Sample viewer

vx.netlux.org/Virus.DOS.IVP.403

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:39.875372628Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:39.876909054Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:39.87842495Z	71	PC: 12a69 \| Get current directory
2018-12-17T22:56:39.882249959Z	78	PC: 12a9b \| Find first file
2018-12-17T22:56:39.890068622Z	78	PC: 12a9b \| Find first file
2018-12-17T22:56:39.898240265Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.901012741Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.903917023Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.907293297Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.910110022Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.913048787Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.916482411Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.919284134Z	79	PC: 12a9b \| Find next file
2018-12-17T22:56:39.921776272Z	59	PC: 12a7c \| Change current directory
2018-12-17T22:56:39.927080788Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp cx, 0x7ba 0x12ae6: jb 0x12b08 0x12ae8: cmp dh, 0xa 0x12aeb: jne 0x12b08 0x12aed: cmp dl, 4 0x12af0: jne 0x12b08 0x12af2: mov ah, 9 0x12af4: mov dx, 0x1fb 0x12af7: int 0x21 0x12af9: mov dx, 0x100 0x12afc: push es 0x12afd: mov ax, 0x40 0x12b00: mov es, ax 0x12b02: mov word ptr es:[0x13], dx 0x12b07: pop es 0x12b08: ret 0x12b09: mov ah, 0x3d 0x12b0b: mov dx, 0x9e 0x12b0e: int 0x21 0x12b10: xchg ax, bx
2018-12-17T22:56:39.929458354Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:56:39.930686856Z	59	PC: 12a92 \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:23.911725497Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:23.913375113Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:23.9145983Z	71	PC: 12a69 \| Get current directory
2018-12-25T12:32:23.917599152Z	78	PC: 12a9b \| Find first file
2018-12-25T12:32:23.924142876Z	78	PC: 12a9b \| Find first file (See above)
2018-12-25T12:32:23.930660289Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.932266196Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.934121056Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.938079183Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.939565928Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.941062225Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.943496125Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.945110031Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:23.946583703Z	59	PC: 12a7c \| Change current directory
2018-12-25T12:32:23.949626113Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp cx, 0x7ba 0x12ae6: jb 0x12b08 0x12ae8: cmp dh, 0xa 0x12aeb: jne 0x12b08 0x12aed: cmp dl, 4 0x12af0: jne 0x12b08 0x12af2: mov ah, 9 0x12af4: mov dx, 0x1fb 0x12af7: int 0x21 0x12af9: mov dx, 0x100 0x12afc: push es 0x12afd: mov ax, 0x40 0x12b00: mov es, ax 0x12b02: mov word ptr es:[0x13], dx 0x12b07: pop es 0x12b08: ret 0x12b09: mov ah, 0x3d 0x12b0b: mov dx, 0x9e 0x12b0e: int 0x21 0x12b10: xchg ax, bx
2018-12-25T12:32:23.950941791Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:23.951683554Z	59	PC: 12a92 \| Change current directory

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:23.985756171Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:23.987343753Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:23.988642818Z	71	PC: 12a69 \| Get current directory
2018-12-25T12:32:23.99161462Z	78	PC: 12a9b \| Find first file
2018-12-25T12:32:23.998354349Z	78	PC: 12a9b \| Find first file (See above)
2018-12-25T12:32:24.005838298Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.009065921Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.012037752Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.014939389Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.017640569Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.020239231Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.023552041Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.026349607Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.028737033Z	59	PC: 12a7c \| Change current directory
2018-12-25T12:32:24.034915052Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp cx, 0x7ba 0x12ae6: jb 0x12b08 0x12ae8: cmp dh, 0xa 0x12aeb: jne 0x12b08 0x12aed: cmp dl, 4 0x12af0: jne 0x12b08 0x12af2: mov ah, 9 0x12af4: mov dx, 0x1fb 0x12af7: int 0x21 0x12af9: mov dx, 0x100 0x12afc: push es 0x12afd: mov ax, 0x40 0x12b00: mov es, ax 0x12b02: mov word ptr es:[0x13], dx 0x12b07: pop es 0x12b08: ret 0x12b09: mov ah, 0x3d 0x12b0b: mov dx, 0x9e 0x12b0e: int 0x21 0x12b10: xchg ax, bx
2018-12-25T12:32:24.037220701Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:24.038208335Z	59	PC: 12a92 \| Change current directory

{"DateBased":true,"Day":4,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:24.839357251Z	53	PC: 12a4d \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:24.84100247Z	37	PC: 12a5e \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:24.842923991Z	71	PC: 12a69 \| Get current directory
2018-12-25T12:32:24.84613622Z	78	PC: 12a9b \| Find first file
2018-12-25T12:32:24.852578155Z	78	PC: 12a9b \| Find first file (See above)
2018-12-25T12:32:24.859424229Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.862270503Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.865100541Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.868415755Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.871166431Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.873913589Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.87718411Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.879996951Z	79	PC: 12a9b \| Find next file (See above)
2018-12-25T12:32:24.882431737Z	59	PC: 12a7c \| Change current directory
2018-12-25T12:32:24.887365176Z	42	PC: 12ae2 \| Get date 0x12ae2: cmp cx, 0x7ba 0x12ae6: jb 0x12b08 0x12ae8: cmp dh, 0xa 0x12aeb: jne 0x12b08 0x12aed: cmp dl, 4 0x12af0: jne 0x12b08 0x12af2: mov ah, 9 0x12af4: mov dx, 0x1fb 0x12af7: int 0x21 0x12af9: mov dx, 0x100 0x12afc: push es 0x12afd: mov ax, 0x40 0x12b00: mov es, ax 0x12b02: mov word ptr es:[0x13], dx 0x12b07: pop es 0x12b08: ret 0x12b09: mov ah, 0x3d 0x12b0b: mov dx, 0x9e 0x12b0e: int 0x21 0x12b10: xchg ax, bx
2018-12-25T12:32:24.8895205Z	9	PC: 12af9 \| Display string (String= 'Too late to turn back! Your system already infected by Virus Quest.256 .com.exe..�g��S��[�@��!S��[�.�&��x.0')
2018-12-25T12:32:24.898281315Z	37	PC: 12a89 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:32:24.909485931Z	59	PC: 12a92 \| Change current directory