Sample viewer

vx.netlux.org/Virus.DOS.NightFall.4480

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:42.442594191Z	53	PC: 1532e \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:56:42.444226668Z	53	PC: 1532e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:56:42.445626374Z	53	PC: 1532e \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:56:42.446527732Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:42.447805253Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:42.449031124Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:42.450140078Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:42.452902743Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:42.454206701Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-17T22:56:42.455229604Z	98	PC: 15293 \| Get current PSP
2018-12-17T22:56:42.456432173Z	74	PC: 1529c \| Reallocate memory
2018-12-17T22:56:42.457867435Z	74	PC: 152a9 \| Reallocate memory
2018-12-17T22:56:42.45906935Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcb 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 8 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4a9], al 0x152e5: mov cx, 0x1180 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x1e5 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-17T22:56:42.461700677Z	82	PC: 9ebe8 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:56:42.462854763Z	98	PC: 151c7 \| Get current PSP
2018-12-17T22:56:42.463611222Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12307,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.703095072Z	53	PC: 1532e \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:32:26.704642956Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.705788429Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.706898404Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.708604474Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.71044596Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.712381358Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.714575971Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.72124324Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.722744983Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:32:26.724126925Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:32:26.726689357Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:32:26.728429269Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcb 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 8 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4a9], al 0x152e5: mov cx, 0x1180 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x1e5 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:32:26.730236202Z	82	PC: 9ebe8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:26.732181674Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:32:26.73313329Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12307,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.743448326Z	53	PC: 1532e \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:32:26.746268263Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.747854074Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.749373914Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.752000462Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.753339515Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.754652977Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.756786831Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.75821193Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.759201977Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:32:26.760253106Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:32:26.765605361Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:32:26.76704199Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcb 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 8 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4a9], al 0x152e5: mov cx, 0x1180 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x1e5 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:32:26.769602547Z	82	PC: 9ebe8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:26.772827908Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:32:26.773860062Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12307,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.913036349Z	53	PC: 1532e \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:32:26.915410298Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.926196899Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.927696818Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.930093669Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.93148326Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.933173985Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.936541725Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.938055155Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.939490831Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:32:26.941443407Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:32:26.943188385Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:32:26.944721096Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcb 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 8 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4a9], al 0x152e5: mov cx, 0x1180 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x1e5 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:32:26.947615919Z	82	PC: 9ebe8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:26.949977962Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:32:26.950813729Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12307,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:26.90807117Z	53	PC: 1532e \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:32:26.910628115Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.912188388Z	53	PC: 1532e \| Get interrupt vector (See above)
2018-12-25T12:32:26.913740614Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.915323053Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.916773061Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.917954184Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.919659281Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.921504788Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:32:26.922809653Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:32:26.923720762Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:32:26.926137305Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:32:26.928022351Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcb 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 8 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4a9], al 0x152e5: mov cx, 0x1180 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x1e5 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:32:26.930434774Z	82	PC: 9ebe8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:26.938475505Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:32:26.939640875Z	76	PC: 1514d \| Terminate with return code (Return code = '0')