Sample viewer

vx.netlux.org/Virus.DOS.ErrorVirus.1223

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:59:47.727680871Z 42 PC: 13bfe | Get date 0x13bfe: cmp dh, 9
0x13c01: jne 0x13c1f
0x13c03: mov ax, 3
0x13c06: int 0x10
0x13c08: mov ax, 0x1301
0x13c0b: mov bx, 4
0x13c0e: mov dx, 0xc11
0x13c11: mov bp, 0x332
0x13c14: mov cx, 0x2c
0x13c17: int 0x10
0x13c19: xor ax, ax
0x13c1b: xor bx, bx
0x13c1d: jmp 0x13c19
0x13c1f: mov ah, 0x19
0x13c21: mov bx, 0x409
0x13c24: mov cx, 0x76
0x13c27: int 0x21
0x13c29: cmp cx, 0x2323
0x13c2d: jne 0x13c68
0x13c2f: mov bx, 0x409
2018-12-17T22:59:47.731560022Z 25 PC: 13c29 | Get default drive
2018-12-17T22:59:47.736272722Z 72 PC: 13c6f | Allocate memory
2018-12-17T22:59:47.738659731Z 74 PC: 13c7d | Reallocate memory
2018-12-17T22:59:47.740839419Z 74 PC: 13c85 | Reallocate memory
2018-12-17T22:59:47.743347665Z 72 PC: 13c8c | Allocate memory
2018-12-17T22:59:47.745482541Z 53 PC: 13cc2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:47.74712093Z 37 PC: 13cd4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:59:47.750197295Z 53 PC: 13cd9 | Get interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:59:47.75189375Z 9 PC: 13bc2 | Display string (Could not find end pointer)
2018-12-17T22:59:47.756700716Z 76 PC: 13bc8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:05.615110074Z 42 PC: 13bfe | Get date 0x13bfe: cmp dh, 9
0x13c01: jne 0x13c1f
0x13c03: mov ax, 3
0x13c06: int 0x10
0x13c08: mov ax, 0x1301
0x13c0b: mov bx, 4
0x13c0e: mov dx, 0xc11
0x13c11: mov bp, 0x332
0x13c14: mov cx, 0x2c
0x13c17: int 0x10
0x13c19: xor ax, ax
0x13c1b: xor bx, bx
0x13c1d: jmp 0x13c19
0x13c1f: mov ah, 0x19
0x13c21: mov bx, 0x409
0x13c24: mov cx, 0x76
0x13c27: int 0x21
0x13c29: cmp cx, 0x2323
0x13c2d: jne 0x13c68
0x13c2f: mov bx, 0x409
2018-12-25T12:38:05.617917684Z 25 PC: 13c29 | Get default drive
2018-12-25T12:38:05.620359179Z 72 PC: 13c6f | Allocate memory
2018-12-25T12:38:05.62216981Z 74 PC: 13c7d | Reallocate memory
2018-12-25T12:38:05.624011339Z 74 PC: 13c85 | Reallocate memory
2018-12-25T12:38:05.628355494Z 72 PC: 13c8c | Allocate memory
2018-12-25T12:38:05.630014003Z 53 PC: 13cc2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:05.631276032Z 37 PC: 13cd4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:05.633239053Z 53 PC: 13cd9 | Get interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:38:05.635267424Z 9 PC: 13bc2 | Display string (Could not find end pointer)
2018-12-25T12:38:05.641918836Z 76 PC: 13bc8 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13329,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:05.869379932Z 42 PC: 13bfe | Get date 0x13bfe: cmp dh, 9
0x13c01: jne 0x13c1f
0x13c03: mov ax, 3
0x13c06: int 0x10
0x13c08: mov ax, 0x1301
0x13c0b: mov bx, 4
0x13c0e: mov dx, 0xc11
0x13c11: mov bp, 0x332
0x13c14: mov cx, 0x2c
0x13c17: int 0x10
0x13c19: xor ax, ax
0x13c1b: xor bx, bx
0x13c1d: jmp 0x13c19
0x13c1f: mov ah, 0x19
0x13c21: mov bx, 0x409
0x13c24: mov cx, 0x76
0x13c27: int 0x21
0x13c29: cmp cx, 0x2323
0x13c2d: jne 0x13c68
0x13c2f: mov bx, 0x409