Sample viewer

vx.netlux.org/Virus.DOS.Asahi.1040

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:01.499975813Z 255 PC: 12a45 | UNKNOWN!
2018-12-17T23:02:01.501960979Z 48 PC: 12a4e | Get DOS version
2018-12-17T23:02:01.50548822Z 72 PC: 12b34 | Allocate memory
2018-12-17T23:02:01.508354859Z 42 PC: 12b87 | Get date 0x12b87: cmp al, 0
0x12b89: jne 0x12b9c
0x12b8b: mov ah, 0x2c
0x12b8d: int 0x21
0x12b8f: cmp ch, 9
0x12b92: je 0x12b99
0x12b94: cmp ch, 0x15
0x12b97: jne 0x12b9c
0x12b99: call 0x12bb5
0x12b9c: pop es
0x12b9d: ret
0x12b9e: cli
0x12b9f: xor cx, cx
0x12ba1: mov es, cx
0x12ba3: mov word ptr es:[0x84], 0x292
0x12baa: mov cx, word ptr [0x2d3]
0x12bae: mov word ptr es:[0x86], cx
0x12bb3: sti
0x12bb4: ret
0x12bb5: cli
2018-12-17T23:02:01.512290355Z 186 PC: 12a45 | UNKNOWN!
2018-12-17T23:02:01.514462774Z 48 PC: 12a4e | Get DOS version
2018-12-17T23:02:01.517744964Z 76 PC: 12ef0 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:44.929737323Z 255 PC: 12a45 | UNKNOWN!
2018-12-25T12:39:44.934990706Z 48 PC: 12a4e | Get DOS version
2018-12-25T12:39:44.936211149Z 72 PC: 12b34 | Allocate memory
2018-12-25T12:39:44.93810109Z 42 PC: 12b87 | Get date 0x12b87: cmp al, 0
0x12b89: jne 0x12b9c
0x12b8b: mov ah, 0x2c
0x12b8d: int 0x21
0x12b8f: cmp ch, 9
0x12b92: je 0x12b99
0x12b94: cmp ch, 0x15
0x12b97: jne 0x12b9c
0x12b99: call 0x12bb5
0x12b9c: pop es
0x12b9d: ret
0x12b9e: cli
0x12b9f: xor cx, cx
0x12ba1: mov es, cx
0x12ba3: mov word ptr es:[0x84], 0x292
0x12baa: mov cx, word ptr [0x2d3]
0x12bae: mov word ptr es:[0x86], cx
0x12bb3: sti
0x12bb4: ret
0x12bb5: cli
2018-12-25T12:39:44.941324984Z 186 PC: 12a45 | UNKNOWN! (See above)
2018-12-25T12:39:44.942135142Z 48 PC: 12a4e | Get DOS version (See above)
2018-12-25T12:39:44.944526813Z 76 PC: 12ef0 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14074,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:39:44.991476322Z 255 PC: 12a45 | UNKNOWN!
2018-12-25T12:39:44.993132944Z 48 PC: 12a4e | Get DOS version
2018-12-25T12:39:44.994604897Z 72 PC: 12b34 | Allocate memory
2018-12-25T12:39:44.996301831Z 42 PC: 12b87 | Get date 0x12b87: cmp al, 0
0x12b89: jne 0x12b9c
0x12b8b: mov ah, 0x2c
0x12b8d: int 0x21
0x12b8f: cmp ch, 9
0x12b92: je 0x12b99
0x12b94: cmp ch, 0x15
0x12b97: jne 0x12b9c
0x12b99: call 0x12bb5
0x12b9c: pop es
0x12b9d: ret
0x12b9e: cli
0x12b9f: xor cx, cx
0x12ba1: mov es, cx
0x12ba3: mov word ptr es:[0x84], 0x292
0x12baa: mov cx, word ptr [0x2d3]
0x12bae: mov word ptr es:[0x86], cx
0x12bb3: sti
0x12bb4: ret
0x12bb5: cli
2018-12-25T12:39:44.998800561Z 44 PC: 12b8f | Get time 0x12b8f: cmp ch, 9
0x12b92: je 0x12b99
0x12b94: cmp ch, 0x15
0x12b97: jne 0x12b9c
0x12b99: call 0x12bb5
0x12b9c: pop es
0x12b9d: ret
0x12b9e: cli
0x12b9f: xor cx, cx
0x12ba1: mov es, cx
0x12ba3: mov word ptr es:[0x84], 0x292
0x12baa: mov cx, word ptr [0x2d3]
0x12bae: mov word ptr es:[0x86], cx
0x12bb3: sti
0x12bb4: ret
0x12bb5: cli
0x12bb6: xor cx, cx
0x12bb8: mov es, cx
0x12bba: mov word ptr es:[0x20], 0x161
0x12bc1: mov cx, word ptr [0x2d3]
2018-12-25T12:39:45.001059099Z 186 PC: 12a45 | UNKNOWN! (See above)
2018-12-25T12:39:45.002426814Z 48 PC: 12a4e | Get DOS version (See above)
2018-12-25T12:39:45.00495408Z 76 PC: 12ef0 | Terminate with return code (Return code = '0')