Sample viewer

vx.netlux.org/Virus.DOS.Beethoven.2752

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:50.829846509Z 74 PC: 12f8a | Reallocate memory
2018-12-17T22:58:50.831401855Z 75 PC: 12a8b | Execute program
2018-12-17T22:58:50.841203414Z 48 PC: 138ce | Get DOS version
2018-12-17T22:58:50.842576287Z 9 PC: 1372b | Display string (String= 'QjV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-17T22:58:50.844933199Z 9 PC: 13733 | Display string (String= 'lV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-17T22:58:50.847334876Z 9 PC: 1373b | Display string (Could not find end pointer)
2018-12-17T22:58:50.849336044Z 9 PC: 13743 | Display string (Could not find end pointer)
2018-12-17T22:58:50.854459997Z 9 PC: 1374b | Display string (String= ' win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-17T22:58:50.859946942Z 76 PC: 1379b | Terminate with return code (Return code = '0')
2018-12-17T22:58:50.861908179Z 73 PC: 12a93 | Release memory
2018-12-17T22:58:50.862803072Z 77 PC: 12a97 | Get program return code
2018-12-17T22:58:50.864702448Z 49 PC: 12a9e | Terminate and stay resident (Return code = '0' | Memory size = '188')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13013,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:23.076106109Z 74 PC: 12f8a | Reallocate memory
2018-12-25T13:07:23.07807868Z 75 PC: 12a8b | Execute program
2018-12-25T13:07:23.091899976Z 48 PC: 138ce | Get DOS version
2018-12-25T13:07:23.092861393Z 9 PC: 1372b | Display string (String= 'QjV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T13:07:23.09506059Z 9 PC: 13733 | Display string (String= 'lV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T13:07:23.097203214Z 9 PC: 1373b | Display string (Could not find end pointer)
2018-12-25T13:07:23.100755453Z 9 PC: 13743 | Display string (Could not find end pointer)
2018-12-25T13:07:23.104894299Z 9 PC: 1374b | Display string (String= ' win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T13:07:23.108437564Z 76 PC: 1379b | Terminate with return code (Return code = '0')
2018-12-25T13:07:23.11051561Z 73 PC: 12a93 | Release memory
2018-12-25T13:07:23.112077168Z 77 PC: 12a97 | Get program return code
2018-12-25T13:07:23.113944485Z 49 PC: 12a9e | Terminate and stay resident (Return code = '0' | Memory size = '188')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13013,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:09.549688115Z 74 PC: 12f8a | Reallocate memory
2018-12-25T12:37:09.552212322Z 75 PC: 12a8b | Execute program
2018-12-25T12:37:09.570103904Z 48 PC: 138ce | Get DOS version
2018-12-25T12:37:09.571837135Z 9 PC: 1372b | Display string (String= 'QjV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T12:37:09.574692286Z 9 PC: 13733 | Display string (String= 'lV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T12:37:09.578480848Z 9 PC: 1373b | Display string (Could not find end pointer)
2018-12-25T12:37:09.582725276Z 9 PC: 13743 | Display string (Could not find end pointer)
2018-12-25T12:37:09.587366312Z 9 PC: 1374b | Display string (String= ' win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T12:37:09.594095842Z 76 PC: 1379b | Terminate with return code (Return code = '0')
2018-12-25T12:37:09.597565805Z 73 PC: 12a93 | Release memory
2018-12-25T12:37:09.599343454Z 77 PC: 12a97 | Get program return code
2018-12-25T12:37:09.60166103Z 49 PC: 12a9e | Terminate and stay resident (Return code = '0' | Memory size = '188')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13013,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:09.578155497Z 74 PC: 12f8a | Reallocate memory
2018-12-25T12:37:09.581286776Z 75 PC: 12a8b | Execute program
2018-12-25T12:37:09.600898972Z 48 PC: 138ce | Get DOS version
2018-12-25T12:37:09.602684218Z 9 PC: 1372b | Display string (String= 'QjV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T12:37:09.605781811Z 9 PC: 13733 | Display string (String= 'lV! win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T12:37:09.609101901Z 9 PC: 1373b | Display string (Could not find end pointer)
2018-12-25T12:37:09.613060058Z 9 PC: 13743 | Display string (Could not find end pointer)
2018-12-25T12:37:09.617969777Z 9 PC: 1374b | Display string (String= ' win TEMP=C:\WINDOWS\TEMP (C) Copr 1987, ')
2018-12-25T12:37:09.628967268Z 76 PC: 1379b | Terminate with return code (Return code = '0')
2018-12-25T12:37:09.633703828Z 73 PC: 12a93 | Release memory
2018-12-25T12:37:09.636957756Z 77 PC: 12a97 | Get program return code
2018-12-25T12:37:09.644459221Z 49 PC: 12a9e | Terminate and stay resident (Return code = '0' | Memory size = '188')