get or set file date and time (See above)
2018-12-25T11:51:26.934209471Z 62 PC: 12f9e | Close file (See above)
2018-12-25T11:51:26.994122299Z 79 PC: 12ec7 | Find next file (See above)
2018-12-25T11:51:26.996757195Z 61 PC: 12f1f | Open file (See above)
2018-12-25T11:51:27.003868437Z 63 PC: 12f35 | Read file or device (See above)
2018-12-25T11:51:27.010087999Z 66 PC: 12f65 | Move file pointer (See above)
2018-12-25T11:51:27.011342539Z 64 PC: 12f71 | Write file or device (See above)
2018-12-25T11:51:27.026182055Z 66 PC: 12f81 | Move file pointer (See above)
2018-12-25T11:51:27.027854003Z 64 PC: 12f8d | Write file or device (See above)
2018-12-25T11:51:27.03648432Z 87 PC: 12f9a | Get or set file date and time (See above)
2018-12-25T11:51:27.039127481Z 62 PC: 12f9e | Close file (See above)
2018-12-25T11:51:27.047742391Z 79 PC: 12ec7 | Find next file (See above)
2018-12-25T11:51:27.051943795Z 61 PC: 12f1f | Open file (See above)
2018-12-25T11:51:27.059706583Z 63 PC: 12f35 | Read file or device (See above)
2018-12-25T11:51:27.065083754Z 66 PC: 12f65 | Move file pointer (See above)
2018-12-25T11:51:27.066715156Z 64 PC: 12f71 | Write file or device (See above)
2018-12-25T11:51:27.07058833Z 66 PC: 12f81 | Move file pointer (See above)
2018-12-25T11:51:27.072804202Z 64 PC: 12f8d | Write file or device (See above)
2018-12-25T11:51:27.08093711Z 87 PC: 12f9a | Get or set file date and time (See above)
2018-12-25T11:51:27.082579551Z 62 PC: 12f9e | Close file (See above)
2018-12-25T11:51:27.106179368Z 79 PC: 12ec7 | Find next file (See above)
2018-12-25T11:51:27.10931211Z 61 PC: 12f1f | Open file (See above)
2018-12-25T11:51:27.117157046Z 63 PC: 12f35 | Read file or device (See above)
2018-12-25T11:51:27.12445066Z 66 PC: 12f65 | Move file pointer (See above)
2018-12-25T11:51:27.125965308Z 64 PC: 12f71 | Write file or device (See above)
2018-12-25T11:51:27.128980923Z 66 PC: 12f81 | Move file pointer (See above)
2018-12-25T11:51:27.130539489Z 64 PC: 12f8d | Write file or device (See above)
2018-12-25T11:51:27.138401642Z 87 PC: 12f9a | Get or set file date and time (See above)
2018-12-25T11:51:27.140131512Z 62 PC: 12f9e | Close file (See above)
2018-12-25T11:51:27.148819174Z 79 PC: 12ec7 | Find next file (See above)
2018-12-25T11:51:27.151329748Z 61 PC: 12f1f | Open file (See above)
2018-12-25T11:51:27.156479568Z 63 PC: 12f35 | Read file or device (See above)
2018-12-25T11:51:27.160435421Z 62 PC: 12f9e | Close file (See above)
2018-12-25T11:51:27.16242207Z 79 PC: 12ec7 | Find next file (See above)
2018-12-25T11:51:27.165062097Z 26 PC: 12ed5 | Set disk transfer address
2018-12-25T11:51:27.167118101Z 42 PC: 12fc4 | Get date 0x12fc4: cmp dl, 0xd
0x12fc7: jne 0x13006
0x12fc9: cmp al, 5
0x12fcb: jne 0x13006
0x12fcd: xor ax, ax
0x12fcf: mov cx, 0x7fff
0x12fd2: xor di, di
0x12fd4: mov es, word ptr es:[0x2c]
0x12fd9: cld
0x12fda: repne scasd eax, dword ptr es:[di]
0x12fdc: jne 0x13006
0x12fde: add di, 2
0x12fe1: push ds
0x12fe2: push es
0x12fe3: pop ds
0x12fe4: mov ax, 0x4300
0x12fe7: mov dx, di
0x12fe9: int 0x21
0x12feb: jb 0x13005
0x12fed: test cl, 1
2018-12-25T11:51:27.170048122Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')