Sample viewer

vx.netlux.org/Virus.DOS.Write.474

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:00:42.667904574Z	53	PC: 36d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:42.66956262Z	37	PC: 37d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:00:42.671266262Z	53	PC: 382 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:00:42.672497545Z	37	PC: 392 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:00:42.673703571Z	42	PC: 396 \| Get date 0x396: cmp cx, 0x7ca 0x39a: jb 0x3ac 0x39c: cmp dh, 7 0x39f: jb 0x3ac 0x3a1: cmp dl, 0xc 0x3a4: jb 0x3ac 0x3a6: mov byte ptr cs:[0x127], 1 0x3ac: cmp byte ptr cs:[0x1cc], 0 0x3b2: je 0x3cd 0x3b4: mov byte ptr cs:[0x1cc], 1 0x3ba: nop 0x3bb: pop es 0x3bc: pop ds 0x3bd: pop ax 0x3be: sub ax, 0x1f 0x3c1: add ax, 0 0x3c4: push ax 0x3c5: mov ax, 0 0x3c8: push ax 0x3c9: xor ax, ax
2018-12-17T23:00:42.677137975Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T23:00:42.681219525Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13626,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:39.264987351Z	53	PC: 36d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.26766863Z	37	PC: 37d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.269230408Z	53	PC: 382 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.270500679Z	37	PC: 392 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.272033086Z	42	PC: 396 \| Get date 0x396: cmp cx, 0x7ca 0x39a: jb 0x3ac 0x39c: cmp dh, 7 0x39f: jb 0x3ac 0x3a1: cmp dl, 0xc 0x3a4: jb 0x3ac 0x3a6: mov byte ptr cs:[0x127], 1 0x3ac: cmp byte ptr cs:[0x1cc], 0 0x3b2: je 0x3cd 0x3b4: mov byte ptr cs:[0x1cc], 1 0x3ba: nop 0x3bb: pop es 0x3bc: pop ds 0x3bd: pop ax 0x3be: sub ax, 0x1f 0x3c1: add ax, 0 0x3c4: push ax 0x3c5: mov ax, 0 0x3c8: push ax 0x3c9: xor ax, ax
2018-12-25T12:38:39.275310534Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:38:39.28182774Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13626,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:39.265362465Z	53	PC: 36d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.267527506Z	37	PC: 37d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.269139827Z	53	PC: 382 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.270658059Z	37	PC: 392 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.272083387Z	42	PC: 396 \| Get date 0x396: cmp cx, 0x7ca 0x39a: jb 0x3ac 0x39c: cmp dh, 7 0x39f: jb 0x3ac 0x3a1: cmp dl, 0xc 0x3a4: jb 0x3ac 0x3a6: mov byte ptr cs:[0x127], 1 0x3ac: cmp byte ptr cs:[0x1cc], 0 0x3b2: je 0x3cd 0x3b4: mov byte ptr cs:[0x1cc], 1 0x3ba: nop 0x3bb: pop es 0x3bc: pop ds 0x3bd: pop ax 0x3be: sub ax, 0x1f 0x3c1: add ax, 0 0x3c4: push ax 0x3c5: mov ax, 0 0x3c8: push ax 0x3c9: xor ax, ax
2018-12-25T12:38:39.275574215Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:38:39.281033586Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":7,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13626,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:39.302074652Z	53	PC: 36d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.304202267Z	37	PC: 37d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.305729509Z	53	PC: 382 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.30722488Z	37	PC: 392 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.309024717Z	42	PC: 396 \| Get date 0x396: cmp cx, 0x7ca 0x39a: jb 0x3ac 0x39c: cmp dh, 7 0x39f: jb 0x3ac 0x3a1: cmp dl, 0xc 0x3a4: jb 0x3ac 0x3a6: mov byte ptr cs:[0x127], 1 0x3ac: cmp byte ptr cs:[0x1cc], 0 0x3b2: je 0x3cd 0x3b4: mov byte ptr cs:[0x1cc], 1 0x3ba: nop 0x3bb: pop es 0x3bc: pop ds 0x3bd: pop ax 0x3be: sub ax, 0x1f 0x3c1: add ax, 0 0x3c4: push ax 0x3c5: mov ax, 0 0x3c8: push ax 0x3c9: xor ax, ax
2018-12-25T12:38:39.311515246Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:38:39.317142181Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":12,"Month":7,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13626,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:38:39.477585659Z	53	PC: 36d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.480575383Z	37	PC: 37d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:39.481612853Z	53	PC: 382 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.482659887Z	37	PC: 392 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:38:39.483644229Z	42	PC: 396 \| Get date 0x396: cmp cx, 0x7ca 0x39a: jb 0x3ac 0x39c: cmp dh, 7 0x39f: jb 0x3ac 0x3a1: cmp dl, 0xc 0x3a4: jb 0x3ac 0x3a6: mov byte ptr cs:[0x127], 1 0x3ac: cmp byte ptr cs:[0x1cc], 0 0x3b2: je 0x3cd 0x3b4: mov byte ptr cs:[0x1cc], 1 0x3ba: nop 0x3bb: pop es 0x3bc: pop ds 0x3bd: pop ax 0x3be: sub ax, 0x1f 0x3c1: add ax, 0 0x3c4: push ax 0x3c5: mov ax, 0 0x3c8: push ax 0x3c9: xor ax, ax
2018-12-25T12:38:39.485917048Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T12:38:39.491048214Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')