Sample viewer

vx.netlux.org/Virus.DOS.Rubbit.3811

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:26.310624124Z 48 PC: 13ce0 | Get DOS version
2018-12-17T23:02:26.312641299Z 82 PC: 13e96 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:02:26.314690097Z 53 PC: 12d30 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:26.316272747Z 37 PC: 12d6e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:26.320144423Z 42 PC: 12d77 | Get date 0x12d77: cmp dx, 0x909
0x12d7b: jne 0x12d82
0x12d7d: mov byte ptr [0x92], 1
0x12d82: mov es, word ptr [0x48]
0x12d86: jmp 0x12bf8
0x12d89: xor ax, ax
0x12d8b: xor bx, bx
0x12d8d: xor cx, cx
0x12d8f: xor dx, dx
0x12d91: xor si, si
0x12d93: xor di, di
0x12d95: xor bp, bp
0x12d97: ret
0x12d98: mov ax, 0x1203
0x12d9b: int 0x2f
0x12d9d: mov word ptr cs:[0x2e], ds
0x12da2: mov ah, 0x52
0x12da4: int 0x21
0x12da6: mov word ptr cs:[0x2c], es
0x12dab: mov es, word ptr es:[bx - 2]
2018-12-17T23:02:26.329655836Z 75 PC: 12cf3 | Execute program
2018-12-17T23:02:26.344925144Z 9 PC: 15b57 | Display string (String= 'Warning: Rubbit v2.1 come in ..!! Written by [P.F] ..!!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14212,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:08.305128701Z 48 PC: 13ce0 | Get DOS version
2018-12-25T12:40:08.307042212Z 82 PC: 13e96 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:40:08.310415348Z 53 PC: 12d30 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:08.312117329Z 37 PC: 12d6e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:08.313654423Z 42 PC: 12d77 | Get date 0x12d77: cmp dx, 0x909
0x12d7b: jne 0x12d82
0x12d7d: mov byte ptr [0x92], 1
0x12d82: mov es, word ptr [0x48]
0x12d86: jmp 0x12bf8
0x12d89: xor ax, ax
0x12d8b: xor bx, bx
0x12d8d: xor cx, cx
0x12d8f: xor dx, dx
0x12d91: xor si, si
0x12d93: xor di, di
0x12d95: xor bp, bp
0x12d97: ret
0x12d98: mov ax, 0x1203
0x12d9b: int 0x2f
0x12d9d: mov word ptr cs:[0x2e], ds
0x12da2: mov ah, 0x52
0x12da4: int 0x21
0x12da6: mov word ptr cs:[0x2c], es
0x12dab: mov es, word ptr es:[bx - 2]
2018-12-25T12:40:08.329554562Z 75 PC: 12cf3 | Execute program
2018-12-25T12:40:08.3469888Z 9 PC: 15b57 | Display string (String= 'Warning: Rubbit v2.1 come in ..!! Written by [P.F] ..!!')

{"DateBased":true,"Day":9,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14212,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:08.700841697Z 48 PC: 13ce0 | Get DOS version
2018-12-25T12:40:08.703186293Z 82 PC: 13e96 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:40:08.706438723Z 53 PC: 12d30 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:08.70851792Z 37 PC: 12d6e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:08.710341749Z 42 PC: 12d77 | Get date 0x12d77: cmp dx, 0x909
0x12d7b: jne 0x12d82
0x12d7d: mov byte ptr [0x92], 1
0x12d82: mov es, word ptr [0x48]
0x12d86: jmp 0x12bf8
0x12d89: xor ax, ax
0x12d8b: xor bx, bx
0x12d8d: xor cx, cx
0x12d8f: xor dx, dx
0x12d91: xor si, si
0x12d93: xor di, di
0x12d95: xor bp, bp
0x12d97: ret
0x12d98: mov ax, 0x1203
0x12d9b: int 0x2f
0x12d9d: mov word ptr cs:[0x2e], ds
0x12da2: mov ah, 0x52
0x12da4: int 0x21
0x12da6: mov word ptr cs:[0x2c], es
0x12dab: mov es, word ptr es:[bx - 2]
2018-12-25T12:40:08.721353079Z 75 PC: 12cf3 | Execute program
2018-12-25T12:40:08.737981426Z 9 PC: 15b57 | Display string (String= 'Warning: Rubbit v2.1 come in ..!! Written by [P.F] ..!!')