Sample viewer

vx.netlux.org/Virus.DOS.AntiSabados.815

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:53.919493774Z	37	PC: 12b9e \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:02:53.921310036Z	37	PC: 12ba4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T22:02:53.922619832Z	144	PC: 12b7d \| UNKNOWN!
2018-12-17T22:02:53.923543723Z	250	PC: 12b90 \| UNKNOWN!
2018-12-17T22:02:53.925228263Z	53	PC: 12b26 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:53.926565248Z	74	PC: 12b46 \| Reallocate memory
2018-12-17T22:02:53.927959053Z	72	PC: 12b4f \| Allocate memory
2018-12-17T22:02:53.929638102Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:02:53.931522984Z	42	PC: 12aee \| Get date 0x12aee: cmp al, 6 0x12af0: jne 0x12afb 0x12af2: mov ah, 0x2c 0x12af4: int 0x21 0x12af6: cmp dl, 0x55 0x12af9: jae 0x12b0f 0x12afb: push cs 0x12afc: pop ds 0x12afd: push cs 0x12afe: pop es 0x12aff: lea si, word ptr [bp + 0x3f5] 0x12b03: mov di, 0x100 0x12b06: mov cx, 3 0x12b09: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0b: push 0x100 0x12b0e: ret 0x12b0f: mov ax, 0x40 0x12b12: mov ds, ax 0x12b14: mov word ptr [0x72], ax 0x12b17: ljmp 0xffff:0
2018-12-17T22:02:53.933801607Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:33.019266654Z	37	PC: 12b9e \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:43:33.020852046Z	37	PC: 12ba4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:43:33.02173327Z	144	PC: 12b7d \| UNKNOWN!
2018-12-25T11:43:33.022372433Z	250	PC: 12b90 \| UNKNOWN!
2018-12-25T11:43:33.023866484Z	53	PC: 12b26 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:33.024971958Z	74	PC: 12b46 \| Reallocate memory
2018-12-25T11:43:33.02601697Z	72	PC: 12b4f \| Allocate memory
2018-12-25T11:43:33.027885428Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:33.030496723Z	42	PC: 12aee \| Get date 0x12aee: cmp al, 6 0x12af0: jne 0x12afb 0x12af2: mov ah, 0x2c 0x12af4: int 0x21 0x12af6: cmp dl, 0x55 0x12af9: jae 0x12b0f 0x12afb: push cs 0x12afc: pop ds 0x12afd: push cs 0x12afe: pop es 0x12aff: lea si, word ptr [bp + 0x3f5] 0x12b03: mov di, 0x100 0x12b06: mov cx, 3 0x12b09: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0b: push 0x100 0x12b0e: ret 0x12b0f: mov ax, 0x40 0x12b12: mov ds, ax 0x12b14: mov word ptr [0x72], ax 0x12b17: ljmp 0xffff:0
2018-12-25T11:43:33.033536297Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:33.853268874Z	37	PC: 12b9e \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:43:33.85501952Z	37	PC: 12ba4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:43:33.856215549Z	144	PC: 12b7d \| UNKNOWN!
2018-12-25T11:43:33.857054727Z	250	PC: 12b90 \| UNKNOWN!
2018-12-25T11:43:33.860758143Z	53	PC: 12b26 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:33.862216732Z	74	PC: 12b46 \| Reallocate memory
2018-12-25T11:43:33.863724102Z	72	PC: 12b4f \| Allocate memory
2018-12-25T11:43:33.866953224Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:33.868616491Z	42	PC: 12aee \| Get date 0x12aee: cmp al, 6 0x12af0: jne 0x12afb 0x12af2: mov ah, 0x2c 0x12af4: int 0x21 0x12af6: cmp dl, 0x55 0x12af9: jae 0x12b0f 0x12afb: push cs 0x12afc: pop ds 0x12afd: push cs 0x12afe: pop es 0x12aff: lea si, word ptr [bp + 0x3f5] 0x12b03: mov di, 0x100 0x12b06: mov cx, 3 0x12b09: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0b: push 0x100 0x12b0e: ret 0x12b0f: mov ax, 0x40 0x12b12: mov ds, ax 0x12b14: mov word ptr [0x72], ax 0x12b17: ljmp 0xffff:0
2018-12-25T11:43:33.871100636Z	44	PC: 12af6 \| Get time 0x12af6: cmp dl, 0x55 0x12af9: jae 0x12b0f 0x12afb: push cs 0x12afc: pop ds 0x12afd: push cs 0x12afe: pop es 0x12aff: lea si, word ptr [bp + 0x3f5] 0x12b03: mov di, 0x100 0x12b06: mov cx, 3 0x12b09: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0b: push 0x100 0x12b0e: ret 0x12b0f: mov ax, 0x40 0x12b12: mov ds, ax 0x12b14: mov word ptr [0x72], ax 0x12b17: ljmp 0xffff:0 0x12b1c: call 0x12b87 0x12b1f: mov cx, es 0x12b21: mov ax, 0x3521 0x12b24: int 0x21
2018-12-25T11:43:33.874116506Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:35.005118881Z	37	PC: 12b9e \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:43:35.00647799Z	37	PC: 12ba4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:43:35.008422682Z	144	PC: 12b7d \| UNKNOWN!
2018-12-25T11:43:35.009219753Z	250	PC: 12b90 \| UNKNOWN!
2018-12-25T11:43:35.009978972Z	53	PC: 12b26 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:35.012742199Z	74	PC: 12b46 \| Reallocate memory
2018-12-25T11:43:35.026167413Z	72	PC: 12b4f \| Allocate memory
2018-12-25T11:43:35.027756831Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:35.030271963Z	42	PC: 12aee \| Get date 0x12aee: cmp al, 6 0x12af0: jne 0x12afb 0x12af2: mov ah, 0x2c 0x12af4: int 0x21 0x12af6: cmp dl, 0x55 0x12af9: jae 0x12b0f 0x12afb: push cs 0x12afc: pop ds 0x12afd: push cs 0x12afe: pop es 0x12aff: lea si, word ptr [bp + 0x3f5] 0x12b03: mov di, 0x100 0x12b06: mov cx, 3 0x12b09: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0b: push 0x100 0x12b0e: ret 0x12b0f: mov ax, 0x40 0x12b12: mov ds, ax 0x12b14: mov word ptr [0x72], ax 0x12b17: ljmp 0xffff:0
2018-12-25T11:43:35.032910653Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1439,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:35.626785135Z	37	PC: 12b9e \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:43:35.62852686Z	37	PC: 12ba4 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:43:35.629707801Z	144	PC: 12b7d \| UNKNOWN!
2018-12-25T11:43:35.630356077Z	250	PC: 12b90 \| UNKNOWN!
2018-12-25T11:43:35.631718036Z	53	PC: 12b26 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:35.632918091Z	74	PC: 12b46 \| Reallocate memory
2018-12-25T11:43:35.634451553Z	72	PC: 12b4f \| Allocate memory
2018-12-25T11:43:35.636154891Z	37	PC: 12b78 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:43:35.63786443Z	42	PC: 12aee \| Get date 0x12aee: cmp al, 6 0x12af0: jne 0x12afb 0x12af2: mov ah, 0x2c 0x12af4: int 0x21 0x12af6: cmp dl, 0x55 0x12af9: jae 0x12b0f 0x12afb: push cs 0x12afc: pop ds 0x12afd: push cs 0x12afe: pop es 0x12aff: lea si, word ptr [bp + 0x3f5] 0x12b03: mov di, 0x100 0x12b06: mov cx, 3 0x12b09: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0b: push 0x100 0x12b0e: ret 0x12b0f: mov ax, 0x40 0x12b12: mov ds, ax 0x12b14: mov word ptr [0x72], ax 0x12b17: ljmp 0xffff:0
2018-12-25T11:43:35.640524177Z	44	PC: 12af6 \| Get time 0x12af6: cmp dl, 0x55 0x12af9: jae 0x12b0f 0x12afb: push cs 0x12afc: pop ds 0x12afd: push cs 0x12afe: pop es 0x12aff: lea si, word ptr [bp + 0x3f5] 0x12b03: mov di, 0x100 0x12b06: mov cx, 3 0x12b09: rep movsb byte ptr es:[di], byte ptr [si] 0x12b0b: push 0x100 0x12b0e: ret 0x12b0f: mov ax, 0x40 0x12b12: mov ds, ax 0x12b14: mov word ptr [0x72], ax 0x12b17: ljmp 0xffff:0 0x12b1c: call 0x12b87 0x12b1f: mov cx, es 0x12b21: mov ax, 0x3521 0x12b24: int 0x21
2018-12-25T11:43:35.645900054Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')