Sample viewer

vx.netlux.org/Virus.DOS.Exterminator.429

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:46.944937693Z	78	PC: 12a4a \| Find first file
2018-12-17T21:56:46.951992466Z	61	PC: 12a56 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:56:46.958316466Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:46.964997413Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.383322849Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.386138596Z	61	PC: 12a56 \| Open file (Filename = 'PRINT.COM')
2018-12-17T21:56:47.398401001Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:47.405758758Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.413594154Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.416869296Z	61	PC: 12a56 \| Open file (Filename = 'HELLO.COM')
2018-12-17T21:56:47.42496377Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:47.431512218Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.439618524Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.442308326Z	61	PC: 12a56 \| Open file (Filename = 'PHANG.COM')
2018-12-17T21:56:47.448919627Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:47.455517916Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.463592204Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.465701968Z	61	PC: 12a56 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:56:47.471011743Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:47.475109452Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.479969479Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.481705235Z	61	PC: 12a56 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T21:56:47.48616763Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:47.491063895Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.495892013Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.497844812Z	61	PC: 12a56 \| Open file (Filename = 'PAH.COM')
2018-12-17T21:56:47.505432313Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:47.510744116Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.516325064Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.519521838Z	61	PC: 12a56 \| Open file (Filename = 'TEST.COM')
2018-12-17T21:56:47.531310958Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-17T21:56:47.537941693Z	62	PC: 12abe \| Close file
2018-12-17T21:56:47.546196476Z	79	PC: 12a66 \| Find next file
2018-12-17T21:56:47.549727167Z	42	PC: 12a70 \| Get date 0x12a70: cmp al, 1 0x12a72: je 0x12a77 0x12a74: jmp 0x12aac 0x12a76: nop 0x12a77: mov byte ptr [0x187], 1 0x12a7c: nop 0x12a7d: mov al, 2 0x12a7f: mov cx, 0xa0 0x12a82: mov dx, 0 0x12a85: mov bx, 0 0x12a88: int 0x26 0x12a8a: popf 0x12a8b: mov byte ptr [0x185], 2 0x12a90: nop 0x12a91: mov al, 3 0x12a93: mov cx, 0xa0 0x12a96: mov dx, 0 0x12a99: mov bx, 0 0x12a9c: int 0x26 0x12a9e: popf
2018-12-17T21:56:47.552533473Z	9	PC: 12aa9 \| Display string (String= ' Virix-Researchers Exterminator 2.0 (c) by Cracker Jack 1991 (IVRL) ')
2018-12-17T21:56:47.559650542Z	76	PC: 12ab0 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":736,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:52.132256214Z	78	PC: 12a4a \| Find first file
2018-12-25T11:41:52.138897905Z	61	PC: 12a56 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:52.145198907Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-25T11:41:52.151879515Z	62	PC: 12abe \| Close file
2018-12-25T11:41:52.179103051Z	79	PC: 12a66 \| Find next file
2018-12-25T11:41:52.182049682Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.188574609Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.195213606Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.2030698Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.213019991Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.219390966Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.22596861Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.233979998Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.236423059Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.243061525Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.249505295Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.256928056Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.259729735Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.266006186Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.27225559Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.279983571Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.281700182Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.293291818Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.300329687Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.307906309Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.310348756Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.31756871Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.324772463Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.33233739Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.335525114Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.342065826Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.348325628Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.356186679Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.359109066Z	42	PC: 12a70 \| Get date 0x12a70: cmp al, 1 0x12a72: je 0x12a77 0x12a74: jmp 0x12aac 0x12a76: nop 0x12a77: mov byte ptr [0x187], 1 0x12a7c: nop 0x12a7d: mov al, 2 0x12a7f: mov cx, 0xa0 0x12a82: mov dx, 0 0x12a85: mov bx, 0 0x12a88: int 0x26 0x12a8a: popf 0x12a8b: mov byte ptr [0x185], 2 0x12a90: nop 0x12a91: mov al, 3 0x12a93: mov cx, 0xa0 0x12a96: mov dx, 0 0x12a99: mov bx, 0 0x12a9c: int 0x26 0x12a9e: popf
2018-12-25T11:41:52.361744184Z	76	PC: 12ab0 \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":736,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:52.439054136Z	78	PC: 12a4a \| Find first file
2018-12-25T11:41:52.446017381Z	61	PC: 12a56 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:52.453044672Z	64	PC: 12aba \| Write file or device (Write 429 bytes on handle 5)
2018-12-25T11:41:52.460352922Z	62	PC: 12abe \| Close file
2018-12-25T11:41:52.478497292Z	79	PC: 12a66 \| Find next file
2018-12-25T11:41:52.483178805Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.490660874Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.498088108Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.507821523Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.511186434Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.518746523Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.527947794Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.537321192Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.540648856Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.550212674Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.558015453Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.566994133Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.570304083Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.578578569Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.586608688Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.596589528Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.600844604Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.608437705Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.616288193Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.639914175Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.643190415Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.650699476Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.659664608Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.681506971Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.684721473Z	61	PC: 12a56 \| Open file (See above)
2018-12-25T11:41:52.693476078Z	64	PC: 12aba \| Write file or device (See above)
2018-12-25T11:41:52.697476423Z	62	PC: 12abe \| Close file (See above)
2018-12-25T11:41:52.708770219Z	79	PC: 12a66 \| Find next file (See above)
2018-12-25T11:41:52.712314233Z	42	PC: 12a70 \| Get date 0x12a70: cmp al, 1 0x12a72: je 0x12a77 0x12a74: jmp 0x12aac 0x12a76: nop 0x12a77: mov byte ptr [0x187], 1 0x12a7c: nop 0x12a7d: mov al, 2 0x12a7f: mov cx, 0xa0 0x12a82: mov dx, 0 0x12a85: mov bx, 0 0x12a88: int 0x26 0x12a8a: popf 0x12a8b: mov byte ptr [0x185], 2 0x12a90: nop 0x12a91: mov al, 3 0x12a93: mov cx, 0xa0 0x12a96: mov dx, 0 0x12a99: mov bx, 0 0x12a9c: int 0x26 0x12a9e: popf
2018-12-25T11:41:52.716253754Z	9	PC: 12aa9 \| Display string (String= ' Virix-Researchers Exterminator 2.0 (c) by Cracker Jack 1991 (IVRL) ')
2018-12-25T11:41:52.72438206Z	76	PC: 12ab0 \| Terminate with return code (Return code = '36')