Sample viewer

vx.netlux.org/Virus.DOS.Andris.843

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:28:25.928699603Z 53 PC: 14ba3 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:28:25.930575172Z 53 PC: 14bb1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:28:25.931756461Z 37 PC: 14bc7 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:28:25.932700707Z 37 PC: 14bcb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:28:25.934688886Z 171 PC: 14ac8 | UNKNOWN!
2018-12-17T22:28:25.935537519Z 38 PC: 14aec | Create PSP
2018-12-17T22:28:25.937035301Z 53 PC: 14b1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:25.939330197Z 37 PC: 14b2c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:25.941196241Z 37 PC: 14bdd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:28:25.942973386Z 37 PC: 14bee | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:28:25.945512582Z 48 PC: 14a26 | Get DOS version
2018-12-17T22:28:25.947319888Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-17T22:28:25.960741512Z 9 PC: 14a9a | Display string (String= ' System : ')
2018-12-17T22:28:25.963403382Z 9 PC: 14a9a | Display string (String= '���F<�u#��������t�P_��������������<-t��tPVh�6������ ����1�[^ÊP��t;VS������ ��������и��t!RSVh�6�������1��=�c���1��[^�VS��(�É���P����Ph=7�����&1ҍD')
2018-12-17T22:28:25.968521305Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-17T22:28:25.972470891Z 9 PC: 14a9a | Display string (String= ' tƁ��@j@�@���=���Z[^ú��1�� �� t���@��<u�1��o���1��UWVS�É�������� %���')
2018-12-17T22:28:25.975095839Z 9 PC: 14a9a | Display string (String= '��Z[^ú��1�� �� t���@��<u�1��o���1��UWVS�É�������� %���')
2018-12-17T22:28:25.979345126Z 9 PC: 14a9a | Display string (String= '���@��<u�1��o���1��UWVS��������� %���')
2018-12-17T22:28:25.981780527Z 9 PC: 14a9a | Display string (String= '�������9�u �� �&���h�����t��^���m�������������[^_�UWVSQ�ƉӉո������')
2018-12-17T22:28:25.986480635Z 9 PC: 14a9a | Display string (String= 'VS��������� %���')
2018-12-17T22:28:25.994178095Z 9 PC: 14a9a | Display string (String= '��j�����Z������[��X����@`�R��h����v���Z��������.����@`�R���� ���Ɓ��@��j@�@�=���Z�UWVS�� �ʼn')
2018-12-17T22:28:25.997173378Z 9 PC: 14a9a | Display string (String= '�������9�u �� �&���h�����t��^���m�������������[^_�UWVSQ�ƉӉո������')
2018-12-17T22:28:26.002031697Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-17T22:28:26.00663768Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-17T22:28:26.011258221Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-17T22:28:26.021809312Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-17T22:28:26.02638477Z 76 PC: 1490d | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":6,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:38.70714739Z 53 PC: 14ba3 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:38.70921781Z 53 PC: 14bb1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:38.710697555Z 37 PC: 14bc7 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:38.712060578Z 37 PC: 14bcb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:38.714132603Z 171 PC: 14ac8 | UNKNOWN!
2018-12-25T11:53:38.715189862Z 38 PC: 14aec | Create PSP
2018-12-25T11:53:38.716853615Z 53 PC: 14b1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:38.718558552Z 37 PC: 14b2c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:38.720009698Z 37 PC: 14bdd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:38.721394548Z 37 PC: 14bee | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:38.723760267Z 48 PC: 14a26 | Get DOS version
2018-12-25T11:53:38.724977714Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-25T11:53:38.738011314Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.741332816Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.743574599Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.747310706Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.75068362Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.753523419Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.756373411Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.760788152Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.768282995Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.76934762Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.777073047Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.779871209Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.783685607Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.788901299Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:38.793018256Z 76 PC: 1490d | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":17,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:39.342983025Z 53 PC: 14ba3 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:39.344838236Z 53 PC: 14bb1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:39.346098256Z 37 PC: 14bc7 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:39.347157012Z 37 PC: 14bcb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:39.349232507Z 171 PC: 14ac8 | UNKNOWN!
2018-12-25T11:53:39.350129271Z 38 PC: 14aec | Create PSP
2018-12-25T11:53:39.351521813Z 53 PC: 14b1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:39.36001629Z 37 PC: 14b2c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:39.361112163Z 37 PC: 14bdd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:39.36212844Z 37 PC: 14bee | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:39.364339582Z 48 PC: 14a26 | Get DOS version
2018-12-25T11:53:39.366622254Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-25T11:53:39.380497111Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.384559319Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.387113166Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.391066826Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.394517152Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.397154695Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.399255365Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.403799681Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.410632517Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.41169628Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.423386275Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.426378128Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.430075485Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.435288967Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.439449365Z 76 PC: 1490d | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:39.647492174Z 53 PC: 14ba3 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:39.652626237Z 53 PC: 14bb1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:39.654309661Z 37 PC: 14bc7 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:39.665034886Z 37 PC: 14bcb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:39.66655539Z 171 PC: 14ac8 | UNKNOWN!
2018-12-25T11:53:39.680868053Z 38 PC: 14aec | Create PSP
2018-12-25T11:53:39.682584742Z 53 PC: 14b1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:39.683987094Z 37 PC: 14b2c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:39.686170968Z 37 PC: 14bdd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:39.688087616Z 37 PC: 14bee | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:39.690750721Z 48 PC: 14a26 | Get DOS version
2018-12-25T11:53:39.693504063Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-25T11:53:39.71029655Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.714670955Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.721754972Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.72622586Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.730425323Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.733912434Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.737013813Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.742330162Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.751846713Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.753611655Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.761269686Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.776934457Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.78218374Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.788494383Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:39.797318943Z 76 PC: 1490d | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:40.357323498Z 53 PC: 14ba3 | Get interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:40.358812726Z 53 PC: 14bb1 | Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:40.360013202Z 37 PC: 14bc7 | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:40.361014272Z 37 PC: 14bcb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:40.362523872Z 171 PC: 14ac8 | UNKNOWN!
2018-12-25T11:53:40.363435124Z 38 PC: 14aec | Create PSP
2018-12-25T11:53:40.364784715Z 53 PC: 14b1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:40.366217448Z 37 PC: 14b2c | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:40.367308857Z 37 PC: 14bdd | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:53:40.368355588Z 37 PC: 14bee | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:53:40.370600004Z 48 PC: 14a26 | Get DOS version
2018-12-25T11:53:40.371785495Z 9 PC: 14a9a | Display string (Could not find end pointer)
2018-12-25T11:53:40.38569971Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.390611689Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.392675329Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.396450784Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.40027301Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.402351589Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.404285721Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.409788363Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.415959942Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.416760269Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.420547294Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.422100356Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.424163115Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.42761012Z 9 PC: 14a9a | Display string (See above)
2018-12-25T11:53:40.431220351Z 76 PC: 1490d | Terminate with return code (Return code = '1')