Sample viewer

vx.netlux.org/Virus.DOS.BadCommand.967

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:39.222004013Z	171	PC: 12e89 \| UNKNOWN!
2018-12-17T23:00:39.223888763Z	42	PC: 12d41 \| Get date 0x12d41: cmp dh, 9 0x12d44: jne 0x12d9c 0x12d46: cmp dl, 1 0x12d49: jne 0x12d9c 0x12d4b: mov dl, 0x80 0x12d4d: mov ah, 8 0x12d4f: int 0x13 0x12d51: jb 0x12d9c 0x12d53: mov byte ptr [0x3c7], dh 0x12d57: push cx 0x12d58: and cl, 0x3f 0x12d5b: mov byte ptr [0x3c8], cl 0x12d5f: pop ax 0x12d60: and al, 0xc0 0x12d62: mov cl, 6 0x12d64: shr al, cl 0x12d66: xchg ah, al 0x12d68: mov word ptr [0x3c9], ax 0x12d6b: xor ax, ax 0x12d6d: mov es, ax
2018-12-17T23:00:39.22587708Z	53	PC: 12da1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:39.226936067Z	37	PC: 12db3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:39.228339158Z	74	PC: 12dc0 \| Reallocate memory
2018-12-17T23:00:39.229860569Z	9	PC: 12dcd \| Display string (String= 'Bad Command or file name ')
2018-12-17T23:00:39.234728533Z	49	PC: 12dd8 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13611,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:31.301029948Z	171	PC: 12e89 \| UNKNOWN!
2018-12-25T12:38:31.302887496Z	42	PC: 12d41 \| Get date 0x12d41: cmp dh, 9 0x12d44: jne 0x12d9c 0x12d46: cmp dl, 1 0x12d49: jne 0x12d9c 0x12d4b: mov dl, 0x80 0x12d4d: mov ah, 8 0x12d4f: int 0x13 0x12d51: jb 0x12d9c 0x12d53: mov byte ptr [0x3c7], dh 0x12d57: push cx 0x12d58: and cl, 0x3f 0x12d5b: mov byte ptr [0x3c8], cl 0x12d5f: pop ax 0x12d60: and al, 0xc0 0x12d62: mov cl, 6 0x12d64: shr al, cl 0x12d66: xchg ah, al 0x12d68: mov word ptr [0x3c9], ax 0x12d6b: xor ax, ax 0x12d6d: mov es, ax
2018-12-25T12:38:31.306417494Z	53	PC: 12da1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:31.308222967Z	37	PC: 12db3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:31.309726816Z	74	PC: 12dc0 \| Reallocate memory
2018-12-25T12:38:31.312570362Z	9	PC: 12dcd \| Display string (String= 'Bad Command or file name ')
2018-12-25T12:38:31.31747147Z	49	PC: 12dd8 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13611,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:31.414737966Z	171	PC: 12e89 \| UNKNOWN!
2018-12-25T12:38:31.416643504Z	42	PC: 12d41 \| Get date 0x12d41: cmp dh, 9 0x12d44: jne 0x12d9c 0x12d46: cmp dl, 1 0x12d49: jne 0x12d9c 0x12d4b: mov dl, 0x80 0x12d4d: mov ah, 8 0x12d4f: int 0x13 0x12d51: jb 0x12d9c 0x12d53: mov byte ptr [0x3c7], dh 0x12d57: push cx 0x12d58: and cl, 0x3f 0x12d5b: mov byte ptr [0x3c8], cl 0x12d5f: pop ax 0x12d60: and al, 0xc0 0x12d62: mov cl, 6 0x12d64: shr al, cl 0x12d66: xchg ah, al 0x12d68: mov word ptr [0x3c9], ax 0x12d6b: xor ax, ax 0x12d6d: mov es, ax
2018-12-25T12:38:43.93595228Z	53	PC: 12da1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:43.93748989Z	37	PC: 12db3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:43.938926326Z	74	PC: 12dc0 \| Reallocate memory
2018-12-25T12:38:43.941455952Z	9	PC: 12dcd \| Display string (String= 'Bad Command or file name ')
2018-12-25T12:38:43.946200293Z	49	PC: 12dd8 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')

{"DateBased":true,"Day":2,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13611,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:31.909893812Z	171	PC: 12e89 \| UNKNOWN!
2018-12-25T12:38:31.911657231Z	42	PC: 12d41 \| Get date 0x12d41: cmp dh, 9 0x12d44: jne 0x12d9c 0x12d46: cmp dl, 1 0x12d49: jne 0x12d9c 0x12d4b: mov dl, 0x80 0x12d4d: mov ah, 8 0x12d4f: int 0x13 0x12d51: jb 0x12d9c 0x12d53: mov byte ptr [0x3c7], dh 0x12d57: push cx 0x12d58: and cl, 0x3f 0x12d5b: mov byte ptr [0x3c8], cl 0x12d5f: pop ax 0x12d60: and al, 0xc0 0x12d62: mov cl, 6 0x12d64: shr al, cl 0x12d66: xchg ah, al 0x12d68: mov word ptr [0x3c9], ax 0x12d6b: xor ax, ax 0x12d6d: mov es, ax
2018-12-25T12:38:31.914301269Z	53	PC: 12da1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:31.915824712Z	37	PC: 12db3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:31.918047714Z	74	PC: 12dc0 \| Reallocate memory
2018-12-25T12:38:31.920096213Z	9	PC: 12dcd \| Display string (String= 'Bad Command or file name ')
2018-12-25T12:38:31.924271975Z	49	PC: 12dd8 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')