Sample viewer

vx.netlux.org/Virus.DOS.Tiger.1116

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:47.972802648Z	47	PC: 12a8c \| Get disk transfer address
2018-12-17T22:44:47.974728498Z	26	PC: 12aa0 \| Set disk transfer address
2018-12-17T22:44:47.978521974Z	42	PC: 12ac5 \| Get date 0x12ac5: cmp dx, 0x202 0x12ac9: jne 0x12ace 0x12acb: jmp 0x12c60 0x12ace: jmp 0x12b52 0x12ad1: xor byte ptr [bp + si], ch 0x12ad3: inc bx 0x12ad5: dec di 0x12ad6: dec bp 0x12ad7: add byte ptr [si], bl 0x12ada: sub ch, byte ptr [0x2a] 0x12ade: add byte ptr cs:[bx + si], al 0x12ae2: add byte ptr [bx + si], al 0x12ae4: add byte ptr [bx + si], al 0x12ae6: add byte ptr [bx + si], al 0x12ae8: add byte ptr [bx + si], al 0x12aea: add byte ptr [bx + si], al 0x12aec: add byte ptr [bx + di + 0x41], al 0x12aef: inc bx 0x12af1: dec di 0x12af2: dec bp
2018-12-17T22:44:47.981205828Z	47	PC: 12b56 \| Get disk transfer address
2018-12-17T22:44:47.98271242Z	71	PC: 12b6d \| Get current directory
2018-12-17T22:44:48.002407524Z	59	PC: 12c1d \| Change current directory
2018-12-17T22:44:48.006960557Z	78	PC: 12c2a \| Find first file
2018-12-17T22:44:48.013811064Z	67	PC: 12cba \| Get or set file attributes
2018-12-17T22:44:48.020976876Z	67	PC: 12ccd \| Get or set file attributes
2018-12-17T22:44:48.038921115Z	61	PC: 12cd8 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:48.047250429Z	87	PC: 12ce9 \| Get or set file date and time
2018-12-17T22:44:48.049866689Z	63	PC: 12dab \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:48.057684138Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:44:48.059965748Z	63	PC: 12dab \| Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:44:48.064542213Z	64	PC: 12d9f \| Write file or device (Write 4 bytes on handle 5)
2018-12-17T22:44:48.068447673Z	64	PC: 12d9f \| Write file or device (Write 1112 bytes on handle 5)
2018-12-17T22:44:48.078646025Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:44:48.080838622Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:44:48.083439086Z	64	PC: 12d9f \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:44:48.085460791Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:44:48.08677497Z	64	PC: 12d9f \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:44:48.089390573Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:44:48.090579483Z	64	PC: 12d9f \| Write file or device (Write 1 bytes on handle 5)
2018-12-17T22:44:48.092443112Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:44:48.094433387Z	64	PC: 12d9f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:48.09647948Z	66	PC: 12d93 \| Move file pointer
2018-12-17T22:44:48.097611664Z	64	PC: 12d9f \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:48.102427309Z	26	PC: 12e76 \| Set disk transfer address
2018-12-17T22:44:48.103724964Z	87	PC: 12d62 \| Get or set file date and time
2018-12-17T22:44:48.105208369Z	62	PC: 12d6b \| Close file
2018-12-17T22:44:48.11259042Z	67	PC: 12d7a \| Get or set file attributes
2018-12-17T22:44:48.126102038Z	59	PC: 12c1d \| Change current directory
2018-12-17T22:44:48.130425859Z	59	PC: 12c11 \| Change current directory
2018-12-17T22:44:48.132794305Z	76	PC: 12a4f \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8336,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:23.988710346Z	47	PC: 12a8c \| Get disk transfer address
2018-12-25T12:04:23.990258584Z	26	PC: 12aa0 \| Set disk transfer address
2018-12-25T12:04:23.992836331Z	42	PC: 12ac5 \| Get date 0x12ac5: cmp dx, 0x202 0x12ac9: jne 0x12ace 0x12acb: jmp 0x12c60 0x12ace: jmp 0x12b52 0x12ad1: xor byte ptr [bp + si], ch 0x12ad3: inc bx 0x12ad5: dec di 0x12ad6: dec bp 0x12ad7: add byte ptr [si], bl 0x12ada: sub ch, byte ptr [0x2a] 0x12ade: add byte ptr cs:[bx + si], al 0x12ae2: add byte ptr [bx + si], al 0x12ae4: add byte ptr [bx + si], al 0x12ae6: add byte ptr [bx + si], al 0x12ae8: add byte ptr [bx + si], al 0x12aea: add byte ptr [bx + si], al 0x12aec: add byte ptr [bx + di + 0x41], al 0x12aef: inc bx 0x12af1: dec di 0x12af2: dec bp
2018-12-25T12:04:23.994739979Z	47	PC: 12b56 \| Get disk transfer address
2018-12-25T12:04:23.996014158Z	71	PC: 12b6d \| Get current directory
2018-12-25T12:04:23.998626417Z	59	PC: 12c1d \| Change current directory
2018-12-25T12:04:24.002231232Z	78	PC: 12c2a \| Find first file
2018-12-25T12:04:24.013094711Z	67	PC: 12cba \| Get or set file attributes
2018-12-25T12:04:24.023546133Z	67	PC: 12ccd \| Get or set file attributes
2018-12-25T12:04:24.040833698Z	61	PC: 12cd8 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:04:24.047552474Z	87	PC: 12ce9 \| Get or set file date and time
2018-12-25T12:04:24.048779935Z	63	PC: 12dab \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:24.054877843Z	66	PC: 12d93 \| Move file pointer
2018-12-25T12:04:24.056326822Z	63	PC: 12dab \| Read file or device (See above)
2018-12-25T12:04:24.058873922Z	64	PC: 12d9f \| Write file or device (Write 4 bytes on handle 5)
2018-12-25T12:04:24.061131907Z	64	PC: 12d9f \| Write file or device (See above)
2018-12-25T12:04:24.070263088Z	66	PC: 12d93 \| Move file pointer (See above)
2018-12-25T12:04:24.072195623Z	66	PC: 12d93 \| Move file pointer (See above)
2018-12-25T12:04:24.07340687Z	64	PC: 12d9f \| Write file or device (See above)
2018-12-25T12:04:24.07578902Z	66	PC: 12d93 \| Move file pointer (See above)
2018-12-25T12:04:24.077656656Z	64	PC: 12d9f \| Write file or device (See above)
2018-12-25T12:04:24.080051075Z	66	PC: 12d93 \| Move file pointer (See above)
2018-12-25T12:04:24.081260791Z	64	PC: 12d9f \| Write file or device (See above)
2018-12-25T12:04:24.084653512Z	66	PC: 12d93 \| Move file pointer (See above)
2018-12-25T12:04:24.085887591Z	64	PC: 12d9f \| Write file or device (See above)
2018-12-25T12:04:24.088275638Z	66	PC: 12d93 \| Move file pointer (See above)
2018-12-25T12:04:24.090180683Z	64	PC: 12d9f \| Write file or device (See above)
2018-12-25T12:04:24.096602468Z	26	PC: 12e76 \| Set disk transfer address
2018-12-25T12:04:24.097580207Z	87	PC: 12d62 \| Get or set file date and time
2018-12-25T12:04:24.099914031Z	62	PC: 12d6b \| Close file
2018-12-25T12:04:24.108141635Z	67	PC: 12d7a \| Get or set file attributes
2018-12-25T12:04:24.117846385Z	59	PC: 12c1d \| Change current directory (See above)
2018-12-25T12:04:24.122727716Z	59	PC: 12c11 \| Change current directory
2018-12-25T12:04:24.124473971Z	76	PC: 12a4f \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8336,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:24.369008582Z	47	PC: 12a8c \| Get disk transfer address
2018-12-25T12:04:24.370850382Z	26	PC: 12aa0 \| Set disk transfer address
2018-12-25T12:04:24.374034666Z	42	PC: 12ac5 \| Get date 0x12ac5: cmp dx, 0x202 0x12ac9: jne 0x12ace 0x12acb: jmp 0x12c60 0x12ace: jmp 0x12b52 0x12ad1: xor byte ptr [bp + si], ch 0x12ad3: inc bx 0x12ad5: dec di 0x12ad6: dec bp 0x12ad7: add byte ptr [si], bl 0x12ada: sub ch, byte ptr [0x2a] 0x12ade: add byte ptr cs:[bx + si], al 0x12ae2: add byte ptr [bx + si], al 0x12ae4: add byte ptr [bx + si], al 0x12ae6: add byte ptr [bx + si], al 0x12ae8: add byte ptr [bx + si], al 0x12aea: add byte ptr [bx + si], al 0x12aec: add byte ptr [bx + di + 0x41], al 0x12aef: inc bx 0x12af1: dec di 0x12af2: dec bp
2018-12-25T12:04:24.705184589Z	9	PC: 12c9a \| Display string (String= ' O /\|\ tONY tHE tIGER, BY IIRIV, 1995 / \ ')
2018-12-25T12:04:24.709983496Z	37	PC: 12ca4 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')