Sample viewer

vx.netlux.org/Virus.DOS.Mandra.664

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:51:28.995382224Z	48	PC: 12c0c \| Get DOS version
2018-12-17T21:51:28.997451783Z	74	PC: 12c2f \| Reallocate memory
2018-12-17T21:51:29.000086164Z	72	PC: 12c36 \| Allocate memory
2018-12-17T21:51:29.002151788Z	44	PC: 12c77 \| Get time 0x12c77: cmp dh, 0x10 0x12c7a: ja 0x12c93 0x12c7c: lea dx, word ptr [bp + 0x36d] 0x12c80: mov ah, 9 0x12c82: int 0x21 0x12c84: xor ax, ax 0x12c86: mov ds, ax 0x12c88: in al, 0x21 0x12c8a: mov si, 0x46c 0x12c8d: xor al, byte ptr [si] 0x12c8f: and al, 0xfd 0x12c91: out 0x21, al 0x12c93: push cs 0x12c94: pop es 0x12c95: mov ah, 0xf6 0x12c97: int 0x16 0x12c99: lea si, word ptr [bp + 0x125] 0x12c9d: mov di, 0x101 0x12ca0: dec di 0x12ca1: push di
2018-12-17T21:51:29.004880276Z	9	PC: 12a48 \| Display string (String= 'Runtime error at 0116:109E')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":130,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:53.468036519Z	48	PC: 12c0c \| Get DOS version
2018-12-25T11:39:53.469783444Z	74	PC: 12c2f \| Reallocate memory
2018-12-25T11:39:53.47161555Z	72	PC: 12c36 \| Allocate memory
2018-12-25T11:39:53.473475033Z	44	PC: 12c77 \| Get time 0x12c77: cmp dh, 0x10 0x12c7a: ja 0x12c93 0x12c7c: lea dx, word ptr [bp + 0x36d] 0x12c80: mov ah, 9 0x12c82: int 0x21 0x12c84: xor ax, ax 0x12c86: mov ds, ax 0x12c88: in al, 0x21 0x12c8a: mov si, 0x46c 0x12c8d: xor al, byte ptr [si] 0x12c8f: and al, 0xfd 0x12c91: out 0x21, al 0x12c93: push cs 0x12c94: pop es 0x12c95: mov ah, 0xf6 0x12c97: int 0x16 0x12c99: lea si, word ptr [bp + 0x125] 0x12c9d: mov di, 0x101 0x12ca0: dec di 0x12ca1: push di
2018-12-25T11:39:53.475818694Z	9	PC: 12c84 \| Display string (Could not find end pointer)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":17,"TimeBased":true,"OriginalID":130,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:53.712536674Z	48	PC: 12c0c \| Get DOS version
2018-12-25T11:39:53.723474286Z	74	PC: 12c2f \| Reallocate memory
2018-12-25T11:39:53.725300009Z	72	PC: 12c36 \| Allocate memory
2018-12-25T11:39:53.727734598Z	44	PC: 12c77 \| Get time 0x12c77: cmp dh, 0x10 0x12c7a: ja 0x12c93 0x12c7c: lea dx, word ptr [bp + 0x36d] 0x12c80: mov ah, 9 0x12c82: int 0x21 0x12c84: xor ax, ax 0x12c86: mov ds, ax 0x12c88: in al, 0x21 0x12c8a: mov si, 0x46c 0x12c8d: xor al, byte ptr [si] 0x12c8f: and al, 0xfd 0x12c91: out 0x21, al 0x12c93: push cs 0x12c94: pop es 0x12c95: mov ah, 0xf6 0x12c97: int 0x16 0x12c99: lea si, word ptr [bp + 0x125] 0x12c9d: mov di, 0x101 0x12ca0: dec di 0x12ca1: push di
2018-12-25T11:39:53.730961231Z	9	PC: 12a48 \| Display string (String= 'Runtime error at 0116:109E')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":130,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:53.938450869Z	48	PC: 12c0c \| Get DOS version
2018-12-25T11:39:53.940191126Z	74	PC: 12c2f \| Reallocate memory
2018-12-25T11:39:53.942596228Z	72	PC: 12c36 \| Allocate memory
2018-12-25T11:39:53.944455601Z	44	PC: 12c77 \| Get time 0x12c77: cmp dh, 0x10 0x12c7a: ja 0x12c93 0x12c7c: lea dx, word ptr [bp + 0x36d] 0x12c80: mov ah, 9 0x12c82: int 0x21 0x12c84: xor ax, ax 0x12c86: mov ds, ax 0x12c88: in al, 0x21 0x12c8a: mov si, 0x46c 0x12c8d: xor al, byte ptr [si] 0x12c8f: and al, 0xfd 0x12c91: out 0x21, al 0x12c93: push cs 0x12c94: pop es 0x12c95: mov ah, 0xf6 0x12c97: int 0x16 0x12c99: lea si, word ptr [bp + 0x125] 0x12c9d: mov di, 0x101 0x12ca0: dec di 0x12ca1: push di
2018-12-25T11:39:53.946912481Z	9	PC: 12c84 \| Display string (Could not find end pointer)

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":6,"TimeBased":true,"OriginalID":130,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:39:54.174972046Z	48	PC: 12c0c \| Get DOS version
2018-12-25T11:39:54.177401747Z	74	PC: 12c2f \| Reallocate memory
2018-12-25T11:39:54.180075726Z	72	PC: 12c36 \| Allocate memory
2018-12-25T11:39:54.182251844Z	44	PC: 12c77 \| Get time 0x12c77: cmp dh, 0x10 0x12c7a: ja 0x12c93 0x12c7c: lea dx, word ptr [bp + 0x36d] 0x12c80: mov ah, 9 0x12c82: int 0x21 0x12c84: xor ax, ax 0x12c86: mov ds, ax 0x12c88: in al, 0x21 0x12c8a: mov si, 0x46c 0x12c8d: xor al, byte ptr [si] 0x12c8f: and al, 0xfd 0x12c91: out 0x21, al 0x12c93: push cs 0x12c94: pop es 0x12c95: mov ah, 0xf6 0x12c97: int 0x16 0x12c99: lea si, word ptr [bp + 0x125] 0x12c9d: mov di, 0x101 0x12ca0: dec di 0x12ca1: push di
2018-12-25T11:39:54.185001313Z	9	PC: 12c84 \| Display string (Could not find end pointer)