Sample viewer

vx.netlux.org/Virus.DOS.Mipo.995

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:56.011484464Z 255 PC: 16e36 | UNKNOWN!
2018-12-17T22:58:56.017848502Z 48 PC: 15621 | Get DOS version
2018-12-17T22:58:56.021145015Z 61 PC: 1568c | Open file (Filename = '')
2018-12-17T22:58:56.02758577Z 61 PC: 15699 | Open file (Filename = '')
2018-12-17T22:58:56.034383701Z 61 PC: 15734 | Open file (Filename = 'A:\V3.CFG')
2018-12-17T22:58:56.043197281Z 9 PC: 15bc6 | Display string (String= ' This program is an unregistered version of shareware. ')
2018-12-17T22:58:56.047202717Z 42 PC: 158a8 | Get date 0x158a8: cmp cx, 0x7cc
0x158ac: jb 0x158c5
0x158ae: ja 0x158bc
0x158b0: cmp dh, 1
0x158b3: jb 0x158c5
0x158b5: ja 0x158bc
0x158b7: cmp dl, 0xd
0x158ba: jb 0x158c5
0x158bc: mov ax, 0x12
0x158bf: call 0x15bb8
0x158c2: jmp 0x15b76
0x158c5: mov ax, 2
0x158c8: call 0x15bb8
0x158cb: xor ax, ax
0x158cd: mov es, ax
0x158cf: mov ax, word ptr es:[0x413]
0x158d3: mov cl, 6
0x158d5: shl ax, cl
0x158d7: mov es, ax
0x158d9: mov bx, 0x1910
2018-12-17T22:58:56.050237453Z 9 PC: 15bc6 | Display string (String= 'ERROR: This program is out of date and should be replaced by new version.')
2018-12-17T22:58:56.054330449Z 76 PC: 15b7b | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13052,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:18.461067523Z 255 PC: 16e36 | UNKNOWN!
2018-12-25T12:37:18.467553105Z 48 PC: 15621 | Get DOS version
2018-12-25T12:37:18.470563123Z 61 PC: 1568c | Open file (Filename = '')
2018-12-25T12:37:18.476742562Z 61 PC: 15699 | Open file (Filename = '')
2018-12-25T12:37:18.483008015Z 61 PC: 15734 | Open file (Filename = 'A:\V3.CFG')
2018-12-25T12:37:18.492057845Z 9 PC: 15bc6 | Display string (String= ' This program is an unregistered version of shareware. ')
2018-12-25T12:37:18.495889617Z 42 PC: 158a8 | Get date 0x158a8: cmp cx, 0x7cc
0x158ac: jb 0x158c5
0x158ae: ja 0x158bc
0x158b0: cmp dh, 1
0x158b3: jb 0x158c5
0x158b5: ja 0x158bc
0x158b7: cmp dl, 0xd
0x158ba: jb 0x158c5
0x158bc: mov ax, 0x12
0x158bf: call 0x15bb8
0x158c2: jmp 0x15b76
0x158c5: mov ax, 2
0x158c8: call 0x15bb8
0x158cb: xor ax, ax
0x158cd: mov es, ax
0x158cf: mov ax, word ptr es:[0x413]
0x158d3: mov cl, 6
0x158d5: shl ax, cl
0x158d7: mov es, ax
0x158d9: mov bx, 0x1910
2018-12-25T12:37:18.499191588Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:18.501656587Z 48 PC: 1594f | Get DOS version
2018-12-25T12:37:18.502653385Z 82 PC: 15957 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:37:18.504146767Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:18.507936909Z 9 PC: 159a2 | Display string (String= '�h� �����NO NAME FAT12 ��p�@h  (�h� �����NO NAME FAT12  p�;PPPPPN p} pFAT12 FAT16 NO NAME %�� ')
2018-12-25T12:37:18.510336765Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:18.514437757Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:18.51817679Z 76 PC: 15b7b | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13052,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:18.972989646Z 255 PC: 16e36 | UNKNOWN!
2018-12-25T12:37:18.977894975Z 48 PC: 15621 | Get DOS version
2018-12-25T12:37:18.980323552Z 61 PC: 1568c | Open file (Filename = '')
2018-12-25T12:37:18.984409205Z 61 PC: 15699 | Open file (Filename = '')
2018-12-25T12:37:18.9890075Z 61 PC: 15734 | Open file (Filename = 'A:\V3.CFG')
2018-12-25T12:37:18.994949767Z 9 PC: 15bc6 | Display string (String= ' This program is an unregistered version of shareware. ')
2018-12-25T12:37:18.999187743Z 42 PC: 158a8 | Get date 0x158a8: cmp cx, 0x7cc
0x158ac: jb 0x158c5
0x158ae: ja 0x158bc
0x158b0: cmp dh, 1
0x158b3: jb 0x158c5
0x158b5: ja 0x158bc
0x158b7: cmp dl, 0xd
0x158ba: jb 0x158c5
0x158bc: mov ax, 0x12
0x158bf: call 0x15bb8
0x158c2: jmp 0x15b76
0x158c5: mov ax, 2
0x158c8: call 0x15bb8
0x158cb: xor ax, ax
0x158cd: mov es, ax
0x158cf: mov ax, word ptr es:[0x413]
0x158d3: mov cl, 6
0x158d5: shl ax, cl
0x158d7: mov es, ax
0x158d9: mov bx, 0x1910
2018-12-25T12:37:19.001921499Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.004622832Z 48 PC: 1594f | Get DOS version
2018-12-25T12:37:19.006071156Z 82 PC: 15957 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:37:19.007618107Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.012015951Z 9 PC: 159a2 | Display string (String= '�h� �����NO NAME FAT12 ��p�@h  (�h� �����NO NAME FAT12  p�;PPPPPN p} pFAT12 FAT16 NO NAME %�� ')
2018-12-25T12:37:19.01427065Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.016812507Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.021737258Z 76 PC: 15b7b | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13052,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:19.165766978Z 255 PC: 16e36 | UNKNOWN!
2018-12-25T12:37:19.172958018Z 48 PC: 15621 | Get DOS version
2018-12-25T12:37:19.176544035Z 61 PC: 1568c | Open file (Filename = '')
2018-12-25T12:37:19.182643439Z 61 PC: 15699 | Open file (Filename = '')
2018-12-25T12:37:19.188968868Z 61 PC: 15734 | Open file (Filename = 'A:\V3.CFG')
2018-12-25T12:37:19.197470009Z 9 PC: 15bc6 | Display string (String= ' This program is an unregistered version of shareware. ')
2018-12-25T12:37:19.210032866Z 42 PC: 158a8 | Get date 0x158a8: cmp cx, 0x7cc
0x158ac: jb 0x158c5
0x158ae: ja 0x158bc
0x158b0: cmp dh, 1
0x158b3: jb 0x158c5
0x158b5: ja 0x158bc
0x158b7: cmp dl, 0xd
0x158ba: jb 0x158c5
0x158bc: mov ax, 0x12
0x158bf: call 0x15bb8
0x158c2: jmp 0x15b76
0x158c5: mov ax, 2
0x158c8: call 0x15bb8
0x158cb: xor ax, ax
0x158cd: mov es, ax
0x158cf: mov ax, word ptr es:[0x413]
0x158d3: mov cl, 6
0x158d5: shl ax, cl
0x158d7: mov es, ax
0x158d9: mov bx, 0x1910
2018-12-25T12:37:19.212816039Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.215359315Z 48 PC: 1594f | Get DOS version
2018-12-25T12:37:19.216577978Z 82 PC: 15957 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:37:19.218606496Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.222288755Z 9 PC: 159a2 | Display string (String= '�h� �����NO NAME FAT12 ��p�@h  (�h� �����NO NAME FAT12  p�;PPPPPN p} pFAT12 FAT16 NO NAME %�� ')
2018-12-25T12:37:19.22439186Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.227297259Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.231059368Z 76 PC: 15b7b | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":22,"Min":0,"Second":0,"TimeBased":true,"OriginalID":13052,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:19.64547506Z 255 PC: 16e36 | UNKNOWN!
2018-12-25T12:37:19.666666774Z 48 PC: 15621 | Get DOS version
2018-12-25T12:37:19.669812372Z 61 PC: 1568c | Open file (Filename = '')
2018-12-25T12:37:19.676136699Z 61 PC: 15699 | Open file (Filename = '')
2018-12-25T12:37:19.688019053Z 61 PC: 15734 | Open file (Filename = 'A:\V3.CFG')
2018-12-25T12:37:19.697741865Z 9 PC: 15bc6 | Display string (String= ' This program is an unregistered version of shareware. ')
2018-12-25T12:37:19.702445005Z 42 PC: 158a8 | Get date 0x158a8: cmp cx, 0x7cc
0x158ac: jb 0x158c5
0x158ae: ja 0x158bc
0x158b0: cmp dh, 1
0x158b3: jb 0x158c5
0x158b5: ja 0x158bc
0x158b7: cmp dl, 0xd
0x158ba: jb 0x158c5
0x158bc: mov ax, 0x12
0x158bf: call 0x15bb8
0x158c2: jmp 0x15b76
0x158c5: mov ax, 2
0x158c8: call 0x15bb8
0x158cb: xor ax, ax
0x158cd: mov es, ax
0x158cf: mov ax, word ptr es:[0x413]
0x158d3: mov cl, 6
0x158d5: shl ax, cl
0x158d7: mov es, ax
0x158d9: mov bx, 0x1910
2018-12-25T12:37:19.706338252Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.708918245Z 48 PC: 1594f | Get DOS version
2018-12-25T12:37:19.710127074Z 82 PC: 15957 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:37:19.712453872Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.716032177Z 9 PC: 159a2 | Display string (String= '�h� �����NO NAME FAT12 ��p�@h  (�h� �����NO NAME FAT12  p�;PPPPPN p} pFAT12 FAT16 NO NAME %�� ')
2018-12-25T12:37:19.718068637Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.720942358Z 9 PC: 15bc6 | Display string (See above)
2018-12-25T12:37:19.725571789Z 76 PC: 15b7b | Terminate with return code (Return code = '2')