Sample viewer

vx.netlux.org/Virus.DOS.Tenerife.1707

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:11.764018931Z	53	PC: 12cb7 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:28:11.766008769Z	53	PC: 12cc7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:11.767504114Z	37	PC: 12ce2 \| Set interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-17T22:28:11.76911781Z	82	PC: 12ce7 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:28:11.771140665Z	37	PC: 12d31 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:11.772868794Z	42	PC: 12d35 \| Get date 0x12d35: cmp cx, 0x7ca 0x12d39: jb 0x12d52 0x12d3b: cmp dl, 6 0x12d3e: jne 0x12d52 0x12d40: mov dx, 0x315 0x12d43: mov ah, 0x25 0x12d45: mov al, 0x1c 0x12d47: int 0x44 0x12d49: mov dx, 0x252 0x12d4c: mov ah, 0x25 0x12d4e: mov al, 9 0x12d50: int 0x44 0x12d52: push cs 0x12d53: push cs 0x12d54: pop ds 0x12d55: pop es 0x12d56: ret 0x12d57: cmp word ptr [0x8f], 0x10 0x12d5c: jb 0x12d8c 0x12d5e: cmp word ptr [0x91], 5
2018-12-17T22:28:11.775699859Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5033,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:30.944260527Z	53	PC: 12cb7 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:53:30.946816793Z	53	PC: 12cc7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:30.947916101Z	37	PC: 12ce2 \| Set interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-25T11:53:30.948903123Z	82	PC: 12ce7 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:53:30.951015693Z	37	PC: 12d31 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:30.952092361Z	42	PC: 12d35 \| Get date 0x12d35: cmp cx, 0x7ca 0x12d39: jb 0x12d52 0x12d3b: cmp dl, 6 0x12d3e: jne 0x12d52 0x12d40: mov dx, 0x315 0x12d43: mov ah, 0x25 0x12d45: mov al, 0x1c 0x12d47: int 0x44 0x12d49: mov dx, 0x252 0x12d4c: mov ah, 0x25 0x12d4e: mov al, 9 0x12d50: int 0x44 0x12d52: push cs 0x12d53: push cs 0x12d54: pop ds 0x12d55: pop es 0x12d56: ret 0x12d57: cmp word ptr [0x8f], 0x10 0x12d5c: jb 0x12d8c 0x12d5e: cmp word ptr [0x91], 5
2018-12-25T11:53:30.954337765Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5033,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:30.968125356Z	53	PC: 12cb7 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:53:30.969967285Z	53	PC: 12cc7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:30.971409661Z	37	PC: 12ce2 \| Set interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-25T11:53:30.972692659Z	82	PC: 12ce7 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:53:30.974344877Z	37	PC: 12d31 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:30.97636917Z	42	PC: 12d35 \| Get date 0x12d35: cmp cx, 0x7ca 0x12d39: jb 0x12d52 0x12d3b: cmp dl, 6 0x12d3e: jne 0x12d52 0x12d40: mov dx, 0x315 0x12d43: mov ah, 0x25 0x12d45: mov al, 0x1c 0x12d47: int 0x44 0x12d49: mov dx, 0x252 0x12d4c: mov ah, 0x25 0x12d4e: mov al, 9 0x12d50: int 0x44 0x12d52: push cs 0x12d53: push cs 0x12d54: pop ds 0x12d55: pop es 0x12d56: ret 0x12d57: cmp word ptr [0x8f], 0x10 0x12d5c: jb 0x12d8c 0x12d5e: cmp word ptr [0x91], 5
2018-12-25T11:53:30.979485587Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5033,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:30.99818077Z	53	PC: 12cb7 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:53:31.009935704Z	53	PC: 12cc7 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:31.011064762Z	37	PC: 12ce2 \| Set interrupt vector (Interrupt = '68' AKA 'I/O control for devices')
2018-12-25T11:53:31.012264994Z	82	PC: 12ce7 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:53:31.013872601Z	37	PC: 12d31 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:31.014920677Z	42	PC: 12d35 \| Get date 0x12d35: cmp cx, 0x7ca 0x12d39: jb 0x12d52 0x12d3b: cmp dl, 6 0x12d3e: jne 0x12d52 0x12d40: mov dx, 0x315 0x12d43: mov ah, 0x25 0x12d45: mov al, 0x1c 0x12d47: int 0x44 0x12d49: mov dx, 0x252 0x12d4c: mov ah, 0x25 0x12d4e: mov al, 9 0x12d50: int 0x44 0x12d52: push cs 0x12d53: push cs 0x12d54: pop ds 0x12d55: pop es 0x12d56: ret 0x12d57: cmp word ptr [0x8f], 0x10 0x12d5c: jb 0x12d8c 0x12d5e: cmp word ptr [0x91], 5
2018-12-25T11:53:31.017028177Z	37	PC: 12d49 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:53:31.024944025Z	37	PC: 12d52 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:53:31.026203361Z	76	PC: 12a44 \| Terminate with return code (Return code = '0')