Sample viewer

vx.netlux.org/Virus.DOS.Dutch_Tiny.Kennedy.333.c

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:39.858065861Z	42	PC: 12b48 \| Get date 0x12b48: cmp dx, 0x606 0x12b4c: je 0x12b76 0x12b4e: cmp dx, 0xb12 0x12b52: je 0x12b76 0x12b54: cmp dx, 0xb16 0x12b58: je 0x12b76 0x12b5a: lea dx, word ptr [si + 0x20d] 0x12b5e: sub cx, cx 0x12b60: mov ah, 0x4e 0x12b62: int 0x21 0x12b64: jb 0x12b6f 0x12b66: call 0x12b80 0x12b69: jb 0x12b6f 0x12b6b: mov ah, 0x4f 0x12b6d: jmp 0x12b62 0x12b6f: mov ax, bp 0x12b71: add ax, 0x103 0x12b74: jmp ax 0x12b76: lea dx, word ptr [si + 0x220] 0x12b7a: mov ah, 9
2018-12-17T22:45:39.859986358Z	78	PC: 12b64 \| Find first file
2018-12-17T22:45:39.863740448Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:39.867260408Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:39.881176881Z	61	PC: 12b98 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:45:39.892548107Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:45:39.899168404Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:39.903264285Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:39.90618546Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:39.911579854Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:39.921002958Z	61	PC: 12b98 \| Open file (Filename = 'PRINT.COM')
2018-12-17T22:45:39.927890336Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 6)
2018-12-17T22:45:39.934015037Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:39.942855421Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:39.949813394Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:39.961530405Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:39.971094218Z	61	PC: 12b98 \| Open file (Filename = 'HELLO.COM')
2018-12-17T22:45:39.978043895Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 7)
2018-12-17T22:45:39.984313087Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:39.988931937Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:39.991918653Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:39.997862013Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:40.016627711Z	61	PC: 12b98 \| Open file (Filename = 'PHANG.COM')
2018-12-17T22:45:40.024457591Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 8)
2018-12-17T22:45:40.029375747Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:40.033616151Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:40.036647147Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:40.04264347Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:40.052609553Z	61	PC: 12b98 \| Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:45:40.059883456Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 9)
2018-12-17T22:45:40.064465374Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:40.073959172Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:40.081239317Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:40.087596372Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:40.097975309Z	61	PC: 12b98 \| Open file (Filename = 'MANDEL.COM')
2018-12-17T22:45:40.105135173Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 10)
2018-12-17T22:45:40.112206945Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:40.116626973Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:40.120350085Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:40.126080239Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:40.135836983Z	61	PC: 12b98 \| Open file (Filename = 'PAH.COM')
2018-12-17T22:45:40.147821396Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 11)
2018-12-17T22:45:40.155455438Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:40.159899515Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:40.162426476Z	67	PC: 12b88 \| Get or set file attributes
2018-12-17T22:45:40.169015624Z	67	PC: 12b93 \| Get or set file attributes
2018-12-17T22:45:40.179337936Z	61	PC: 12b98 \| Open file (Filename = 'TEST.COM')
2018-12-17T22:45:40.185692946Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 12)
2018-12-17T22:45:40.192220909Z	66	PC: 12bbf \| Move file pointer
2018-12-17T22:45:40.193600104Z	63	PC: 12bc8 \| Read file or device (Read 2 bytes on handle 12)
2018-12-17T22:45:40.196212827Z	67	PC: 12c36 \| Get or set file attributes
2018-12-17T22:45:40.207174596Z	79	PC: 12b64 \| Find next file
2018-12-17T22:45:40.209318915Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8613,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:35.230063208Z	42	PC: 12b48 \| Get date 0x12b48: cmp dx, 0x606 0x12b4c: je 0x12b76 0x12b4e: cmp dx, 0xb12 0x12b52: je 0x12b76 0x12b54: cmp dx, 0xb16 0x12b58: je 0x12b76 0x12b5a: lea dx, word ptr [si + 0x20d] 0x12b5e: sub cx, cx 0x12b60: mov ah, 0x4e 0x12b62: int 0x21 0x12b64: jb 0x12b6f 0x12b66: call 0x12b80 0x12b69: jb 0x12b6f 0x12b6b: mov ah, 0x4f 0x12b6d: jmp 0x12b62 0x12b6f: mov ax, bp 0x12b71: add ax, 0x103 0x12b74: jmp ax 0x12b76: lea dx, word ptr [si + 0x220] 0x12b7a: mov ah, 9
2018-12-25T12:21:35.23339975Z	78	PC: 12b64 \| Find first file
2018-12-25T12:21:35.239319127Z	67	PC: 12b88 \| Get or set file attributes
2018-12-25T12:21:35.2446759Z	67	PC: 12b93 \| Get or set file attributes
2018-12-25T12:21:35.265575632Z	61	PC: 12b98 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:21:35.272389166Z	63	PC: 12ba7 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:21:35.278820988Z	67	PC: 12c36 \| Get or set file attributes
2018-12-25T12:21:35.287814382Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.294121704Z	67	PC: 12b88 \| Get or set file attributes (See above)
2018-12-25T12:21:35.299395629Z	67	PC: 12b93 \| Get or set file attributes (See above)
2018-12-25T12:21:35.308549198Z	61	PC: 12b98 \| Open file (See above)
2018-12-25T12:21:35.315761792Z	63	PC: 12ba7 \| Read file or device (See above)
2018-12-25T12:21:35.322184439Z	67	PC: 12c36 \| Get or set file attributes (See above)
2018-12-25T12:21:35.326346302Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.329388735Z	67	PC: 12b88 \| Get or set file attributes (See above)
2018-12-25T12:21:35.339516912Z	67	PC: 12b93 \| Get or set file attributes (See above)
2018-12-25T12:21:35.351852048Z	61	PC: 12b98 \| Open file (See above)
2018-12-25T12:21:35.37053334Z	63	PC: 12ba7 \| Read file or device (See above)
2018-12-25T12:21:35.377582827Z	67	PC: 12c36 \| Get or set file attributes (See above)
2018-12-25T12:21:35.381951299Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.385144316Z	67	PC: 12b88 \| Get or set file attributes (See above)
2018-12-25T12:21:35.390618646Z	67	PC: 12b93 \| Get or set file attributes (See above)
2018-12-25T12:21:35.400449882Z	61	PC: 12b98 \| Open file (See above)
2018-12-25T12:21:35.412308492Z	63	PC: 12ba7 \| Read file or device (See above)
2018-12-25T12:21:35.418654251Z	67	PC: 12c36 \| Get or set file attributes (See above)
2018-12-25T12:21:35.423467059Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.426513187Z	67	PC: 12b88 \| Get or set file attributes (See above)
2018-12-25T12:21:35.431924469Z	67	PC: 12b93 \| Get or set file attributes (See above)
2018-12-25T12:21:35.441746559Z	61	PC: 12b98 \| Open file (See above)
2018-12-25T12:21:35.449232027Z	63	PC: 12ba7 \| Read file or device (See above)
2018-12-25T12:21:35.455513542Z	67	PC: 12c36 \| Get or set file attributes (See above)
2018-12-25T12:21:35.45836276Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.46028401Z	67	PC: 12b88 \| Get or set file attributes (See above)
2018-12-25T12:21:35.464654561Z	67	PC: 12b93 \| Get or set file attributes (See above)
2018-12-25T12:21:35.470636435Z	61	PC: 12b98 \| Open file (See above)
2018-12-25T12:21:35.481609249Z	63	PC: 12ba7 \| Read file or device (See above)
2018-12-25T12:21:35.487257536Z	67	PC: 12c36 \| Get or set file attributes (See above)
2018-12-25T12:21:35.490036589Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.492175375Z	67	PC: 12b88 \| Get or set file attributes (See above)
2018-12-25T12:21:35.496538139Z	67	PC: 12b93 \| Get or set file attributes (See above)
2018-12-25T12:21:35.505321185Z	61	PC: 12b98 \| Open file (See above)
2018-12-25T12:21:35.511614386Z	63	PC: 12ba7 \| Read file or device (See above)
2018-12-25T12:21:35.518375928Z	67	PC: 12c36 \| Get or set file attributes (See above)
2018-12-25T12:21:35.527368793Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.533852645Z	67	PC: 12b88 \| Get or set file attributes (See above)
2018-12-25T12:21:35.545030137Z	67	PC: 12b93 \| Get or set file attributes (See above)
2018-12-25T12:21:35.554921318Z	61	PC: 12b98 \| Open file (See above)
2018-12-25T12:21:35.56144149Z	63	PC: 12ba7 \| Read file or device (See above)
2018-12-25T12:21:35.568627409Z	66	PC: 12bbf \| Move file pointer
2018-12-25T12:21:35.570079547Z	63	PC: 12bc8 \| Read file or device (Read 2 bytes on handle 12)
2018-12-25T12:21:35.572553135Z	67	PC: 12c36 \| Get or set file attributes (See above)
2018-12-25T12:21:35.57931313Z	79	PC: 12b64 \| Find next file (See above)
2018-12-25T12:21:35.581635424Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":6,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8613,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:35.444238087Z	42	PC: 12b48 \| Get date 0x12b48: cmp dx, 0x606 0x12b4c: je 0x12b76 0x12b4e: cmp dx, 0xb12 0x12b52: je 0x12b76 0x12b54: cmp dx, 0xb16 0x12b58: je 0x12b76 0x12b5a: lea dx, word ptr [si + 0x20d] 0x12b5e: sub cx, cx 0x12b60: mov ah, 0x4e 0x12b62: int 0x21 0x12b64: jb 0x12b6f 0x12b66: call 0x12b80 0x12b69: jb 0x12b6f 0x12b6b: mov ah, 0x4f 0x12b6d: jmp 0x12b62 0x12b6f: mov ax, bp 0x12b71: add ax, 0x103 0x12b74: jmp ax 0x12b76: lea dx, word ptr [si + 0x220] 0x12b7a: mov ah, 9
2018-12-25T12:21:35.446995695Z	9	PC: 12b7e \| Display string (String= ' ')
2018-12-25T12:21:35.450649387Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":18,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8613,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:35.691780183Z	42	PC: 12b48 \| Get date 0x12b48: cmp dx, 0x606 0x12b4c: je 0x12b76 0x12b4e: cmp dx, 0xb12 0x12b52: je 0x12b76 0x12b54: cmp dx, 0xb16 0x12b58: je 0x12b76 0x12b5a: lea dx, word ptr [si + 0x20d] 0x12b5e: sub cx, cx 0x12b60: mov ah, 0x4e 0x12b62: int 0x21 0x12b64: jb 0x12b6f 0x12b66: call 0x12b80 0x12b69: jb 0x12b6f 0x12b6b: mov ah, 0x4f 0x12b6d: jmp 0x12b62 0x12b6f: mov ax, bp 0x12b71: add ax, 0x103 0x12b74: jmp ax 0x12b76: lea dx, word ptr [si + 0x220] 0x12b7a: mov ah, 9
2018-12-25T12:21:35.694641565Z	9	PC: 12b7e \| Display string (String= ' ')
2018-12-25T12:21:35.698715439Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":22,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8613,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:35.909798679Z	42	PC: 12b48 \| Get date 0x12b48: cmp dx, 0x606 0x12b4c: je 0x12b76 0x12b4e: cmp dx, 0xb12 0x12b52: je 0x12b76 0x12b54: cmp dx, 0xb16 0x12b58: je 0x12b76 0x12b5a: lea dx, word ptr [si + 0x20d] 0x12b5e: sub cx, cx 0x12b60: mov ah, 0x4e 0x12b62: int 0x21 0x12b64: jb 0x12b6f 0x12b66: call 0x12b80 0x12b69: jb 0x12b6f 0x12b6b: mov ah, 0x4f 0x12b6d: jmp 0x12b62 0x12b6f: mov ax, bp 0x12b71: add ax, 0x103 0x12b74: jmp ax 0x12b76: lea dx, word ptr [si + 0x220] 0x12b7a: mov ah, 9
2018-12-25T12:21:35.912627447Z	9	PC: 12b7e \| Display string (String= ' ')
2018-12-25T12:21:35.916390237Z	76	PC: 12a5b \| Terminate with return code (Return code = '1')