Sample viewer

vx.netlux.org/Virus.DOS.Coffeeshop.1568

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:05.472015508Z 48 PC: 12a91 | Get DOS version
2018-12-17T23:01:05.474047376Z 51 PC: 12a9d | Get or set Ctrl-Break
2018-12-17T23:01:05.475328854Z 53 PC: 12ace | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:05.47645476Z 37 PC: 12ade | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:05.477699729Z 42 PC: 12ae2 | Get date 0x12ae2: cmp al, 5
0x12ae4: jne 0x12af3
0x12ae6: mov ah, 0x2c
0x12ae8: int 0x21
0x12aea: or dh, dh
0x12aec: jne 0x12af3
0x12aee: pop ax
0x12aef: push ax
0x12af0: call 0x12b23
0x12af3: pop si
0x12af4: pop di
0x12af5: pop es
0x12af6: pop ds
0x12af7: pop ax
0x12af8: cmp byte ptr cs:[si + 0x1c], 0
0x12afd: je 0x12b1c
0x12aff: mov bx, ds
0x12b01: add bx, 0x10
0x12b04: mov cx, bx
0x12b06: add bx, word ptr cs:[si + 0xe]

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:55.539142646Z 48 PC: 12a91 | Get DOS version
2018-12-25T12:38:55.540314452Z 51 PC: 12a9d | Get or set Ctrl-Break
2018-12-25T12:38:55.541379626Z 53 PC: 12ace | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:55.543963275Z 37 PC: 12ade | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:55.54673441Z 42 PC: 12ae2 | Get date 0x12ae2: cmp al, 5
0x12ae4: jne 0x12af3
0x12ae6: mov ah, 0x2c
0x12ae8: int 0x21
0x12aea: or dh, dh
0x12aec: jne 0x12af3
0x12aee: pop ax
0x12aef: push ax
0x12af0: call 0x12b23
0x12af3: pop si
0x12af4: pop di
0x12af5: pop es
0x12af6: pop ds
0x12af7: pop ax
0x12af8: cmp byte ptr cs:[si + 0x1c], 0
0x12afd: je 0x12b1c
0x12aff: mov bx, ds
0x12b01: add bx, 0x10
0x12b04: mov cx, bx
0x12b06: add bx, word ptr cs:[si + 0xe]

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13756,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:55.667082113Z 48 PC: 12a91 | Get DOS version
2018-12-25T12:38:55.690583559Z 51 PC: 12a9d | Get or set Ctrl-Break
2018-12-25T12:38:55.691345963Z 53 PC: 12ace | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:55.692360807Z 37 PC: 12ade | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:55.693941462Z 42 PC: 12ae2 | Get date 0x12ae2: cmp al, 5
0x12ae4: jne 0x12af3
0x12ae6: mov ah, 0x2c
0x12ae8: int 0x21
0x12aea: or dh, dh
0x12aec: jne 0x12af3
0x12aee: pop ax
0x12aef: push ax
0x12af0: call 0x12b23
0x12af3: pop si
0x12af4: pop di
0x12af5: pop es
0x12af6: pop ds
0x12af7: pop ax
0x12af8: cmp byte ptr cs:[si + 0x1c], 0
0x12afd: je 0x12b1c
0x12aff: mov bx, ds
0x12b01: add bx, 0x10
0x12b04: mov cx, bx
0x12b06: add bx, word ptr cs:[si + 0xe]
2018-12-25T12:38:55.695624049Z 44 PC: 12aea | Get time 0x12aea: or dh, dh
0x12aec: jne 0x12af3
0x12aee: pop ax
0x12aef: push ax
0x12af0: call 0x12b23
0x12af3: pop si
0x12af4: pop di
0x12af5: pop es
0x12af6: pop ds
0x12af7: pop ax
0x12af8: cmp byte ptr cs:[si + 0x1c], 0
0x12afd: je 0x12b1c
0x12aff: mov bx, ds
0x12b01: add bx, 0x10
0x12b04: mov cx, bx
0x12b06: add bx, word ptr cs:[si + 0xe]
0x12b0a: cli
0x12b0b: mov ss, bx
0x12b0d: mov sp, word ptr cs:[si + 0x10]
0x12b11: sti