Sample viewer

vx.netlux.org/Virus.DOS.I13.YO.1207

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:19.718973387Z	42	PC: 13574 \| Get date 0x13574: cmp dh, 7 0x13577: jne 0x135c9 0x13579: cmp dl, 4 0x1357c: jne 0x135c9 0x1357e: push ds 0x1357f: mov ax, 0x70 0x13582: mov ds, ax 0x13584: mov bx, 0x774 0x13587: cmp byte ptr [bx], 0x2e 0x1358a: jne 0x135aa 0x1358c: cmp word ptr [bx + 1], 0x3e80 0x13591: jne 0x135aa 0x13593: pop ds 0x13594: mov ah, 3 0x13596: mov al, 0xff 0x13598: mov ch, 0 0x1359a: mov cl, 1 0x1359c: mov dh, 0 0x1359e: mov dl, 0x80 0x135a0: lea bx, word ptr [bp + 0x100]
2018-12-17T22:02:19.721862995Z	205	PC: 135ce \| UNKNOWN!
2018-12-17T22:02:19.722876596Z	53	PC: 135d8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:19.724269239Z	74	PC: 135f5 \| Reallocate memory
2018-12-17T22:02:19.726423723Z	72	PC: 135fc \| Allocate memory
2018-12-17T22:02:19.727674323Z	37	PC: 13621 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1379,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:28.995820287Z	42	PC: 13574 \| Get date 0x13574: cmp dh, 7 0x13577: jne 0x135c9 0x13579: cmp dl, 4 0x1357c: jne 0x135c9 0x1357e: push ds 0x1357f: mov ax, 0x70 0x13582: mov ds, ax 0x13584: mov bx, 0x774 0x13587: cmp byte ptr [bx], 0x2e 0x1358a: jne 0x135aa 0x1358c: cmp word ptr [bx + 1], 0x3e80 0x13591: jne 0x135aa 0x13593: pop ds 0x13594: mov ah, 3 0x13596: mov al, 0xff 0x13598: mov ch, 0 0x1359a: mov cl, 1 0x1359c: mov dh, 0 0x1359e: mov dl, 0x80 0x135a0: lea bx, word ptr [bp + 0x100]
2018-12-25T11:43:28.998359896Z	205	PC: 135ce \| UNKNOWN!
2018-12-25T11:43:28.99909896Z	53	PC: 135d8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:29.000149961Z	74	PC: 135f5 \| Reallocate memory
2018-12-25T11:43:29.00193103Z	72	PC: 135fc \| Allocate memory
2018-12-25T11:43:29.003820131Z	37	PC: 13621 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1379,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:29.145302189Z	42	PC: 13574 \| Get date 0x13574: cmp dh, 7 0x13577: jne 0x135c9 0x13579: cmp dl, 4 0x1357c: jne 0x135c9 0x1357e: push ds 0x1357f: mov ax, 0x70 0x13582: mov ds, ax 0x13584: mov bx, 0x774 0x13587: cmp byte ptr [bx], 0x2e 0x1358a: jne 0x135aa 0x1358c: cmp word ptr [bx + 1], 0x3e80 0x13591: jne 0x135aa 0x13593: pop ds 0x13594: mov ah, 3 0x13596: mov al, 0xff 0x13598: mov ch, 0 0x1359a: mov cl, 1 0x1359c: mov dh, 0 0x1359e: mov dl, 0x80 0x135a0: lea bx, word ptr [bp + 0x100]
2018-12-25T11:43:29.14917944Z	205	PC: 135ce \| UNKNOWN!
2018-12-25T11:43:29.164881884Z	53	PC: 135d8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:29.167382546Z	74	PC: 135f5 \| Reallocate memory
2018-12-25T11:43:29.170016329Z	72	PC: 135fc \| Allocate memory
2018-12-25T11:43:29.172154165Z	37	PC: 13621 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1379,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:29.200634847Z	42	PC: 13574 \| Get date 0x13574: cmp dh, 7 0x13577: jne 0x135c9 0x13579: cmp dl, 4 0x1357c: jne 0x135c9 0x1357e: push ds 0x1357f: mov ax, 0x70 0x13582: mov ds, ax 0x13584: mov bx, 0x774 0x13587: cmp byte ptr [bx], 0x2e 0x1358a: jne 0x135aa 0x1358c: cmp word ptr [bx + 1], 0x3e80 0x13591: jne 0x135aa 0x13593: pop ds 0x13594: mov ah, 3 0x13596: mov al, 0xff 0x13598: mov ch, 0 0x1359a: mov cl, 1 0x1359c: mov dh, 0 0x1359e: mov dl, 0x80 0x135a0: lea bx, word ptr [bp + 0x100]
2018-12-25T11:43:29.204118574Z	9	PC: 135c5 \| Display string (Could not find end pointer)