Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.510

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:23.577478546Z	53	PC: 152ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:23.581042106Z	37	PC: 152de \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:23.588503118Z	26	PC: 1518b \| Set disk transfer address
2018-12-17T22:25:23.590041726Z	78	PC: 1519f \| Find first file
2018-12-17T22:25:23.59806697Z	61	PC: 151ac \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:25:23.60492377Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.606746009Z	62	PC: 151d3 \| Close file
2018-12-17T22:25:23.616778765Z	79	PC: 1519f \| Find next file
2018-12-17T22:25:23.620009974Z	61	PC: 151ac \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:25:23.640008352Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.641663324Z	62	PC: 151d3 \| Close file
2018-12-17T22:25:23.644358576Z	79	PC: 1519f \| Find next file
2018-12-17T22:25:23.64715695Z	61	PC: 151ac \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:25:23.654510502Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.657229398Z	62	PC: 151d3 \| Close file
2018-12-17T22:25:23.659231101Z	79	PC: 1519f \| Find next file
2018-12-17T22:25:23.662000992Z	61	PC: 151ac \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:25:23.682519103Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.684255053Z	62	PC: 151d3 \| Close file
2018-12-17T22:25:23.686288619Z	79	PC: 1519f \| Find next file
2018-12-17T22:25:23.690681278Z	61	PC: 151ac \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:25:23.709755681Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.711265493Z	62	PC: 151d3 \| Close file
2018-12-17T22:25:23.714596938Z	79	PC: 1519f \| Find next file
2018-12-17T22:25:23.717303668Z	61	PC: 151ac \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:25:23.723918541Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.726223895Z	62	PC: 151d3 \| Close file
2018-12-17T22:25:23.728069659Z	79	PC: 1519f \| Find next file
2018-12-17T22:25:23.730466531Z	61	PC: 151ac \| Open file (Filename = 'PAH.COM')
2018-12-17T22:25:23.737451204Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.738915872Z	62	PC: 151d3 \| Close file
2018-12-17T22:25:23.740630872Z	79	PC: 1519f \| Find next file
2018-12-17T22:25:23.744462266Z	61	PC: 151ac \| Open file (Filename = 'TEST.COM')
2018-12-17T22:25:23.750935151Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.752621236Z	87	PC: 151c3 \| Get or set file date and time
2018-12-17T22:25:23.754509285Z	44	PC: 151e3 \| Get time 0x151e3: or dx, dx 0x151e5: je 0x151df 0x151e7: mov word ptr ds:[bp + 0x301], dx 0x151ec: mov ax, 0x4200 0x151ef: call 0x15281 0x151f2: mov ah, 0x3f 0x151f4: lea dx, word ptr [bp + 0x241] 0x151f8: mov cx, 3 0x151fb: int 0x21 0x151fd: cmp byte ptr ds:[bp + 0x241], 0x4d 0x15203: je 0x151cf 0x15205: cmp byte ptr ds:[bp + 0x241], 0x5a 0x1520b: je 0x151cf 0x1520d: mov ax, 0x4202 0x15210: call 0x15281 0x15213: sub ax, 3 0x15216: mov word ptr cs:[bp + 0x23f], ax 0x1521b: lea si, word ptr [bp + 0x106] 0x1521f: mov di, 0xfb90 0x15222: mov cx, 0x1fe
2018-12-17T22:25:23.757304916Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.758933002Z	63	PC: 151fd \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:25:23.766143021Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.78289019Z	64	PC: 15238 \| Write file or device (Write 510 bytes on handle 5)
2018-12-17T22:25:23.798159161Z	66	PC: 15287 \| Move file pointer
2018-12-17T22:25:23.800484687Z	64	PC: 15249 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:25:23.804316976Z	87	PC: 15250 \| Get or set file date and time
2018-12-17T22:25:23.806386365Z	62	PC: 15254 \| Close file
2018-12-17T22:25:23.814942913Z	42	PC: 15258 \| Get date 0x15258: cmp dh, dl 0x1525a: jne 0x1526f 0x1525c: mov ah, 0x2c 0x1525e: int 0x21 0x15260: and dh, 7 0x15263: jne 0x1526f 0x15265: mov ah, 9 0x15267: lea dx, word ptr [bp + 0x2ac] 0x1526b: int 0x21 0x1526d: cli 0x1526e: hlt 0x1526f: mov ah, 0x1a 0x15271: mov dx, 0x80 0x15274: int 0x21 0x15276: call 0x152e2 0x15279: call 0x1529a 0x1527c: mov ax, 0x100 0x1527f: push ax 0x15280: ret 0x15281: xor cx, cx
2018-12-17T22:25:23.818223289Z	26	PC: 15276 \| Set disk transfer address
2018-12-17T22:25:23.81981332Z	37	PC: 152ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:25:23.82355586Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T22:25:23.826695828Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T22:25:23.840647649Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4490,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:53.52612209Z	53	PC: 152ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:53.529224977Z	37	PC: 152de \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:53.531604426Z	26	PC: 1518b \| Set disk transfer address
2018-12-25T11:51:53.534159899Z	78	PC: 1519f \| Find first file
2018-12-25T11:51:53.541346209Z	61	PC: 151ac \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:53.549330335Z	66	PC: 15287 \| Move file pointer
2018-12-25T11:51:53.551347573Z	62	PC: 151d3 \| Close file
2018-12-25T11:51:53.553865347Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.560563938Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.567908435Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.569593563Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.573388956Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.576825265Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.58468484Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.588024637Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.591416687Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.598701599Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.606101555Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.607994677Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.610029127Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.613010686Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.624431764Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.626373766Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.628982964Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.633055268Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.640550937Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.642914985Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.652941608Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.655915343Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.663530359Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.666527856Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.668593868Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.672108521Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.680171258Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.682533786Z	87	PC: 151c3 \| Get or set file date and time
2018-12-25T11:51:53.684722873Z	44	PC: 151e3 \| Get time 0x151e3: or dx, dx 0x151e5: je 0x151df 0x151e7: mov word ptr ds:[bp + 0x301], dx 0x151ec: mov ax, 0x4200 0x151ef: call 0x15281 0x151f2: mov ah, 0x3f 0x151f4: lea dx, word ptr [bp + 0x241] 0x151f8: mov cx, 3 0x151fb: int 0x21 0x151fd: cmp byte ptr ds:[bp + 0x241], 0x4d 0x15203: je 0x151cf 0x15205: cmp byte ptr ds:[bp + 0x241], 0x5a 0x1520b: je 0x151cf 0x1520d: mov ax, 0x4202 0x15210: call 0x15281 0x15213: sub ax, 3 0x15216: mov word ptr cs:[bp + 0x23f], ax 0x1521b: lea si, word ptr [bp + 0x106] 0x1521f: mov di, 0xfb90 0x15222: mov cx, 0x1fe
2018-12-25T11:51:53.687676725Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.690343962Z	63	PC: 151fd \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:53.693373806Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.69497257Z	64	PC: 15238 \| Write file or device (Write 510 bytes on handle 5)
2018-12-25T11:51:54.620109922Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:54.621878109Z	64	PC: 15249 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:54.624947815Z	87	PC: 15250 \| Get or set file date and time
2018-12-25T11:51:54.627801006Z	62	PC: 15254 \| Close file
2018-12-25T11:51:54.636254512Z	42	PC: 15258 \| Get date 0x15258: cmp dh, dl 0x1525a: jne 0x1526f 0x1525c: mov ah, 0x2c 0x1525e: int 0x21 0x15260: and dh, 7 0x15263: jne 0x1526f 0x15265: mov ah, 9 0x15267: lea dx, word ptr [bp + 0x2ac] 0x1526b: int 0x21 0x1526d: cli 0x1526e: hlt 0x1526f: mov ah, 0x1a 0x15271: mov dx, 0x80 0x15274: int 0x21 0x15276: call 0x152e2 0x15279: call 0x1529a 0x1527c: mov ax, 0x100 0x1527f: push ax 0x15280: ret 0x15281: xor cx, cx
2018-12-25T11:51:54.638595998Z	44	PC: 15260 \| Get time 0x15260: and dh, 7 0x15263: jne 0x1526f 0x15265: mov ah, 9 0x15267: lea dx, word ptr [bp + 0x2ac] 0x1526b: int 0x21 0x1526d: cli 0x1526e: hlt 0x1526f: mov ah, 0x1a 0x15271: mov dx, 0x80 0x15274: int 0x21 0x15276: call 0x152e2 0x15279: call 0x1529a 0x1527c: mov ax, 0x100 0x1527f: push ax 0x15280: ret 0x15281: xor cx, cx 0x15283: xor dx, dx 0x15285: int 0x21 0x15287: ret 0x15288: jmp 0x17b96
2018-12-25T11:51:54.641514904Z	26	PC: 15276 \| Set disk transfer address
2018-12-25T11:51:54.642615249Z	37	PC: 152ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:54.645996004Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T11:51:54.648673657Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T11:51:54.660537562Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4490,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:53.658075484Z	53	PC: 152ca \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:53.666514544Z	37	PC: 152de \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:53.667975448Z	26	PC: 1518b \| Set disk transfer address
2018-12-25T11:51:53.668952087Z	78	PC: 1519f \| Find first file
2018-12-25T11:51:53.675313825Z	61	PC: 151ac \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:51:53.679954015Z	66	PC: 15287 \| Move file pointer
2018-12-25T11:51:53.681100151Z	62	PC: 151d3 \| Close file
2018-12-25T11:51:53.684150488Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.686728411Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.693040451Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.696329393Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.698220232Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.701186513Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.708659946Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.709934274Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.711595548Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.722575539Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.73465829Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.73619372Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.738020841Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.741356442Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.74730673Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.748503136Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.750314368Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.752555852Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.759138103Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.760709202Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.76218515Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.764570037Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.77079337Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.772175638Z	62	PC: 151d3 \| Close file (See above)
2018-12-25T11:51:53.773871972Z	79	PC: 1519f \| Find next file (See above)
2018-12-25T11:51:53.776734153Z	61	PC: 151ac \| Open file (See above)
2018-12-25T11:51:53.783039036Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.78465379Z	87	PC: 151c3 \| Get or set file date and time
2018-12-25T11:51:53.786243205Z	44	PC: 151e3 \| Get time 0x151e3: or dx, dx 0x151e5: je 0x151df 0x151e7: mov word ptr ds:[bp + 0x301], dx 0x151ec: mov ax, 0x4200 0x151ef: call 0x15281 0x151f2: mov ah, 0x3f 0x151f4: lea dx, word ptr [bp + 0x241] 0x151f8: mov cx, 3 0x151fb: int 0x21 0x151fd: cmp byte ptr ds:[bp + 0x241], 0x4d 0x15203: je 0x151cf 0x15205: cmp byte ptr ds:[bp + 0x241], 0x5a 0x1520b: je 0x151cf 0x1520d: mov ax, 0x4202 0x15210: call 0x15281 0x15213: sub ax, 3 0x15216: mov word ptr cs:[bp + 0x23f], ax 0x1521b: lea si, word ptr [bp + 0x106] 0x1521f: mov di, 0xfb90 0x15222: mov cx, 0x1fe
2018-12-25T11:51:53.788084853Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.789708508Z	63	PC: 151fd \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T11:51:53.796008538Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:53.797967152Z	64	PC: 15238 \| Write file or device (Write 510 bytes on handle 5)
2018-12-25T11:51:54.096375512Z	66	PC: 15287 \| Move file pointer (See above)
2018-12-25T11:51:54.098319228Z	64	PC: 15249 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:51:54.102959302Z	87	PC: 15250 \| Get or set file date and time
2018-12-25T11:51:54.10435692Z	62	PC: 15254 \| Close file
2018-12-25T11:51:54.112806218Z	42	PC: 15258 \| Get date 0x15258: cmp dh, dl 0x1525a: jne 0x1526f 0x1525c: mov ah, 0x2c 0x1525e: int 0x21 0x15260: and dh, 7 0x15263: jne 0x1526f 0x15265: mov ah, 9 0x15267: lea dx, word ptr [bp + 0x2ac] 0x1526b: int 0x21 0x1526d: cli 0x1526e: hlt 0x1526f: mov ah, 0x1a 0x15271: mov dx, 0x80 0x15274: int 0x21 0x15276: call 0x152e2 0x15279: call 0x1529a 0x1527c: mov ax, 0x100 0x1527f: push ax 0x15280: ret 0x15281: xor cx, cx
2018-12-25T11:51:54.115297978Z	26	PC: 15276 \| Set disk transfer address
2018-12-25T11:51:54.116870806Z	37	PC: 152ef \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:51:54.121014654Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T11:51:54.123319983Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T11:51:54.135731247Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')