Sample viewer

vx.netlux.org/Virus.DOS.Mayhem

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:57:20.193155988Z	42	PC: 12a7e \| Get date 0x12a7e: cmp al, 2 0x12a80: je 0x12a66 0x12a82: mov ax, 0x2524 0x12a85: lea dx, word ptr [bp + 0x1e5] 0x12a89: int 0x21 0x12a8b: mov ah, 0x2c 0x12a8d: int 0x21 0x12a8f: mov byte ptr [0x2c5], dl 0x12a93: lea dx, word ptr [bp + 0x29b] 0x12a97: mov ah, 0x1a 0x12a99: int 0x21 0x12a9b: mov ah, 0x47 0x12a9d: mov dl, 0 0x12a9f: mov si, 0x25b 0x12aa2: int 0x21 0x12aa4: mov dx, 0x251 0x12aa7: mov ah, 0x3b 0x12aa9: int 0x21 0x12aab: jae 0x12aa4 0x12aad: mov ah, 9
2018-12-17T21:57:20.19690719Z	37	PC: 12a8b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T21:57:20.198114583Z	44	PC: 12a8f \| Get time 0x12a8f: mov byte ptr [0x2c5], dl 0x12a93: lea dx, word ptr [bp + 0x29b] 0x12a97: mov ah, 0x1a 0x12a99: int 0x21 0x12a9b: mov ah, 0x47 0x12a9d: mov dl, 0 0x12a9f: mov si, 0x25b 0x12aa2: int 0x21 0x12aa4: mov dx, 0x251 0x12aa7: mov ah, 0x3b 0x12aa9: int 0x21 0x12aab: jae 0x12aa4 0x12aad: mov ah, 9 0x12aaf: mov dx, 0x1e8 0x12ab2: int 0x21 0x12ab4: call 0x22a5d 0x12ab7: mov dx, 0x25b 0x12aba: mov ah, 0x3b 0x12abc: int 0x21 0x12abe: mov dx, 0x255
2018-12-17T21:57:20.199628929Z	26	PC: 12a9b \| Set disk transfer address
2018-12-17T21:57:20.200960406Z	71	PC: 12aa4 \| Get current directory
2018-12-17T21:57:20.20292512Z	59	PC: 12aab \| Change current directory
2018-12-17T21:57:20.207177261Z	9	PC: 12ab4 \| Display string (String= 'Mayhem Virus')
2018-12-17T21:57:20.209355417Z	59	PC: 12abe \| Change current directory
2018-12-17T21:57:20.211619447Z	78	PC: 12ac8 \| Find first file
2018-12-17T21:57:20.217906087Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.506856057Z	61	PC: 12b17 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T21:57:20.519528976Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.543710806Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.545219628Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.553848602Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.563850738Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.566828154Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.577641151Z	61	PC: 12b17 \| Open file (Filename = 'PRINT.COM')
2018-12-17T21:57:20.584586715Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.591394471Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.594475449Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.601908017Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.611632624Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.615204838Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.62498416Z	61	PC: 12b17 \| Open file (Filename = 'HELLO.COM')
2018-12-17T21:57:20.631655981Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.639173978Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.64106205Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.648455822Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.661767486Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.664736729Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.674116899Z	61	PC: 12b17 \| Open file (Filename = 'PHANG.COM')
2018-12-17T21:57:20.680839814Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.692679812Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.694961621Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.702072525Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.714267378Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.717026164Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.729674418Z	61	PC: 12b17 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T21:57:20.736906917Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.742825595Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.744023796Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.749509497Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.755662085Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.758648935Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.774217313Z	61	PC: 12b17 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T21:57:20.785473111Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.792236246Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.795145575Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.802359244Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.812091654Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.815796473Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.825782673Z	61	PC: 12b17 \| Open file (Filename = 'PAH.COM')
2018-12-17T21:57:20.832536862Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.839354624Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.841472968Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.848739195Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.861409432Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.864253138Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.873710139Z	61	PC: 12b17 \| Open file (Filename = 'TEST.COM')
2018-12-17T21:57:20.880355312Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.887176027Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.888570879Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.895745488Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.90539388Z	79	PC: 12ac8 \| Find next file
2018-12-17T21:57:20.907712975Z	9	PC: 12ad8 \| Display string (String= 'Mayhem Virus')
2018-12-17T21:57:20.909861622Z	67	PC: 12b24 \| Get or set file attributes
2018-12-17T21:57:20.922548796Z	61	PC: 12b17 \| Open file (Filename = 'TEST.COM')
2018-12-17T21:57:20.928976317Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-17T21:57:20.935244449Z	87	PC: 12b00 \| Get or set file date and time
2018-12-17T21:57:20.937217562Z	62	PC: 12b04 \| Close file
2018-12-17T21:57:20.944218546Z	67	PC: 12b24 \| Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:54.379678531Z	42	PC: 12a7e \| Get date 0x12a7e: cmp al, 2 0x12a80: je 0x12a66 0x12a82: mov ax, 0x2524 0x12a85: lea dx, word ptr [bp + 0x1e5] 0x12a89: int 0x21 0x12a8b: mov ah, 0x2c 0x12a8d: int 0x21 0x12a8f: mov byte ptr [0x2c5], dl 0x12a93: lea dx, word ptr [bp + 0x29b] 0x12a97: mov ah, 0x1a 0x12a99: int 0x21 0x12a9b: mov ah, 0x47 0x12a9d: mov dl, 0 0x12a9f: mov si, 0x25b 0x12aa2: int 0x21 0x12aa4: mov dx, 0x251 0x12aa7: mov ah, 0x3b 0x12aa9: int 0x21 0x12aab: jae 0x12aa4 0x12aad: mov ah, 9

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":805,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:54.446376789Z	42	PC: 12a7e \| Get date 0x12a7e: cmp al, 2 0x12a80: je 0x12a66 0x12a82: mov ax, 0x2524 0x12a85: lea dx, word ptr [bp + 0x1e5] 0x12a89: int 0x21 0x12a8b: mov ah, 0x2c 0x12a8d: int 0x21 0x12a8f: mov byte ptr [0x2c5], dl 0x12a93: lea dx, word ptr [bp + 0x29b] 0x12a97: mov ah, 0x1a 0x12a99: int 0x21 0x12a9b: mov ah, 0x47 0x12a9d: mov dl, 0 0x12a9f: mov si, 0x25b 0x12aa2: int 0x21 0x12aa4: mov dx, 0x251 0x12aa7: mov ah, 0x3b 0x12aa9: int 0x21 0x12aab: jae 0x12aa4 0x12aad: mov ah, 9
2018-12-25T11:41:54.449723998Z	37	PC: 12a8b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:54.453712086Z	44	PC: 12a8f \| Get time 0x12a8f: mov byte ptr [0x2c5], dl 0x12a93: lea dx, word ptr [bp + 0x29b] 0x12a97: mov ah, 0x1a 0x12a99: int 0x21 0x12a9b: mov ah, 0x47 0x12a9d: mov dl, 0 0x12a9f: mov si, 0x25b 0x12aa2: int 0x21 0x12aa4: mov dx, 0x251 0x12aa7: mov ah, 0x3b 0x12aa9: int 0x21 0x12aab: jae 0x12aa4 0x12aad: mov ah, 9 0x12aaf: mov dx, 0x1e8 0x12ab2: int 0x21 0x12ab4: call 0x22a5d 0x12ab7: mov dx, 0x25b 0x12aba: mov ah, 0x3b 0x12abc: int 0x21 0x12abe: mov dx, 0x255
2018-12-25T11:41:54.456492079Z	26	PC: 12a9b \| Set disk transfer address
2018-12-25T11:41:54.459155593Z	71	PC: 12aa4 \| Get current directory
2018-12-25T11:41:54.462447717Z	59	PC: 12aab \| Change current directory
2018-12-25T11:41:54.46782713Z	9	PC: 12ab4 \| Display string (String= 'Mayhem Virus')
2018-12-25T11:41:54.470334361Z	59	PC: 12abe \| Change current directory
2018-12-25T11:41:54.473548666Z	78	PC: 12ac8 \| Find first file
2018-12-25T11:41:54.48062389Z	67	PC: 12b24 \| Get or set file attributes
2018-12-25T11:41:54.498213095Z	61	PC: 12b17 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T11:41:54.506710745Z	64	PC: 12af1 \| Write file or device (Write 457 bytes on handle 5)
2018-12-25T11:41:54.514282753Z	87	PC: 12b00 \| Get or set file date and time
2018-12-25T11:41:54.516054907Z	62	PC: 12b04 \| Close file
2018-12-25T11:41:54.533518827Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.551964177Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.557051225Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.568430961Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.575377751Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.583049146Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.585973022Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.599601908Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.630930816Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.634446047Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.646798861Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.654769138Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.663158405Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.666220328Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.674927303Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.686536157Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.695982367Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.707228974Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.715108231Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.724453815Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.726262919Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.735266165Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.747276705Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.750711026Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.761939854Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.769961683Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.77789165Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.779891066Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.788500155Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.81574319Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.819114461Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.830499104Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.83598936Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.840496597Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.841840158Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.847770299Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.855323318Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.858368854Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.866742367Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.871914267Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.877288657Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.879378365Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.885413083Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.892850576Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.895314675Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.904232819Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.914874174Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.919369435Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.921323962Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.927034942Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.934681962Z	79	PC: 12ac8 \| Find next file (See above)
2018-12-25T11:41:54.937444407Z	9	PC: 12ad8 \| Display string (String= 'Mayhem Virus')
2018-12-25T11:41:54.939496375Z	67	PC: 12b24 \| Get or set file attributes (See above)
2018-12-25T11:41:54.947174841Z	61	PC: 12b17 \| Open file (See above)
2018-12-25T11:41:54.952773582Z	64	PC: 12af1 \| Write file or device (See above)
2018-12-25T11:41:54.954936216Z	87	PC: 12b00 \| Get or set file date and time (See above)
2018-12-25T11:41:54.956544613Z	62	PC: 12b04 \| Close file (See above)
2018-12-25T11:41:54.962956658Z	67	PC: 12b24 \| Get or set file attributes (See above)