Sample viewer

vx.netlux.org/Virus.DOS.Chaos.1181

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:02:47.296066659Z	231	PC: 12acf \| UNKNOWN!
2018-12-17T23:02:47.297868531Z	74	PC: 12ad1 \| Reallocate memory
2018-12-17T23:02:47.300417904Z	42	PC: 12ad5 \| Get date 0x12ad5: cmp dh, 0xc 0x12ad8: jb 0x12ae3 0x12ada: cmp dl, 0x19 0x12add: jb 0x12ae3 0x12adf: add word ptr [0x476], cx 0x12ae3: push es 0x12ae4: mov word ptr [0x442], es 0x12ae8: mov word ptr [0x446], es 0x12aec: mov word ptr [0x44a], es 0x12af0: mov byte ptr [0x456], 0 0x12af5: nop 0x12af6: mov byte ptr [0x457], 0 0x12afb: nop 0x12afc: cmp dl, 0xd 0x12aff: jne 0x12b3f 0x12b01: xor dh, 9 0x12b04: and dh, 0x1f 0x12b07: mov byte ptr [0x459], dh 0x12b0b: mov byte ptr [0x458], 0 0x12b10: nop
2018-12-17T23:02:47.303251025Z	53	PC: 12b44 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:47.304948346Z	37	PC: 12b54 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:02:47.312048394Z	75	PC: 12b7d \| Execute program
2018-12-17T23:02:47.328610616Z	9	PC: 13159 \| Display string (Could not find end pointer)
2018-12-17T23:02:47.33141406Z	76	PC: 1315d \| Terminate with return code (Return code = '36')
2018-12-17T23:02:47.335880891Z	49	PC: 12ba1 \| Terminate and stay resident (Return code = '1' \| Memory size = '107')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14321,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:18.006517904Z	231	PC: 12acf \| UNKNOWN!
2018-12-25T12:40:18.008014524Z	74	PC: 12ad1 \| Reallocate memory
2018-12-25T12:40:18.009037807Z	42	PC: 12ad5 \| Get date 0x12ad5: cmp dh, 0xc 0x12ad8: jb 0x12ae3 0x12ada: cmp dl, 0x19 0x12add: jb 0x12ae3 0x12adf: add word ptr [0x476], cx 0x12ae3: push es 0x12ae4: mov word ptr [0x442], es 0x12ae8: mov word ptr [0x446], es 0x12aec: mov word ptr [0x44a], es 0x12af0: mov byte ptr [0x456], 0 0x12af5: nop 0x12af6: mov byte ptr [0x457], 0 0x12afb: nop 0x12afc: cmp dl, 0xd 0x12aff: jne 0x12b3f 0x12b01: xor dh, 9 0x12b04: and dh, 0x1f 0x12b07: mov byte ptr [0x459], dh 0x12b0b: mov byte ptr [0x458], 0 0x12b10: nop
2018-12-25T12:40:18.01058117Z	53	PC: 12b44 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:18.011825794Z	37	PC: 12b54 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:18.013215026Z	75	PC: 12b7d \| Execute program
2018-12-25T12:40:18.027774395Z	9	PC: 13159 \| Display string (Could not find end pointer)
2018-12-25T12:40:18.030475368Z	76	PC: 1315d \| Terminate with return code (Return code = '36')
2018-12-25T12:40:18.033294231Z	49	PC: 12ba1 \| Terminate and stay resident (Return code = '1' \| Memory size = '107')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14321,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:18.033402883Z	231	PC: 12acf \| UNKNOWN!
2018-12-25T12:40:18.034989932Z	74	PC: 12ad1 \| Reallocate memory
2018-12-25T12:40:18.036749148Z	42	PC: 12ad5 \| Get date 0x12ad5: cmp dh, 0xc 0x12ad8: jb 0x12ae3 0x12ada: cmp dl, 0x19 0x12add: jb 0x12ae3 0x12adf: add word ptr [0x476], cx 0x12ae3: push es 0x12ae4: mov word ptr [0x442], es 0x12ae8: mov word ptr [0x446], es 0x12aec: mov word ptr [0x44a], es 0x12af0: mov byte ptr [0x456], 0 0x12af5: nop 0x12af6: mov byte ptr [0x457], 0 0x12afb: nop 0x12afc: cmp dl, 0xd 0x12aff: jne 0x12b3f 0x12b01: xor dh, 9 0x12b04: and dh, 0x1f 0x12b07: mov byte ptr [0x459], dh 0x12b0b: mov byte ptr [0x458], 0 0x12b10: nop
2018-12-25T12:40:18.038690791Z	53	PC: 12b44 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:18.040323071Z	37	PC: 12b54 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:18.041421569Z	75	PC: 12b7d \| Execute program
2018-12-25T12:40:18.05564188Z	9	PC: 13159 \| Display string (Could not find end pointer)
2018-12-25T12:40:18.058162419Z	76	PC: 1315d \| Terminate with return code (Return code = '36')
2018-12-25T12:40:18.061190358Z	49	PC: 12ba1 \| Terminate and stay resident (Return code = '1' \| Memory size = '107')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14321,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:40:18.041753719Z	231	PC: 12acf \| UNKNOWN!
2018-12-25T12:40:18.043246525Z	74	PC: 12ad1 \| Reallocate memory
2018-12-25T12:40:18.044439068Z	42	PC: 12ad5 \| Get date 0x12ad5: cmp dh, 0xc 0x12ad8: jb 0x12ae3 0x12ada: cmp dl, 0x19 0x12add: jb 0x12ae3 0x12adf: add word ptr [0x476], cx 0x12ae3: push es 0x12ae4: mov word ptr [0x442], es 0x12ae8: mov word ptr [0x446], es 0x12aec: mov word ptr [0x44a], es 0x12af0: mov byte ptr [0x456], 0 0x12af5: nop 0x12af6: mov byte ptr [0x457], 0 0x12afb: nop 0x12afc: cmp dl, 0xd 0x12aff: jne 0x12b3f 0x12b01: xor dh, 9 0x12b04: and dh, 0x1f 0x12b07: mov byte ptr [0x459], dh 0x12b0b: mov byte ptr [0x458], 0 0x12b10: nop
2018-12-25T12:40:18.046409812Z	53	PC: 12b44 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:18.047888622Z	37	PC: 12b54 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:18.049350658Z	75	PC: 12b7d \| Execute program
2018-12-25T12:40:18.063021691Z	9	PC: 13159 \| Display string (Could not find end pointer)
2018-12-25T12:40:18.065558179Z	76	PC: 1315d \| Terminate with return code (Return code = '36')
2018-12-25T12:40:18.068694064Z	49	PC: 12ba1 \| Terminate and stay resident (Return code = '1' \| Memory size = '107')