Sample viewer

vx.netlux.org/Virus.DOS.Swine.3000.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:25.858950104Z	44	PC: 1306f \| Get time 0x1306f: mov ah, dh 0x13071: add ax, word ptr [0xe8] 0x13075: add word ptr [0x5d9], ax 0x13079: ret 0x1307a: mov ax, word ptr [0x5d9] 0x1307d: xor dx, dx 0x1307f: mov bx, 0x100 0x13082: div bx 0x13084: mov word ptr [0x5d1], ax 0x13087: mov word ptr [0x5d3], dx 0x1308b: mov ax, dx 0x1308d: mov bx, 0x5d 0x13090: mul bx 0x13092: xor dx, dx 0x13094: mov bx, 0x100 0x13097: div bx 0x13099: add dx, 0xd 0x1309c: mov word ptr [0x5d5], dx 0x130a0: mov ax, word ptr [0x5d3] 0x130a3: mov bx, 0x1c
2018-12-17T22:49:25.862388694Z	82	PC: 13199 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:25.864865648Z	53	PC: 131ab \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:25.866585089Z	37	PC: 131bb \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:25.868397043Z	44	PC: 131d1 \| Get time 0x131d1: cmp ch, 0xd 0x131d4: jne 0x131de 0x131d6: cmp cl, 0xf 0x131d9: ja 0x131de 0x131db: call 0x13643 0x131de: pushf 0x131df: pop ax 0x131e0: and ax, 0xfeff 0x131e3: push ax 0x131e4: popf 0x131e5: cli 0x131e6: mov ax, 0x2501 0x131e9: mov dx, word ptr [0x70a] 0x131ed: push ds 0x131ee: mov ds, word ptr cs:[0x70c] 0x131f3: int 0x21 0x131f5: pop ds 0x131f6: sti 0x131f7: ret 0x131f8: mov cl, byte ptr [bp + di]
2018-12-17T22:49:25.871966108Z	37	PC: 131f5 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:25.873723781Z	81	PC: 1323c \| Get current PSP
2018-12-17T22:49:25.875203531Z	82	PC: 13255 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:49:25.883689514Z	53	PC: 132fa \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:49:25.88548578Z	37	PC: 1330f \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:49:25.887131612Z	37	PC: 1331c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:25.889955357Z	81	PC: 13190 \| Get current PSP
2018-12-17T22:49:25.891457349Z	9	PC: 12b17 \| Display string (String= ' SC Virus Collection. *** WARNING *** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-17T22:49:25.905244322Z	76	PC: 12b1c \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9888,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:59.181361777Z	44	PC: 1306f \| Get time 0x1306f: mov ah, dh 0x13071: add ax, word ptr [0xe8] 0x13075: add word ptr [0x5d9], ax 0x13079: ret 0x1307a: mov ax, word ptr [0x5d9] 0x1307d: xor dx, dx 0x1307f: mov bx, 0x100 0x13082: div bx 0x13084: mov word ptr [0x5d1], ax 0x13087: mov word ptr [0x5d3], dx 0x1308b: mov ax, dx 0x1308d: mov bx, 0x5d 0x13090: mul bx 0x13092: xor dx, dx 0x13094: mov bx, 0x100 0x13097: div bx 0x13099: add dx, 0xd 0x1309c: mov word ptr [0x5d5], dx 0x130a0: mov ax, word ptr [0x5d3] 0x130a3: mov bx, 0x1c
2018-12-25T12:23:59.184838627Z	82	PC: 13199 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:59.186036064Z	53	PC: 131ab \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.18720992Z	37	PC: 131bb \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.18919353Z	44	PC: 131d1 \| Get time 0x131d1: cmp ch, 0xd 0x131d4: jne 0x131de 0x131d6: cmp cl, 0xf 0x131d9: ja 0x131de 0x131db: call 0x13643 0x131de: pushf 0x131df: pop ax 0x131e0: and ax, 0xfeff 0x131e3: push ax 0x131e4: popf 0x131e5: cli 0x131e6: mov ax, 0x2501 0x131e9: mov dx, word ptr [0x70a] 0x131ed: push ds 0x131ee: mov ds, word ptr cs:[0x70c] 0x131f3: int 0x21 0x131f5: pop ds 0x131f6: sti 0x131f7: ret 0x131f8: mov cl, byte ptr [bp + di]
2018-12-25T12:23:59.191358564Z	37	PC: 131f5 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.192481511Z	81	PC: 1323c \| Get current PSP
2018-12-25T12:23:59.194348613Z	82	PC: 13255 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:59.19564842Z	53	PC: 132fa \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:59.196841529Z	37	PC: 1330f \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:59.19789425Z	37	PC: 1331c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:59.200686463Z	81	PC: 13190 \| Get current PSP
2018-12-25T12:23:59.201916583Z	9	PC: 12b17 \| Display string (String= ' SC Virus Collection. *** WARNING *** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:23:59.215254408Z	76	PC: 12b1c \| Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":9888,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:59.348972975Z	44	PC: 1306f \| Get time 0x1306f: mov ah, dh 0x13071: add ax, word ptr [0xe8] 0x13075: add word ptr [0x5d9], ax 0x13079: ret 0x1307a: mov ax, word ptr [0x5d9] 0x1307d: xor dx, dx 0x1307f: mov bx, 0x100 0x13082: div bx 0x13084: mov word ptr [0x5d1], ax 0x13087: mov word ptr [0x5d3], dx 0x1308b: mov ax, dx 0x1308d: mov bx, 0x5d 0x13090: mul bx 0x13092: xor dx, dx 0x13094: mov bx, 0x100 0x13097: div bx 0x13099: add dx, 0xd 0x1309c: mov word ptr [0x5d5], dx 0x130a0: mov ax, word ptr [0x5d3] 0x130a3: mov bx, 0x1c
2018-12-25T12:23:59.356650373Z	82	PC: 13199 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:59.358693332Z	53	PC: 131ab \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.360169824Z	37	PC: 131bb \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.362614168Z	44	PC: 131d1 \| Get time 0x131d1: cmp ch, 0xd 0x131d4: jne 0x131de 0x131d6: cmp cl, 0xf 0x131d9: ja 0x131de 0x131db: call 0x13643 0x131de: pushf 0x131df: pop ax 0x131e0: and ax, 0xfeff 0x131e3: push ax 0x131e4: popf 0x131e5: cli 0x131e6: mov ax, 0x2501 0x131e9: mov dx, word ptr [0x70a] 0x131ed: push ds 0x131ee: mov ds, word ptr cs:[0x70c] 0x131f3: int 0x21 0x131f5: pop ds 0x131f6: sti 0x131f7: ret 0x131f8: mov cl, byte ptr [bp + di]

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":13,"Min":16,"Second":0,"TimeBased":true,"OriginalID":9888,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:59.475537143Z	44	PC: 1306f \| Get time 0x1306f: mov ah, dh 0x13071: add ax, word ptr [0xe8] 0x13075: add word ptr [0x5d9], ax 0x13079: ret 0x1307a: mov ax, word ptr [0x5d9] 0x1307d: xor dx, dx 0x1307f: mov bx, 0x100 0x13082: div bx 0x13084: mov word ptr [0x5d1], ax 0x13087: mov word ptr [0x5d3], dx 0x1308b: mov ax, dx 0x1308d: mov bx, 0x5d 0x13090: mul bx 0x13092: xor dx, dx 0x13094: mov bx, 0x100 0x13097: div bx 0x13099: add dx, 0xd 0x1309c: mov word ptr [0x5d5], dx 0x130a0: mov ax, word ptr [0x5d3] 0x130a3: mov bx, 0x1c
2018-12-25T12:23:59.478954855Z	82	PC: 13199 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:59.480039885Z	53	PC: 131ab \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.481118268Z	37	PC: 131bb \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.48267447Z	44	PC: 131d1 \| Get time 0x131d1: cmp ch, 0xd 0x131d4: jne 0x131de 0x131d6: cmp cl, 0xf 0x131d9: ja 0x131de 0x131db: call 0x13643 0x131de: pushf 0x131df: pop ax 0x131e0: and ax, 0xfeff 0x131e3: push ax 0x131e4: popf 0x131e5: cli 0x131e6: mov ax, 0x2501 0x131e9: mov dx, word ptr [0x70a] 0x131ed: push ds 0x131ee: mov ds, word ptr cs:[0x70c] 0x131f3: int 0x21 0x131f5: pop ds 0x131f6: sti 0x131f7: ret 0x131f8: mov cl, byte ptr [bp + di]
2018-12-25T12:23:59.48508318Z	37	PC: 131f5 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:23:59.486276243Z	81	PC: 1323c \| Get current PSP
2018-12-25T12:23:59.487373937Z	82	PC: 13255 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:23:59.489287136Z	53	PC: 132fa \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:59.490808816Z	37	PC: 1330f \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:23:59.49221559Z	37	PC: 1331c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:59.494408376Z	81	PC: 13190 \| Get current PSP
2018-12-25T12:23:59.495552816Z	9	PC: 12b17 \| Display string (String= ' SC Virus Collection. *** WARNING *** This program is infected with a parasitic virus The uninfected length of this file is 220 bytes This program is copyright 1994 West Coast Publishing Ltd ')
2018-12-25T12:23:59.508657939Z	76	PC: 12b1c \| Terminate with return code (Return code = '0')