Sample viewer

vx.netlux.org/Virus.DOS.HBV.2000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:01:54.892391866Z 255 PC: 12e58 | UNKNOWN!
2018-12-17T22:01:54.893514737Z 72 PC: 12bb3 | Allocate memory
2018-12-17T22:01:54.895666267Z 42 PC: 12c48 | Get date 0x12c48: cmp dx, 0xc10
0x12c4c: jne 0x12c66
0x12c4e: mov ax, 0x351c
0x12c51: int 0x21
0x12c53: mov word ptr [0x6fb], bx
0x12c57: mov word ptr [0x6fd], es
0x12c5b: mov dx, 0x752
0x12c5e: mov ax, 0x251c
0x12c61: int 0x21
0x12c63: jmp 0x12ea2
0x12c66: mov ax, 0x3521
0x12c69: int 0x21
0x12c6b: mov word ptr [0x520], bx
0x12c6f: mov word ptr [0x522], es
0x12c73: mov dx, 0x55b
0x12c76: mov ax, 0x2521
0x12c79: int 0x21
0x12c7b: mov word ptr [0x18a], 0xfafa
0x12c81: pop ds
0x12c82: ret
2018-12-17T22:01:54.898690454Z 53 PC: 12c6b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:01:54.900150345Z 37 PC: 12c7b | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1331,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:24.455474797Z 255 PC: 12e58 | UNKNOWN!
2018-12-25T11:43:24.461727426Z 72 PC: 12bb3 | Allocate memory
2018-12-25T11:43:24.464692927Z 42 PC: 12c48 | Get date 0x12c48: cmp dx, 0xc10
0x12c4c: jne 0x12c66
0x12c4e: mov ax, 0x351c
0x12c51: int 0x21
0x12c53: mov word ptr [0x6fb], bx
0x12c57: mov word ptr [0x6fd], es
0x12c5b: mov dx, 0x752
0x12c5e: mov ax, 0x251c
0x12c61: int 0x21
0x12c63: jmp 0x12ea2
0x12c66: mov ax, 0x3521
0x12c69: int 0x21
0x12c6b: mov word ptr [0x520], bx
0x12c6f: mov word ptr [0x522], es
0x12c73: mov dx, 0x55b
0x12c76: mov ax, 0x2521
0x12c79: int 0x21
0x12c7b: mov word ptr [0x18a], 0xfafa
0x12c81: pop ds
0x12c82: ret
2018-12-25T11:43:24.476751013Z 53 PC: 12c6b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:24.478926242Z 37 PC: 12c7b | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":16,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1331,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:43:24.459276239Z 255 PC: 12e58 | UNKNOWN!
2018-12-25T11:43:24.460078526Z 72 PC: 12bb3 | Allocate memory
2018-12-25T11:43:24.46233782Z 42 PC: 12c48 | Get date 0x12c48: cmp dx, 0xc10
0x12c4c: jne 0x12c66
0x12c4e: mov ax, 0x351c
0x12c51: int 0x21
0x12c53: mov word ptr [0x6fb], bx
0x12c57: mov word ptr [0x6fd], es
0x12c5b: mov dx, 0x752
0x12c5e: mov ax, 0x251c
0x12c61: int 0x21
0x12c63: jmp 0x12ea2
0x12c66: mov ax, 0x3521
0x12c69: int 0x21
0x12c6b: mov word ptr [0x520], bx
0x12c6f: mov word ptr [0x522], es
0x12c73: mov dx, 0x55b
0x12c76: mov ax, 0x2521
0x12c79: int 0x21
0x12c7b: mov word ptr [0x18a], 0xfafa
0x12c81: pop ds
0x12c82: ret
2018-12-25T11:43:24.464582015Z 53 PC: 12c53 | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:24.465814875Z 37 PC: 12c63 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:43:24.468023598Z 9 PC: 12ead | Display string (String= '��l����� �������1�[^_]�VS�@`��؉��� ����� u#�@�� �0�� � �� ��� ��� Ɓ������1��� tƁ��@j@�@���=���Z[^ú��1�� �� t���@��<u�1��o���1��UWVS�É�������� %���')