Sample viewer

vx.netlux.org/Virus.DOS.Espacio.8498

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:54:59.278349252Z	200	PC: 1769c \| UNKNOWN!
2018-12-17T22:54:59.282135871Z	74	PC: 1f366 \| Reallocate memory
2018-12-17T22:54:59.284746257Z	80	PC: 1f36b \| Set current PSP
2018-12-17T22:54:59.289231597Z	38	PC: 12b7e \| Create PSP
2018-12-17T22:54:59.291153106Z	53	PC: 12b85 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:59.292353173Z	37	PC: 12b94 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:54:59.293526631Z	42	PC: 12b98 \| Get date 0x12b98: cmp cx, 0x7c9 0x12b9c: ja 0x12ba4 0x12b9e: cmp dx, 0x61b 0x12ba2: jb 0x12bb8 0x12ba4: mov ax, 0x351c 0x12ba7: int 0x21 0x12ba9: mov si, 0x6cc 0x12bac: mov word ptr [si], bx 0x12bae: mov word ptr [si + 2], es 0x12bb1: mov dx, 0x6c4 0x12bb4: mov ah, 0x25 0x12bb6: nop 0x12bb7: nop 0x12bb8: mov ax, cs 0x12bba: dec ax 0x12bbb: mov ds, ax 0x12bbd: mov word ptr [1], 8 0x12bc3: mov es, bp 0x12bc5: push es 0x12bc6: cmp byte ptr cs:[0x123], 0
2018-12-17T22:54:59.296140396Z	53	PC: 12ba9 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:54:59.297476353Z	61	PC: 12bea \| Open file (Filename = '')
2018-12-17T22:54:59.304901636Z	66	PC: 12bf8 \| Move file pointer
2018-12-17T22:54:59.306672024Z	62	PC: 12c1e \| Close file
2018-12-17T22:54:59.309195709Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-17T22:54:59.313786839Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11741,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:14.634395532Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:31:14.637211056Z	74	PC: 1f366 \| Reallocate memory
2018-12-25T12:31:14.638719113Z	80	PC: 1f36b \| Set current PSP
2018-12-25T12:31:14.642986554Z	38	PC: 12b7e \| Create PSP
2018-12-25T12:31:14.645309715Z	53	PC: 12b85 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:14.646692743Z	37	PC: 12b94 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:14.648115957Z	42	PC: 12b98 \| Get date 0x12b98: cmp cx, 0x7c9 0x12b9c: ja 0x12ba4 0x12b9e: cmp dx, 0x61b 0x12ba2: jb 0x12bb8 0x12ba4: mov ax, 0x351c 0x12ba7: int 0x21 0x12ba9: mov si, 0x6cc 0x12bac: mov word ptr [si], bx 0x12bae: mov word ptr [si + 2], es 0x12bb1: mov dx, 0x6c4 0x12bb4: mov ah, 0x25 0x12bb6: nop 0x12bb7: nop 0x12bb8: mov ax, cs 0x12bba: dec ax 0x12bbb: mov ds, ax 0x12bbd: mov word ptr [1], 8 0x12bc3: mov es, bp 0x12bc5: push es 0x12bc6: cmp byte ptr cs:[0x123], 0
2018-12-25T12:31:14.652035956Z	61	PC: 12bea \| Open file (Filename = '')
2018-12-25T12:31:14.659912184Z	66	PC: 12bf8 \| Move file pointer
2018-12-25T12:31:14.661677153Z	62	PC: 12c1e \| Close file
2018-12-25T12:31:14.665187692Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:31:14.671356374Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":27,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11741,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:15.094273019Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:31:15.096588043Z	74	PC: 1f366 \| Reallocate memory
2018-12-25T12:31:15.112035573Z	80	PC: 1f36b \| Set current PSP
2018-12-25T12:31:15.11626472Z	38	PC: 12b7e \| Create PSP
2018-12-25T12:31:15.11817983Z	53	PC: 12b85 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:15.119463166Z	37	PC: 12b94 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:15.120668924Z	42	PC: 12b98 \| Get date 0x12b98: cmp cx, 0x7c9 0x12b9c: ja 0x12ba4 0x12b9e: cmp dx, 0x61b 0x12ba2: jb 0x12bb8 0x12ba4: mov ax, 0x351c 0x12ba7: int 0x21 0x12ba9: mov si, 0x6cc 0x12bac: mov word ptr [si], bx 0x12bae: mov word ptr [si + 2], es 0x12bb1: mov dx, 0x6c4 0x12bb4: mov ah, 0x25 0x12bb6: nop 0x12bb7: nop 0x12bb8: mov ax, cs 0x12bba: dec ax 0x12bbb: mov ds, ax 0x12bbd: mov word ptr [1], 8 0x12bc3: mov es, bp 0x12bc5: push es 0x12bc6: cmp byte ptr cs:[0x123], 0
2018-12-25T12:31:15.123567294Z	53	PC: 12ba9 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:31:15.12505159Z	61	PC: 12bea \| Open file (Filename = '')
2018-12-25T12:31:15.132355257Z	66	PC: 12bf8 \| Move file pointer
2018-12-25T12:31:15.134112828Z	62	PC: 12c1e \| Close file
2018-12-25T12:31:15.136707917Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:31:15.142676063Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11741,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:15.276236447Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:31:15.286791022Z	74	PC: 1f366 \| Reallocate memory
2018-12-25T12:31:15.289423996Z	80	PC: 1f36b \| Set current PSP
2018-12-25T12:31:15.294800495Z	38	PC: 12b7e \| Create PSP
2018-12-25T12:31:15.297314609Z	53	PC: 12b85 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:15.298696165Z	37	PC: 12b94 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:15.300048216Z	42	PC: 12b98 \| Get date 0x12b98: cmp cx, 0x7c9 0x12b9c: ja 0x12ba4 0x12b9e: cmp dx, 0x61b 0x12ba2: jb 0x12bb8 0x12ba4: mov ax, 0x351c 0x12ba7: int 0x21 0x12ba9: mov si, 0x6cc 0x12bac: mov word ptr [si], bx 0x12bae: mov word ptr [si + 2], es 0x12bb1: mov dx, 0x6c4 0x12bb4: mov ah, 0x25 0x12bb6: nop 0x12bb7: nop 0x12bb8: mov ax, cs 0x12bba: dec ax 0x12bbb: mov ds, ax 0x12bbd: mov word ptr [1], 8 0x12bc3: mov es, bp 0x12bc5: push es 0x12bc6: cmp byte ptr cs:[0x123], 0
2018-12-25T12:31:15.3026233Z	53	PC: 12ba9 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:31:15.30425348Z	61	PC: 12bea \| Open file (Filename = '')
2018-12-25T12:31:15.311703744Z	66	PC: 12bf8 \| Move file pointer
2018-12-25T12:31:15.313653261Z	62	PC: 12c1e \| Close file
2018-12-25T12:31:15.316445805Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:31:15.32245343Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')