Sample viewer

vx.netlux.org/Virus.DOS.Oxana.1419

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:01:05.414682289Z 53 PC: 12fa6 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-17T22:01:05.416532801Z 42 PC: 13019 | Get date 0x13019: cmp dh, 6
0x1301c: jge 0x13021
0x1301e: jmp 0x1310c
0x13021: push cs
0x13022: pop ds
0x13023: mov di, 0x5e6
0x13026: mov si, 0x67b
0x13029: xor byte ptr [di], 0xcb
0x1302c: inc di
0x1302d: cmp di, si
0x1302f: jl 0x13029
0x13031: xor ax, ax
0x13033: mov es, ax
0x13035: or byte ptr es:[0x417], 0x40
0x1303b: mov ah, 6
0x1303d: mov al, 0
0x1303f: mov cx, 0
0x13042: mov dx, 0x1950
0x13045: mov bh, 0x74
0x13047: int 0x10
2018-12-17T22:01:05.422412374Z 1 PC: 130d3 | Character input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1236,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:03.540443349Z 53 PC: 12fa6 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-25T11:43:03.545584961Z 42 PC: 13019 | Get date 0x13019: cmp dh, 6
0x1301c: jge 0x13021
0x1301e: jmp 0x1310c
0x13021: push cs
0x13022: pop ds
0x13023: mov di, 0x5e6
0x13026: mov si, 0x67b
0x13029: xor byte ptr [di], 0xcb
0x1302c: inc di
0x1302d: cmp di, si
0x1302f: jl 0x13029
0x13031: xor ax, ax
0x13033: mov es, ax
0x13035: or byte ptr es:[0x417], 0x40
0x1303b: mov ah, 6
0x1303d: mov al, 0
0x1303f: mov cx, 0
0x13042: mov dx, 0x1950
0x13045: mov bh, 0x74
0x13047: int 0x10
2018-12-25T11:43:03.548516114Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:43:03.554824778Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1236,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:03.831210399Z 53 PC: 12fa6 | Get interrupt vector (Interrupt = '144' AKA 'UNKNOWN!')
2018-12-25T11:43:03.833277102Z 42 PC: 13019 | Get date 0x13019: cmp dh, 6
0x1301c: jge 0x13021
0x1301e: jmp 0x1310c
0x13021: push cs
0x13022: pop ds
0x13023: mov di, 0x5e6
0x13026: mov si, 0x67b
0x13029: xor byte ptr [di], 0xcb
0x1302c: inc di
0x1302d: cmp di, si
0x1302f: jl 0x13029
0x13031: xor ax, ax
0x13033: mov es, ax
0x13035: or byte ptr es:[0x417], 0x40
0x1303b: mov ah, 6
0x1303d: mov al, 0
0x1303f: mov cx, 0
0x13042: mov dx, 0x1950
0x13045: mov bh, 0x74
0x13047: int 0x10
2018-12-25T11:43:03.838361656Z 1 PC: 130d3 | Character input