Sample viewer

vx.netlux.org/Virus.DOS.Corea.Nambul.2297

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:29.486557089Z	233	PC: 12ab3 \| UNKNOWN!
2018-12-17T22:51:29.488752784Z	74	PC: 12aea \| Reallocate memory
2018-12-17T22:51:29.491021766Z	74	PC: 12af2 \| Reallocate memory
2018-12-17T22:51:29.493335292Z	74	PC: 12afb \| Reallocate memory
2018-12-17T22:51:29.495825651Z	72	PC: 12b03 \| Allocate memory
2018-12-17T22:51:29.497975811Z	98	PC: 12b16 \| Get current PSP
2018-12-17T22:51:29.499462133Z	9	PC: 12aa2 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')
2018-12-17T22:51:29.506482892Z	42	PC: 9f7ce \| Get date 0x9f7ce: cmp dx, 0xa0f 0x9f7d2: jb 0x9f7e8 0x9f7d4: mov ax, 0x2502 0x9f7d7: mov cx, 0x1e 0x9f7da: mov dx, 0 0x9f7dd: mov bx, 0xb800 0x9f7e0: mov ds, bx 0x9f7e2: mov bx, 0 0x9f7e5: int 0x26 0x9f7e7: pop ax 0x9f7e8: mov ax, 0x3508 0x9f7eb: int 0x21 0x9f7ed: mov word ptr cs:[0x493], bx 0x9f7f2: mov bx, es 0x9f7f4: mov word ptr cs:[0x495], bx 0x9f7f9: mov ax, 0x3521 0x9f7fc: int 0x21 0x9f7fe: mov word ptr cs:[0x167], bx 0x9f803: mov bx, es 0x9f805: mov word ptr cs:[0x169], bx
2018-12-17T22:51:29.509849726Z	53	PC: 9f7ed \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:51:29.511537978Z	53	PC: 9f7fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:29.513245014Z	72	PC: 9f812 \| Allocate memory
2018-12-17T22:51:29.516148369Z	37	PC: 9f82c \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:51:29.517773081Z	37	PC: 9f834 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:29.519427078Z	37	PC: 9f845 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:22.342208107Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:22.345128274Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:22.346611465Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:22.34852605Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:22.353209422Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:22.50167804Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:22.504424751Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:22.50556362Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:22.507209821Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:22.520143565Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:22.588507967Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:22.592337542Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:22.59408454Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:22.596409466Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:22.601825781Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:22.877214545Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:22.881037034Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:22.882704244Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:22.885092267Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:22.890550607Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:23.090204409Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:23.1024741Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:23.103379153Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:23.104597181Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:23.107361324Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:23.421249181Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:23.425434766Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:23.427350396Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:23.429753746Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:23.435406113Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":7,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:23.523010328Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:23.52669802Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:23.52810005Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:23.530197387Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:23.533964796Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":7,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:24.381289781Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:24.392586328Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:24.394634731Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:24.396711108Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:24.402457471Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":13,"Min":7,"Second":0,"TimeBased":true,"OriginalID":10560,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:24.57265804Z	44	PC: 15a38 \| Get time 0x15a38: ret 0x15a39: out dx, ax 0x15a3a: or cx, sp 0x15a3c: or bx, word ptr [di - 0x70] 0x15a3f: xchg ax, si 0x15a40: and bl, cl 0x15a42: nop 0x15a43: retf 0x15a44: nop 0x15a45: xchg ax, si 0x15a46: and bl, cl 0x15a48: nop 0x15a49: retf 0x15a4a: nop 0x15a4b: xchg ax, si 0x15a4c: and bl, cl 0x15a4e: nop 0x15a4f: retf 0x15a50: nop 0x15a51: retf
2018-12-25T12:28:24.575660462Z	48	PC: 151d7 \| Get DOS version
2018-12-25T12:28:24.577492091Z	53	PC: 15a38 \| Get interrupt vector (See above)
2018-12-25T12:28:24.579978783Z	9	PC: 12a56 \| Display string (String= 'fcl virus ')
2018-12-25T12:28:24.588247865Z	76	PC: 12a5a \| Terminate with return code (Return code = '36')