Sample viewer

vx.netlux.org/Virus.DOS.Disnomia.1516

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:56:43.522599141Z	202	PC: 1a069 \| UNKNOWN!
2018-12-17T22:56:43.528086524Z	82	PC: 1a322 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:56:43.529538797Z	82	PC: 1a357 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:56:43.531858946Z	74	PC: 1a08a \| Reallocate memory
2018-12-17T22:56:43.534987099Z	72	PC: 1a092 \| Allocate memory
2018-12-17T22:56:43.536545526Z	42	PC: 1a0e6 \| Get date 0x1a0e6: cmp dh, 5 0x1a0e9: jne 0x1a0fc 0x1a0eb: cmp dl, 0x13 0x1a0ee: jne 0x1a0fc 0x1a0f0: mov ah, 0x2c 0x1a0f2: int 0x21 0x1a0f4: cmp ch, 0xc 0x1a0f7: jne 0x1a0fc 0x1a0f9: call 0x1a296 0x1a0fc: mov ax, cs 0x1a0fe: mov ds, ax 0x1a100: mov ax, word ptr [0x527] 0x1a103: mov bx, word ptr [0x529] 0x1a107: pop es 0x1a108: pop ds 0x1a109: mov dx, es 0x1a10b: add ax, dx 0x1a10d: add ax, 0x10 0x1a110: push ax 0x1a111: push bx
2018-12-17T22:56:43.538720233Z	48	PC: 16854 \| Get DOS version
2018-12-17T22:56:43.540877982Z	74	PC: 168d3 \| Reallocate memory
2018-12-17T22:56:43.543620093Z	53	PC: 16951 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:43.545084643Z	37	PC: 16963 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:43.54758631Z	68	PC: 169f3 \| I/O control for devices (Set for = '')
2018-12-17T22:56:43.549011263Z	68	PC: 169f3 \| I/O control for devices
2018-12-17T22:56:43.55076446Z	68	PC: 169f3 \| I/O control for devices
2018-12-17T22:56:43.552854909Z	68	PC: 169f3 \| I/O control for devices
2018-12-17T22:56:43.554330812Z	68	PC: 169f3 \| I/O control for devices
2018-12-17T22:56:43.558803837Z	64	PC: 186b4 \| Write file or device (Write 25 bytes on handle 1)
2018-12-17T22:56:43.565504391Z	37	PC: 16ac3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:56:43.566523984Z	76	PC: 16aa8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12318,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:28.409538266Z	202	PC: 1a069 \| UNKNOWN!
2018-12-25T12:32:28.411277993Z	82	PC: 1a322 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:28.413127079Z	82	PC: 1a357 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:28.415496946Z	74	PC: 1a08a \| Reallocate memory
2018-12-25T12:32:28.418149392Z	72	PC: 1a092 \| Allocate memory
2018-12-25T12:32:28.420059198Z	42	PC: 1a0e6 \| Get date 0x1a0e6: cmp dh, 5 0x1a0e9: jne 0x1a0fc 0x1a0eb: cmp dl, 0x13 0x1a0ee: jne 0x1a0fc 0x1a0f0: mov ah, 0x2c 0x1a0f2: int 0x21 0x1a0f4: cmp ch, 0xc 0x1a0f7: jne 0x1a0fc 0x1a0f9: call 0x1a296 0x1a0fc: mov ax, cs 0x1a0fe: mov ds, ax 0x1a100: mov ax, word ptr [0x527] 0x1a103: mov bx, word ptr [0x529] 0x1a107: pop es 0x1a108: pop ds 0x1a109: mov dx, es 0x1a10b: add ax, dx 0x1a10d: add ax, 0x10 0x1a110: push ax 0x1a111: push bx
2018-12-25T12:32:28.422459556Z	48	PC: 16854 \| Get DOS version
2018-12-25T12:32:28.424328149Z	74	PC: 168d3 \| Reallocate memory
2018-12-25T12:32:28.427162615Z	53	PC: 16951 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:32:28.428558324Z	37	PC: 16963 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:32:28.430223574Z	68	PC: 169f3 \| I/O control for devices (Set for = '')
2018-12-25T12:32:28.432380631Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.433929961Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.435503926Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.43802015Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.44311967Z	64	PC: 186b4 \| Write file or device (Write 25 bytes on handle 1)
2018-12-25T12:32:28.450175885Z	37	PC: 16ac3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:32:28.452157026Z	76	PC: 16aa8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":19,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12318,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:28.443117297Z	202	PC: 1a069 \| UNKNOWN!
2018-12-25T12:32:28.445461274Z	82	PC: 1a322 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:28.447349389Z	82	PC: 1a357 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:28.450025807Z	74	PC: 1a08a \| Reallocate memory
2018-12-25T12:32:28.452670159Z	72	PC: 1a092 \| Allocate memory
2018-12-25T12:32:28.455275326Z	42	PC: 1a0e6 \| Get date 0x1a0e6: cmp dh, 5 0x1a0e9: jne 0x1a0fc 0x1a0eb: cmp dl, 0x13 0x1a0ee: jne 0x1a0fc 0x1a0f0: mov ah, 0x2c 0x1a0f2: int 0x21 0x1a0f4: cmp ch, 0xc 0x1a0f7: jne 0x1a0fc 0x1a0f9: call 0x1a296 0x1a0fc: mov ax, cs 0x1a0fe: mov ds, ax 0x1a100: mov ax, word ptr [0x527] 0x1a103: mov bx, word ptr [0x529] 0x1a107: pop es 0x1a108: pop ds 0x1a109: mov dx, es 0x1a10b: add ax, dx 0x1a10d: add ax, 0x10 0x1a110: push ax 0x1a111: push bx
2018-12-25T12:32:28.458060612Z	44	PC: 1a0f4 \| Get time 0x1a0f4: cmp ch, 0xc 0x1a0f7: jne 0x1a0fc 0x1a0f9: call 0x1a296 0x1a0fc: mov ax, cs 0x1a0fe: mov ds, ax 0x1a100: mov ax, word ptr [0x527] 0x1a103: mov bx, word ptr [0x529] 0x1a107: pop es 0x1a108: pop ds 0x1a109: mov dx, es 0x1a10b: add ax, dx 0x1a10d: add ax, 0x10 0x1a110: push ax 0x1a111: push bx 0x1a112: retf 0x1a113: cmp ah, 0x4b 0x1a116: je 0x1a146 0x1a118: cmp ah, 0x3d 0x1a11b: je 0x1a12b 0x1a11d: cmp ax, 0xcafe
2018-12-25T12:32:28.462745609Z	9	PC: 1a2ca \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12318,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:28.706913223Z	202	PC: 1a069 \| UNKNOWN!
2018-12-25T12:32:28.708473402Z	82	PC: 1a322 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:28.710041105Z	82	PC: 1a357 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:32:28.712405888Z	74	PC: 1a08a \| Reallocate memory
2018-12-25T12:32:28.714480556Z	72	PC: 1a092 \| Allocate memory
2018-12-25T12:32:28.716667948Z	42	PC: 1a0e6 \| Get date 0x1a0e6: cmp dh, 5 0x1a0e9: jne 0x1a0fc 0x1a0eb: cmp dl, 0x13 0x1a0ee: jne 0x1a0fc 0x1a0f0: mov ah, 0x2c 0x1a0f2: int 0x21 0x1a0f4: cmp ch, 0xc 0x1a0f7: jne 0x1a0fc 0x1a0f9: call 0x1a296 0x1a0fc: mov ax, cs 0x1a0fe: mov ds, ax 0x1a100: mov ax, word ptr [0x527] 0x1a103: mov bx, word ptr [0x529] 0x1a107: pop es 0x1a108: pop ds 0x1a109: mov dx, es 0x1a10b: add ax, dx 0x1a10d: add ax, 0x10 0x1a110: push ax 0x1a111: push bx
2018-12-25T12:32:28.719505294Z	48	PC: 16854 \| Get DOS version
2018-12-25T12:32:28.722158595Z	74	PC: 168d3 \| Reallocate memory
2018-12-25T12:32:28.725187804Z	53	PC: 16951 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:32:28.726877006Z	37	PC: 16963 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:32:28.729903777Z	68	PC: 169f3 \| I/O control for devices (Set for = '')
2018-12-25T12:32:28.731924262Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.733800216Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.735668607Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.737681436Z	68	PC: 169f3 \| I/O control for devices (See above)
2018-12-25T12:32:28.743637706Z	64	PC: 186b4 \| Write file or device (Write 25 bytes on handle 1)
2018-12-25T12:32:28.752135632Z	37	PC: 16ac3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:32:28.754122681Z	76	PC: 16aa8 \| Terminate with return code (Return code = '0')