Sample viewer

vx.netlux.org/Virus.DOS.Vote.1000

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:32.3199473Z	26	PC: 12e3f \| Set disk transfer address
2018-12-17T22:51:32.322148172Z	53	PC: 12e44 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.323737778Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.325475243Z	78	PC: 12f59 \| Find first file
2018-12-17T22:51:32.331824438Z	79	PC: 13020 \| Find next file
2018-12-17T22:51:32.335570703Z	79	PC: 13020 \| Find next file
2018-12-17T22:51:32.33829026Z	79	PC: 13020 \| Find next file
2018-12-17T22:51:32.340943869Z	79	PC: 13020 \| Find next file
2018-12-17T22:51:32.344993935Z	37	PC: 12f02 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:51:32.346115318Z	26	PC: 12f0e \| Set disk transfer address
2018-12-17T22:51:32.347218706Z	42	PC: 1319a \| Get date 0x1319a: cmp cx, 0x7bc 0x1319e: jne 0x131b9 0x131a0: xor ah, ah 0x131a2: int 0x1a 0x131a4: cmp byte ptr [bp + 0x4aa], 0xa 0x131a9: jae 0x131b1 0x131ab: test dl, 0xf8 0x131ae: jmp 0x131b4 0x131b0: nop 0x131b1: test dl, 0x70 0x131b4: jne 0x131cb 0x131b6: jmp 0x131c5 0x131b8: nop 0x131b9: cmp dh, 6 0x131bc: jb 0x131cb 0x131be: cmp dh, 7 0x131c1: jbe 0x131c5 0x131c3: jmp 0x131a0 0x131c5: or byte ptr [bp + 0x4a8], 1 0x131ca: nop
2018-12-17T22:51:32.353489502Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":6,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10579,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:27.502056813Z	26	PC: 12e3f \| Set disk transfer address
2018-12-25T12:28:27.503416486Z	53	PC: 12e44 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.504403792Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.505531305Z	78	PC: 12f59 \| Find first file
2018-12-25T12:28:27.511502971Z	79	PC: 13020 \| Find next file
2018-12-25T12:28:27.513847682Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.516235626Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.519028989Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.521919052Z	37	PC: 12f02 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.523365339Z	26	PC: 12f0e \| Set disk transfer address
2018-12-25T12:28:27.525316311Z	42	PC: 1319a \| Get date 0x1319a: cmp cx, 0x7bc 0x1319e: jne 0x131b9 0x131a0: xor ah, ah 0x131a2: int 0x1a 0x131a4: cmp byte ptr [bp + 0x4aa], 0xa 0x131a9: jae 0x131b1 0x131ab: test dl, 0xf8 0x131ae: jmp 0x131b4 0x131b0: nop 0x131b1: test dl, 0x70 0x131b4: jne 0x131cb 0x131b6: jmp 0x131c5 0x131b8: nop 0x131b9: cmp dh, 6 0x131bc: jb 0x131cb 0x131be: cmp dh, 7 0x131c1: jbe 0x131c5 0x131c3: jmp 0x131a0 0x131c5: or byte ptr [bp + 0x4a8], 1 0x131ca: nop
2018-12-25T12:28:27.527685182Z	9	PC: 12f2e \| Display string (String= ' �� ! ')

{"DateBased":true,"Day":1,"Month":7,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10579,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:27.699728949Z	26	PC: 12e3f \| Set disk transfer address
2018-12-25T12:28:27.701527027Z	53	PC: 12e44 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.702672925Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.703856942Z	78	PC: 12f59 \| Find first file
2018-12-25T12:28:27.71025197Z	79	PC: 13020 \| Find next file
2018-12-25T12:28:27.712670599Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.71560685Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.723964802Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.726946076Z	37	PC: 12f02 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.727931858Z	26	PC: 12f0e \| Set disk transfer address
2018-12-25T12:28:27.729921973Z	42	PC: 1319a \| Get date 0x1319a: cmp cx, 0x7bc 0x1319e: jne 0x131b9 0x131a0: xor ah, ah 0x131a2: int 0x1a 0x131a4: cmp byte ptr [bp + 0x4aa], 0xa 0x131a9: jae 0x131b1 0x131ab: test dl, 0xf8 0x131ae: jmp 0x131b4 0x131b0: nop 0x131b1: test dl, 0x70 0x131b4: jne 0x131cb 0x131b6: jmp 0x131c5 0x131b8: nop 0x131b9: cmp dh, 6 0x131bc: jb 0x131cb 0x131be: cmp dh, 7 0x131c1: jbe 0x131c5 0x131c3: jmp 0x131a0 0x131c5: or byte ptr [bp + 0x4a8], 1 0x131ca: nop
2018-12-25T12:28:27.732253133Z	9	PC: 12f2e \| Display string (String= ' �� ! ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10579,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:27.89182511Z	26	PC: 12e3f \| Set disk transfer address
2018-12-25T12:28:27.89314719Z	53	PC: 12e44 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.89397669Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.894915471Z	78	PC: 12f59 \| Find first file
2018-12-25T12:28:27.899521289Z	79	PC: 13020 \| Find next file
2018-12-25T12:28:27.901369905Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.90332853Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.906302363Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:27.908495844Z	37	PC: 12f02 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:27.909638138Z	26	PC: 12f0e \| Set disk transfer address
2018-12-25T12:28:27.910923537Z	42	PC: 1319a \| Get date 0x1319a: cmp cx, 0x7bc 0x1319e: jne 0x131b9 0x131a0: xor ah, ah 0x131a2: int 0x1a 0x131a4: cmp byte ptr [bp + 0x4aa], 0xa 0x131a9: jae 0x131b1 0x131ab: test dl, 0xf8 0x131ae: jmp 0x131b4 0x131b0: nop 0x131b1: test dl, 0x70 0x131b4: jne 0x131cb 0x131b6: jmp 0x131c5 0x131b8: nop 0x131b9: cmp dh, 6 0x131bc: jb 0x131cb 0x131be: cmp dh, 7 0x131c1: jbe 0x131c5 0x131c3: jmp 0x131a0 0x131c5: or byte ptr [bp + 0x4a8], 1 0x131ca: nop
2018-12-25T12:28:27.91457166Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10579,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:28.581087283Z	26	PC: 12e3f \| Set disk transfer address
2018-12-25T12:28:28.583811468Z	53	PC: 12e44 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:28.585868355Z	37	PC: 12e57 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:28.587636513Z	78	PC: 12f59 \| Find first file
2018-12-25T12:28:28.594207672Z	79	PC: 13020 \| Find next file
2018-12-25T12:28:28.596164239Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:28.59791492Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:28.600205765Z	79	PC: 13020 \| Find next file (See above)
2018-12-25T12:28:28.602747391Z	37	PC: 12f02 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:28:28.603976702Z	26	PC: 12f0e \| Set disk transfer address
2018-12-25T12:28:28.60567669Z	42	PC: 1319a \| Get date 0x1319a: cmp cx, 0x7bc 0x1319e: jne 0x131b9 0x131a0: xor ah, ah 0x131a2: int 0x1a 0x131a4: cmp byte ptr [bp + 0x4aa], 0xa 0x131a9: jae 0x131b1 0x131ab: test dl, 0xf8 0x131ae: jmp 0x131b4 0x131b0: nop 0x131b1: test dl, 0x70 0x131b4: jne 0x131cb 0x131b6: jmp 0x131c5 0x131b8: nop 0x131b9: cmp dh, 6 0x131bc: jb 0x131cb 0x131be: cmp dh, 7 0x131c1: jbe 0x131c5 0x131c3: jmp 0x131a0 0x131c5: or byte ptr [bp + 0x4a8], 1 0x131ca: nop
2018-12-25T12:28:28.609803226Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')