Sample viewer

vx.netlux.org/Virus.DOS.Exterminator.451

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:28.982836588Z	78	PC: 12a4a \| Find first file
2018-12-17T23:15:28.987135457Z	61	PC: 12a56 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T23:15:28.991416161Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:28.995868064Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:30.946042468Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:30.950099659Z	61	PC: 12a56 \| Open file (Filename = 'PRINT.COM')
2018-12-17T23:15:30.962715048Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:30.970458676Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:30.997164675Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:30.999711383Z	61	PC: 12a56 \| Open file (Filename = 'HELLO.COM')
2018-12-17T23:15:31.005280815Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:31.012962742Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:31.125074306Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:31.127218985Z	61	PC: 12a56 \| Open file (Filename = 'PHANG.COM')
2018-12-17T23:15:31.134277114Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:31.139473316Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:31.282987714Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:31.290981125Z	61	PC: 12a56 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:15:31.299610472Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:31.307315847Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:31.863831453Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:31.867776507Z	61	PC: 12a56 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T23:15:31.876496164Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:31.882054983Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:32.182560211Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:32.186129029Z	61	PC: 12a56 \| Open file (Filename = 'PAH.COM')
2018-12-17T23:15:32.194396073Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:32.203832574Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:32.413420933Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:32.417188776Z	61	PC: 12a56 \| Open file (Filename = 'TEST.COM')
2018-12-17T23:15:32.427659153Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-17T23:15:32.432339553Z	62	PC: 12ab7 \| Close file
2018-12-17T23:15:32.46023927Z	79	PC: 12a66 \| Find next file
2018-12-17T23:15:32.470434029Z	42	PC: 12a70 \| Get date 0x12a70: cmp al, 1 0x12a72: je 0x12a77 0x12a74: jmp 0x12aa5 0x12a76: nop 0x12a77: mov byte ptr [0x17e], 0 0x12a7c: nop 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov al, byte ptr [0x17f] 0x12a83: mov cx, 0xa0 0x12a86: mov dx, 0 0x12a89: mov bx, 0 0x12a8c: int 0x26 0x12a8e: inc byte ptr [0x17e] 0x12a92: cmp byte ptr [0x17e], 0xa 0x12a97: je 0x12a9b 0x12a99: jne 0x12a80 0x12a9b: mov ah, 9 0x12a9d: mov dx, 0x260 0x12aa0: int 0x21
2018-12-17T23:15:32.473427643Z	9	PC: 12aa2 \| Display string (String= ' Exterminator Virus 1.0 (c) by Cracker Jack 1991 (IVRL) No panic...this is a Harmless Virus... ')
2018-12-17T23:15:32.484006306Z	76	PC: 12aa9 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4366,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:34.696803657Z	78	PC: 12a4a \| Find first file
2018-12-25T11:51:34.705327521Z	61	PC: 12a56 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:34.712659867Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-25T11:51:34.720273985Z	62	PC: 12ab7 \| Close file
2018-12-25T11:51:34.74346945Z	79	PC: 12a66 \| Find next file
2018-12-25T11:51:34.747282859Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.754973075Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.763104855Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.773040629Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.77641661Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.785468348Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.801996111Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.811024312Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.813978564Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.822039796Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.831555295Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.840668732Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.844521633Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.852636311Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.86005373Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.869390119Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.87357685Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.88156525Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.88885124Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.897976804Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.900961679Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.908368378Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.917151897Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.926217237Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.929541857Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.937803124Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.941280081Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.95477226Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.958350327Z	42	PC: 12a70 \| Get date 0x12a70: cmp al, 1 0x12a72: je 0x12a77 0x12a74: jmp 0x12aa5 0x12a76: nop 0x12a77: mov byte ptr [0x17e], 0 0x12a7c: nop 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov al, byte ptr [0x17f] 0x12a83: mov cx, 0xa0 0x12a86: mov dx, 0 0x12a89: mov bx, 0 0x12a8c: int 0x26 0x12a8e: inc byte ptr [0x17e] 0x12a92: cmp byte ptr [0x17e], 0xa 0x12a97: je 0x12a9b 0x12a99: jne 0x12a80 0x12a9b: mov ah, 9 0x12a9d: mov dx, 0x260 0x12aa0: int 0x21
2018-12-25T11:51:34.961324896Z	76	PC: 12aa9 \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4366,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:34.83063476Z	78	PC: 12a4a \| Find first file
2018-12-25T11:51:34.838124865Z	61	PC: 12a56 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:34.848559223Z	64	PC: 12ab3 \| Write file or device (Write 451 bytes on handle 5)
2018-12-25T11:51:34.855835517Z	62	PC: 12ab7 \| Close file
2018-12-25T11:51:34.869960097Z	79	PC: 12a66 \| Find next file
2018-12-25T11:51:34.874059474Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.881463119Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.889420462Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.901018031Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.904385469Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.91217265Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.921306825Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.930106846Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.933024968Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.941211064Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.949227382Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.957987503Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.962104628Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.969800629Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:34.978167033Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:34.986583988Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:34.990324254Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:34.997717791Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:35.005554919Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:35.014883245Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:35.017833476Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:35.025049445Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:35.044402094Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:35.053367388Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:35.056940268Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:51:35.065505855Z	64	PC: 12ab3 \| Write file or device (See above)
2018-12-25T11:51:35.069056969Z	62	PC: 12ab7 \| Close file (See above)
2018-12-25T11:51:35.077803588Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:51:35.092206587Z	42	PC: 12a70 \| Get date 0x12a70: cmp al, 1 0x12a72: je 0x12a77 0x12a74: jmp 0x12aa5 0x12a76: nop 0x12a77: mov byte ptr [0x17e], 0 0x12a7c: nop 0x12a7d: jmp 0x12a80 0x12a7f: nop 0x12a80: mov al, byte ptr [0x17f] 0x12a83: mov cx, 0xa0 0x12a86: mov dx, 0 0x12a89: mov bx, 0 0x12a8c: int 0x26 0x12a8e: inc byte ptr [0x17e] 0x12a92: cmp byte ptr [0x17e], 0xa 0x12a97: je 0x12a9b 0x12a99: jne 0x12a80 0x12a9b: mov ah, 9 0x12a9d: mov dx, 0x260 0x12aa0: int 0x21
2018-12-25T11:51:35.095739191Z	9	PC: 12aa2 \| Display string (String= ' Exterminator Virus 1.0 (c) by Cracker Jack 1991 (IVRL) No panic...this is a Harmless Virus... ')
2018-12-25T11:51:35.106043445Z	76	PC: 12aa9 \| Terminate with return code (Return code = '36')