Sample viewer

vx.netlux.org/Virus.DOS.Crew.2480.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:02:55.001683488Z	44	PC: 19e45 \| Get time 0x19e45: mov dh, 0 0x19e47: push dx 0x19e48: pop ax 0x19e49: mov cl, 0x1e 0x19e4b: div cl 0x19e4d: cmp al, 1 0x19e4f: je 0x19e54 0x19e51: jmp 0x19fba 0x19e54: mov ah, 0x2a 0x19e56: int 0x21 0x19e58: cmp cx, 0x7c4 0x19e5c: jb 0x19e66 0x19e5e: cmp dh, 6 0x19e61: jb 0x19e66 0x19e63: jmp 0x19f63 0x19e66: mov di, 0x1d9 0x19e69: mov ax, word ptr [0x102] 0x19e6c: add ax, 0x103 0x19e6f: add di, ax 0x19e71: mov si, 0x197
2018-12-17T22:02:55.004786242Z	42	PC: 19e58 \| Get date 0x19e58: cmp cx, 0x7c4 0x19e5c: jb 0x19e66 0x19e5e: cmp dh, 6 0x19e61: jb 0x19e66 0x19e63: jmp 0x19f63 0x19e66: mov di, 0x1d9 0x19e69: mov ax, word ptr [0x102] 0x19e6c: add ax, 0x103 0x19e6f: add di, ax 0x19e71: mov si, 0x197 0x19e74: add si, ax 0x19e76: mov ax, cs 0x19e78: mov ds, ax 0x19e7a: mov ah, 0x1a 0x19e7c: mov dx, si 0x19e7e: int 0x21 0x19e80: mov ah, 0x4e 0x19e82: mov cx, 0 0x19e85: mov dx, di 0x19e87: int 0x21
2018-12-17T22:02:55.008523521Z	7	PC: 19f95 \| Direct console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1440,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:36.114764441Z	44	PC: 19e45 \| Get time 0x19e45: mov dh, 0 0x19e47: push dx 0x19e48: pop ax 0x19e49: mov cl, 0x1e 0x19e4b: div cl 0x19e4d: cmp al, 1 0x19e4f: je 0x19e54 0x19e51: jmp 0x19fba 0x19e54: mov ah, 0x2a 0x19e56: int 0x21 0x19e58: cmp cx, 0x7c4 0x19e5c: jb 0x19e66 0x19e5e: cmp dh, 6 0x19e61: jb 0x19e66 0x19e63: jmp 0x19f63 0x19e66: mov di, 0x1d9 0x19e69: mov ax, word ptr [0x102] 0x19e6c: add ax, 0x103 0x19e6f: add di, ax 0x19e71: mov si, 0x197
2018-12-25T11:43:36.117013383Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ')
2018-12-25T11:43:36.120331413Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1440,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:36.381301216Z	44	PC: 19e45 \| Get time 0x19e45: mov dh, 0 0x19e47: push dx 0x19e48: pop ax 0x19e49: mov cl, 0x1e 0x19e4b: div cl 0x19e4d: cmp al, 1 0x19e4f: je 0x19e54 0x19e51: jmp 0x19fba 0x19e54: mov ah, 0x2a 0x19e56: int 0x21 0x19e58: cmp cx, 0x7c4 0x19e5c: jb 0x19e66 0x19e5e: cmp dh, 6 0x19e61: jb 0x19e66 0x19e63: jmp 0x19f63 0x19e66: mov di, 0x1d9 0x19e69: mov ax, word ptr [0x102] 0x19e6c: add ax, 0x103 0x19e6f: add di, ax 0x19e71: mov si, 0x197
2018-12-25T11:43:36.384318065Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ')
2018-12-25T11:43:36.390358511Z	0	PC: 12a89 \| Program terminate

{"DateBased":true,"Day":1,"Month":6,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1440,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:43:36.454325565Z	44	PC: 19e45 \| Get time 0x19e45: mov dh, 0 0x19e47: push dx 0x19e48: pop ax 0x19e49: mov cl, 0x1e 0x19e4b: div cl 0x19e4d: cmp al, 1 0x19e4f: je 0x19e54 0x19e51: jmp 0x19fba 0x19e54: mov ah, 0x2a 0x19e56: int 0x21 0x19e58: cmp cx, 0x7c4 0x19e5c: jb 0x19e66 0x19e5e: cmp dh, 6 0x19e61: jb 0x19e66 0x19e63: jmp 0x19f63 0x19e66: mov di, 0x1d9 0x19e69: mov ax, word ptr [0x102] 0x19e6c: add ax, 0x103 0x19e6f: add di, ax 0x19e71: mov si, 0x197
2018-12-25T11:43:36.45690998Z	9	PC: 12a85 \| Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 7400H bytes long ')
2018-12-25T11:43:36.462429656Z	0	PC: 12a89 \| Program terminate