Sample viewer

vx.netlux.org/Virus.DOS.Oops.600

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:25.421777824Z 42 PC: 12ab0 | Get date 0x12ab0: cmp dh, 6
0x12ab3: jb 0x12aea
0x12ab5: or al, al
0x12ab7: je 0x12b05
0x12ab9: mov ah, 0x96
0x12abb: int 0x21
0x12abd: cmp ah, 0x69
0x12ac0: je 0x12aea
0x12ac2: mov ah, 9
0x12ac4: lea dx, word ptr [si + 0x2a7]
0x12ac8: int 0x21
0x12aca: mov ax, 0x3521
0x12acd: int 0x21
0x12acf: mov word ptr [si + 0x18b], bx
0x12ad3: mov ax, es
0x12ad5: mov word ptr [si + 0x18d], ax
0x12ad9: lea dx, word ptr [si + 0x177]
0x12add: mov ax, 0x2521
0x12ae0: int 0x21
0x12ae2: mov dx, 0x358
2018-12-17T22:47:25.424578324Z 150 PC: 12abd | UNKNOWN!
2018-12-17T22:47:25.42610549Z 9 PC: 12aca | Display string (String= 'Bad command or file name')
2018-12-17T22:47:25.428652849Z 53 PC: 12acf | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:25.429886375Z 37 PC: 12ae2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:25.431646414Z 49 PC: 12aea | Terminate and stay resident (Return code = '0' | Memory size = '60')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9219,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:41.971794843Z 42 PC: 12ab0 | Get date 0x12ab0: cmp dh, 6
0x12ab3: jb 0x12aea
0x12ab5: or al, al
0x12ab7: je 0x12b05
0x12ab9: mov ah, 0x96
0x12abb: int 0x21
0x12abd: cmp ah, 0x69
0x12ac0: je 0x12aea
0x12ac2: mov ah, 9
0x12ac4: lea dx, word ptr [si + 0x2a7]
0x12ac8: int 0x21
0x12aca: mov ax, 0x3521
0x12acd: int 0x21
0x12acf: mov word ptr [si + 0x18b], bx
0x12ad3: mov ax, es
0x12ad5: mov word ptr [si + 0x18d], ax
0x12ad9: lea dx, word ptr [si + 0x177]
0x12add: mov ax, 0x2521
0x12ae0: int 0x21
0x12ae2: mov dx, 0x358
2018-12-25T12:22:41.975283521Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9219,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:42.021713175Z 42 PC: 12ab0 | Get date 0x12ab0: cmp dh, 6
0x12ab3: jb 0x12aea
0x12ab5: or al, al
0x12ab7: je 0x12b05
0x12ab9: mov ah, 0x96
0x12abb: int 0x21
0x12abd: cmp ah, 0x69
0x12ac0: je 0x12aea
0x12ac2: mov ah, 9
0x12ac4: lea dx, word ptr [si + 0x2a7]
0x12ac8: int 0x21
0x12aca: mov ax, 0x3521
0x12acd: int 0x21
0x12acf: mov word ptr [si + 0x18b], bx
0x12ad3: mov ax, es
0x12ad5: mov word ptr [si + 0x18d], ax
0x12ad9: lea dx, word ptr [si + 0x177]
0x12add: mov ax, 0x2521
0x12ae0: int 0x21
0x12ae2: mov dx, 0x358
2018-12-25T12:22:42.038546379Z 9 PC: 12b0d | Display string (String= '������������������������������������� �� Oops! Sorry for BAD virus! �� �������������������������������������')
2018-12-25T12:22:42.045947397Z 86 PC: 12b19 | Rename file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9219,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:42.015186399Z 42 PC: 12ab0 | Get date 0x12ab0: cmp dh, 6
0x12ab3: jb 0x12aea
0x12ab5: or al, al
0x12ab7: je 0x12b05
0x12ab9: mov ah, 0x96
0x12abb: int 0x21
0x12abd: cmp ah, 0x69
0x12ac0: je 0x12aea
0x12ac2: mov ah, 9
0x12ac4: lea dx, word ptr [si + 0x2a7]
0x12ac8: int 0x21
0x12aca: mov ax, 0x3521
0x12acd: int 0x21
0x12acf: mov word ptr [si + 0x18b], bx
0x12ad3: mov ax, es
0x12ad5: mov word ptr [si + 0x18d], ax
0x12ad9: lea dx, word ptr [si + 0x177]
0x12add: mov ax, 0x2521
0x12ae0: int 0x21
0x12ae2: mov dx, 0x358
2018-12-25T12:22:42.017757736Z 9 PC: 12aa2 | Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9219,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:42.447328814Z 42 PC: 12ab0 | Get date 0x12ab0: cmp dh, 6
0x12ab3: jb 0x12aea
0x12ab5: or al, al
0x12ab7: je 0x12b05
0x12ab9: mov ah, 0x96
0x12abb: int 0x21
0x12abd: cmp ah, 0x69
0x12ac0: je 0x12aea
0x12ac2: mov ah, 9
0x12ac4: lea dx, word ptr [si + 0x2a7]
0x12ac8: int 0x21
0x12aca: mov ax, 0x3521
0x12acd: int 0x21
0x12acf: mov word ptr [si + 0x18b], bx
0x12ad3: mov ax, es
0x12ad5: mov word ptr [si + 0x18d], ax
0x12ad9: lea dx, word ptr [si + 0x177]
0x12add: mov ax, 0x2521
0x12ae0: int 0x21
0x12ae2: mov dx, 0x358
2018-12-25T12:22:42.450317201Z 9 PC: 12b0d | Display string (String= '������������������������������������� �� Oops! Sorry for BAD virus! �� �������������������������������������')
2018-12-25T12:22:42.459836046Z 86 PC: 12b19 | Rename file