Sample viewer

vx.netlux.org/Virus.DOS.Espacio.8486

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:29.836898022Z	200	PC: 1769c \| UNKNOWN!
2018-12-17T23:00:29.839135046Z	80	PC: 1f366 \| Set current PSP
2018-12-17T23:00:29.839967697Z	74	PC: 1f36e \| Reallocate memory
2018-12-17T23:00:29.841344147Z	80	PC: 1f373 \| Set current PSP
2018-12-17T23:00:29.84574132Z	38	PC: 12b86 \| Create PSP
2018-12-17T23:00:29.847745854Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:29.849568749Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:29.852031306Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c0 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6b8 0x12bbc: mov ah, 0x25 0x12bbe: nop 0x12bbf: nop 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax
2018-12-17T23:00:29.854763499Z	53	PC: 12bb1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:00:29.856607204Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-17T23:00:29.864748234Z	66	PC: 12bf5 \| Move file pointer
2018-12-17T23:00:29.86640931Z	62	PC: 12c1b \| Close file
2018-12-17T23:00:29.868367971Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-17T23:00:29.872940045Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13561,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:27.560900748Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:38:27.563647006Z	80	PC: 1f366 \| Set current PSP
2018-12-25T12:38:27.564315998Z	74	PC: 1f36e \| Reallocate memory
2018-12-25T12:38:27.565233717Z	80	PC: 1f373 \| Set current PSP
2018-12-25T12:38:27.568187118Z	38	PC: 12b86 \| Create PSP
2018-12-25T12:38:27.569243098Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:27.570151738Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:27.571477771Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c0 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6b8 0x12bbc: mov ah, 0x25 0x12bbe: int 0x21 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax 0x12bd5: xor di, di
2018-12-25T12:38:27.573661336Z	53	PC: 12bb1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:38:27.575375271Z	37	PC: 12bc0 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:38:27.577412209Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-25T12:38:27.584251543Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T12:38:27.585495146Z	62	PC: 12c1b \| Close file
2018-12-25T12:38:27.587734987Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:38:27.593020935Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13561,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:27.4840678Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:38:27.487167746Z	80	PC: 1f366 \| Set current PSP
2018-12-25T12:38:27.488212049Z	74	PC: 1f36e \| Reallocate memory
2018-12-25T12:38:27.489816681Z	80	PC: 1f373 \| Set current PSP
2018-12-25T12:38:27.495642075Z	38	PC: 12b86 \| Create PSP
2018-12-25T12:38:27.498072939Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:27.499318563Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:27.500536496Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c0 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6b8 0x12bbc: mov ah, 0x25 0x12bbe: int 0x21 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax 0x12bd5: xor di, di
2018-12-25T12:38:27.503201729Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-25T12:38:27.507996569Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T12:38:27.509457779Z	62	PC: 12c1b \| Close file
2018-12-25T12:38:27.512664378Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:38:27.516299815Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":27,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13561,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:27.556393069Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:38:27.559107606Z	80	PC: 1f366 \| Set current PSP
2018-12-25T12:38:27.560101839Z	74	PC: 1f36e \| Reallocate memory
2018-12-25T12:38:27.561584738Z	80	PC: 1f373 \| Set current PSP
2018-12-25T12:38:27.567270597Z	38	PC: 12b86 \| Create PSP
2018-12-25T12:38:27.568856524Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:27.570231744Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:27.571874302Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c0 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6b8 0x12bbc: mov ah, 0x25 0x12bbe: nop 0x12bbf: nop 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax
2018-12-25T12:38:27.575264782Z	53	PC: 12bb1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:38:27.577092144Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-25T12:38:27.585016258Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T12:38:27.587688278Z	62	PC: 12c1b \| Close file
2018-12-25T12:38:27.58962823Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:38:27.595769783Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')