Sample viewer

vx.netlux.org/Virus.DOS.Bony.1373

Time	Syscall Op	Syscall Name
2018-12-17T22:53:25.385588996Z	11	PC: 12ab5 \| Get input status
2018-12-17T22:53:25.390149282Z	42	PC: 12e73 \| Get date 0x12e73: cmp dh, 0xb 0x12e76: jb 0x12e7a 0x12e78: mov dh, 0 0x12e7a: inc dh 0x12e7c: inc dh 0x12e7e: mov byte ptr cs:[bp + 0x58d], dh 0x12e83: mov byte ptr cs:[bp + 0x5a0], 0 0x12e89: ret 0x12e8a: xor di, di 0x12e8c: xor bx, word ptr es:[di] 0x12e8f: inc di 0x12e90: inc di 0x12e91: loop 0x12e8c 0x12e93: ret 0x12e94: dec word ptr cs:[0x635] 0x12e99: jne 0x12eae 0x12e9b: mov word ptr cs:[0x59a], 0 0x12ea2: mov word ptr cs:[0x59c], 0xffff 0x12ea9: ljmp ptr cs:[0x59a] 0x12eae: ljmp ptr cs:[0x59a]
2018-12-17T22:53:25.393614001Z	202	PC: 12b0f \| UNKNOWN!
2018-12-17T22:53:25.394917649Z	250	PC: 12ebc \| UNKNOWN!
2018-12-17T22:53:25.396141959Z	53	PC: 12b1c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:25.398653086Z	53	PC: 12b2b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:25.400349633Z	74	PC: 12b4e \| Reallocate memory
2018-12-17T22:53:25.402326126Z	72	PC: 12b59 \| Allocate memory
2018-12-17T22:53:25.405044411Z	37	PC: 12b7f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

Time	Syscall Op	Syscall Name
2018-12-25T12:30:09.815578257Z	11	PC: 12ab5 \| Get input status
2018-12-25T12:30:09.820425434Z	42	PC: 12e73 \| Get date 0x12e73: cmp dh, 0xb 0x12e76: jb 0x12e7a 0x12e78: mov dh, 0 0x12e7a: inc dh 0x12e7c: inc dh 0x12e7e: mov byte ptr cs:[bp + 0x58d], dh 0x12e83: mov byte ptr cs:[bp + 0x5a0], 0 0x12e89: ret 0x12e8a: xor di, di 0x12e8c: xor bx, word ptr es:[di] 0x12e8f: inc di 0x12e90: inc di 0x12e91: loop 0x12e8c 0x12e93: ret 0x12e94: dec word ptr cs:[0x635] 0x12e99: jne 0x12eae 0x12e9b: mov word ptr cs:[0x59a], 0 0x12ea2: mov word ptr cs:[0x59c], 0xffff 0x12ea9: ljmp ptr cs:[0x59a] 0x12eae: ljmp ptr cs:[0x59a]
2018-12-25T12:30:09.823723895Z	202	PC: 12b0f \| UNKNOWN!
2018-12-25T12:30:09.825171673Z	250	PC: 12ebc \| UNKNOWN!
2018-12-25T12:30:09.826663864Z	53	PC: 12b1c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:09.829451778Z	53	PC: 12b2b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:30:09.833084388Z	74	PC: 12b4e \| Reallocate memory
2018-12-25T12:30:09.83586476Z	72	PC: 12b59 \| Allocate memory
2018-12-25T12:30:09.838356309Z	37	PC: 12b7f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

Time	Syscall Op	Syscall Name
2018-12-25T12:30:10.082818383Z	11	PC: 12ab5 \| Get input status
2018-12-25T12:30:10.088270738Z	42	PC: 12e73 \| Get date 0x12e73: cmp dh, 0xb 0x12e76: jb 0x12e7a 0x12e78: mov dh, 0 0x12e7a: inc dh 0x12e7c: inc dh 0x12e7e: mov byte ptr cs:[bp + 0x58d], dh 0x12e83: mov byte ptr cs:[bp + 0x5a0], 0 0x12e89: ret 0x12e8a: xor di, di 0x12e8c: xor bx, word ptr es:[di] 0x12e8f: inc di 0x12e90: inc di 0x12e91: loop 0x12e8c 0x12e93: ret 0x12e94: dec word ptr cs:[0x635] 0x12e99: jne 0x12eae 0x12e9b: mov word ptr cs:[0x59a], 0 0x12ea2: mov word ptr cs:[0x59c], 0xffff 0x12ea9: ljmp ptr cs:[0x59a] 0x12eae: ljmp ptr cs:[0x59a]
2018-12-25T12:30:10.093029363Z	202	PC: 12b0f \| UNKNOWN!
2018-12-25T12:30:10.094032205Z	250	PC: 12ebc \| UNKNOWN!
2018-12-25T12:30:10.097285524Z	53	PC: 12b1c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:10.101476185Z	53	PC: 12b2b \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:30:10.103036214Z	74	PC: 12b4e \| Reallocate memory
2018-12-25T12:30:10.111498262Z	72	PC: 12b59 \| Allocate memory
2018-12-25T12:30:10.115650854Z	37	PC: 12b7f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')