Sample viewer

vx.netlux.org/Virus.DOS.Kela.690

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:00:08.931517685Z 42 PC: 12fb0 | Get date 0x12fb0: cmp dh, 6
0x12fb3: jb 0x12fbf
0x12fb5: mov ax, 0xffff
0x12fb8: int 0x21
0x12fba: cmp ax, 0xeeee
0x12fbd: jne 0x12fc2
0x12fbf: jmp 0x13007
0x12fc1: nop
0x12fc2: mov ax, 0x9500
0x12fc5: mov ds, ax
0x12fc7: mov di, 0x100
0x12fca: mov cx, 0x2b2
0x12fcd: mov ax, word ptr cs:[si]
0x12fd0: mov word ptr [di], ax
0x12fd2: add si, 2
0x12fd5: add di, 2
0x12fd8: loop 0x12fcd
0x12fda: lea ax, word ptr [0x2b9]
0x12fde: push ds
0x12fdf: push ax
2018-12-17T22:00:08.934595243Z 255 PC: 12fba | UNKNOWN!
2018-12-17T22:00:08.935771649Z 53 PC: 952c1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:08.937231244Z 37 PC: 952df | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:00:08.93998179Z 37 PC: 953ac | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:00:08.941720358Z 9 PC: 12e26 | Display string (String= 'Hello - This is a 1000 COM test file, 1993 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1127,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:53.602672078Z 42 PC: 12fb0 | Get date 0x12fb0: cmp dh, 6
0x12fb3: jb 0x12fbf
0x12fb5: mov ax, 0xffff
0x12fb8: int 0x21
0x12fba: cmp ax, 0xeeee
0x12fbd: jne 0x12fc2
0x12fbf: jmp 0x13007
0x12fc1: nop
0x12fc2: mov ax, 0x9500
0x12fc5: mov ds, ax
0x12fc7: mov di, 0x100
0x12fca: mov cx, 0x2b2
0x12fcd: mov ax, word ptr cs:[si]
0x12fd0: mov word ptr [di], ax
0x12fd2: add si, 2
0x12fd5: add di, 2
0x12fd8: loop 0x12fcd
0x12fda: lea ax, word ptr [0x2b9]
0x12fde: push ds
0x12fdf: push ax
2018-12-25T11:42:53.605592044Z 37 PC: 130d4 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:42:53.606738568Z 9 PC: 12e26 | Display string (String= 'Hello - This is a 1000 COM test file, 1993 ')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1127,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:42:53.687738885Z 42 PC: 12fb0 | Get date 0x12fb0: cmp dh, 6
0x12fb3: jb 0x12fbf
0x12fb5: mov ax, 0xffff
0x12fb8: int 0x21
0x12fba: cmp ax, 0xeeee
0x12fbd: jne 0x12fc2
0x12fbf: jmp 0x13007
0x12fc1: nop
0x12fc2: mov ax, 0x9500
0x12fc5: mov ds, ax
0x12fc7: mov di, 0x100
0x12fca: mov cx, 0x2b2
0x12fcd: mov ax, word ptr cs:[si]
0x12fd0: mov word ptr [di], ax
0x12fd2: add si, 2
0x12fd5: add di, 2
0x12fd8: loop 0x12fcd
0x12fda: lea ax, word ptr [0x2b9]
0x12fde: push ds
0x12fdf: push ax
2018-12-25T11:42:53.69053427Z 255 PC: 12fba | UNKNOWN!
2018-12-25T11:42:53.691328206Z 53 PC: 952c1 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:53.692383384Z 37 PC: 952df | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:53.694257769Z 37 PC: 953ac | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:42:53.695410165Z 9 PC: 12e26 | Display string (String= 'Hello - This is a 1000 COM test file, 1993 ')