Sample viewer

vx.netlux.org/Virus.DOS.Exp.1619

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:00.624640353Z 84 PC: 1301f | Get verify flag
2018-12-17T23:03:00.626394347Z 42 PC: 13027 | Get date 0x13027: cmp dx, 0x118
0x1302b: jne 0x1303a
0x1302d: call 0x22f37
0x13030: add si, 0x605
0x13034: call 0x22f2b
0x13037: cli
0x13038: jmp 0x13038
0x1303a: call 0x22f5f
0x1303d: call 0x22fcb
0x13040: call 0x22fec
0x13043: pop es
0x13044: pop ds
0x13045: mov ax, 0x12a4
0x13048: cli
0x13049: mov ss, ax
0x1304b: mov sp, 0
0x1304e: sti
0x1304f: cmp word ptr cs:[si + 0x636], 0x5a4d
0x13056: je 0x13064
0x13058: add si, 0x636
2018-12-17T23:03:00.628713601Z 48 PC: 12f63 | Get DOS version
2018-12-17T23:03:00.629831525Z 88 PC: 12f6e | case 0xGet or set allocation strateg:
2018-12-17T23:03:00.631474181Z 88 PC: 12f74 | case 0xGet or set allocation strateg:
2018-12-17T23:03:00.633165997Z 88 PC: 12f7d | case 0xGet or set allocation strateg:
2018-12-17T23:03:00.634945606Z 88 PC: 12f9c | case 0xGet or set allocation strateg:
2018-12-17T23:03:00.637605127Z 88 PC: 12fa4 | case 0xGet or set allocation strateg:
2018-12-17T23:03:00.639231874Z 72 PC: 12faf | Allocate memory
2018-12-17T23:03:00.641077751Z 74 PC: 12fc1 | Reallocate memory
2018-12-17T23:03:00.642947738Z 72 PC: 12fc8 | Allocate memory
2018-12-17T23:03:00.644759465Z 53 PC: 12ff3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:00.645881685Z 37 PC: 13005 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:03:00.647070432Z 76 PC: 12f28 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14401,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:30.249884396Z 84 PC: 1301f | Get verify flag
2018-12-25T12:40:30.252003325Z 42 PC: 13027 | Get date 0x13027: cmp dx, 0x118
0x1302b: jne 0x1303a
0x1302d: call 0x22f37
0x13030: add si, 0x605
0x13034: call 0x22f2b
0x13037: cli
0x13038: jmp 0x13038
0x1303a: call 0x22f5f
0x1303d: call 0x22fcb
0x13040: call 0x22fec
0x13043: pop es
0x13044: pop ds
0x13045: mov ax, 0x12a4
0x13048: cli
0x13049: mov ss, ax
0x1304b: mov sp, 0
0x1304e: sti
0x1304f: cmp word ptr cs:[si + 0x636], 0x5a4d
0x13056: je 0x13064
0x13058: add si, 0x636
2018-12-25T12:40:30.254464173Z 48 PC: 12f63 | Get DOS version
2018-12-25T12:40:30.255945439Z 88 PC: 12f6e | case 0xGet or set allocation strateg:
2018-12-25T12:40:30.259443117Z 88 PC: 12f74 | case 0xGet or set allocation strateg:
2018-12-25T12:40:30.260712611Z 88 PC: 12f7d | case 0xGet or set allocation strateg:
2018-12-25T12:40:30.262157856Z 88 PC: 12f9c | case 0xGet or set allocation strateg:
2018-12-25T12:40:30.266012138Z 88 PC: 12fa4 | case 0xGet or set allocation strateg:
2018-12-25T12:40:30.267414606Z 72 PC: 12faf | Allocate memory
2018-12-25T12:40:30.268948553Z 74 PC: 12fc1 | Reallocate memory
2018-12-25T12:40:30.271935905Z 72 PC: 12fc8 | Allocate memory
2018-12-25T12:40:30.275317428Z 53 PC: 12ff3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:30.276452522Z 37 PC: 13005 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:40:30.277868362Z 76 PC: 12f28 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":24,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14401,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:30.476642294Z 84 PC: 1301f | Get verify flag
2018-12-25T12:40:30.478535263Z 42 PC: 13027 | Get date 0x13027: cmp dx, 0x118
0x1302b: jne 0x1303a
0x1302d: call 0x22f37
0x13030: add si, 0x605
0x13034: call 0x22f2b
0x13037: cli
0x13038: jmp 0x13038
0x1303a: call 0x22f5f
0x1303d: call 0x22fcb
0x13040: call 0x22fec
0x13043: pop es
0x13044: pop ds
0x13045: mov ax, 0x12a4
0x13048: cli
0x13049: mov ss, ax
0x1304b: mov sp, 0
0x1304e: sti
0x1304f: cmp word ptr cs:[si + 0x636], 0x5a4d
0x13056: je 0x13064
0x13058: add si, 0x636