Sample viewer

vx.netlux.org/Virus.DOS.Andromeda.725

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:00.576764427Z	42	PC: 13621 \| Get date 0x13621: cmp al, 6 0x13623: je 0x13636 0x13625: cmp al, 0 0x13627: je 0x13636 0x13629: mov si, 0xcdfd 0x1362c: mov ah, 0x30 0x1362e: int 0x21 0x13630: cmp di, 0xabcd 0x13634: jne 0x1364e 0x13636: mov si, 0x3c7 0x13639: pop bx 0x1363a: push bx 0x1363b: sub bx, 0x103 0x1363f: add si, bx 0x13641: mov di, 0x100 0x13644: mov cx, 3 0x13647: rep movsb byte ptr es:[di], byte ptr [si] 0x13649: mov ax, 0x100 0x1364c: jmp ax 0x1364e: push es
2018-12-17T22:56:00.579681322Z	48	PC: 13630 \| Get DOS version
2018-12-17T22:56:00.581519679Z	38	PC: 13671 \| Create PSP
2018-12-17T22:56:00.583606152Z	53	PC: 136a1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:00.586181645Z	53	PC: 136b8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:56:00.588010805Z	37	PC: 136d3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:00.58977384Z	37	PC: 136dc \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:56:00.591684263Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12080,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:55.743520932Z	42	PC: 13621 \| Get date 0x13621: cmp al, 6 0x13623: je 0x13636 0x13625: cmp al, 0 0x13627: je 0x13636 0x13629: mov si, 0xcdfd 0x1362c: mov ah, 0x30 0x1362e: int 0x21 0x13630: cmp di, 0xabcd 0x13634: jne 0x1364e 0x13636: mov si, 0x3c7 0x13639: pop bx 0x1363a: push bx 0x1363b: sub bx, 0x103 0x1363f: add si, bx 0x13641: mov di, 0x100 0x13644: mov cx, 3 0x13647: rep movsb byte ptr es:[di], byte ptr [si] 0x13649: mov ax, 0x100 0x1364c: jmp ax 0x1364e: push es
2018-12-25T12:31:55.745948825Z	48	PC: 13630 \| Get DOS version
2018-12-25T12:31:55.747245462Z	38	PC: 13671 \| Create PSP
2018-12-25T12:31:55.74874137Z	53	PC: 136a1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.750315194Z	53	PC: 136b8 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:55.752995455Z	37	PC: 136d3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:31:55.754249455Z	37	PC: 136dc \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:31:55.755610137Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12080,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:55.826737425Z	42	PC: 13621 \| Get date 0x13621: cmp al, 6 0x13623: je 0x13636 0x13625: cmp al, 0 0x13627: je 0x13636 0x13629: mov si, 0xcdfd 0x1362c: mov ah, 0x30 0x1362e: int 0x21 0x13630: cmp di, 0xabcd 0x13634: jne 0x1364e 0x13636: mov si, 0x3c7 0x13639: pop bx 0x1363a: push bx 0x1363b: sub bx, 0x103 0x1363f: add si, bx 0x13641: mov di, 0x100 0x13644: mov cx, 3 0x13647: rep movsb byte ptr es:[di], byte ptr [si] 0x13649: mov ax, 0x100 0x1364c: jmp ax 0x1364e: push es
2018-12-25T12:31:55.830996936Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12080,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:31:55.980099691Z	42	PC: 13621 \| Get date 0x13621: cmp al, 6 0x13623: je 0x13636 0x13625: cmp al, 0 0x13627: je 0x13636 0x13629: mov si, 0xcdfd 0x1362c: mov ah, 0x30 0x1362e: int 0x21 0x13630: cmp di, 0xabcd 0x13634: jne 0x1364e 0x13636: mov si, 0x3c7 0x13639: pop bx 0x1363a: push bx 0x1363b: sub bx, 0x103 0x1363f: add si, bx 0x13641: mov di, 0x100 0x13644: mov cx, 3 0x13647: rep movsb byte ptr es:[di], byte ptr [si] 0x13649: mov ax, 0x100 0x1364c: jmp ax 0x1364e: push es
2018-12-25T12:31:55.982769717Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')