Sample viewer

vx.netlux.org/Virus.DOS.Doom.1249

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:09.878254262Z 255 PC: 1327e | UNKNOWN!
2018-12-17T23:03:09.879756113Z 42 PC: 1328c | Get date 0x1328c: cmp dh, 3
0x1328f: jne 0x1329f
0x13291: mov ah, 0x2c
0x13293: int 0x21
0x13295: cmp dh, 0xa
0x13298: jge 0x1329f
0x1329a: mov byte ptr [0x60e], 1
0x1329f: pop ds
0x132a0: pop es
0x132a1: cmp byte ptr cs:[0x109], 0x30
0x132a7: je 0x132dc
0x132a9: cmp byte ptr cs:[0x10a], 0x45
0x132af: jne 0x132c6
0x132b1: mov ax, cs
0x132b3: sub ax, word ptr cs:[0x107]
0x132b8: add ax, word ptr cs:[0x105]
0x132bd: mov word ptr cs:[0x105], ax
0x132c1: ljmp ptr cs:[0x103]
0x132c6: mov di, 0x100
0x132c9: mov si, word ptr cs:[0x103]
2018-12-17T23:03:09.887022265Z 9 PC: 12a47 | Display string (String= 'This is Doom II (Patient) Virus .. Caught By Peter Ferng ..')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14453,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:44.485908775Z 255 PC: 1327e | UNKNOWN!
2018-12-25T12:40:44.486890433Z 42 PC: 1328c | Get date 0x1328c: cmp dh, 3
0x1328f: jne 0x1329f
0x13291: mov ah, 0x2c
0x13293: int 0x21
0x13295: cmp dh, 0xa
0x13298: jge 0x1329f
0x1329a: mov byte ptr [0x60e], 1
0x1329f: pop ds
0x132a0: pop es
0x132a1: cmp byte ptr cs:[0x109], 0x30
0x132a7: je 0x132dc
0x132a9: cmp byte ptr cs:[0x10a], 0x45
0x132af: jne 0x132c6
0x132b1: mov ax, cs
0x132b3: sub ax, word ptr cs:[0x107]
0x132b8: add ax, word ptr cs:[0x105]
0x132bd: mov word ptr cs:[0x105], ax
0x132c1: ljmp ptr cs:[0x103]
0x132c6: mov di, 0x100
0x132c9: mov si, word ptr cs:[0x103]
2018-12-25T12:40:44.489886158Z 44 PC: 13295 | Get time 0x13295: cmp dh, 0xa
0x13298: jge 0x1329f
0x1329a: mov byte ptr [0x60e], 1
0x1329f: pop ds
0x132a0: pop es
0x132a1: cmp byte ptr cs:[0x109], 0x30
0x132a7: je 0x132dc
0x132a9: cmp byte ptr cs:[0x10a], 0x45
0x132af: jne 0x132c6
0x132b1: mov ax, cs
0x132b3: sub ax, word ptr cs:[0x107]
0x132b8: add ax, word ptr cs:[0x105]
0x132bd: mov word ptr cs:[0x105], ax
0x132c1: ljmp ptr cs:[0x103]
0x132c6: mov di, 0x100
0x132c9: mov si, word ptr cs:[0x103]
0x132ce: add si, 0x5e1
0x132d2: mov cx, 0xc
0x132d5: rep movsb byte ptr es:[di], byte ptr [si]
0x132d7: mov ax, 0x100
2018-12-25T12:40:44.492097966Z 9 PC: 12a47 | Display string (String= 'This is Doom II (Patient) Virus .. Caught By Peter Ferng ..')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14453,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:44.527000305Z 255 PC: 1327e | UNKNOWN!
2018-12-25T12:40:44.528245456Z 42 PC: 1328c | Get date 0x1328c: cmp dh, 3
0x1328f: jne 0x1329f
0x13291: mov ah, 0x2c
0x13293: int 0x21
0x13295: cmp dh, 0xa
0x13298: jge 0x1329f
0x1329a: mov byte ptr [0x60e], 1
0x1329f: pop ds
0x132a0: pop es
0x132a1: cmp byte ptr cs:[0x109], 0x30
0x132a7: je 0x132dc
0x132a9: cmp byte ptr cs:[0x10a], 0x45
0x132af: jne 0x132c6
0x132b1: mov ax, cs
0x132b3: sub ax, word ptr cs:[0x107]
0x132b8: add ax, word ptr cs:[0x105]
0x132bd: mov word ptr cs:[0x105], ax
0x132c1: ljmp ptr cs:[0x103]
0x132c6: mov di, 0x100
0x132c9: mov si, word ptr cs:[0x103]
2018-12-25T12:40:44.530286779Z 9 PC: 12a47 | Display string (String= 'This is Doom II (Patient) Virus .. Caught By Peter Ferng ..')