Sample viewer

vx.netlux.org/Virus.DOS.Illusion.1328

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:18.338399293Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:50:18.341174477Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es
2018-12-17T22:50:18.343938329Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":5,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:23.474562569Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:27:23.476160652Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:23.849086827Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:27:23.85014917Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es
2018-12-25T12:27:23.852788767Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":2,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:24.078435599Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:27:24.081139158Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es
2018-12-25T12:27:24.08387167Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:24.42216347Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:27:24.423760451Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es

{"DateBased":true,"Day":5,"Month":7,"Year":1983,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:24.729073713Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:27:24.730464631Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:24.983498358Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:27:24.985209579Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es
2018-12-25T12:27:24.987316075Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10183,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:25.035152377Z	48	PC: 12a63 \| Get DOS version
2018-12-25T12:27:25.037258588Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e3a 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e3a 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1af], bx 0x12aa3: mov word ptr cs:[bp + 0x1b1], es
2018-12-25T12:27:25.039247043Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')