Sample viewer

vx.netlux.org/Virus.DOS.Xav.KD.903

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:26:53.28110708Z 250 PC: 1651a | UNKNOWN!
2018-12-17T22:26:53.282825157Z 53 PC: 16523 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:26:53.284665742Z 37 PC: 16534 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:26:53.285945129Z 53 PC: 16539 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:26:53.287254134Z 37 PC: 1654a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:26:53.289663451Z 26 PC: 16554 | Set disk transfer address
2018-12-17T22:26:53.292006824Z 71 PC: 1655e | Get current directory
2018-12-17T22:26:53.295932593Z 78 PC: 165e5 | Find first file
2018-12-17T22:26:53.303187688Z 67 PC: 165f2 | Get or set file attributes
2018-12-17T22:26:53.309886445Z 67 PC: 165fe | Get or set file attributes
2018-12-17T22:26:53.328151484Z 61 PC: 16603 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:26:53.341232254Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:53.348225344Z 66 PC: 1662f | Move file pointer
2018-12-17T22:26:53.35232747Z 62 PC: 16707 | Close file
2018-12-17T22:26:53.355544438Z 67 PC: 16714 | Get or set file attributes
2018-12-17T22:26:53.366886576Z 79 PC: 16718 | Find next file
2018-12-17T22:26:53.370367113Z 67 PC: 165f2 | Get or set file attributes
2018-12-17T22:26:53.377778962Z 67 PC: 165fe | Get or set file attributes
2018-12-17T22:26:53.388781546Z 61 PC: 16603 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:26:53.395860209Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:53.403478847Z 66 PC: 1662f | Move file pointer
2018-12-17T22:26:53.405719129Z 62 PC: 16707 | Close file
2018-12-17T22:26:53.408237044Z 67 PC: 16714 | Get or set file attributes
2018-12-17T22:26:53.419826487Z 79 PC: 16718 | Find next file
2018-12-17T22:26:53.423894489Z 67 PC: 165f2 | Get or set file attributes
2018-12-17T22:26:53.429994064Z 67 PC: 165fe | Get or set file attributes
2018-12-17T22:26:53.44028918Z 61 PC: 16603 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:26:53.448608823Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:53.455439433Z 66 PC: 1662f | Move file pointer
2018-12-17T22:26:53.457010767Z 62 PC: 16707 | Close file
2018-12-17T22:26:53.460055374Z 67 PC: 16714 | Get or set file attributes
2018-12-17T22:26:53.471236183Z 79 PC: 16718 | Find next file
2018-12-17T22:26:53.474644828Z 67 PC: 165f2 | Get or set file attributes
2018-12-17T22:26:53.487937604Z 67 PC: 165fe | Get or set file attributes
2018-12-17T22:26:53.499080234Z 61 PC: 16603 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:26:53.50504286Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:53.50962696Z 66 PC: 1662f | Move file pointer
2018-12-17T22:26:53.511327797Z 62 PC: 16707 | Close file
2018-12-17T22:26:53.512961276Z 67 PC: 16714 | Get or set file attributes
2018-12-17T22:26:53.519853339Z 79 PC: 16718 | Find next file
2018-12-17T22:26:53.522611863Z 67 PC: 165f2 | Get or set file attributes
2018-12-17T22:26:53.526685152Z 67 PC: 165fe | Get or set file attributes
2018-12-17T22:26:53.534891079Z 61 PC: 16603 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:26:53.546404665Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:53.552665162Z 66 PC: 1662f | Move file pointer
2018-12-17T22:26:53.553804448Z 62 PC: 16707 | Close file
2018-12-17T22:26:53.555901888Z 67 PC: 16714 | Get or set file attributes
2018-12-17T22:26:53.562495275Z 79 PC: 16718 | Find next file
2018-12-17T22:26:53.564485055Z 67 PC: 165f2 | Get or set file attributes
2018-12-17T22:26:53.569113396Z 67 PC: 165fe | Get or set file attributes
2018-12-17T22:26:53.575820671Z 61 PC: 16603 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:26:53.582972968Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:53.590320574Z 66 PC: 1662f | Move file pointer
2018-12-17T22:26:53.591807619Z 62 PC: 16707 | Close file
2018-12-17T22:26:53.593655755Z 67 PC: 16714 | Get or set file attributes
2018-12-17T22:26:53.607715225Z 79 PC: 16718 | Find next file
2018-12-17T22:26:53.610956128Z 67 PC: 165f2 | Get or set file attributes
2018-12-17T22:26:53.623236468Z 67 PC: 165fe | Get or set file attributes
2018-12-17T22:26:53.634196963Z 61 PC: 16603 | Open file (Filename = 'PAH.COM')
2018-12-17T22:26:53.642705503Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:26:53.650086289Z 66 PC: 1662f | Move file pointer
2018-12-17T22:26:53.652196929Z 62 PC: 16707 | Close file
2018-12-17T22:26:53.656023794Z 67 PC: 16714 | Get or set file attributes
2018-12-17T22:26:53.667770694Z 79 PC: 16718 | Find next file
2018-12-17T22:26:53.671063586Z 59 PC: 16568 | Change current directory
2018-12-17T22:26:53.676559889Z 42 PC: 1656e | Get date 0x1656e: cmp al, 1
0x16570: jne 0x16592
0x16572: mov ax, 0x3505
0x16575: int 0x21
0x16577: mov ax, es
0x16579: mov ds, ax
0x1657b: mov dx, bx
0x1657d: mov ax, 0x2513
0x16580: int 0x21
0x16582: push cs
0x16583: push cs
0x16584: pop ds
0x16585: pop es
0x16586: mov ah, 9
0x16588: lea dx, word ptr [bp + 0x366]
0x1658c: int 0x21
0x1658e: xor ax, ax
0x16590: int 0x16
0x16592: mov ax, 0xfa02
0x16595: mov dx, 0x5945
2018-12-17T22:26:53.679224286Z 53 PC: 16577 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:26:53.681286263Z 37 PC: 16582 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:26:53.683991767Z 9 PC: 1658e | Display string (String= 'Virus King Diamond! by Xavirus Hacker (AJVM!)')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4766,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:48.694078434Z 250 PC: 1651a | UNKNOWN!
2018-12-25T11:52:48.704577529Z 53 PC: 16523 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:52:48.706296917Z 37 PC: 16534 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:52:48.708013814Z 53 PC: 16539 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:48.71045512Z 37 PC: 1654a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:48.712918383Z 26 PC: 16554 | Set disk transfer address
2018-12-25T11:52:48.714531659Z 71 PC: 1655e | Get current directory
2018-12-25T11:52:48.719232001Z 78 PC: 165e5 | Find first file
2018-12-25T11:52:48.742943569Z 67 PC: 165f2 | Get or set file attributes
2018-12-25T11:52:48.760331975Z 67 PC: 165fe | Get or set file attributes
2018-12-25T11:52:48.78626272Z 61 PC: 16603 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:48.794761037Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:52:48.802714022Z 66 PC: 1662f | Move file pointer
2018-12-25T11:52:48.804652394Z 62 PC: 16707 | Close file
2018-12-25T11:52:48.808083348Z 67 PC: 16714 | Get or set file attributes
2018-12-25T11:52:48.820154081Z 79 PC: 16718 | Find next file
2018-12-25T11:52:48.823132012Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:48.830702648Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:48.845815397Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:48.853652486Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:48.862363371Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:48.864103705Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:48.867100825Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:48.879194316Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:48.882868096Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:48.890317157Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:48.901512104Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:48.916977515Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:48.92468528Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:48.926843132Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:48.929854491Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:48.941036841Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:48.944120445Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:48.960080395Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:48.971550887Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:48.979088137Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:48.987285104Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:48.989146371Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:48.991505735Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.003417851Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.006597688Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:49.013067651Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:49.024891127Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:49.037071208Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.044286295Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.046367673Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.04948033Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.060754952Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.063798395Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:49.071057257Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:49.08229669Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:49.089952522Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.098396182Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.100494314Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.103015425Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.123066089Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.1263534Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:49.132993189Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:49.144855494Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:49.153112845Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.161047517Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.163186199Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.16633474Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.177850432Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.18098752Z 59 PC: 16568 | Change current directory
2018-12-25T11:52:49.186859421Z 42 PC: 1656e | Get date 0x1656e: cmp al, 1
0x16570: jne 0x16592
0x16572: mov ax, 0x3505
0x16575: int 0x21
0x16577: mov ax, es
0x16579: mov ds, ax
0x1657b: mov dx, bx
0x1657d: mov ax, 0x2513
0x16580: int 0x21
0x16582: push cs
0x16583: push cs
0x16584: pop ds
0x16585: pop es
0x16586: mov ah, 9
0x16588: lea dx, word ptr [bp + 0x366]
0x1658c: int 0x21
0x1658e: xor ax, ax
0x16590: int 0x16
0x16592: mov ax, 0xfa02
0x16595: mov dx, 0x5945
2018-12-25T11:52:49.189646685Z 250 PC: 165a1 | UNKNOWN!
2018-12-25T11:52:49.190855588Z 26 PC: 165a8 | Set disk transfer address
2018-12-25T11:52:49.19318529Z 59 PC: 165b0 | Change current directory
2018-12-25T11:52:49.195389651Z 37 PC: 165b9 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:49.197032756Z 37 PC: 165c4 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:52:49.199346569Z 76 PC: 12a48 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4766,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:48.800888266Z 250 PC: 1651a | UNKNOWN!
2018-12-25T11:52:48.802794073Z 53 PC: 16523 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:52:48.804492852Z 37 PC: 16534 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:52:48.806176185Z 53 PC: 16539 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:48.808122526Z 37 PC: 1654a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:52:48.809802628Z 26 PC: 16554 | Set disk transfer address
2018-12-25T11:52:48.811330506Z 71 PC: 1655e | Get current directory
2018-12-25T11:52:48.814757646Z 78 PC: 165e5 | Find first file
2018-12-25T11:52:48.822433195Z 67 PC: 165f2 | Get or set file attributes
2018-12-25T11:52:48.829082645Z 67 PC: 165fe | Get or set file attributes
2018-12-25T11:52:48.853348362Z 61 PC: 16603 | Open file (Filename = 'SLEEP.COM')
2018-12-25T11:52:48.872567967Z 63 PC: 1661c | Read file or device (Read 4 bytes on handle 5)
2018-12-25T11:52:48.882900368Z 66 PC: 1662f | Move file pointer
2018-12-25T11:52:48.884802558Z 62 PC: 16707 | Close file
2018-12-25T11:52:48.887893291Z 67 PC: 16714 | Get or set file attributes
2018-12-25T11:52:48.899247746Z 79 PC: 16718 | Find next file
2018-12-25T11:52:48.90243867Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:48.910276422Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:48.929249654Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:48.936981782Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:48.945256737Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:48.94724168Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:48.94927239Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:48.960621804Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:48.96389923Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:48.970370539Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:48.981907232Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:48.996953033Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.004277432Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.006129626Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.013364535Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.025364258Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.028971123Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:49.036847884Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:49.048138537Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:49.056554922Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.065680673Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.068251571Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.070764729Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.083589303Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.087318536Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:49.094125253Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:49.106292834Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:49.115112767Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.123164602Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.125249089Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.129007296Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.140989551Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.146881969Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:49.155951578Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:49.167670892Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:49.175550547Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.18447729Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.186701842Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.189131803Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.201395086Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.205821395Z 67 PC: 165f2 | Get or set file attributes (See above)
2018-12-25T11:52:49.212180475Z 67 PC: 165fe | Get or set file attributes (See above)
2018-12-25T11:52:49.223271256Z 61 PC: 16603 | Open file (See above)
2018-12-25T11:52:49.232011973Z 63 PC: 1661c | Read file or device (See above)
2018-12-25T11:52:49.242945315Z 66 PC: 1662f | Move file pointer (See above)
2018-12-25T11:52:49.245122972Z 62 PC: 16707 | Close file (See above)
2018-12-25T11:52:49.248148198Z 67 PC: 16714 | Get or set file attributes (See above)
2018-12-25T11:52:49.260449126Z 79 PC: 16718 | Find next file (See above)
2018-12-25T11:52:49.263285466Z 59 PC: 16568 | Change current directory
2018-12-25T11:52:49.269580935Z 42 PC: 1656e | Get date 0x1656e: cmp al, 1
0x16570: jne 0x16592
0x16572: mov ax, 0x3505
0x16575: int 0x21
0x16577: mov ax, es
0x16579: mov ds, ax
0x1657b: mov dx, bx
0x1657d: mov ax, 0x2513
0x16580: int 0x21
0x16582: push cs
0x16583: push cs
0x16584: pop ds
0x16585: pop es
0x16586: mov ah, 9
0x16588: lea dx, word ptr [bp + 0x366]
0x1658c: int 0x21
0x1658e: xor ax, ax
0x16590: int 0x16
0x16592: mov ax, 0xfa02
0x16595: mov dx, 0x5945
2018-12-25T11:52:49.272623746Z 53 PC: 16577 | Get interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T11:52:49.27454474Z 37 PC: 16582 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:52:49.277236105Z 9 PC: 1658e | Display string (String= 'Virus King Diamond! by Xavirus Hacker (AJVM!)')