Sample viewer

vx.netlux.org/Virus.DOS.Dipper.1021

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:53:42.921717927Z 42 PC: 13f06 | Get date 0x13f06: cmp dl, 0x14
0x13f09: ja 0x13f22
0x13f0b: mov ax, 0x3521
0x13f0e: int 0x21
0x13f10: mov word ptr cs:[0x103], bx
0x13f15: mov word ptr cs:[0x105], es
0x13f1a: push ds
0x13f1b: pop es
0x13f1c: cmp bx, 0x25f
0x13f20: jne 0x13f25
0x13f22: jmp 0x13fe0
0x13f25: mov cx, 0x3fd
0x13f28: push cs
0x13f29: pop ds
0x13f2a: mov di, 0x100
0x13f2d: mov si, di
0x13f2f: cld
0x13f30: rep movsb byte ptr es:[di], byte ptr [si]
0x13f32: push es
0x13f33: mov ax, 0x3e8
2018-12-17T22:53:42.924944978Z 53 PC: 13f10 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:42.926892457Z 37 PC: 12d88 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:53:42.928582662Z 75 PC: 12db8 | Execute program
2018-12-17T22:53:42.936687476Z 73 PC: 12dc7 | Release memory
2018-12-17T22:53:42.938792169Z 49 PC: 12dd0 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11318,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:19.595738948Z 42 PC: 13f06 | Get date 0x13f06: cmp dl, 0x14
0x13f09: ja 0x13f22
0x13f0b: mov ax, 0x3521
0x13f0e: int 0x21
0x13f10: mov word ptr cs:[0x103], bx
0x13f15: mov word ptr cs:[0x105], es
0x13f1a: push ds
0x13f1b: pop es
0x13f1c: cmp bx, 0x25f
0x13f20: jne 0x13f25
0x13f22: jmp 0x13fe0
0x13f25: mov cx, 0x3fd
0x13f28: push cs
0x13f29: pop ds
0x13f2a: mov di, 0x100
0x13f2d: mov si, di
0x13f2f: cld
0x13f30: rep movsb byte ptr es:[di], byte ptr [si]
0x13f32: push es
0x13f33: mov ax, 0x3e8
2018-12-25T12:30:19.603972393Z 53 PC: 13f10 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:19.605663822Z 37 PC: 12d88 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:30:19.607246106Z 75 PC: 12db8 | Execute program
2018-12-25T12:30:19.612546288Z 73 PC: 12dc7 | Release memory
2018-12-25T12:30:19.614558412Z 49 PC: 12dd0 | Terminate and stay resident (Return code = '0' | Memory size = '96')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11318,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:30:19.728455532Z 42 PC: 13f06 | Get date 0x13f06: cmp dl, 0x14
0x13f09: ja 0x13f22
0x13f0b: mov ax, 0x3521
0x13f0e: int 0x21
0x13f10: mov word ptr cs:[0x103], bx
0x13f15: mov word ptr cs:[0x105], es
0x13f1a: push ds
0x13f1b: pop es
0x13f1c: cmp bx, 0x25f
0x13f20: jne 0x13f25
0x13f22: jmp 0x13fe0
0x13f25: mov cx, 0x3fd
0x13f28: push cs
0x13f29: pop ds
0x13f2a: mov di, 0x100
0x13f2d: mov si, di
0x13f2f: cld
0x13f30: rep movsb byte ptr es:[di], byte ptr [si]
0x13f32: push es
0x13f33: mov ax, 0x3e8
2018-12-25T12:30:19.732074097Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T12:30:19.737776773Z 76 PC: 12a61 | Terminate with return code (Return code = '0')