Sample viewer

vx.netlux.org/Virus.DOS.XPEH.4768

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:28.939051872Z	42	PC: 134ff \| Get date 0x134ff: cmp cx, word ptr [bp + 4] 0x13502: jb 0x1350c 0x13504: cmp dh, byte ptr [bp + 6] 0x13507: jb 0x1350c 0x13509: clc 0x1350a: jmp 0x1350d 0x1350c: stc 0x1350d: pop dx 0x1350e: pop cx 0x1350f: pop ax 0x13510: pop bp 0x13511: ret 4 0x13514: push ax 0x13515: push cx 0x13516: push di 0x13517: push es 0x13518: cld 0x13519: mov di, word ptr cs:[0x82] 0x1351e: add di, 0x1f 0x13521: mov ax, word ptr cs:[0x80]
2018-12-17T22:58:28.944064416Z	193	PC: 137dd \| UNKNOWN!
2018-12-17T22:58:28.948925382Z	37	PC: 13980 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:46.158094831Z	42	PC: 134ff \| Get date 0x134ff: cmp cx, word ptr [bp + 4] 0x13502: jb 0x1350c 0x13504: cmp dh, byte ptr [bp + 6] 0x13507: jb 0x1350c 0x13509: clc 0x1350a: jmp 0x1350d 0x1350c: stc 0x1350d: pop dx 0x1350e: pop cx 0x1350f: pop ax 0x13510: pop bp 0x13511: ret 4 0x13514: push ax 0x13515: push cx 0x13516: push di 0x13517: push es 0x13518: cld 0x13519: mov di, word ptr cs:[0x82] 0x1351e: add di, 0x1f 0x13521: mov ax, word ptr cs:[0x80]
2018-12-25T12:36:46.161147853Z	193	PC: 137dd \| UNKNOWN!
2018-12-25T12:36:46.16537643Z	37	PC: 13980 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:47.117181871Z	42	PC: 134ff \| Get date 0x134ff: cmp cx, word ptr [bp + 4] 0x13502: jb 0x1350c 0x13504: cmp dh, byte ptr [bp + 6] 0x13507: jb 0x1350c 0x13509: clc 0x1350a: jmp 0x1350d 0x1350c: stc 0x1350d: pop dx 0x1350e: pop cx 0x1350f: pop ax 0x13510: pop bp 0x13511: ret 4 0x13514: push ax 0x13515: push cx 0x13516: push di 0x13517: push es 0x13518: cld 0x13519: mov di, word ptr cs:[0x82] 0x1351e: add di, 0x1f 0x13521: mov ax, word ptr cs:[0x80]
2018-12-25T12:36:47.119929002Z	193	PC: 137dd \| UNKNOWN!
2018-12-25T12:36:47.12243516Z	37	PC: 13980 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12898,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:36:47.462185652Z	42	PC: 134ff \| Get date 0x134ff: cmp cx, word ptr [bp + 4] 0x13502: jb 0x1350c 0x13504: cmp dh, byte ptr [bp + 6] 0x13507: jb 0x1350c 0x13509: clc 0x1350a: jmp 0x1350d 0x1350c: stc 0x1350d: pop dx 0x1350e: pop cx 0x1350f: pop ax 0x13510: pop bp 0x13511: ret 4 0x13514: push ax 0x13515: push cx 0x13516: push di 0x13517: push es 0x13518: cld 0x13519: mov di, word ptr cs:[0x82] 0x1351e: add di, 0x1f 0x13521: mov ax, word ptr cs:[0x80]
2018-12-25T12:36:47.464939742Z	193	PC: 137dd \| UNKNOWN!
2018-12-25T12:36:47.469223158Z	37	PC: 13980 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')