Sample viewer

vx.netlux.org/Virus.DOS.Carioca.951

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:16.526675945Z	144	PC: 12c1f \| UNKNOWN!
2018-12-17T22:47:16.537950101Z	74	PC: 12c4a \| Reallocate memory
2018-12-17T22:47:16.539454Z	72	PC: 12c58 \| Allocate memory
2018-12-17T22:47:16.541187176Z	72	PC: 12c5e \| Allocate memory
2018-12-17T22:47:16.543048948Z	53	PC: 12cae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:16.545529946Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:16.547833664Z	53	PC: 12cc5 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:47:16.550146374Z	37	PC: 12cd7 \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:47:16.553247865Z	53	PC: 12cdc \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:47:16.554959117Z	37	PC: 12cee \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:47:16.556301565Z	53	PC: 12d2d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:16.558283925Z	37	PC: 12d3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:16.559739195Z	42	PC: 12d43 \| Get date 0x12d43: cmp cx, 0x7c5 0x12d47: jb 0x12d71 0x12d49: cmp dh, 0xb 0x12d4c: jb 0x12d71 0x12d4e: cmp dl, 0xf 0x12d51: jb 0x12d71 0x12d53: mov word ptr cs:[0x3b9], 0x320 0x12d5a: mov ax, 0x3509 0x12d5d: int 0x21 0x12d5f: mov word ptr cs:[0x3b0], bx 0x12d64: mov word ptr cs:[0x3b2], es 0x12d69: mov ax, 0x2509 0x12d6c: mov dx, 0x3cb 0x12d6f: int 0x21 0x12d71: mov dx, word ptr cs:[0x12c] 0x12d76: mov ah, 0x26 0x12d78: int 0x21 0x12d7a: mov byte ptr cs:[0x127], 1 0x12d80: mov ax, word ptr cs:[0x12c] 0x12d84: mov ds, ax
2018-12-17T22:47:16.562232383Z	53	PC: 12d5f \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:47:16.564391318Z	37	PC: 12d71 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:47:16.565924303Z	38	PC: 12d7a \| Create PSP
2018-12-17T22:47:16.567787779Z	26	PC: 12d93 \| Set disk transfer address
2018-12-17T22:47:16.569606698Z	37	PC: 12db0 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:47:16.571359846Z	37	PC: 12dbf \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-17T22:47:16.572859506Z	73	PC: 12ddf \| Release memory
2018-12-17T22:47:16.574732293Z	49	PC: 12df3 \| Terminate and stay resident (Return code = '0' \| Memory size = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9158,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:36.337841512Z	144	PC: 12c1f \| UNKNOWN!
2018-12-25T12:22:36.3401606Z	74	PC: 12c4a \| Reallocate memory
2018-12-25T12:22:36.34214408Z	72	PC: 12c58 \| Allocate memory
2018-12-25T12:22:36.34443549Z	72	PC: 12c5e \| Allocate memory
2018-12-25T12:22:36.347089127Z	53	PC: 12cae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:36.348484856Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:36.349716357Z	53	PC: 12cc5 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:36.354630692Z	37	PC: 12cd7 \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:36.356353347Z	53	PC: 12cdc \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:36.357591654Z	37	PC: 12cee \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:36.359412758Z	53	PC: 12d2d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:36.37513587Z	37	PC: 12d3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:36.376233474Z	42	PC: 12d43 \| Get date 0x12d43: cmp cx, 0x7c5 0x12d47: jb 0x12d71 0x12d49: cmp dh, 0xb 0x12d4c: jb 0x12d71 0x12d4e: cmp dl, 0xf 0x12d51: jb 0x12d71 0x12d53: mov word ptr cs:[0x3b9], 0x320 0x12d5a: mov ax, 0x3509 0x12d5d: int 0x21 0x12d5f: mov word ptr cs:[0x3b0], bx 0x12d64: mov word ptr cs:[0x3b2], es 0x12d69: mov ax, 0x2509 0x12d6c: mov dx, 0x3cb 0x12d6f: int 0x21 0x12d71: mov dx, word ptr cs:[0x12c] 0x12d76: mov ah, 0x26 0x12d78: int 0x21 0x12d7a: mov byte ptr cs:[0x127], 1 0x12d80: mov ax, word ptr cs:[0x12c] 0x12d84: mov ds, ax
2018-12-25T12:22:36.378709032Z	38	PC: 12d7a \| Create PSP
2018-12-25T12:22:36.380713293Z	26	PC: 12d93 \| Set disk transfer address
2018-12-25T12:22:36.382193081Z	37	PC: 12db0 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:36.383593156Z	37	PC: 12dbf \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:36.38589133Z	73	PC: 12ddf \| Release memory
2018-12-25T12:22:36.387408507Z	49	PC: 12df3 \| Terminate and stay resident (Return code = '0' \| Memory size = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9158,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:36.559509201Z	144	PC: 12c1f \| UNKNOWN!
2018-12-25T12:22:36.560585968Z	74	PC: 12c4a \| Reallocate memory
2018-12-25T12:22:36.561806418Z	72	PC: 12c58 \| Allocate memory
2018-12-25T12:22:36.563282202Z	72	PC: 12c5e \| Allocate memory
2018-12-25T12:22:36.56547776Z	53	PC: 12cae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:36.566521069Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:36.567536057Z	53	PC: 12cc5 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:36.568870332Z	37	PC: 12cd7 \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:36.570035115Z	53	PC: 12cdc \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:36.571172625Z	37	PC: 12cee \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:36.572460447Z	53	PC: 12d2d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:36.573597995Z	37	PC: 12d3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:36.574534299Z	42	PC: 12d43 \| Get date 0x12d43: cmp cx, 0x7c5 0x12d47: jb 0x12d71 0x12d49: cmp dh, 0xb 0x12d4c: jb 0x12d71 0x12d4e: cmp dl, 0xf 0x12d51: jb 0x12d71 0x12d53: mov word ptr cs:[0x3b9], 0x320 0x12d5a: mov ax, 0x3509 0x12d5d: int 0x21 0x12d5f: mov word ptr cs:[0x3b0], bx 0x12d64: mov word ptr cs:[0x3b2], es 0x12d69: mov ax, 0x2509 0x12d6c: mov dx, 0x3cb 0x12d6f: int 0x21 0x12d71: mov dx, word ptr cs:[0x12c] 0x12d76: mov ah, 0x26 0x12d78: int 0x21 0x12d7a: mov byte ptr cs:[0x127], 1 0x12d80: mov ax, word ptr cs:[0x12c] 0x12d84: mov ds, ax
2018-12-25T12:22:36.57636066Z	38	PC: 12d7a \| Create PSP
2018-12-25T12:22:36.577654917Z	26	PC: 12d93 \| Set disk transfer address
2018-12-25T12:22:36.578725553Z	37	PC: 12db0 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:36.579718778Z	37	PC: 12dbf \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:36.581112379Z	73	PC: 12ddf \| Release memory
2018-12-25T12:22:36.582181526Z	49	PC: 12df3 \| Terminate and stay resident (Return code = '0' \| Memory size = '76')

{"DateBased":true,"Day":1,"Month":11,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9158,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:36.982776465Z	144	PC: 12c1f \| UNKNOWN!
2018-12-25T12:22:36.998616857Z	74	PC: 12c4a \| Reallocate memory
2018-12-25T12:22:37.010082816Z	72	PC: 12c58 \| Allocate memory
2018-12-25T12:22:37.011652303Z	72	PC: 12c5e \| Allocate memory
2018-12-25T12:22:37.013565869Z	53	PC: 12cae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:37.014873381Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:37.015963936Z	53	PC: 12cc5 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:37.017119305Z	37	PC: 12cd7 \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:37.022282437Z	53	PC: 12cdc \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:37.023953201Z	37	PC: 12cee \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:37.025541534Z	53	PC: 12d2d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:37.027862048Z	37	PC: 12d3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:37.029060061Z	42	PC: 12d43 \| Get date 0x12d43: cmp cx, 0x7c5 0x12d47: jb 0x12d71 0x12d49: cmp dh, 0xb 0x12d4c: jb 0x12d71 0x12d4e: cmp dl, 0xf 0x12d51: jb 0x12d71 0x12d53: mov word ptr cs:[0x3b9], 0x320 0x12d5a: mov ax, 0x3509 0x12d5d: int 0x21 0x12d5f: mov word ptr cs:[0x3b0], bx 0x12d64: mov word ptr cs:[0x3b2], es 0x12d69: mov ax, 0x2509 0x12d6c: mov dx, 0x3cb 0x12d6f: int 0x21 0x12d71: mov dx, word ptr cs:[0x12c] 0x12d76: mov ah, 0x26 0x12d78: int 0x21 0x12d7a: mov byte ptr cs:[0x127], 1 0x12d80: mov ax, word ptr cs:[0x12c] 0x12d84: mov ds, ax
2018-12-25T12:22:37.031296544Z	38	PC: 12d7a \| Create PSP
2018-12-25T12:22:37.033452621Z	26	PC: 12d93 \| Set disk transfer address
2018-12-25T12:22:37.034703964Z	37	PC: 12db0 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:37.03582587Z	37	PC: 12dbf \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:37.037523788Z	73	PC: 12ddf \| Release memory
2018-12-25T12:22:37.039623817Z	49	PC: 12df3 \| Terminate and stay resident (Return code = '0' \| Memory size = '76')

{"DateBased":true,"Day":15,"Month":11,"Year":1989,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9158,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:37.116509208Z	144	PC: 12c1f \| UNKNOWN!
2018-12-25T12:22:37.118435364Z	74	PC: 12c4a \| Reallocate memory
2018-12-25T12:22:37.119748324Z	72	PC: 12c58 \| Allocate memory
2018-12-25T12:22:37.121320338Z	72	PC: 12c5e \| Allocate memory
2018-12-25T12:22:37.123586215Z	53	PC: 12cae \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:37.124685261Z	37	PC: 12cc0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:37.125728329Z	53	PC: 12cc5 \| Get interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:37.127423112Z	37	PC: 12cd7 \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:37.128597394Z	53	PC: 12cdc \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:37.129682967Z	37	PC: 12cee \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:37.130974278Z	53	PC: 12d2d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:37.132718931Z	37	PC: 12d3f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:37.133810433Z	42	PC: 12d43 \| Get date 0x12d43: cmp cx, 0x7c5 0x12d47: jb 0x12d71 0x12d49: cmp dh, 0xb 0x12d4c: jb 0x12d71 0x12d4e: cmp dl, 0xf 0x12d51: jb 0x12d71 0x12d53: mov word ptr cs:[0x3b9], 0x320 0x12d5a: mov ax, 0x3509 0x12d5d: int 0x21 0x12d5f: mov word ptr cs:[0x3b0], bx 0x12d64: mov word ptr cs:[0x3b2], es 0x12d69: mov ax, 0x2509 0x12d6c: mov dx, 0x3cb 0x12d6f: int 0x21 0x12d71: mov dx, word ptr cs:[0x12c] 0x12d76: mov ah, 0x26 0x12d78: int 0x21 0x12d7a: mov byte ptr cs:[0x127], 1 0x12d80: mov ax, word ptr cs:[0x12c] 0x12d84: mov ds, ax
2018-12-25T12:22:37.135908523Z	53	PC: 12d5f \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:37.138574375Z	37	PC: 12d71 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:22:37.140350533Z	38	PC: 12d7a \| Create PSP
2018-12-25T12:22:37.142358973Z	26	PC: 12d93 \| Set disk transfer address
2018-12-25T12:22:37.145263487Z	37	PC: 12db0 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:22:37.147995937Z	37	PC: 12dbf \| Set interrupt vector (Interrupt = '39' AKA 'Random block read')
2018-12-25T12:22:37.15215127Z	73	PC: 12ddf \| Release memory
2018-12-25T12:22:37.154718955Z	49	PC: 12df3 \| Terminate and stay resident (Return code = '0' \| Memory size = '76')