Sample viewer

vx.netlux.org/Virus.DOS.April_1st.Exe

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:57:45.043558919Z	222	PC: 12a88 \| UNKNOWN!
2018-12-17T22:57:45.045844948Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dx, 0x401 0x12a90: je 0x12ab4 0x12a92: cmp cx, 0x7bc 0x12a96: jne 0x12a9e 0x12a98: call 0x12f60 0x12a9b: jmp 0x12acc 0x12a9d: nop 0x12a9e: cmp cx, 0x7c4 0x12aa2: jb 0x12acc 0x12aa4: cmp dx, 0x401 0x12aa8: jb 0x12acc 0x12aaa: cmp al, 3 0x12aac: jne 0x12acc 0x12aae: call 0x12f60 0x12ab1: jmp 0x12acc 0x12ab3: nop 0x12ab4: push cs 0x12ab5: pop es 0x12ab6: mov si, 0x22b 0x12ab9: mov di, si
2018-12-17T22:57:45.048147064Z	53	PC: 12adc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:45.049464102Z	37	PC: 12aec \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:57:45.05163603Z	74	PC: 12b02 \| Reallocate memory
2018-12-17T22:57:45.05309113Z	75	PC: 12b3a \| Execute program
2018-12-17T22:57:45.074296913Z	9	PC: 13179 \| Display string (Could not find end pointer)
2018-12-17T22:57:45.077007516Z	76	PC: 1317d \| Terminate with return code (Return code = '36')
2018-12-17T22:57:45.079854886Z	77	PC: 12b3e \| Get program return code
2018-12-17T22:57:45.080891021Z	49	PC: 12b47 \| Terminate and stay resident (Return code = '36' \| Memory size = '109')

{"DateBased":true,"Day":2,"Month":4,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12655,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:48.974922056Z	222	PC: 12a88 \| UNKNOWN!
2018-12-25T12:35:48.976185353Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dx, 0x401 0x12a90: je 0x12ab4 0x12a92: cmp cx, 0x7bc 0x12a96: jne 0x12a9e 0x12a98: call 0x12f60 0x12a9b: jmp 0x12acc 0x12a9d: nop 0x12a9e: cmp cx, 0x7c4 0x12aa2: jb 0x12acc 0x12aa4: cmp dx, 0x401 0x12aa8: jb 0x12acc 0x12aaa: cmp al, 3 0x12aac: jne 0x12acc 0x12aae: call 0x12f60 0x12ab1: jmp 0x12acc 0x12ab3: nop 0x12ab4: push cs 0x12ab5: pop es 0x12ab6: mov si, 0x22b 0x12ab9: mov di, si
2018-12-25T12:35:48.97829228Z	53	PC: 12adc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:48.979312845Z	37	PC: 12aec \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:48.980676411Z	74	PC: 12b02 \| Reallocate memory
2018-12-25T12:35:48.982428644Z	75	PC: 12b3a \| Execute program
2018-12-25T12:35:48.997197485Z	9	PC: 13179 \| Display string (Could not find end pointer)
2018-12-25T12:35:48.999525243Z	76	PC: 1317d \| Terminate with return code (Return code = '36')
2018-12-25T12:35:49.001928516Z	77	PC: 12b3e \| Get program return code
2018-12-25T12:35:49.002979425Z	49	PC: 12b47 \| Terminate and stay resident (Return code = '36' \| Memory size = '109')

{"DateBased":true,"Day":6,"Month":4,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12655,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:49.149652128Z	222	PC: 12a88 \| UNKNOWN!
2018-12-25T12:35:49.151216068Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dx, 0x401 0x12a90: je 0x12ab4 0x12a92: cmp cx, 0x7bc 0x12a96: jne 0x12a9e 0x12a98: call 0x12f60 0x12a9b: jmp 0x12acc 0x12a9d: nop 0x12a9e: cmp cx, 0x7c4 0x12aa2: jb 0x12acc 0x12aa4: cmp dx, 0x401 0x12aa8: jb 0x12acc 0x12aaa: cmp al, 3 0x12aac: jne 0x12acc 0x12aae: call 0x12f60 0x12ab1: jmp 0x12acc 0x12ab3: nop 0x12ab4: push cs 0x12ab5: pop es 0x12ab6: mov si, 0x22b 0x12ab9: mov di, si
2018-12-25T12:35:49.154117529Z	53	PC: 12f6a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:35:49.155772902Z	37	PC: 12f7e \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:35:49.157592206Z	53	PC: 12adc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.159102375Z	37	PC: 12aec \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.160393487Z	74	PC: 12b02 \| Reallocate memory
2018-12-25T12:35:49.161981952Z	75	PC: 12b3a \| Execute program
2018-12-25T12:35:49.178025158Z	9	PC: 13179 \| Display string (Could not find end pointer)
2018-12-25T12:35:49.180542253Z	76	PC: 1317d \| Terminate with return code (Return code = '36')
2018-12-25T12:35:49.183772642Z	77	PC: 12b3e \| Get program return code
2018-12-25T12:35:49.186003312Z	49	PC: 12b47 \| Terminate and stay resident (Return code = '36' \| Memory size = '109')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12655,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:49.179678601Z	222	PC: 12a88 \| UNKNOWN!
2018-12-25T12:35:49.181422234Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dx, 0x401 0x12a90: je 0x12ab4 0x12a92: cmp cx, 0x7bc 0x12a96: jne 0x12a9e 0x12a98: call 0x12f60 0x12a9b: jmp 0x12acc 0x12a9d: nop 0x12a9e: cmp cx, 0x7c4 0x12aa2: jb 0x12acc 0x12aa4: cmp dx, 0x401 0x12aa8: jb 0x12acc 0x12aaa: cmp al, 3 0x12aac: jne 0x12acc 0x12aae: call 0x12f60 0x12ab1: jmp 0x12acc 0x12ab3: nop 0x12ab4: push cs 0x12ab5: pop es 0x12ab6: mov si, 0x22b 0x12ab9: mov di, si
2018-12-25T12:35:49.183667004Z	53	PC: 12f6a \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:35:49.184885781Z	37	PC: 12f7e \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:35:49.186301755Z	53	PC: 12adc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.188240131Z	37	PC: 12aec \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.189724819Z	74	PC: 12b02 \| Reallocate memory
2018-12-25T12:35:49.191385269Z	75	PC: 12b3a \| Execute program
2018-12-25T12:35:49.207707345Z	9	PC: 13179 \| Display string (Could not find end pointer)
2018-12-25T12:35:49.210124247Z	76	PC: 1317d \| Terminate with return code (Return code = '36')
2018-12-25T12:35:49.213435037Z	77	PC: 12b3e \| Get program return code
2018-12-25T12:35:49.216066367Z	49	PC: 12b47 \| Terminate and stay resident (Return code = '36' \| Memory size = '109')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12655,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:49.604612324Z	222	PC: 12a88 \| UNKNOWN!
2018-12-25T12:35:49.606772865Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dx, 0x401 0x12a90: je 0x12ab4 0x12a92: cmp cx, 0x7bc 0x12a96: jne 0x12a9e 0x12a98: call 0x12f60 0x12a9b: jmp 0x12acc 0x12a9d: nop 0x12a9e: cmp cx, 0x7c4 0x12aa2: jb 0x12acc 0x12aa4: cmp dx, 0x401 0x12aa8: jb 0x12acc 0x12aaa: cmp al, 3 0x12aac: jne 0x12acc 0x12aae: call 0x12f60 0x12ab1: jmp 0x12acc 0x12ab3: nop 0x12ab4: push cs 0x12ab5: pop es 0x12ab6: mov si, 0x22b 0x12ab9: mov di, si
2018-12-25T12:35:49.609734056Z	9	PC: 12ac9 \| Display string (String= 'APRIL 1ST HA HA HA YOU HAVE A VIRUS')

{"DateBased":true,"Day":1,"Month":1,"Year":1981,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12655,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:49.582676279Z	222	PC: 12a88 \| UNKNOWN!
2018-12-25T12:35:49.584068896Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dx, 0x401 0x12a90: je 0x12ab4 0x12a92: cmp cx, 0x7bc 0x12a96: jne 0x12a9e 0x12a98: call 0x12f60 0x12a9b: jmp 0x12acc 0x12a9d: nop 0x12a9e: cmp cx, 0x7c4 0x12aa2: jb 0x12acc 0x12aa4: cmp dx, 0x401 0x12aa8: jb 0x12acc 0x12aaa: cmp al, 3 0x12aac: jne 0x12acc 0x12aae: call 0x12f60 0x12ab1: jmp 0x12acc 0x12ab3: nop 0x12ab4: push cs 0x12ab5: pop es 0x12ab6: mov si, 0x22b 0x12ab9: mov di, si
2018-12-25T12:35:49.586850765Z	53	PC: 12adc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.588549656Z	37	PC: 12aec \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.59080206Z	74	PC: 12b02 \| Reallocate memory
2018-12-25T12:35:49.608002249Z	75	PC: 12b3a \| Execute program
2018-12-25T12:35:49.622246114Z	9	PC: 13179 \| Display string (Could not find end pointer)
2018-12-25T12:35:49.625140514Z	76	PC: 1317d \| Terminate with return code (Return code = '36')
2018-12-25T12:35:49.628128198Z	77	PC: 12b3e \| Get program return code
2018-12-25T12:35:49.629514987Z	49	PC: 12b47 \| Terminate and stay resident (Return code = '36' \| Memory size = '109')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12655,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:35:49.796945107Z	222	PC: 12a88 \| UNKNOWN!
2018-12-25T12:35:49.798807415Z	42	PC: 12a8c \| Get date 0x12a8c: cmp dx, 0x401 0x12a90: je 0x12ab4 0x12a92: cmp cx, 0x7bc 0x12a96: jne 0x12a9e 0x12a98: call 0x12f60 0x12a9b: jmp 0x12acc 0x12a9d: nop 0x12a9e: cmp cx, 0x7c4 0x12aa2: jb 0x12acc 0x12aa4: cmp dx, 0x401 0x12aa8: jb 0x12acc 0x12aaa: cmp al, 3 0x12aac: jne 0x12acc 0x12aae: call 0x12f60 0x12ab1: jmp 0x12acc 0x12ab3: nop 0x12ab4: push cs 0x12ab5: pop es 0x12ab6: mov si, 0x22b 0x12ab9: mov di, si
2018-12-25T12:35:49.801003635Z	53	PC: 12adc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.802114701Z	37	PC: 12aec \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:35:49.80441958Z	74	PC: 12b02 \| Reallocate memory
2018-12-25T12:35:49.805866667Z	75	PC: 12b3a \| Execute program
2018-12-25T12:35:49.820708829Z	9	PC: 13179 \| Display string (Could not find end pointer)
2018-12-25T12:35:49.823199649Z	76	PC: 1317d \| Terminate with return code (Return code = '36')
2018-12-25T12:35:49.826516065Z	77	PC: 12b3e \| Get program return code
2018-12-25T12:35:49.827918201Z	49	PC: 12b47 \| Terminate and stay resident (Return code = '36' \| Memory size = '109')