Sample viewer

vx.netlux.org/Virus.DOS.I13.Paraguay.1650

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:27.082729998Z	65	PC: 17e86 \| Delete file (Filename = 'Í ÀŸ')
2018-12-17T22:59:27.090172204Z	53	PC: 17e94 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:27.092147173Z	53	PC: 17ea4 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:59:27.094280534Z	82	PC: 17eef \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:59:27.096968055Z	74	PC: 17f1b \| Reallocate memory
2018-12-17T22:59:27.099317532Z	72	PC: 17f22 \| Allocate memory
2018-12-17T22:59:27.102370049Z	37	PC: 17f4e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:27.104353466Z	42	PC: 17f59 \| Get date 0x17f59: cmp dh, 9 0x17f5c: jne 0x17f66 0x17f5e: cmp dl, 0xd 0x17f61: jne 0x17f66 0x17f63: jmp 0x183ca 0x17f66: cmp byte ptr [bp + 0x632], 0x43 0x17f6b: je 0x17f97 0x17f6d: push es 0x17f6e: pop ds 0x17f6f: mov bx, bp 0x17f71: mov ax, es 0x17f73: add ax, 0x10 0x17f76: add word ptr cs:[bx + 0x142], ax 0x17f7b: cli 0x17f7c: add ax, word ptr cs:[bx + 0x146] 0x17f81: mov ss, ax 0x17f83: mov sp, word ptr cs:[bx + 0x144] 0x17f88: sti 0x17f89: call 0x17fa5 0x17f8c: jmp 0x17f8e
2018-12-17T22:59:27.110033047Z	9	PC: 12a51 \| Display string (String= 'This is a mid COM sample!')
2018-12-17T22:59:27.112850872Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13219,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.031044746Z	65	PC: 17e86 \| Delete file (Filename = 'Í ÀŸ')
2018-12-25T12:37:42.038762235Z	53	PC: 17e94 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.040803187Z	53	PC: 17ea4 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:37:42.043508237Z	82	PC: 17eef \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:37:42.04822149Z	74	PC: 17f1b \| Reallocate memory
2018-12-25T12:37:42.049957834Z	72	PC: 17f22 \| Allocate memory
2018-12-25T12:37:42.052794289Z	37	PC: 17f4e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.056072526Z	42	PC: 17f59 \| Get date 0x17f59: cmp dh, 9 0x17f5c: jne 0x17f66 0x17f5e: cmp dl, 0xd 0x17f61: jne 0x17f66 0x17f63: jmp 0x183ca 0x17f66: cmp byte ptr [bp + 0x632], 0x43 0x17f6b: je 0x17f97 0x17f6d: push es 0x17f6e: pop ds 0x17f6f: mov bx, bp 0x17f71: mov ax, es 0x17f73: add ax, 0x10 0x17f76: add word ptr cs:[bx + 0x142], ax 0x17f7b: cli 0x17f7c: add ax, word ptr cs:[bx + 0x146] 0x17f81: mov ss, ax 0x17f83: mov sp, word ptr cs:[bx + 0x144] 0x17f88: sti 0x17f89: call 0x17fa5 0x17f8c: jmp 0x17f8e
2018-12-25T12:37:42.063202594Z	9	PC: 12a51 \| Display string (String= 'This is a mid COM sample!')
2018-12-25T12:37:42.067031479Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13219,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.069147793Z	65	PC: 17e86 \| Delete file (Filename = 'Í ÀŸ')
2018-12-25T12:37:42.076538388Z	53	PC: 17e94 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.078285966Z	53	PC: 17ea4 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:37:42.080364935Z	82	PC: 17eef \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:37:42.083757716Z	74	PC: 17f1b \| Reallocate memory
2018-12-25T12:37:42.085073847Z	72	PC: 17f22 \| Allocate memory
2018-12-25T12:37:42.086981226Z	37	PC: 17f4e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.088723454Z	42	PC: 17f59 \| Get date 0x17f59: cmp dh, 9 0x17f5c: jne 0x17f66 0x17f5e: cmp dl, 0xd 0x17f61: jne 0x17f66 0x17f63: jmp 0x183ca 0x17f66: cmp byte ptr [bp + 0x632], 0x43 0x17f6b: je 0x17f97 0x17f6d: push es 0x17f6e: pop ds 0x17f6f: mov bx, bp 0x17f71: mov ax, es 0x17f73: add ax, 0x10 0x17f76: add word ptr cs:[bx + 0x142], ax 0x17f7b: cli 0x17f7c: add ax, word ptr cs:[bx + 0x146] 0x17f81: mov ss, ax 0x17f83: mov sp, word ptr cs:[bx + 0x144] 0x17f88: sti 0x17f89: call 0x17fa5 0x17f8c: jmp 0x17f8e
2018-12-25T12:37:42.092398401Z	9	PC: 12a51 \| Display string (String= 'This is a mid COM sample!')
2018-12-25T12:37:42.094446315Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13219,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:42.231253284Z	65	PC: 17e86 \| Delete file (Filename = 'Í ÀŸ')
2018-12-25T12:37:42.237272131Z	53	PC: 17e94 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.238502204Z	53	PC: 17ea4 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:37:42.240204555Z	82	PC: 17eef \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:37:42.242075938Z	74	PC: 17f1b \| Reallocate memory
2018-12-25T12:37:42.243300777Z	72	PC: 17f22 \| Allocate memory
2018-12-25T12:37:42.244677819Z	37	PC: 17f4e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:37:42.246127257Z	42	PC: 17f59 \| Get date 0x17f59: cmp dh, 9 0x17f5c: jne 0x17f66 0x17f5e: cmp dl, 0xd 0x17f61: jne 0x17f66 0x17f63: jmp 0x183ca 0x17f66: cmp byte ptr [bp + 0x632], 0x43 0x17f6b: je 0x17f97 0x17f6d: push es 0x17f6e: pop ds 0x17f6f: mov bx, bp 0x17f71: mov ax, es 0x17f73: add ax, 0x10 0x17f76: add word ptr cs:[bx + 0x142], ax 0x17f7b: cli 0x17f7c: add ax, word ptr cs:[bx + 0x146] 0x17f81: mov ss, ax 0x17f83: mov sp, word ptr cs:[bx + 0x144] 0x17f88: sti 0x17f89: call 0x17fa5 0x17f8c: jmp 0x17f8e