Sample viewer

vx.netlux.org/Virus.DOS.Quit.555.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:59:39.94199134Z	48	PC: 12a7f \| Get DOS version
2018-12-17T22:59:39.943737518Z	42	PC: 12af8 \| Get date 0x12af8: cmp cx, 0x7c8 0x12afc: jb 0x12b02 0x12afe: mov ah, 0x4c 0x12b00: int 0x21 0x12b02: xor ax, ax 0x12b04: xor bx, bx 0x12b06: mov cx, 0xff 0x12b09: mov dx, ds 0x12b0b: retf 0x12b0c: cmp ax, 0x4b00 0x12b0f: je 0x12b23 0x12b11: cmp ax, 0x30f1 0x12b14: jne 0x12b19 0x12b16: mov al, 0 0x12b18: iret 0x12b19: ljmp ptr cs:[5] 0x12b1e: pop ds 0x12b1f: pop dx 0x12b20: jmp 0x12bd3 0x12b23: push es
2018-12-17T22:59:39.945726674Z	76	PC: 12b02 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13281,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:56.454214056Z	48	PC: 12a7f \| Get DOS version
2018-12-25T12:37:56.456226804Z	42	PC: 12af8 \| Get date 0x12af8: cmp cx, 0x7c8 0x12afc: jb 0x12b02 0x12afe: mov ah, 0x4c 0x12b00: int 0x21 0x12b02: xor ax, ax 0x12b04: xor bx, bx 0x12b06: mov cx, 0xff 0x12b09: mov dx, ds 0x12b0b: retf 0x12b0c: cmp ax, 0x4b00 0x12b0f: je 0x12b23 0x12b11: cmp ax, 0x30f1 0x12b14: jne 0x12b19 0x12b16: mov al, 0 0x12b18: iret 0x12b19: ljmp ptr cs:[5] 0x12b1e: pop ds 0x12b1f: pop dx 0x12b20: jmp 0x12bd3 0x12b23: push es
2018-12-25T12:37:56.458423195Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13281,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:56.939877869Z	48	PC: 12a7f \| Get DOS version
2018-12-25T12:37:56.941652858Z	42	PC: 12af8 \| Get date 0x12af8: cmp cx, 0x7c8 0x12afc: jb 0x12b02 0x12afe: mov ah, 0x4c 0x12b00: int 0x21 0x12b02: xor ax, ax 0x12b04: xor bx, bx 0x12b06: mov cx, 0xff 0x12b09: mov dx, ds 0x12b0b: retf 0x12b0c: cmp ax, 0x4b00 0x12b0f: je 0x12b23 0x12b11: cmp ax, 0x30f1 0x12b14: jne 0x12b19 0x12b16: mov al, 0 0x12b18: iret 0x12b19: ljmp ptr cs:[5] 0x12b1e: pop ds 0x12b1f: pop dx 0x12b20: jmp 0x12bd3 0x12b23: push es
2018-12-25T12:37:56.944078859Z	76	PC: 12b02 \| Terminate with return code (Return code = '3')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13281,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:58.169524004Z	48	PC: 12a7f \| Get DOS version
2018-12-25T12:37:58.170991012Z	42	PC: 12af8 \| Get date 0x12af8: cmp cx, 0x7c8 0x12afc: jb 0x12b02 0x12afe: mov ah, 0x4c 0x12b00: int 0x21 0x12b02: xor ax, ax 0x12b04: xor bx, bx 0x12b06: mov cx, 0xff 0x12b09: mov dx, ds 0x12b0b: retf 0x12b0c: cmp ax, 0x4b00 0x12b0f: je 0x12b23 0x12b11: cmp ax, 0x30f1 0x12b14: jne 0x12b19 0x12b16: mov al, 0 0x12b18: iret 0x12b19: ljmp ptr cs:[5] 0x12b1e: pop ds 0x12b1f: pop dx 0x12b20: jmp 0x12bd3 0x12b23: push es
2018-12-25T12:37:58.173847923Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13281,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:37:58.191038769Z	48	PC: 12a7f \| Get DOS version
2018-12-25T12:37:58.192651183Z	42	PC: 12af8 \| Get date 0x12af8: cmp cx, 0x7c8 0x12afc: jb 0x12b02 0x12afe: mov ah, 0x4c 0x12b00: int 0x21 0x12b02: xor ax, ax 0x12b04: xor bx, bx 0x12b06: mov cx, 0xff 0x12b09: mov dx, ds 0x12b0b: retf 0x12b0c: cmp ax, 0x4b00 0x12b0f: je 0x12b23 0x12b11: cmp ax, 0x30f1 0x12b14: jne 0x12b19 0x12b16: mov al, 0 0x12b18: iret 0x12b19: ljmp ptr cs:[5] 0x12b1e: pop ds 0x12b1f: pop dx 0x12b20: jmp 0x12bd3 0x12b23: push es
2018-12-25T12:37:58.194611441Z	76	PC: 12b02 \| Terminate with return code (Return code = '3')