Sample viewer

vx.netlux.org/Virus.DOS.Cossiga.883.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:57:49.00042233Z 26 PC: 12c3f | Set disk transfer address
2018-12-17T21:57:49.002286202Z 71 PC: 12c48 | Get current directory
2018-12-17T21:57:49.005091736Z 59 PC: 12c54 | Change current directory
2018-12-17T21:57:49.008855169Z 78 PC: 12c5e | Find first file
2018-12-17T21:57:49.015066449Z 78 PC: 12c82 | Find first file
2018-12-17T21:57:49.021169241Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.023640069Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.026391566Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.032347545Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.034907601Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.037533639Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.041784938Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.044110975Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.046317929Z 79 PC: 12c91 | Find next file
2018-12-17T21:57:49.049823428Z 42 PC: 12c9a | Get date 0x12c9a: mov ax, si
0x12c9c: and dl, al
0x12c9e: mov bp, dx
0x12ca0: and bp, 0xff
0x12ca4: cmp bp, 0
0x12ca7: je 0x12cb5
0x12ca9: jmp 0x12c75
0x12cab: mov bp, 0
0x12cae: mov dx, 0x38a
0x12cb1: mov ah, 0x3b
0x12cb3: int 0x21
0x12cb5: mov si, 0
0x12cb8: mov cx, 0x20
0x12cbb: mov dx, 0x3bc
0x12cbe: mov ah, 0x4e
0x12cc0: int 0x21
0x12cc2: cmp ax, 0x12
0x12cc5: jne 0x12cca
0x12cc7: inc bp
0x12cc8: jmp 0x12d41
2018-12-17T21:57:49.051958685Z 78 PC: 12cc2 | Find first file
2018-12-17T21:57:49.0629884Z 79 PC: 12cd3 | Find next file
2018-12-17T21:57:49.067429215Z 78 PC: 12cc2 | Find first file
2018-12-17T21:57:49.073666881Z 61 PC: 12ce8 | Open file (Filename = 'F;�t�O�!=')
2018-12-17T21:57:49.079863451Z 66 PC: 12cfd | Move file pointer
2018-12-17T21:57:49.081733414Z 63 PC: 12d07 | Read file or device (Read 8 bytes on handle 5)
2018-12-17T21:57:49.088212434Z 62 PC: 12d24 | Close file
2018-12-17T21:57:49.0898307Z 78 PC: 12cc2 | Find first file
2018-12-17T21:57:49.096399956Z 79 PC: 12cd3 | Find next file
2018-12-17T21:57:49.098743744Z 59 PC: 12e17 | Change current directory
2018-12-17T21:57:49.102576534Z 59 PC: 12e1e | Change current directory
2018-12-17T21:57:49.104457614Z 42 PC: 12e22 | Get date 0x12e22: cmp cx, 0x7c7
0x12e26: jg 0x12e36
0x12e28: cmp dh, 0xa
0x12e2b: jge 0x12e2f
0x12e2d: jmp 0x12e47
0x12e2f: cmp dl, 0x11
0x12e32: jge 0x12e36
0x12e34: jmp 0x12e47
0x12e36: call 0x12e76
0x12e39: mov ax, 4
0x12e3c: int 0x10
0x12e3e: mov ah, 9
0x12e40: mov dx, 0x3e2
0x12e43: int 0x21
0x12e45: jmp 0x12e72
0x12e47: pop si
0x12e48: pop bx
0x12e49: pop dx
0x12e4a: pop cx
0x12e4b: pop ax
2018-12-17T21:57:49.112502619Z 9 PC: 12e45 | Display string (Could not find end pointer)
2018-12-17T21:57:49.117794909Z 76 PC: 12e76 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":862,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:56.084635488Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T11:41:56.086301546Z 71 PC: 12c48 | Get current directory
2018-12-25T11:41:56.089290435Z 59 PC: 12c54 | Change current directory
2018-12-25T11:41:56.093169396Z 78 PC: 12c5e | Find first file
2018-12-25T11:41:56.099410439Z 78 PC: 12c82 | Find first file
2018-12-25T11:41:56.104999487Z 79 PC: 12c91 | Find next file
2018-12-25T11:41:56.107462556Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.114663793Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.117118928Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.119526614Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.122940344Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.125368245Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.127710724Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.130082456Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.132516761Z 42 PC: 12c9a | Get date 0x12c9a: mov ax, si
0x12c9c: and dl, al
0x12c9e: mov bp, dx
0x12ca0: and bp, 0xff
0x12ca4: cmp bp, 0
0x12ca7: je 0x12cb5
0x12ca9: jmp 0x12c75
0x12cab: mov bp, 0
0x12cae: mov dx, 0x38a
0x12cb1: mov ah, 0x3b
0x12cb3: int 0x21
0x12cb5: mov si, 0
0x12cb8: mov cx, 0x20
0x12cbb: mov dx, 0x3bc
0x12cbe: mov ah, 0x4e
0x12cc0: int 0x21
0x12cc2: cmp ax, 0x12
0x12cc5: jne 0x12cca
0x12cc7: inc bp
0x12cc8: jmp 0x12d41
2018-12-25T11:41:56.134541582Z 78 PC: 12cc2 | Find first file
2018-12-25T11:41:56.145389751Z 79 PC: 12cd3 | Find next file
2018-12-25T11:41:56.148661909Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.154275505Z 61 PC: 12ce8 | Open file (Filename = 'F;�t�O�!=')
2018-12-25T11:41:56.161757595Z 66 PC: 12cfd | Move file pointer
2018-12-25T11:41:56.166417402Z 63 PC: 12d07 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:41:56.174710886Z 62 PC: 12d24 | Close file
2018-12-25T11:41:56.176514999Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.182778814Z 79 PC: 12cd3 | Find next file (See above)
2018-12-25T11:41:56.185170402Z 59 PC: 12e17 | Change current directory
2018-12-25T11:41:56.189275951Z 59 PC: 12e1e | Change current directory
2018-12-25T11:41:56.191738651Z 42 PC: 12e22 | Get date 0x12e22: cmp cx, 0x7c7
0x12e26: jg 0x12e36
0x12e28: cmp dh, 0xa
0x12e2b: jge 0x12e2f
0x12e2d: jmp 0x12e47
0x12e2f: cmp dl, 0x11
0x12e32: jge 0x12e36
0x12e34: jmp 0x12e47
0x12e36: call 0x12e76
0x12e39: mov ax, 4
0x12e3c: int 0x10
0x12e3e: mov ah, 9
0x12e40: mov dx, 0x3e2
0x12e43: int 0x21
0x12e45: jmp 0x12e72
0x12e47: pop si
0x12e48: pop bx
0x12e49: pop dx
0x12e4a: pop cx
0x12e4b: pop ax

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":862,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:56.153785761Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T11:41:56.15549544Z 71 PC: 12c48 | Get current directory
2018-12-25T11:41:56.158273065Z 59 PC: 12c54 | Change current directory
2018-12-25T11:41:56.162265258Z 78 PC: 12c5e | Find first file
2018-12-25T11:41:56.173898367Z 78 PC: 12c82 | Find first file
2018-12-25T11:41:56.180471983Z 79 PC: 12c91 | Find next file
2018-12-25T11:41:56.183016001Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.185965524Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.188667955Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.191039288Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.193388653Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.196151784Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.198566151Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.201098413Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.203830515Z 42 PC: 12c9a | Get date 0x12c9a: mov ax, si
0x12c9c: and dl, al
0x12c9e: mov bp, dx
0x12ca0: and bp, 0xff
0x12ca4: cmp bp, 0
0x12ca7: je 0x12cb5
0x12ca9: jmp 0x12c75
0x12cab: mov bp, 0
0x12cae: mov dx, 0x38a
0x12cb1: mov ah, 0x3b
0x12cb3: int 0x21
0x12cb5: mov si, 0
0x12cb8: mov cx, 0x20
0x12cbb: mov dx, 0x3bc
0x12cbe: mov ah, 0x4e
0x12cc0: int 0x21
0x12cc2: cmp ax, 0x12
0x12cc5: jne 0x12cca
0x12cc7: inc bp
0x12cc8: jmp 0x12d41
2018-12-25T11:41:56.206078689Z 78 PC: 12cc2 | Find first file
2018-12-25T11:41:56.212360865Z 79 PC: 12cd3 | Find next file
2018-12-25T11:41:56.215120624Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.220794964Z 61 PC: 12ce8 | Open file (Filename = 'F;�t�O�!=')
2018-12-25T11:41:56.227108801Z 66 PC: 12cfd | Move file pointer
2018-12-25T11:41:56.228941166Z 63 PC: 12d07 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:41:56.236030315Z 62 PC: 12d24 | Close file
2018-12-25T11:41:56.237784184Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.244665285Z 79 PC: 12cd3 | Find next file (See above)
2018-12-25T11:41:56.246982758Z 59 PC: 12e17 | Change current directory
2018-12-25T11:41:56.25091952Z 59 PC: 12e1e | Change current directory
2018-12-25T11:41:56.253914774Z 42 PC: 12e22 | Get date 0x12e22: cmp cx, 0x7c7
0x12e26: jg 0x12e36
0x12e28: cmp dh, 0xa
0x12e2b: jge 0x12e2f
0x12e2d: jmp 0x12e47
0x12e2f: cmp dl, 0x11
0x12e32: jge 0x12e36
0x12e34: jmp 0x12e47
0x12e36: call 0x12e76
0x12e39: mov ax, 4
0x12e3c: int 0x10
0x12e3e: mov ah, 9
0x12e40: mov dx, 0x3e2
0x12e43: int 0x21
0x12e45: jmp 0x12e72
0x12e47: pop si
0x12e48: pop bx
0x12e49: pop dx
0x12e4a: pop cx
0x12e4b: pop ax

{"DateBased":true,"Day":17,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":862,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:56.151406847Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T11:41:56.152776012Z 71 PC: 12c48 | Get current directory
2018-12-25T11:41:56.156339441Z 59 PC: 12c54 | Change current directory
2018-12-25T11:41:56.160573932Z 78 PC: 12c5e | Find first file
2018-12-25T11:41:56.166975651Z 78 PC: 12c82 | Find first file
2018-12-25T11:41:56.173722154Z 79 PC: 12c91 | Find next file
2018-12-25T11:41:56.176348587Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.179036838Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.182197895Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.184874557Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.187497438Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.190618318Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.193453841Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.196107876Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.199003545Z 42 PC: 12c9a | Get date 0x12c9a: mov ax, si
0x12c9c: and dl, al
0x12c9e: mov bp, dx
0x12ca0: and bp, 0xff
0x12ca4: cmp bp, 0
0x12ca7: je 0x12cb5
0x12ca9: jmp 0x12c75
0x12cab: mov bp, 0
0x12cae: mov dx, 0x38a
0x12cb1: mov ah, 0x3b
0x12cb3: int 0x21
0x12cb5: mov si, 0
0x12cb8: mov cx, 0x20
0x12cbb: mov dx, 0x3bc
0x12cbe: mov ah, 0x4e
0x12cc0: int 0x21
0x12cc2: cmp ax, 0x12
0x12cc5: jne 0x12cca
0x12cc7: inc bp
0x12cc8: jmp 0x12d41
2018-12-25T11:41:56.201283175Z 78 PC: 12cc2 | Find first file
2018-12-25T11:41:56.213848036Z 79 PC: 12cd3 | Find next file
2018-12-25T11:41:56.216670025Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.225636654Z 61 PC: 12ce8 | Open file (Filename = 'F;�t�O�!=')
2018-12-25T11:41:56.23326975Z 66 PC: 12cfd | Move file pointer
2018-12-25T11:41:56.235041409Z 63 PC: 12d07 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:41:56.246509229Z 62 PC: 12d24 | Close file
2018-12-25T11:41:56.24848649Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.255414905Z 79 PC: 12cd3 | Find next file (See above)
2018-12-25T11:41:56.258012015Z 59 PC: 12e17 | Change current directory
2018-12-25T11:41:56.262448696Z 59 PC: 12e1e | Change current directory
2018-12-25T11:41:56.264809497Z 42 PC: 12e22 | Get date 0x12e22: cmp cx, 0x7c7
0x12e26: jg 0x12e36
0x12e28: cmp dh, 0xa
0x12e2b: jge 0x12e2f
0x12e2d: jmp 0x12e47
0x12e2f: cmp dl, 0x11
0x12e32: jge 0x12e36
0x12e34: jmp 0x12e47
0x12e36: call 0x12e76
0x12e39: mov ax, 4
0x12e3c: int 0x10
0x12e3e: mov ah, 9
0x12e40: mov dx, 0x3e2
0x12e43: int 0x21
0x12e45: jmp 0x12e72
0x12e47: pop si
0x12e48: pop bx
0x12e49: pop dx
0x12e4a: pop cx
0x12e4b: pop ax
2018-12-25T11:41:56.274886192Z 9 PC: 12e45 | Display string (Could not find end pointer)
2018-12-25T11:41:56.281500884Z 76 PC: 12e76 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":862,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:56.225939865Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T11:41:56.227814495Z 71 PC: 12c48 | Get current directory
2018-12-25T11:41:56.231724988Z 59 PC: 12c54 | Change current directory
2018-12-25T11:41:56.235620231Z 78 PC: 12c5e | Find first file
2018-12-25T11:41:56.248202282Z 78 PC: 12c82 | Find first file
2018-12-25T11:41:56.258898386Z 79 PC: 12c91 | Find next file
2018-12-25T11:41:56.261269736Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.264112094Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.266836306Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.269635633Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.273412452Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.276009115Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.277799946Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.279644322Z 79 PC: 12c91 | Find next file (See above)
2018-12-25T11:41:56.281540341Z 42 PC: 12c9a | Get date 0x12c9a: mov ax, si
0x12c9c: and dl, al
0x12c9e: mov bp, dx
0x12ca0: and bp, 0xff
0x12ca4: cmp bp, 0
0x12ca7: je 0x12cb5
0x12ca9: jmp 0x12c75
0x12cab: mov bp, 0
0x12cae: mov dx, 0x38a
0x12cb1: mov ah, 0x3b
0x12cb3: int 0x21
0x12cb5: mov si, 0
0x12cb8: mov cx, 0x20
0x12cbb: mov dx, 0x3bc
0x12cbe: mov ah, 0x4e
0x12cc0: int 0x21
0x12cc2: cmp ax, 0x12
0x12cc5: jne 0x12cca
0x12cc7: inc bp
0x12cc8: jmp 0x12d41
2018-12-25T11:41:56.283125751Z 78 PC: 12cc2 | Find first file
2018-12-25T11:41:56.288878672Z 79 PC: 12cd3 | Find next file
2018-12-25T11:41:56.291215569Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.296883411Z 61 PC: 12ce8 | Open file (Filename = 'F;�t�O�!=')
2018-12-25T11:41:56.303206279Z 66 PC: 12cfd | Move file pointer
2018-12-25T11:41:56.305051519Z 63 PC: 12d07 | Read file or device (Read 8 bytes on handle 5)
2018-12-25T11:41:56.311950799Z 62 PC: 12d24 | Close file
2018-12-25T11:41:56.31355849Z 78 PC: 12cc2 | Find first file (See above)
2018-12-25T11:41:56.317986983Z 79 PC: 12cd3 | Find next file (See above)
2018-12-25T11:41:56.320178494Z 59 PC: 12e17 | Change current directory
2018-12-25T11:41:56.323869436Z 59 PC: 12e1e | Change current directory
2018-12-25T11:41:56.326000268Z 42 PC: 12e22 | Get date 0x12e22: cmp cx, 0x7c7
0x12e26: jg 0x12e36
0x12e28: cmp dh, 0xa
0x12e2b: jge 0x12e2f
0x12e2d: jmp 0x12e47
0x12e2f: cmp dl, 0x11
0x12e32: jge 0x12e36
0x12e34: jmp 0x12e47
0x12e36: call 0x12e76
0x12e39: mov ax, 4
0x12e3c: int 0x10
0x12e3e: mov ah, 9
0x12e40: mov dx, 0x3e2
0x12e43: int 0x21
0x12e45: jmp 0x12e72
0x12e47: pop si
0x12e48: pop bx
0x12e49: pop dx
0x12e4a: pop cx
0x12e4b: pop ax
2018-12-25T11:41:56.334062757Z 9 PC: 12e45 | Display string (Could not find end pointer)
2018-12-25T11:41:56.339555103Z 76 PC: 12e76 | Terminate with return code (Return code = '36')