Sample viewer

vx.netlux.org/Virus.DOS.Steel.417

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:32.617785588Z	42	PC: 12a69 \| Get date 0x12a69: cmp al, 3 0x12a6b: jne 0x12a7a 0x12a6d: mov ah, 9 0x12a6f: mov dx, 0x278 0x12a72: int 0x21 0x12a74: mov ah, 1 0x12a76: int 0x21 0x12a78: int 0x20 0x12a7a: mov ax, 0xfeee 0x12a7d: int 0x21 0x12a7f: cmp ax, 0x1616 0x12a82: jne 0x12a8a 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: jmp 0x12ad9 0x12a89: nop 0x12a8a: pop es 0x12a8b: push es 0x12a8c: mov ax, es 0x12a8e: dec ax
2018-12-17T22:59:32.62169224Z	254	PC: 12a7f \| UNKNOWN!
2018-12-17T22:59:32.623157434Z	9	PC: 12a47 \| Display string (String= 'Sunday - Best day in the week [Y/N]? ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13241,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:46.168067056Z	42	PC: 12a69 \| Get date 0x12a69: cmp al, 3 0x12a6b: jne 0x12a7a 0x12a6d: mov ah, 9 0x12a6f: mov dx, 0x278 0x12a72: int 0x21 0x12a74: mov ah, 1 0x12a76: int 0x21 0x12a78: int 0x20 0x12a7a: mov ax, 0xfeee 0x12a7d: int 0x21 0x12a7f: cmp ax, 0x1616 0x12a82: jne 0x12a8a 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: jmp 0x12ad9 0x12a89: nop 0x12a8a: pop es 0x12a8b: push es 0x12a8c: mov ax, es 0x12a8e: dec ax
2018-12-25T12:37:46.170936711Z	254	PC: 12a7f \| UNKNOWN!
2018-12-25T12:37:46.172178961Z	9	PC: 12a47 \| Display string (String= 'Sunday - Best day in the week [Y/N]? ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13241,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:47.124817468Z	42	PC: 12a69 \| Get date 0x12a69: cmp al, 3 0x12a6b: jne 0x12a7a 0x12a6d: mov ah, 9 0x12a6f: mov dx, 0x278 0x12a72: int 0x21 0x12a74: mov ah, 1 0x12a76: int 0x21 0x12a78: int 0x20 0x12a7a: mov ax, 0xfeee 0x12a7d: int 0x21 0x12a7f: cmp ax, 0x1616 0x12a82: jne 0x12a8a 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: jmp 0x12ad9 0x12a89: nop 0x12a8a: pop es 0x12a8b: push es 0x12a8c: mov ax, es 0x12a8e: dec ax
2018-12-25T12:37:47.128106475Z	9	PC: 12a74 \| Display string (String= 'Sunday - Best day in the week [Y/N]? ')
2018-12-25T12:37:47.132026505Z	1	PC: 12a78 \| Character input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13241,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:47.968621759Z	42	PC: 12a69 \| Get date 0x12a69: cmp al, 3 0x12a6b: jne 0x12a7a 0x12a6d: mov ah, 9 0x12a6f: mov dx, 0x278 0x12a72: int 0x21 0x12a74: mov ah, 1 0x12a76: int 0x21 0x12a78: int 0x20 0x12a7a: mov ax, 0xfeee 0x12a7d: int 0x21 0x12a7f: cmp ax, 0x1616 0x12a82: jne 0x12a8a 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: jmp 0x12ad9 0x12a89: nop 0x12a8a: pop es 0x12a8b: push es 0x12a8c: mov ax, es 0x12a8e: dec ax
2018-12-25T12:37:47.972676526Z	254	PC: 12a7f \| UNKNOWN!
2018-12-25T12:37:47.974477603Z	9	PC: 12a47 \| Display string (String= 'Sunday - Best day in the week [Y/N]? ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13241,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:48.408159928Z	42	PC: 12a69 \| Get date 0x12a69: cmp al, 3 0x12a6b: jne 0x12a7a 0x12a6d: mov ah, 9 0x12a6f: mov dx, 0x278 0x12a72: int 0x21 0x12a74: mov ah, 1 0x12a76: int 0x21 0x12a78: int 0x20 0x12a7a: mov ax, 0xfeee 0x12a7d: int 0x21 0x12a7f: cmp ax, 0x1616 0x12a82: jne 0x12a8a 0x12a84: jmp 0x12a87 0x12a86: nop 0x12a87: jmp 0x12ad9 0x12a89: nop 0x12a8a: pop es 0x12a8b: push es 0x12a8c: mov ax, es 0x12a8e: dec ax
2018-12-25T12:37:48.410956358Z	9	PC: 12a74 \| Display string (String= 'Sunday - Best day in the week [Y/N]? ')
2018-12-25T12:37:48.416409971Z	1	PC: 12a78 \| Character input