Sample viewer

vx.netlux.org/Virus.DOS.I_Was_Here.710

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:15.141551517Z	255	PC: 12d0a \| UNKNOWN!
2018-12-17T22:49:15.14270868Z	53	PC: 12a7f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:15.144465085Z	37	PC: 12a8f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:15.14579654Z	74	PC: 12ab4 \| Reallocate memory
2018-12-17T22:49:15.147754238Z	67	PC: 12bd9 \| Get or set file attributes
2018-12-17T22:49:15.154616837Z	67	PC: 12beb \| Get or set file attributes
2018-12-17T22:49:15.495847025Z	61	PC: 12bf0 \| Open file (Filename = '��~��')
2018-12-17T22:49:15.503075262Z	63	PC: 12c03 \| Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:49:15.50696268Z	66	PC: 12c1f \| Move file pointer
2018-12-17T22:49:15.508793541Z	63	PC: 12c59 \| Read file or device (Read 2 bytes on handle 5)
2018-12-17T22:49:15.512581935Z	66	PC: 12c72 \| Move file pointer
2018-12-17T22:49:15.51578634Z	64	PC: 12c7c \| Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:49:15.519317466Z	66	PC: 12c87 \| Move file pointer
2018-12-17T22:49:15.520990555Z	64	PC: 12c94 \| Write file or device (Write 710 bytes on handle 5)
2018-12-17T22:49:15.533174211Z	62	PC: 12c98 \| Close file
2018-12-17T22:49:15.548763745Z	67	PC: 12ca7 \| Get or set file attributes
2018-12-17T22:49:15.559352086Z	75	PC: 12b40 \| Execute program
2018-12-17T22:49:15.590829335Z	255	PC: 20419 \| UNKNOWN!
2018-12-17T22:49:15.5927659Z	80	PC: 14419 \| Set current PSP
2018-12-17T22:49:15.593779154Z	48	PC: 1441e \| Get DOS version
2018-12-17T22:49:15.595843204Z	99	PC: 1ac00 \| Get DBCS lead byte table pointer
2018-12-17T22:49:15.599865475Z	101	PC: 144a4 \| Get extended country info
2018-12-17T22:49:15.602110272Z	99	PC: 144aa \| Get DBCS lead byte table pointer
2018-12-17T22:49:15.604386388Z	74	PC: 1450c \| Reallocate memory
2018-12-17T22:49:15.606614296Z	25	PC: 14543 \| Get default drive
2018-12-17T22:49:15.608435992Z	37	PC: 14003 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:49:15.610615658Z	37	PC: 1400a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:49:15.611674834Z	37	PC: 14011 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:15.614497156Z	74	PC: 131ac \| Reallocate memory
2018-12-17T22:49:15.616497596Z	72	PC: 131ed \| Allocate memory
2018-12-17T22:49:15.618222233Z	72	PC: 13225 \| Allocate memory
2018-12-17T22:49:15.622022106Z	72	PC: 1322d \| Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9830,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:51.655923318Z	255	PC: 12d0a \| UNKNOWN!
2018-12-25T12:23:51.657904246Z	53	PC: 12a7f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:51.659318093Z	37	PC: 12a8f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:51.660631456Z	74	PC: 12ab4 \| Reallocate memory
2018-12-25T12:23:51.664465923Z	67	PC: 12bd9 \| Get or set file attributes
2018-12-25T12:23:51.670760026Z	67	PC: 12beb \| Get or set file attributes
2018-12-25T12:23:52.019623555Z	61	PC: 12bf0 \| Open file (Filename = '��~��')
2018-12-25T12:23:52.027012724Z	63	PC: 12c03 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:52.031102816Z	66	PC: 12c1f \| Move file pointer
2018-12-25T12:23:52.033038186Z	63	PC: 12c59 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:23:52.036678293Z	66	PC: 12c72 \| Move file pointer
2018-12-25T12:23:52.039681202Z	64	PC: 12c7c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:52.043198634Z	66	PC: 12c87 \| Move file pointer
2018-12-25T12:23:52.045914562Z	64	PC: 12c94 \| Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:23:52.057776182Z	62	PC: 12c98 \| Close file
2018-12-25T12:23:52.066426433Z	67	PC: 12ca7 \| Get or set file attributes
2018-12-25T12:23:52.076233446Z	75	PC: 12b40 \| Execute program
2018-12-25T12:23:52.100676963Z	255	PC: 20419 \| UNKNOWN!
2018-12-25T12:23:52.101667936Z	80	PC: 14419 \| Set current PSP
2018-12-25T12:23:52.102470554Z	48	PC: 1441e \| Get DOS version
2018-12-25T12:23:52.104063214Z	99	PC: 1ac00 \| Get DBCS lead byte table pointer
2018-12-25T12:23:52.111716266Z	101	PC: 144a4 \| Get extended country info
2018-12-25T12:23:52.113274152Z	99	PC: 144aa \| Get DBCS lead byte table pointer
2018-12-25T12:23:52.114778748Z	74	PC: 1450c \| Reallocate memory
2018-12-25T12:23:52.116904242Z	25	PC: 14543 \| Get default drive
2018-12-25T12:23:52.118495403Z	37	PC: 14003 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:23:52.120102539Z	37	PC: 1400a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:52.122518381Z	37	PC: 14011 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:52.12792515Z	74	PC: 131ac \| Reallocate memory
2018-12-25T12:23:52.129637893Z	72	PC: 131ed \| Allocate memory
2018-12-25T12:23:52.131883101Z	72	PC: 13225 \| Allocate memory
2018-12-25T12:23:52.134069966Z	72	PC: 1322d \| Allocate memory

{"DateBased":true,"Day":28,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9830,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:51.679624793Z	255	PC: 12d0a \| UNKNOWN!
2018-12-25T12:23:51.681775944Z	53	PC: 12a7f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:51.683051845Z	37	PC: 12a8f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:51.684203931Z	74	PC: 12ab4 \| Reallocate memory
2018-12-25T12:23:51.686119074Z	67	PC: 12bd9 \| Get or set file attributes
2018-12-25T12:23:51.692865946Z	67	PC: 12beb \| Get or set file attributes
2018-12-25T12:23:52.020417154Z	61	PC: 12bf0 \| Open file (Filename = '��~��')
2018-12-25T12:23:52.026871327Z	63	PC: 12c03 \| Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:23:52.030674435Z	66	PC: 12c1f \| Move file pointer
2018-12-25T12:23:52.032409315Z	63	PC: 12c59 \| Read file or device (Read 2 bytes on handle 5)
2018-12-25T12:23:52.035617866Z	66	PC: 12c72 \| Move file pointer
2018-12-25T12:23:52.038203938Z	64	PC: 12c7c \| Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:23:52.042026929Z	66	PC: 12c87 \| Move file pointer
2018-12-25T12:23:52.043721124Z	64	PC: 12c94 \| Write file or device (Write 710 bytes on handle 5)
2018-12-25T12:23:52.054189895Z	62	PC: 12c98 \| Close file
2018-12-25T12:23:52.062763987Z	67	PC: 12ca7 \| Get or set file attributes
2018-12-25T12:23:52.071849533Z	75	PC: 12b40 \| Execute program
2018-12-25T12:23:52.092657712Z	255	PC: 20419 \| UNKNOWN!
2018-12-25T12:23:52.093551258Z	80	PC: 14419 \| Set current PSP
2018-12-25T12:23:52.094379817Z	48	PC: 1441e \| Get DOS version
2018-12-25T12:23:52.09698503Z	99	PC: 1ac00 \| Get DBCS lead byte table pointer
2018-12-25T12:23:52.099602746Z	101	PC: 144a4 \| Get extended country info
2018-12-25T12:23:52.100959433Z	99	PC: 144aa \| Get DBCS lead byte table pointer
2018-12-25T12:23:52.102969433Z	74	PC: 1450c \| Reallocate memory
2018-12-25T12:23:52.104393142Z	25	PC: 14543 \| Get default drive
2018-12-25T12:23:52.105505297Z	37	PC: 14003 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:23:52.108494475Z	37	PC: 1400a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:52.109721487Z	37	PC: 14011 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:52.113996153Z	74	PC: 131ac \| Reallocate memory
2018-12-25T12:23:52.130407265Z	72	PC: 131ed \| Allocate memory
2018-12-25T12:23:52.132459855Z	72	PC: 13225 \| Allocate memory
2018-12-25T12:23:52.134400033Z	72	PC: 1322d \| Allocate memory