Sample viewer

vx.netlux.org/Virus.DOS.IVP.548

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:34:25.042628568Z	26	PC: 12bd3 \| Set disk transfer address
2018-12-17T22:34:25.043929246Z	53	PC: 12a56 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:25.045327551Z	37	PC: 12a68 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:25.04649979Z	71	PC: 12a74 \| Get current directory
2018-12-17T22:34:25.049344651Z	78	PC: 12ab2 \| Find first file
2018-12-17T22:34:25.057109129Z	59	PC: 12a83 \| Change current directory
2018-12-17T22:34:25.070357094Z	42	PC: 12b6e \| Get date 0x12b6e: cmp cx, 0x7c9 0x12b72: jb 0x12bc5 0x12b74: cmp dl, 0xd 0x12b77: jne 0x12bc5 0x12b79: mov ah, 0x2c 0x12b7b: int 0x21 0x12b7d: cmp ch, 0xd 0x12b80: jne 0x12bc5 0x12b82: mov ah, 9 0x12b84: lea dx, word ptr [bp + 0x2ce] 0x12b88: int 0x21 0x12b8a: mov cx, 2 0x12b8d: push cx 0x12b8e: cli 0x12b8f: mov dx, 0x2ee0 0x12b92: sub dx, word ptr cs:[0x1388] 0x12b97: mov bx, 0x64 0x12b9a: mov al, 0xb6 0x12b9c: out 0x43, al 0x12b9e: mov ax, bx
2018-12-17T22:34:25.072033448Z	37	PC: 12a92 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:34:25.073588362Z	59	PC: 12a9c \| Change current directory
2018-12-17T22:34:25.075208902Z	26	PC: 12bd3 \| Set disk transfer address

{"DateBased":true,"Day":13,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6162,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:39.2522038Z	26	PC: 12bd3 \| Set disk transfer address
2018-12-25T11:58:39.254186564Z	53	PC: 12a56 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.25597379Z	37	PC: 12a68 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.257413547Z	71	PC: 12a74 \| Get current directory
2018-12-25T11:58:39.260852089Z	78	PC: 12ab2 \| Find first file
2018-12-25T11:58:39.267555479Z	59	PC: 12a83 \| Change current directory
2018-12-25T11:58:39.273860466Z	42	PC: 12b6e \| Get date 0x12b6e: cmp cx, 0x7c9 0x12b72: jb 0x12bc5 0x12b74: cmp dl, 0xd 0x12b77: jne 0x12bc5 0x12b79: mov ah, 0x2c 0x12b7b: int 0x21 0x12b7d: cmp ch, 0xd 0x12b80: jne 0x12bc5 0x12b82: mov ah, 9 0x12b84: lea dx, word ptr [bp + 0x2ce] 0x12b88: int 0x21 0x12b8a: mov cx, 2 0x12b8d: push cx 0x12b8e: cli 0x12b8f: mov dx, 0x2ee0 0x12b92: sub dx, word ptr cs:[0x1388] 0x12b97: mov bx, 0x64 0x12b9a: mov al, 0xb6 0x12b9c: out 0x43, al 0x12b9e: mov ax, bx
2018-12-25T11:58:39.276339637Z	44	PC: 12b7d \| Get time 0x12b7d: cmp ch, 0xd 0x12b80: jne 0x12bc5 0x12b82: mov ah, 9 0x12b84: lea dx, word ptr [bp + 0x2ce] 0x12b88: int 0x21 0x12b8a: mov cx, 2 0x12b8d: push cx 0x12b8e: cli 0x12b8f: mov dx, 0x2ee0 0x12b92: sub dx, word ptr cs:[0x1388] 0x12b97: mov bx, 0x64 0x12b9a: mov al, 0xb6 0x12b9c: out 0x43, al 0x12b9e: mov ax, bx 0x12ba0: out 0x42, al 0x12ba2: mov al, ah 0x12ba4: out 0x42, al 0x12ba6: in al, 0x61 0x12ba8: mov ah, 0 0x12baa: or ax, 3
2018-12-25T11:58:39.279685125Z	37	PC: 12a92 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.281486287Z	59	PC: 12a9c \| Change current directory
2018-12-25T11:58:39.283962085Z	26	PC: 12bd3 \| Set disk transfer address (See above)
2018-12-25T11:58:39.316693879Z	64	PC: 19838 \| Write file or device (Write 197 bytes on handle 2)
2018-12-25T11:58:39.329134423Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T11:58:39.332676725Z	100	PC: 19d8b \| Set wait for external event flag
2018-12-25T11:58:39.335978043Z	46	PC: 13d69 \| Set verify flag

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6162,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:39.244102838Z	26	PC: 12bd3 \| Set disk transfer address
2018-12-25T11:58:39.250288894Z	53	PC: 12a56 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.25214386Z	37	PC: 12a68 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.253630415Z	71	PC: 12a74 \| Get current directory
2018-12-25T11:58:39.256121676Z	78	PC: 12ab2 \| Find first file
2018-12-25T11:58:39.259896773Z	59	PC: 12a83 \| Change current directory
2018-12-25T11:58:39.264349264Z	42	PC: 12b6e \| Get date 0x12b6e: cmp cx, 0x7c9 0x12b72: jb 0x12bc5 0x12b74: cmp dl, 0xd 0x12b77: jne 0x12bc5 0x12b79: mov ah, 0x2c 0x12b7b: int 0x21 0x12b7d: cmp ch, 0xd 0x12b80: jne 0x12bc5 0x12b82: mov ah, 9 0x12b84: lea dx, word ptr [bp + 0x2ce] 0x12b88: int 0x21 0x12b8a: mov cx, 2 0x12b8d: push cx 0x12b8e: cli 0x12b8f: mov dx, 0x2ee0 0x12b92: sub dx, word ptr cs:[0x1388] 0x12b97: mov bx, 0x64 0x12b9a: mov al, 0xb6 0x12b9c: out 0x43, al 0x12b9e: mov ax, bx
2018-12-25T11:58:39.266628093Z	37	PC: 12a92 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.268011054Z	59	PC: 12a9c \| Change current directory
2018-12-25T11:58:39.269608284Z	26	PC: 12bd3 \| Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6162,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:39.426903854Z	26	PC: 12bd3 \| Set disk transfer address
2018-12-25T11:58:39.431923886Z	53	PC: 12a56 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.435776344Z	37	PC: 12a68 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.437230405Z	71	PC: 12a74 \| Get current directory
2018-12-25T11:58:39.441938782Z	78	PC: 12ab2 \| Find first file
2018-12-25T11:58:39.447866946Z	59	PC: 12a83 \| Change current directory
2018-12-25T11:58:39.453491945Z	42	PC: 12b6e \| Get date 0x12b6e: cmp cx, 0x7c9 0x12b72: jb 0x12bc5 0x12b74: cmp dl, 0xd 0x12b77: jne 0x12bc5 0x12b79: mov ah, 0x2c 0x12b7b: int 0x21 0x12b7d: cmp ch, 0xd 0x12b80: jne 0x12bc5 0x12b82: mov ah, 9 0x12b84: lea dx, word ptr [bp + 0x2ce] 0x12b88: int 0x21 0x12b8a: mov cx, 2 0x12b8d: push cx 0x12b8e: cli 0x12b8f: mov dx, 0x2ee0 0x12b92: sub dx, word ptr cs:[0x1388] 0x12b97: mov bx, 0x64 0x12b9a: mov al, 0xb6 0x12b9c: out 0x43, al 0x12b9e: mov ax, bx
2018-12-25T11:58:39.456319114Z	37	PC: 12a92 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:39.458094352Z	59	PC: 12a9c \| Change current directory
2018-12-25T11:58:39.459977499Z	26	PC: 12bd3 \| Set disk transfer address (See above)
2018-12-25T11:58:39.484122058Z	71	PC: 168ac \| Get current directory
2018-12-25T11:58:39.488344472Z	59	PC: 1697e \| Change current directory
2018-12-25T11:58:39.49293124Z	89	PC: 15fa8 \| Get extended error info
2018-12-25T11:58:39.494590996Z	59	PC: 16a44 \| Change current directory
2018-12-25T11:58:39.499096646Z	41	PC: 16a61 \| Parse filename
2018-12-25T11:58:39.501251718Z	71	PC: 16104 \| Get current directory
2018-12-25T11:58:39.504427121Z	26	PC: 178d8 \| Set disk transfer address
2018-12-25T11:58:39.506200331Z	17	PC: 178df \| Find first file
2018-12-25T11:58:39.512214454Z	89	PC: 15fa8 \| Get extended error info (See above)
2018-12-25T11:58:39.513724381Z	59	PC: 1676b \| Change current directory
2018-12-25T11:58:39.52457447Z	64	PC: 19838 \| Write file or device (Write 32 bytes on handle 2)
2018-12-25T11:58:39.527877241Z	64	PC: 19838 \| Write file or device (See above)
2018-12-25T11:58:39.530867122Z	100	PC: 19d8b \| Set wait for external event flag
2018-12-25T11:58:39.532828536Z	46	PC: 13d69 \| Set verify flag