Sample viewer

vx.netlux.org/Virus.DOS.Andromeda.1024.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:01:07.72488348Z 42 PC: 12c36 | Get date 0x12c36: cmp dl, 5
0x12c39: jne 0x12c45
0x12c3b: cmp dh, 3
0x12c3e: jne 0x12c45
0x12c40: call 0x12fd9
0x12c43: hlt
0x12c44: hlt
0x12c45: mov si, 0xa3b4
0x12c48: mov ah, 0x30
0x12c4a: int 0x21
0x12c4c: cmp di, 0xa3a3
0x12c50: jne 0x12c66
0x12c52: mov bx, cs
0x12c54: mov ax, word ptr cs:[0x358]
0x12c58: sub bx, ax
0x12c5a: mov word ptr cs:[0x358], bx
0x12c5f: pop ds
0x12c60: pop es
0x12c61: ljmp ptr cs:[0x356]
0x12c66: mov ax, es
2018-12-17T23:01:07.72719806Z 48 PC: 12c4c | Get DOS version
2018-12-17T23:01:07.729344903Z 38 PC: 12c85 | Create PSP
2018-12-17T23:01:07.730783359Z 53 PC: 12cbe | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:07.731982369Z 37 PC: 12cd2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:01:07.734697664Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T23:01:07.739583549Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13770,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:55.766118279Z 42 PC: 12c36 | Get date 0x12c36: cmp dl, 5
0x12c39: jne 0x12c45
0x12c3b: cmp dh, 3
0x12c3e: jne 0x12c45
0x12c40: call 0x12fd9
0x12c43: hlt
0x12c44: hlt
0x12c45: mov si, 0xa3b4
0x12c48: mov ah, 0x30
0x12c4a: int 0x21
0x12c4c: cmp di, 0xa3a3
0x12c50: jne 0x12c66
0x12c52: mov bx, cs
0x12c54: mov ax, word ptr cs:[0x358]
0x12c58: sub bx, ax
0x12c5a: mov word ptr cs:[0x358], bx
0x12c5f: pop ds
0x12c60: pop es
0x12c61: ljmp ptr cs:[0x356]
0x12c66: mov ax, es
2018-12-25T12:38:55.76870542Z 48 PC: 12c4c | Get DOS version
2018-12-25T12:38:55.77184459Z 38 PC: 12c85 | Create PSP
2018-12-25T12:38:55.774701471Z 53 PC: 12cbe | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:55.775931553Z 37 PC: 12cd2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:55.777956809Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:38:55.785845671Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13770,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:55.994790111Z 42 PC: 12c36 | Get date 0x12c36: cmp dl, 5
0x12c39: jne 0x12c45
0x12c3b: cmp dh, 3
0x12c3e: jne 0x12c45
0x12c40: call 0x12fd9
0x12c43: hlt
0x12c44: hlt
0x12c45: mov si, 0xa3b4
0x12c48: mov ah, 0x30
0x12c4a: int 0x21
0x12c4c: cmp di, 0xa3a3
0x12c50: jne 0x12c66
0x12c52: mov bx, cs
0x12c54: mov ax, word ptr cs:[0x358]
0x12c58: sub bx, ax
0x12c5a: mov word ptr cs:[0x358], bx
0x12c5f: pop ds
0x12c60: pop es
0x12c61: ljmp ptr cs:[0x356]
0x12c66: mov ax, es
2018-12-25T12:38:55.998004668Z 48 PC: 12c4c | Get DOS version
2018-12-25T12:38:55.999374763Z 38 PC: 12c85 | Create PSP
2018-12-25T12:38:56.000676704Z 53 PC: 12cbe | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:56.00268456Z 37 PC: 12cd2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:38:56.003890472Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:38:56.009099481Z 76 PC: 12c28 | Terminate with return code (Return code = '0')