Sample viewer

vx.netlux.org/Virus.DOS.Dzino.1000

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:47.756424798Z	44	PC: 12ccc \| Get time 0x12ccc: mov dx, bp 0x12cce: cmp cl, 0x2a 0x12cd1: jne 0x12ce3 0x12cd3: mov dx, bp 0x12cd5: add dx, 0x152 0x12cd9: mov ah, 9 0x12cdb: int 0x21 0x12cdd: mov ah, 7 0x12cdf: int 0x21 0x12ce1: jmp 0x12cd3 0x12ce3: mov ah, 0x47 0x12ce5: xor dl, dl 0x12ce7: mov si, bp 0x12ce9: add si, 0x7a 0x12cec: int 0x21 0x12cee: mov dx, bp 0x12cf0: mov ah, 0x3b 0x12cf2: int 0x21 0x12cf4: mov ah, 0x1a 0x12cf6: mov dx, bp
2018-12-17T22:48:47.758834139Z	71	PC: 12cee \| Get current directory
2018-12-17T22:48:47.762089064Z	59	PC: 12cf4 \| Change current directory
2018-12-17T22:48:47.765796867Z	26	PC: 12cfe \| Set disk transfer address
2018-12-17T22:48:47.766928928Z	78	PC: 12d0b \| Find first file
2018-12-17T22:48:47.771241651Z	61	PC: 12df4 \| Open file (Filename = 'SLEEP.COM')
2018-12-17T22:48:47.775860842Z	63	PC: 12e05 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:48:47.780068944Z	66	PC: 12e11 \| Move file pointer
2018-12-17T22:48:47.781067741Z	66	PC: 12e27 \| Move file pointer
2018-12-17T22:48:47.782663665Z	64	PC: 12e34 \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:48:47.784529847Z	66	PC: 12e40 \| Move file pointer
2018-12-17T22:48:47.785432709Z	64	PC: 12e4c \| Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:48:47.797639192Z	87	PC: 12e60 \| Get or set file date and time
2018-12-17T22:48:47.799031634Z	62	PC: 12e64 \| Close file
2018-12-17T22:48:47.80588084Z	59	PC: 12e6e \| Change current directory
2018-12-17T22:48:47.814501536Z	59	PC: 12e77 \| Change current directory
2018-12-17T22:48:47.815914455Z	9	PC: 12a47 \| Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-17T22:48:47.819734369Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9677,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:36.13949887Z	44	PC: 12ccc \| Get time 0x12ccc: mov dx, bp 0x12cce: cmp cl, 0x2a 0x12cd1: jne 0x12ce3 0x12cd3: mov dx, bp 0x12cd5: add dx, 0x152 0x12cd9: mov ah, 9 0x12cdb: int 0x21 0x12cdd: mov ah, 7 0x12cdf: int 0x21 0x12ce1: jmp 0x12cd3 0x12ce3: mov ah, 0x47 0x12ce5: xor dl, dl 0x12ce7: mov si, bp 0x12ce9: add si, 0x7a 0x12cec: int 0x21 0x12cee: mov dx, bp 0x12cf0: mov ah, 0x3b 0x12cf2: int 0x21 0x12cf4: mov ah, 0x1a 0x12cf6: mov dx, bp
2018-12-25T12:23:36.142703442Z	71	PC: 12cee \| Get current directory
2018-12-25T12:23:36.146656768Z	59	PC: 12cf4 \| Change current directory
2018-12-25T12:23:36.150438201Z	26	PC: 12cfe \| Set disk transfer address
2018-12-25T12:23:36.152208259Z	78	PC: 12d0b \| Find first file
2018-12-25T12:23:36.158060228Z	61	PC: 12df4 \| Open file (Filename = 'SLEEP.COM')
2018-12-25T12:23:36.164380413Z	63	PC: 12e05 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:36.170745258Z	66	PC: 12e11 \| Move file pointer
2018-12-25T12:23:36.173404253Z	66	PC: 12e27 \| Move file pointer
2018-12-25T12:23:36.174711938Z	64	PC: 12e34 \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:36.177203865Z	66	PC: 12e40 \| Move file pointer
2018-12-25T12:23:36.17966863Z	64	PC: 12e4c \| Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:23:36.196014128Z	87	PC: 12e60 \| Get or set file date and time
2018-12-25T12:23:36.197474995Z	62	PC: 12e64 \| Close file
2018-12-25T12:23:36.210587478Z	59	PC: 12e6e \| Change current directory
2018-12-25T12:23:36.215146494Z	59	PC: 12e77 \| Change current directory
2018-12-25T12:23:36.217588531Z	9	PC: 12a47 \| Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-25T12:23:36.226085115Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":42,"Second":0,"TimeBased":true,"OriginalID":9677,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:36.464700879Z	44	PC: 12ccc \| Get time 0x12ccc: mov dx, bp 0x12cce: cmp cl, 0x2a 0x12cd1: jne 0x12ce3 0x12cd3: mov dx, bp 0x12cd5: add dx, 0x152 0x12cd9: mov ah, 9 0x12cdb: int 0x21 0x12cdd: mov ah, 7 0x12cdf: int 0x21 0x12ce1: jmp 0x12cd3 0x12ce3: mov ah, 0x47 0x12ce5: xor dl, dl 0x12ce7: mov si, bp 0x12ce9: add si, 0x7a 0x12cec: int 0x21 0x12cee: mov dx, bp 0x12cf0: mov ah, 0x3b 0x12cf2: int 0x21 0x12cf4: mov ah, 0x1a 0x12cf6: mov dx, bp
2018-12-25T12:23:36.467155569Z	9	PC: 12cdd \| Display string (String= 'Cau Dzino, padaj votad ')
2018-12-25T12:23:36.471007021Z	7	PC: 12ce1 \| Direct console input without echo