Sample viewer

vx.netlux.org/Virus.DOS.Hi.895

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:44.667291188Z 53 PC: 19f2c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:44.669322077Z 37 PC: 19f3e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:55:44.671363096Z 42 PC: 19f42 | Get date 0x19f42: cmp dx, 0xa0a
0x19f46: jbe 0x19f5d
0x19f48: mov ax, 0x3508
0x19f4b: int 0x21
0x19f4d: mov word ptr [0x117], bx
0x19f51: mov word ptr [0x119], es
0x19f55: mov dx, 0x15b
0x19f58: mov ax, 0x2508
0x19f5b: int 0x21
0x19f5d: push cs
0x19f5e: pop ds
0x19f5f: mov bx, cs
0x19f61: sub bx, word ptr ds:[bp + 0x371]
0x19f66: mov cx, word ptr ds:[bp + 0x373]
0x19f6b: add cx, bx
0x19f6d: mov bx, word ptr ds:[bp + 0x375]
0x19f72: pop es
0x19f73: pop ds
0x19f74: pop ax
0x19f75: push cx
2018-12-17T22:55:44.674286844Z 53 PC: 19f4d | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:55:44.684968162Z 37 PC: 19f5d | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:55:44.690240557Z 76 PC: 19d70 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11988,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:46.306419857Z 53 PC: 19f2c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:46.308741715Z 37 PC: 19f3e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:46.309942297Z 42 PC: 19f42 | Get date 0x19f42: cmp dx, 0xa0a
0x19f46: jbe 0x19f5d
0x19f48: mov ax, 0x3508
0x19f4b: int 0x21
0x19f4d: mov word ptr [0x117], bx
0x19f51: mov word ptr [0x119], es
0x19f55: mov dx, 0x15b
0x19f58: mov ax, 0x2508
0x19f5b: int 0x21
0x19f5d: push cs
0x19f5e: pop ds
0x19f5f: mov bx, cs
0x19f61: sub bx, word ptr ds:[bp + 0x371]
0x19f66: mov cx, word ptr ds:[bp + 0x373]
0x19f6b: add cx, bx
0x19f6d: mov bx, word ptr ds:[bp + 0x375]
0x19f72: pop es
0x19f73: pop ds
0x19f74: pop ax
0x19f75: push cx
2018-12-25T12:31:46.314931825Z 76 PC: 19d70 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":10,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11988,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:46.340282435Z 53 PC: 19f2c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:46.344230894Z 37 PC: 19f3e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:46.346083243Z 42 PC: 19f42 | Get date 0x19f42: cmp dx, 0xa0a
0x19f46: jbe 0x19f5d
0x19f48: mov ax, 0x3508
0x19f4b: int 0x21
0x19f4d: mov word ptr [0x117], bx
0x19f51: mov word ptr [0x119], es
0x19f55: mov dx, 0x15b
0x19f58: mov ax, 0x2508
0x19f5b: int 0x21
0x19f5d: push cs
0x19f5e: pop ds
0x19f5f: mov bx, cs
0x19f61: sub bx, word ptr ds:[bp + 0x371]
0x19f66: mov cx, word ptr ds:[bp + 0x373]
0x19f6b: add cx, bx
0x19f6d: mov bx, word ptr ds:[bp + 0x375]
0x19f72: pop es
0x19f73: pop ds
0x19f74: pop ax
0x19f75: push cx
2018-12-25T12:31:46.35178456Z 76 PC: 19d70 | Terminate with return code (Return code = '0')