Sample viewer

vx.netlux.org/Virus.DOS.VRN.2276

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:27:34.559619421Z	42	PC: 12f97 \| Get date 0x12f97: cmp dh, 7 0x12f9a: jne 0x12fa4 0x12f9c: cmp dl, 4 0x12f9f: jne 0x12fa4 0x12fa1: jmp 0x1312f 0x12fa4: sti 0x12fa5: ret 0x12fa6: inc cx 0x12fa7: push si 0x12fa8: push ax 0x12fa9: dec sp 0x12faa: dec cx 0x12fab: push sp 0x12fac: inc bp 0x12fad: pop es 0x12fae: inc cx 0x12faf: dec si 0x12fb0: push sp 0x12fb1: dec cx 0x12fb2: sub ax, 0x4956
2018-12-17T22:27:34.56261573Z	48	PC: 12a6b \| Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4903,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:12.454269062Z	64	PC: 0 \| Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:53:12.459897114Z	41	PC: 94fae \| Parse filename
2018-12-25T11:53:12.463868988Z	41	PC: 9502f \| Parse filename
2018-12-25T11:53:12.467134698Z	41	PC: 9504c \| Parse filename
2018-12-25T11:53:12.485049109Z	26	PC: 984f7 \| Set disk transfer address
2018-12-25T11:53:12.48756418Z	71	PC: 986f3 \| Get current directory
2018-12-25T11:53:12.490757979Z	78	PC: 986fe \| Find first file
2018-12-25T11:53:12.505380136Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:53:12.509027336Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:53:12.519463211Z	64	PC: 9a848 \| Write file or device (Write 26 bytes on handle 2)
2018-12-25T11:53:12.525168242Z	37	PC: 123c4 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:53:12.527304319Z	37	PC: 123cb \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:53:12.528855924Z	37	PC: 123d2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:53:12.5300525Z	62	PC: 122ab \| Close file
2018-12-25T11:53:12.532633135Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.534389105Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.536093379Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.548844428Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.550358742Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.551956318Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.554690848Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.556508466Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.558177904Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.560095006Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.562026184Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.563334641Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.564605209Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.56665274Z	62	PC: 122ab \| Close file (See above)
2018-12-25T11:53:12.56837938Z	99	PC: 9a5d7 \| Get DBCS lead byte table pointer
2018-12-25T11:53:12.570599955Z	56	PC: 94df9 \| Get or set country info
2018-12-25T11:53:12.576368702Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:53:12.580686014Z	25	PC: 94e62 \| Get default drive
2018-12-25T11:53:12.582226893Z	71	PC: 970dd \| Get current directory
2018-12-25T11:53:12.586434603Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:53:12.589831168Z	2	PC: 970b2 \| Character output (Char = '3e')
2018-12-25T11:53:12.591854178Z	93	PC: 94f20 \| File sharing functions
2018-12-25T11:53:12.597176284Z	93	PC: 94f27 \| File sharing functions
2018-12-25T11:53:12.598942886Z	10	PC: 94f39 \| Buffered keyboard input
2018-12-25T11:53:27.500596625Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:53:28.854495909Z	0	PC: 0 \| Program terminate (See above)
2018-12-25T11:53:28.956494978Z	64	PC: 9a848 \| Write file or device (See above)
2018-12-25T11:53:28.96288424Z	41	PC: 94fae \| Parse filename (See above)
2018-12-25T11:53:28.964473202Z	41	PC: 9502f \| Parse filename (See above)
2018-12-25T11:53:28.965718441Z	41	PC: 9504c \| Parse filename (See above)
2018-12-25T11:53:28.969248414Z	26	PC: 984f7 \| Set disk transfer address (See above)
2018-12-25T11:53:28.97096937Z	71	PC: 986f3 \| Get current directory (See above)
2018-12-25T11:53:28.980164252Z	78	PC: 986fe \| Find first file (See above)
2018-12-25T11:53:28.989530905Z	71	PC: 9856c \| Get current directory
2018-12-25T11:53:28.992851587Z	73	PC: 97c09 \| Release memory
2018-12-25T11:53:28.994533993Z	75	PC: 11821 \| Execute program
2018-12-25T11:53:29.009474043Z	9	PC: 12a47 \| Display string (String= 'Hello, World! ')
2018-12-25T11:53:29.014075298Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4903,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:55.353097639Z	42	PC: 12f97 \| Get date 0x12f97: cmp dh, 7 0x12f9a: jne 0x12fa4 0x12f9c: cmp dl, 4 0x12f9f: jne 0x12fa4 0x12fa1: jmp 0x1312f 0x12fa4: sti 0x12fa5: ret 0x12fa6: inc cx 0x12fa7: push si 0x12fa8: push ax 0x12fa9: dec sp 0x12faa: dec cx 0x12fab: push sp 0x12fac: inc bp 0x12fad: pop es 0x12fae: inc cx 0x12faf: dec si 0x12fb0: push sp 0x12fb1: dec cx 0x12fb2: sub ax, 0x4956
2018-12-25T13:06:55.356568066Z	48	PC: 12a6b \| Get DOS version

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4903,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:12.626716061Z	42	PC: 12f97 \| Get date 0x12f97: cmp dh, 7 0x12f9a: jne 0x12fa4 0x12f9c: cmp dl, 4 0x12f9f: jne 0x12fa4 0x12fa1: jmp 0x1312f 0x12fa4: sti 0x12fa5: ret 0x12fa6: inc cx 0x12fa7: push si 0x12fa8: push ax 0x12fa9: dec sp 0x12faa: dec cx 0x12fab: push sp 0x12fac: inc bp 0x12fad: pop es 0x12fae: inc cx 0x12faf: dec si 0x12fb0: push sp 0x12fb1: dec cx 0x12fb2: sub ax, 0x4956

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4903,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:12.677120459Z	42	PC: 12f97 \| Get date 0x12f97: cmp dh, 7 0x12f9a: jne 0x12fa4 0x12f9c: cmp dl, 4 0x12f9f: jne 0x12fa4 0x12fa1: jmp 0x1312f 0x12fa4: sti 0x12fa5: ret 0x12fa6: inc cx 0x12fa7: push si 0x12fa8: push ax 0x12fa9: dec sp 0x12faa: dec cx 0x12fab: push sp 0x12fac: inc bp 0x12fad: pop es 0x12fae: inc cx 0x12faf: dec si 0x12fb0: push sp 0x12fb1: dec cx 0x12fb2: sub ax, 0x4956
2018-12-25T11:53:12.680124033Z	48	PC: 12a6b \| Get DOS version

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4903,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:13.025180298Z	42	PC: 12f97 \| Get date 0x12f97: cmp dh, 7 0x12f9a: jne 0x12fa4 0x12f9c: cmp dl, 4 0x12f9f: jne 0x12fa4 0x12fa1: jmp 0x1312f 0x12fa4: sti 0x12fa5: ret 0x12fa6: inc cx 0x12fa7: push si 0x12fa8: push ax 0x12fa9: dec sp 0x12faa: dec cx 0x12fab: push sp 0x12fac: inc bp 0x12fad: pop es 0x12fae: inc cx 0x12faf: dec si 0x12fb0: push sp 0x12fb1: dec cx 0x12fb2: sub ax, 0x4956
2018-12-25T11:53:13.02956907Z	48	PC: 12a6b \| Get DOS version

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4903,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:12.988393118Z	42	PC: 12f97 \| Get date 0x12f97: cmp dh, 7 0x12f9a: jne 0x12fa4 0x12f9c: cmp dl, 4 0x12f9f: jne 0x12fa4 0x12fa1: jmp 0x1312f 0x12fa4: sti 0x12fa5: ret 0x12fa6: inc cx 0x12fa7: push si 0x12fa8: push ax 0x12fa9: dec sp 0x12faa: dec cx 0x12fab: push sp 0x12fac: inc bp 0x12fad: pop es 0x12fae: inc cx 0x12faf: dec si 0x12fb0: push sp 0x12fb1: dec cx 0x12fb2: sub ax, 0x4956