Sample viewer

vx.netlux.org/Virus.DOS.Enterprise.625

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:22.147594607Z	53	PC: 12e43 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:22.149125606Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:22.150130882Z	82	PC: 12e6b \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:22.151282534Z	53	PC: 12ec0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:22.153405478Z	37	PC: 12ed5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:22.154442239Z	42	PC: 12edb \| Get date 0x12edb: cmp cx, 0x7ca 0x12edf: jl 0x12f0b 0x12ee1: cmp dx, 0xc06 0x12ee5: jne 0x12f0b 0x12ee7: xor ax, ax 0x12ee9: int 0x10 0x12eeb: mov ah, 2 0x12eed: mov cx, 0x19 0x12ef0: mov di, 0x236 0x12ef3: add di, bp 0x12ef5: mov dl, byte ptr cs:[di] 0x12ef8: sub dl, 0x64 0x12efb: int 0x21 0x12efd: inc di 0x12efe: loop 0x12ef5 0x12f00: mov ah, 0 0x12f02: int 0x16 0x12f04: mov al, 0xfe 0x12f06: out 0x64, al 0x12f08: hlt
2018-12-17T22:49:22.156453064Z	37	PC: 12f2c \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:22.157453264Z	9	PC: 12e26 \| Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9868,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:57.391895761Z	53	PC: 12e43 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:57.393418678Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:57.396191582Z	82	PC: 12e6b \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:57.398326543Z	53	PC: 12ec0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:57.400455707Z	37	PC: 12ed5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:57.403084499Z	42	PC: 12edb \| Get date 0x12edb: cmp cx, 0x7ca 0x12edf: jl 0x12f0b 0x12ee1: cmp dx, 0xc06 0x12ee5: jne 0x12f0b 0x12ee7: xor ax, ax 0x12ee9: int 0x10 0x12eeb: mov ah, 2 0x12eed: mov cx, 0x19 0x12ef0: mov di, 0x236 0x12ef3: add di, bp 0x12ef5: mov dl, byte ptr cs:[di] 0x12ef8: sub dl, 0x64 0x12efb: int 0x21 0x12efd: inc di 0x12efe: loop 0x12ef5 0x12f00: mov ah, 0 0x12f02: int 0x16 0x12f04: mov al, 0xfe 0x12f06: out 0x64, al 0x12f08: hlt
2018-12-25T12:23:57.406136077Z	37	PC: 12f2c \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:57.40802665Z	9	PC: 12e26 \| Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')

{"DateBased":true,"Day":6,"Month":12,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9868,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:57.5776619Z	53	PC: 12e43 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:57.579260656Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:57.581365599Z	82	PC: 12e6b \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:57.582822017Z	53	PC: 12ec0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:57.584274071Z	37	PC: 12ed5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:57.587104409Z	42	PC: 12edb \| Get date 0x12edb: cmp cx, 0x7ca 0x12edf: jl 0x12f0b 0x12ee1: cmp dx, 0xc06 0x12ee5: jne 0x12f0b 0x12ee7: xor ax, ax 0x12ee9: int 0x10 0x12eeb: mov ah, 2 0x12eed: mov cx, 0x19 0x12ef0: mov di, 0x236 0x12ef3: add di, bp 0x12ef5: mov dl, byte ptr cs:[di] 0x12ef8: sub dl, 0x64 0x12efb: int 0x21 0x12efd: inc di 0x12efe: loop 0x12ef5 0x12f00: mov ah, 0 0x12f02: int 0x16 0x12f04: mov al, 0xfe 0x12f06: out 0x64, al 0x12f08: hlt
2018-12-25T12:23:57.598659915Z	2	PC: 12efd \| Character output (Char = '43')
2018-12-25T12:23:57.601352762Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.60497973Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.607488848Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.610352458Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.612618062Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.620371141Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.624212551Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.627137534Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.63040104Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.633256847Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.636481357Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.640179093Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.642891447Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.645465978Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.649445127Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.653654024Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.667642041Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.671467459Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.674552486Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.678519804Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.682209968Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.685053084Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.687855342Z	2	PC: 12efd \| Character output (See above)
2018-12-25T12:23:57.691734143Z	2	PC: 12efd \| Character output (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9868,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:58.180911618Z	53	PC: 12e43 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:58.183126547Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:58.184180461Z	82	PC: 12e6b \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:58.185485057Z	53	PC: 12ec0 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:58.187361105Z	37	PC: 12ed5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:58.188822649Z	42	PC: 12edb \| Get date 0x12edb: cmp cx, 0x7ca 0x12edf: jl 0x12f0b 0x12ee1: cmp dx, 0xc06 0x12ee5: jne 0x12f0b 0x12ee7: xor ax, ax 0x12ee9: int 0x10 0x12eeb: mov ah, 2 0x12eed: mov cx, 0x19 0x12ef0: mov di, 0x236 0x12ef3: add di, bp 0x12ef5: mov dl, byte ptr cs:[di] 0x12ef8: sub dl, 0x64 0x12efb: int 0x21 0x12efd: inc di 0x12efe: loop 0x12ef5 0x12f00: mov ah, 0 0x12f02: int 0x16 0x12f04: mov al, 0xfe 0x12f06: out 0x64, al 0x12f08: hlt
2018-12-25T12:23:58.191293194Z	37	PC: 12f2c \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:58.193510057Z	9	PC: 12e26 \| Display string (String= 'BCDEF- This is a 1000 byte COM test, 1994 ')