Sample viewer

vx.netlux.org/Virus.DOS.Chips.877

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:26:01.583124075Z	42	PC: 12a56 \| Get date 0x12a56: cmp cx, 0x7c9 0x12a5a: jb 0x12a65 0x12a5c: cmp dx, 0x20b 0x12a60: jb 0x12a65 0x12a62: jmp 0x12cd5 0x12a65: mov dx, 0x2a3 0x12a68: mov ah, 0x1a 0x12a6a: int 0x21 0x12a6c: mov cx, 0x11 0x12a6f: mov bx, 0x252 0x12a72: xor byte ptr [bx], 0x64 0x12a75: inc bx 0x12a76: loop 0x12a72 0x12a78: mov ah, 0x19 0x12a7a: int 0x21 0x12a7c: mov byte ptr [0x24d], al 0x12a7f: mov ah, 0x47 0x12a81: mov si, 0x263 0x12a84: mov byte ptr [si], 0 0x12a87: xor dl, dl
2018-12-17T22:26:01.585179725Z	25	PC: 12ce5 \| Get default drive
2018-12-17T22:26:01.596850655Z	9	PC: 12d5e \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4607,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:24.162313767Z	42	PC: 12a56 \| Get date 0x12a56: cmp cx, 0x7c9 0x12a5a: jb 0x12a65 0x12a5c: cmp dx, 0x20b 0x12a60: jb 0x12a65 0x12a62: jmp 0x12cd5 0x12a65: mov dx, 0x2a3 0x12a68: mov ah, 0x1a 0x12a6a: int 0x21 0x12a6c: mov cx, 0x11 0x12a6f: mov bx, 0x252 0x12a72: xor byte ptr [bx], 0x64 0x12a75: inc bx 0x12a76: loop 0x12a72 0x12a78: mov ah, 0x19 0x12a7a: int 0x21 0x12a7c: mov byte ptr [0x24d], al 0x12a7f: mov ah, 0x47 0x12a81: mov si, 0x263 0x12a84: mov byte ptr [si], 0 0x12a87: xor dl, dl
2018-12-25T11:52:24.165820219Z	26	PC: 12a6c \| Set disk transfer address
2018-12-25T11:52:24.16753058Z	25	PC: 12a7c \| Get default drive
2018-12-25T11:52:24.169132857Z	71	PC: 12a8b \| Get current directory
2018-12-25T11:52:24.17288745Z	78	PC: 12aa0 \| Find first file
2018-12-25T11:52:24.180202848Z	79	PC: 12aab \| Find next file
2018-12-25T11:52:24.183180453Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.186665066Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.189650253Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.192545321Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.19545282Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.199217881Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.203033727Z	61	PC: 12acc \| Open file (Filename = 'TEST.COM')
2018-12-25T11:52:24.210611256Z	63	PC: 12ade \| Read file or device (Read 2157 bytes on handle 5)
2018-12-25T11:52:24.230759094Z	62	PC: 12ae8 \| Close file
2018-12-25T11:52:24.23214141Z	60	PC: 12b02 \| Create or truncate file
2018-12-25T11:52:24.249179026Z	64	PC: 12b2e \| Write file or device (Write 3034 bytes on handle 5)
2018-12-25T11:52:24.259553691Z	87	PC: 12b39 \| Get or set file date and time
2018-12-25T11:52:24.261587244Z	87	PC: 12b40 \| Get or set file date and time
2018-12-25T11:52:24.263182982Z	62	PC: 12b44 \| Close file

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4607,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:24.141097574Z	42	PC: 12a56 \| Get date 0x12a56: cmp cx, 0x7c9 0x12a5a: jb 0x12a65 0x12a5c: cmp dx, 0x20b 0x12a60: jb 0x12a65 0x12a62: jmp 0x12cd5 0x12a65: mov dx, 0x2a3 0x12a68: mov ah, 0x1a 0x12a6a: int 0x21 0x12a6c: mov cx, 0x11 0x12a6f: mov bx, 0x252 0x12a72: xor byte ptr [bx], 0x64 0x12a75: inc bx 0x12a76: loop 0x12a72 0x12a78: mov ah, 0x19 0x12a7a: int 0x21 0x12a7c: mov byte ptr [0x24d], al 0x12a7f: mov ah, 0x47 0x12a81: mov si, 0x263 0x12a84: mov byte ptr [si], 0 0x12a87: xor dl, dl
2018-12-25T11:52:24.142770706Z	26	PC: 12a6c \| Set disk transfer address
2018-12-25T11:52:24.14387711Z	25	PC: 12a7c \| Get default drive
2018-12-25T11:52:24.145636827Z	71	PC: 12a8b \| Get current directory
2018-12-25T11:52:24.1487545Z	78	PC: 12aa0 \| Find first file
2018-12-25T11:52:24.155276982Z	79	PC: 12aab \| Find next file
2018-12-25T11:52:24.158538884Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.161447245Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.164269155Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.167460566Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.170279658Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.172951986Z	79	PC: 12aab \| Find next file (See above)
2018-12-25T11:52:24.176079997Z	61	PC: 12acc \| Open file (Filename = 'TEST.COM')
2018-12-25T11:52:24.189642772Z	63	PC: 12ade \| Read file or device (Read 2157 bytes on handle 5)
2018-12-25T11:52:24.197904217Z	62	PC: 12ae8 \| Close file
2018-12-25T11:52:24.200458886Z	60	PC: 12b02 \| Create or truncate file
2018-12-25T11:52:24.217098513Z	64	PC: 12b2e \| Write file or device (Write 3034 bytes on handle 5)
2018-12-25T11:52:24.227191853Z	87	PC: 12b39 \| Get or set file date and time
2018-12-25T11:52:24.229488484Z	87	PC: 12b40 \| Get or set file date and time
2018-12-25T11:52:24.23228442Z	62	PC: 12b44 \| Close file

{"DateBased":true,"Day":11,"Month":2,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4607,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:24.461509727Z	42	PC: 12a56 \| Get date 0x12a56: cmp cx, 0x7c9 0x12a5a: jb 0x12a65 0x12a5c: cmp dx, 0x20b 0x12a60: jb 0x12a65 0x12a62: jmp 0x12cd5 0x12a65: mov dx, 0x2a3 0x12a68: mov ah, 0x1a 0x12a6a: int 0x21 0x12a6c: mov cx, 0x11 0x12a6f: mov bx, 0x252 0x12a72: xor byte ptr [bx], 0x64 0x12a75: inc bx 0x12a76: loop 0x12a72 0x12a78: mov ah, 0x19 0x12a7a: int 0x21 0x12a7c: mov byte ptr [0x24d], al 0x12a7f: mov ah, 0x47 0x12a81: mov si, 0x263 0x12a84: mov byte ptr [si], 0 0x12a87: xor dl, dl
2018-12-25T11:52:24.464563441Z	25	PC: 12ce5 \| Get default drive
2018-12-25T11:52:24.479316871Z	9	PC: 12d5e \| Display string (Could not find end pointer)