Sample viewer

vx.netlux.org/Virus.DOS.Murderer.3670

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:41:37.443070521Z 61 PC: 137c2 | Open file (Filename = 'éK <<< MUERER Version 1.44 >>>~'SSIyy~SS'SSS')
2018-12-17T22:41:37.448785229Z 62 PC: 137cc | Close file
2018-12-17T22:41:37.450943877Z 12 PC: 137d1 | Flush input buffer and input
2018-12-17T22:41:37.453919273Z 42 PC: 137e5 | Get date 0x137e5: cmp dx, 0x703
0x137e9: jne 0x137f7
0x137eb: mov byte ptr cs:[0x5f4], 1
0x137f1: mov byte ptr cs:[0x5f7], 0x30
0x137f7: mov dx, 0xa79
0x137fa: mov ax, 0x2505
0x137fd: int 0x21
0x137ff: mov ax, 0x3517
0x13802: int 0x21
0x13804: mov word ptr cs:[0x969], bx
0x13809: mov word ptr cs:[0x96b], es
0x1380e: mov dx, 0x98a
0x13811: mov ax, 0x2517
0x13814: int 0x21
0x13816: mov ax, 0x3513
0x13819: int 0x21
0x1381b: mov word ptr cs:[0x962], bx
0x13820: mov word ptr cs:[0x964], es
0x13825: mov dx, 0x9f0
0x13828: mov ax, 0x2513
2018-12-17T22:41:37.457164502Z 37 PC: 137ff | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-17T22:41:37.458808569Z 53 PC: 13804 | Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:41:37.460237093Z 37 PC: 13816 | Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:41:37.461909047Z 53 PC: 1381b | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:41:37.463673497Z 37 PC: 1382d | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:41:37.464835518Z 53 PC: 13832 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:37.466056137Z 37 PC: 13844 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:41:37.467449215Z 53 PC: 13849 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:37.468395071Z 37 PC: 1385b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:41:37.46947144Z 74 PC: 13728 | Reallocate memory
2018-12-17T22:41:37.471637125Z 75 PC: 1376a | Execute program
2018-12-17T22:41:37.483992005Z 61 PC: 14822 | Open file (Filename = 'éK <<< MUERER Version 1.44 >>>~'SSIyy~SS'SSS')
2018-12-17T22:41:37.489061932Z 62 PC: 1329f | Close file
2018-12-17T22:41:37.4920822Z 53 PC: 1329f | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:37.49484981Z 37 PC: 1329f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:37.496347356Z 47 PC: 1329f | Get disk transfer address
2018-12-17T22:41:37.506173678Z 26 PC: 1329f | Set disk transfer address
2018-12-17T22:41:37.507639219Z 78 PC: 1329f | Find first file
2018-12-17T22:41:37.52197148Z 61 PC: 1329f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:37.535389942Z 63 PC: 1329f | Read file or device (Read 512 bytes on handle 2)
2018-12-17T22:41:37.54241793Z 66 PC: 1329f | Move file pointer
2018-12-17T22:41:37.544147606Z 62 PC: 1329f | Close file
2018-12-17T22:41:37.54765756Z 60 PC: 1329f | Create or truncate file
2018-12-17T22:41:37.56589515Z 61 PC: 1329f | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:41:37.57297339Z 64 PC: 1329f | Write file or device (Write 3670 bytes on handle 2)
2018-12-17T22:41:37.583493834Z 63 PC: 1329f | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:41:37.586377128Z 64 PC: 1329f | Write file or device (Write 407 bytes on handle 2)
2018-12-17T22:41:37.589618478Z 63 PC: 1329f | Read file or device (Read 512 bytes on handle 5)
2018-12-17T22:41:37.592071535Z 64 PC: 1329f | Write file or device (Write 14 bytes on handle 2)
2018-12-17T22:41:37.595976178Z 62 PC: 1329f | Close file
2018-12-17T22:41:37.598095176Z 62 PC: 1329f | Close file
2018-12-17T22:41:37.606796689Z 67 PC: 1329f | Get or set file attributes
2018-12-17T22:41:37.614943873Z 67 PC: 1329f | Get or set file attributes
2018-12-17T22:41:37.624722253Z 65 PC: 1329f | Delete file (Filename = 'SLEEP.COM')
2018-12-17T22:41:37.636274524Z 86 PC: 1329f | Rename file
2018-12-17T22:41:37.650596119Z 67 PC: 1329f | Get or set file attributes
2018-12-17T22:41:37.662989389Z 79 PC: 1329f | Find next file
2018-12-17T22:41:37.665916537Z 26 PC: 1329f | Set disk transfer address
2018-12-17T22:41:37.667760987Z 37 PC: 1329f | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:41:37.669470284Z 74 PC: 14788 | Reallocate memory
2018-12-17T22:41:37.671688572Z 75 PC: 147ca | Execute program

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7283,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:18.263814629Z 61 PC: 137c2 | Open file (Filename = 'éK <<< MUERER Version 1.44 >>>~'SSIyy~SS'SSS')
2018-12-25T12:01:18.269473849Z 62 PC: 137cc | Close file
2018-12-25T12:01:18.271179336Z 12 PC: 137d1 | Flush input buffer and input
2018-12-25T12:01:18.273793105Z 42 PC: 137e5 | Get date 0x137e5: cmp dx, 0x703
0x137e9: jne 0x137f7
0x137eb: mov byte ptr cs:[0x5f4], 1
0x137f1: mov byte ptr cs:[0x5f7], 0x30
0x137f7: mov dx, 0xa79
0x137fa: mov ax, 0x2505
0x137fd: int 0x21
0x137ff: mov ax, 0x3517
0x13802: int 0x21
0x13804: mov word ptr cs:[0x969], bx
0x13809: mov word ptr cs:[0x96b], es
0x1380e: mov dx, 0x98a
0x13811: mov ax, 0x2517
0x13814: int 0x21
0x13816: mov ax, 0x3513
0x13819: int 0x21
0x1381b: mov word ptr cs:[0x962], bx
0x13820: mov word ptr cs:[0x964], es
0x13825: mov dx, 0x9f0
0x13828: mov ax, 0x2513
2018-12-25T12:01:18.276918168Z 37 PC: 137ff | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:01:18.278957704Z 53 PC: 13804 | Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:01:18.281037462Z 37 PC: 13816 | Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:01:18.283575556Z 53 PC: 1381b | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:18.284899793Z 37 PC: 1382d | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:18.286155355Z 53 PC: 13832 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:18.287781931Z 37 PC: 13844 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:18.290438028Z 53 PC: 13849 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.29234883Z 37 PC: 1385b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.294454126Z 74 PC: 13728 | Reallocate memory
2018-12-25T12:01:18.297125024Z 75 PC: 1376a | Execute program
2018-12-25T12:01:18.312072892Z 61 PC: 14822 | Open file (Filename = 'éK <<< MUERER Version 1.44 >>>~'SSIyy~SS'SSS')
2018-12-25T12:01:18.316961493Z 62 PC: 1329f | Close file
2018-12-25T12:01:18.318959409Z 53 PC: 1329f | Get interrupt vector (See above)
2018-12-25T12:01:18.320411306Z 37 PC: 1329f | Set interrupt vector (See above)
2018-12-25T12:01:18.321850485Z 47 PC: 1329f | Get disk transfer address (See above)
2018-12-25T12:01:18.32370323Z 26 PC: 1329f | Set disk transfer address (See above)
2018-12-25T12:01:18.324930313Z 78 PC: 1329f | Find first file (See above)
2018-12-25T12:01:18.331942408Z 61 PC: 1329f | Open file (See above)
2018-12-25T12:01:18.339195921Z 63 PC: 1329f | Read file or device (See above)
2018-12-25T12:01:18.345651994Z 66 PC: 1329f | Move file pointer (See above)
2018-12-25T12:01:18.347022005Z 62 PC: 1329f | Close file (See above)
2018-12-25T12:01:18.349399625Z 60 PC: 1329f | Create or truncate file (See above)
2018-12-25T12:01:18.367733025Z 61 PC: 1329f | Open file (See above)
2018-12-25T12:01:18.374633846Z 64 PC: 1329f | Write file or device (See above)
2018-12-25T12:01:18.38432649Z 63 PC: 1329f | Read file or device (See above)
2018-12-25T12:01:18.387036865Z 64 PC: 1329f | Write file or device (See above)
2018-12-25T12:01:18.390028977Z 63 PC: 1329f | Read file or device (See above)
2018-12-25T12:01:18.392755156Z 64 PC: 1329f | Write file or device (See above)
2018-12-25T12:01:18.402851714Z 62 PC: 1329f | Close file (See above)
2018-12-25T12:01:18.405336178Z 62 PC: 1329f | Close file (See above)
2018-12-25T12:01:18.432860883Z 67 PC: 1329f | Get or set file attributes (See above)
2018-12-25T12:01:18.438793792Z 67 PC: 1329f | Get or set file attributes (See above)
2018-12-25T12:01:18.449680853Z 65 PC: 1329f | Delete file (See above)
2018-12-25T12:01:18.472633775Z 86 PC: 1329f | Rename file (See above)
2018-12-25T12:01:18.497174629Z 67 PC: 1329f | Get or set file attributes (See above)
2018-12-25T12:01:18.507155321Z 79 PC: 1329f | Find next file (See above)
2018-12-25T12:01:18.510734294Z 26 PC: 1329f | Set disk transfer address (See above)
2018-12-25T12:01:18.512026562Z 37 PC: 1329f | Set interrupt vector (See above)
2018-12-25T12:01:18.513731517Z 74 PC: 14788 | Reallocate memory
2018-12-25T12:01:18.519677487Z 75 PC: 147ca | Execute program

{"DateBased":true,"Day":3,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7283,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:18.323506046Z 61 PC: 137c2 | Open file (Filename = 'éK <<< MUERER Version 1.44 >>>~'SSIyy~SS'SSS')
2018-12-25T12:01:18.328787974Z 62 PC: 137cc | Close file
2018-12-25T12:01:18.330976848Z 12 PC: 137d1 | Flush input buffer and input
2018-12-25T12:01:18.333342401Z 42 PC: 137e5 | Get date 0x137e5: cmp dx, 0x703
0x137e9: jne 0x137f7
0x137eb: mov byte ptr cs:[0x5f4], 1
0x137f1: mov byte ptr cs:[0x5f7], 0x30
0x137f7: mov dx, 0xa79
0x137fa: mov ax, 0x2505
0x137fd: int 0x21
0x137ff: mov ax, 0x3517
0x13802: int 0x21
0x13804: mov word ptr cs:[0x969], bx
0x13809: mov word ptr cs:[0x96b], es
0x1380e: mov dx, 0x98a
0x13811: mov ax, 0x2517
0x13814: int 0x21
0x13816: mov ax, 0x3513
0x13819: int 0x21
0x1381b: mov word ptr cs:[0x962], bx
0x13820: mov word ptr cs:[0x964], es
0x13825: mov dx, 0x9f0
0x13828: mov ax, 0x2513
2018-12-25T12:01:18.335907026Z 37 PC: 137ff | Set interrupt vector (Interrupt = '5' AKA 'Printer output')
2018-12-25T12:01:18.337013553Z 53 PC: 13804 | Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:01:18.337980135Z 37 PC: 13816 | Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T12:01:18.340210074Z 53 PC: 1381b | Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:18.341191698Z 37 PC: 1382d | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:18.34215217Z 53 PC: 13832 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:18.343178721Z 37 PC: 13844 | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:01:18.344709805Z 53 PC: 13849 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.345668843Z 37 PC: 1385b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:18.346683828Z 74 PC: 13728 | Reallocate memory
2018-12-25T12:01:18.348302199Z 75 PC: 1376a | Execute program
2018-12-25T12:01:18.363044562Z 61 PC: 14822 | Open file (Filename = 'éK <<< MUERER Version 1.44 >>>~'SSIyy~SS'SSS')
2018-12-25T12:01:18.367637342Z 62 PC: 1329f | Close file
2018-12-25T12:01:18.369459019Z 53 PC: 1329f | Get interrupt vector (See above)
2018-12-25T12:01:18.374590578Z 37 PC: 1329f | Set interrupt vector (See above)
2018-12-25T12:01:18.375628308Z 47 PC: 1329f | Get disk transfer address (See above)
2018-12-25T12:01:18.377665527Z 26 PC: 1329f | Set disk transfer address (See above)
2018-12-25T12:01:18.378647902Z 78 PC: 1329f | Find first file (See above)
2018-12-25T12:01:18.384594971Z 61 PC: 1329f | Open file (See above)
2018-12-25T12:01:18.392401388Z 63 PC: 1329f | Read file or device (See above)
2018-12-25T12:01:18.39640994Z 66 PC: 1329f | Move file pointer (See above)
2018-12-25T12:01:18.397435488Z 62 PC: 1329f | Close file (See above)
2018-12-25T12:01:18.399692863Z 60 PC: 1329f | Create or truncate file (See above)
2018-12-25T12:01:18.449623147Z 61 PC: 1329f | Open file (See above)
2018-12-25T12:01:18.454431027Z 64 PC: 1329f | Write file or device (See above)
2018-12-25T12:01:18.468612682Z 63 PC: 1329f | Read file or device (See above)
2018-12-25T12:01:18.471752381Z 64 PC: 1329f | Write file or device (See above)
2018-12-25T12:01:18.476978674Z 63 PC: 1329f | Read file or device (See above)
2018-12-25T12:01:18.479003639Z 64 PC: 1329f | Write file or device (See above)
2018-12-25T12:01:18.482011918Z 62 PC: 1329f | Close file (See above)
2018-12-25T12:01:18.483900731Z 62 PC: 1329f | Close file (See above)
2018-12-25T12:01:18.492040112Z 67 PC: 1329f | Get or set file attributes (See above)
2018-12-25T12:01:18.501158311Z 67 PC: 1329f | Get or set file attributes (See above)
2018-12-25T12:01:18.51111461Z 65 PC: 1329f | Delete file (See above)
2018-12-25T12:01:18.523278019Z 86 PC: 1329f | Rename file (See above)
2018-12-25T12:01:18.536156691Z 67 PC: 1329f | Get or set file attributes (See above)
2018-12-25T12:01:18.546196148Z 79 PC: 1329f | Find next file (See above)
2018-12-25T12:01:18.549206093Z 26 PC: 1329f | Set disk transfer address (See above)
2018-12-25T12:01:18.551474263Z 37 PC: 1329f | Set interrupt vector (See above)
2018-12-25T12:01:18.5535507Z 74 PC: 14788 | Reallocate memory
2018-12-25T12:01:18.555245989Z 75 PC: 147ca | Execute program
2018-12-25T12:01:18.564838634Z 81 PC: 122cc | Get current PSP
2018-12-25T12:01:18.570782027Z 2 PC: 1268d | Character output (Char = '0d')
2018-12-25T12:01:18.573025734Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.577724797Z 89 PC: 12459 | Get extended error info
2018-12-25T12:01:18.583263288Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.585601817Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.588734302Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.591339885Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.593725848Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.596771979Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.599494607Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.601822258Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.60480691Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.610246097Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.624156292Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.626557925Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.629323008Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.632451185Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.634834618Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.637996026Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.640363899Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.642740481Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.645913255Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.648310235Z 2 PC: 126da | Character output (Char = '72')
2018-12-25T12:01:18.650642164Z 2 PC: 126da | Character output (See above)
2018-12-25T12:01:18.653752628Z 2 PC: 126da | Character output (See above)
2018-12-25T12:01:18.656134357Z 2 PC: 126da | Character output (See above)
2018-12-25T12:01:18.658500582Z 2 PC: 126da | Character output (See above)
2018-12-25T12:01:18.661691334Z 2 PC: 126da | Character output (See above)
2018-12-25T12:01:18.664087484Z 2 PC: 126da | Character output (See above)
2018-12-25T12:01:18.666491272Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.669748228Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.672193809Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.674873851Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.67809924Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.680256055Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.682176349Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.684515776Z 2 PC: 126ce | Character output (Char = '41')
2018-12-25T12:01:18.687445918Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.689200145Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.693408359Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.696464567Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.699012429Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.701990646Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.711611498Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.714805879Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.718204712Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.720325034Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.722429845Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.725266277Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.727349757Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.729509767Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.732453929Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.734792341Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.736864325Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.739380685Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.741911511Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.744456219Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.756708859Z 2 PC: 1268d | Character output (See above)
2018-12-25T12:01:18.759233315Z 12 PC: 12581 | Flush input buffer and input