Sample viewer

vx.netlux.org/Virus.DOS.Normal.763

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:01:10.52165671Z	254	PC: 12c43 \| UNKNOWN!
2018-12-17T22:01:10.523080402Z	53	PC: 12c63 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:01:10.524668858Z	53	PC: 12c70 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:10.526524452Z	37	PC: 12c91 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:10.529100708Z	37	PC: 12c97 \| Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-17T22:01:10.530261025Z	42	PC: 12c9e \| Get date 0x12c9e: cmp dx, 0xa0f 0x12ca2: jbe 0x12cba 0x12ca4: cmp al, 5 0x12ca6: jne 0x12cba 0x12ca8: mov ah, 9 0x12caa: add si, 0x1b4 0x12cae: push si 0x12caf: pop dx 0x12cb0: mov cx, 0x29 0x12cb3: not byte ptr [si] 0x12cb5: inc si 0x12cb6: loop 0x12cb3 0x12cb8: int 0x21 0x12cba: pop si 0x12cbb: cmp word ptr [si + 0x1ac], 0x100 0x12cc1: jne 0x12cd1 0x12cc3: mov ax, word ptr [si + 0x1b0] 0x12cc7: mov word ptr [0x100], ax 0x12cca: mov ax, word ptr [si + 0x1b2] 0x12cce: mov word ptr [0x102], ax
2018-12-17T22:01:10.532616675Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T22:01:10.537011668Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1244,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:04.126668592Z	254	PC: 12c43 \| UNKNOWN!
2018-12-25T11:43:04.128384233Z	53	PC: 12c63 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:43:04.129607917Z	53	PC: 12c70 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.130843368Z	37	PC: 12c91 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.132955468Z	37	PC: 12c97 \| Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-25T11:43:04.134184295Z	42	PC: 12c9e \| Get date 0x12c9e: cmp dx, 0xa0f 0x12ca2: jbe 0x12cba 0x12ca4: cmp al, 5 0x12ca6: jne 0x12cba 0x12ca8: mov ah, 9 0x12caa: add si, 0x1b4 0x12cae: push si 0x12caf: pop dx 0x12cb0: mov cx, 0x29 0x12cb3: not byte ptr [si] 0x12cb5: inc si 0x12cb6: loop 0x12cb3 0x12cb8: int 0x21 0x12cba: pop si 0x12cbb: cmp word ptr [si + 0x1ac], 0x100 0x12cc1: jne 0x12cd1 0x12cc3: mov ax, word ptr [si + 0x1b0] 0x12cc7: mov word ptr [0x100], ax 0x12cca: mov ax, word ptr [si + 0x1b2] 0x12cce: mov word ptr [0x102], ax
2018-12-25T11:43:04.136506812Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T11:43:04.150485746Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1244,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:04.166850327Z	254	PC: 12c43 \| UNKNOWN!
2018-12-25T11:43:04.168184349Z	53	PC: 12c63 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:43:04.16980641Z	53	PC: 12c70 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.171317631Z	37	PC: 12c91 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.172743817Z	37	PC: 12c97 \| Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-25T11:43:04.175060648Z	42	PC: 12c9e \| Get date 0x12c9e: cmp dx, 0xa0f 0x12ca2: jbe 0x12cba 0x12ca4: cmp al, 5 0x12ca6: jne 0x12cba 0x12ca8: mov ah, 9 0x12caa: add si, 0x1b4 0x12cae: push si 0x12caf: pop dx 0x12cb0: mov cx, 0x29 0x12cb3: not byte ptr [si] 0x12cb5: inc si 0x12cb6: loop 0x12cb3 0x12cb8: int 0x21 0x12cba: pop si 0x12cbb: cmp word ptr [si + 0x1ac], 0x100 0x12cc1: jne 0x12cd1 0x12cc3: mov ax, word ptr [si + 0x1b0] 0x12cc7: mov word ptr [0x100], ax 0x12cca: mov ax, word ptr [si + 0x1b2] 0x12cce: mov word ptr [0x102], ax
2018-12-25T11:43:04.177998823Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T11:43:04.184561425Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":15,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1244,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:04.411137141Z	254	PC: 12c43 \| UNKNOWN!
2018-12-25T11:43:04.412236485Z	53	PC: 12c63 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:43:04.424145209Z	53	PC: 12c70 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.425296763Z	37	PC: 12c91 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:04.426802006Z	37	PC: 12c97 \| Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-25T11:43:04.429194288Z	42	PC: 12c9e \| Get date 0x12c9e: cmp dx, 0xa0f 0x12ca2: jbe 0x12cba 0x12ca4: cmp al, 5 0x12ca6: jne 0x12cba 0x12ca8: mov ah, 9 0x12caa: add si, 0x1b4 0x12cae: push si 0x12caf: pop dx 0x12cb0: mov cx, 0x29 0x12cb3: not byte ptr [si] 0x12cb5: inc si 0x12cb6: loop 0x12cb3 0x12cb8: int 0x21 0x12cba: pop si 0x12cbb: cmp word ptr [si + 0x1ac], 0x100 0x12cc1: jne 0x12cd1 0x12cc3: mov ax, word ptr [si + 0x1b0] 0x12cc7: mov word ptr [0x100], ax 0x12cca: mov ax, word ptr [si + 0x1b2] 0x12cce: mov word ptr [0x102], ax
2018-12-25T11:43:04.4312739Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T11:43:04.436477202Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')