Sample viewer

vx.netlux.org/Virus.DOS.TPE.Bosnia

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:02:40.970225451Z 48 PC: 12a54 | Get DOS version
2018-12-17T23:02:40.972191625Z 51 PC: 12a60 | Get or set Ctrl-Break
2018-12-17T23:02:40.973386991Z 53 PC: 12a92 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:40.974678368Z 37 PC: 12aa2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:40.977279285Z 51 PC: 12aa7 | Get or set Ctrl-Break
2018-12-17T23:02:40.979291105Z 42 PC: 12aab | Get date 0x12aab: cmp al, 5
0x12aad: jne 0x12abc
0x12aaf: mov ah, 0x2c
0x12ab1: int 0x21
0x12ab3: or dh, dh
0x12ab5: jne 0x12abc
0x12ab7: mov ax, 0x33dc
0x12aba: int 0x21
0x12abc: pop si
0x12abd: pop di
0x12abe: pop es
0x12abf: pop ds
0x12ac0: pop ax
0x12ac1: add si, 0x3d1
0x12ac5: cmp byte ptr cs:[si], 0x4d
0x12ac9: je 0x12ad2
0x12acb: push di
0x12acc: mov cx, 0x1c
0x12acf: rep movsb byte ptr es:[di], byte ptr [si]
0x12ad1: ret

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14289,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:17.320367834Z 48 PC: 12a54 | Get DOS version
2018-12-25T12:40:17.322576528Z 51 PC: 12a60 | Get or set Ctrl-Break
2018-12-25T12:40:17.323566047Z 53 PC: 12a92 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:17.324745742Z 37 PC: 12aa2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:17.326480078Z 51 PC: 12aa7 | Get or set Ctrl-Break
2018-12-25T12:40:17.327587721Z 42 PC: 12aab | Get date 0x12aab: cmp al, 5
0x12aad: jne 0x12abc
0x12aaf: mov ah, 0x2c
0x12ab1: int 0x21
0x12ab3: or dh, dh
0x12ab5: jne 0x12abc
0x12ab7: mov ax, 0x33dc
0x12aba: int 0x21
0x12abc: pop si
0x12abd: pop di
0x12abe: pop es
0x12abf: pop ds
0x12ac0: pop ax
0x12ac1: add si, 0x3d1
0x12ac5: cmp byte ptr cs:[si], 0x4d
0x12ac9: je 0x12ad2
0x12acb: push di
0x12acc: mov cx, 0x1c
0x12acf: rep movsb byte ptr es:[di], byte ptr [si]
0x12ad1: ret

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14289,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:17.333072697Z 48 PC: 12a54 | Get DOS version
2018-12-25T12:40:17.340980691Z 51 PC: 12a60 | Get or set Ctrl-Break
2018-12-25T12:40:17.341899813Z 53 PC: 12a92 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:17.343020542Z 37 PC: 12aa2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:17.345363589Z 51 PC: 12aa7 | Get or set Ctrl-Break
2018-12-25T12:40:17.346577614Z 42 PC: 12aab | Get date 0x12aab: cmp al, 5
0x12aad: jne 0x12abc
0x12aaf: mov ah, 0x2c
0x12ab1: int 0x21
0x12ab3: or dh, dh
0x12ab5: jne 0x12abc
0x12ab7: mov ax, 0x33dc
0x12aba: int 0x21
0x12abc: pop si
0x12abd: pop di
0x12abe: pop es
0x12abf: pop ds
0x12ac0: pop ax
0x12ac1: add si, 0x3d1
0x12ac5: cmp byte ptr cs:[si], 0x4d
0x12ac9: je 0x12ad2
0x12acb: push di
0x12acc: mov cx, 0x1c
0x12acf: rep movsb byte ptr es:[di], byte ptr [si]
0x12ad1: ret
2018-12-25T12:40:17.348717099Z 44 PC: 12ab3 | Get time 0x12ab3: or dh, dh
0x12ab5: jne 0x12abc
0x12ab7: mov ax, 0x33dc
0x12aba: int 0x21
0x12abc: pop si
0x12abd: pop di
0x12abe: pop es
0x12abf: pop ds
0x12ac0: pop ax
0x12ac1: add si, 0x3d1
0x12ac5: cmp byte ptr cs:[si], 0x4d
0x12ac9: je 0x12ad2
0x12acb: push di
0x12acc: mov cx, 0x1c
0x12acf: rep movsb byte ptr es:[di], byte ptr [si]
0x12ad1: ret
0x12ad2: mov bx, ds
0x12ad4: add bx, 0x10
0x12ad7: mov cx, bx
0x12ad9: add bx, word ptr cs:[si + 0xe]