Sample viewer

vx.netlux.org/Virus.DOS.Tao.975

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:18.557618208Z 48 PC: 12d6a | Get DOS version
2018-12-17T23:03:18.566809021Z 9 PC: 12dab | Display string (String= ' Antiviral ')
2018-12-17T23:03:18.571711494Z 61 PC: 12dba | Open file (Filename = 'TBMEMXXX')
2018-12-17T23:03:18.579582306Z 42 PC: 12e11 | Get date 0x12e11: dec al
0x12e13: jne 0x12e21
0x12e15: lea dx, word ptr [bp + 0x1eb]
0x12e19: mov ah, 9
0x12e1b: int 0x21
0x12e1d: xor ax, ax
0x12e1f: int 0x16
0x12e21: popaw
0x12e22: lea si, word ptr [bp + 0x124]
0x12e26: mov di, 0x101
0x12e29: dec di
0x12e2a: push di
0x12e2b: mov byte ptr [di], 0xc3
0x12e2e: call di
0x12e30: movsd dword ptr es:[di], dword ptr [si]
0x12e32: ret
0x12e33: pop sp
0x12e34: inc si
0x12e36: push es
0x12e37: jp 0x12e3c
2018-12-17T23:03:18.583090285Z 9 PC: 12e1d | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14490,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:46.871037679Z 48 PC: 12d6a | Get DOS version
2018-12-25T12:40:46.875146011Z 9 PC: 12dab | Display string (String= ' Antiviral ')
2018-12-25T12:40:46.8802823Z 61 PC: 12dba | Open file (Filename = 'TBMEMXXX')
2018-12-25T12:40:46.88750972Z 42 PC: 12e11 | Get date 0x12e11: dec al
0x12e13: jne 0x12e21
0x12e15: lea dx, word ptr [bp + 0x1eb]
0x12e19: mov ah, 9
0x12e1b: int 0x21
0x12e1d: xor ax, ax
0x12e1f: int 0x16
0x12e21: popaw
0x12e22: lea si, word ptr [bp + 0x124]
0x12e26: mov di, 0x101
0x12e29: dec di
0x12e2a: push di
0x12e2b: mov byte ptr [di], 0xc3
0x12e2e: call di
0x12e30: movsd dword ptr es:[di], dword ptr [si]
0x12e32: ret
0x12e33: pop sp
0x12e34: inc si
0x12e36: push es
0x12e37: jp 0x12e3c
2018-12-25T12:40:46.890309143Z 9 PC: 12a48 | Display string (String= 'Runtime error 1906:5D32 ')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14490,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:40:46.963040961Z 48 PC: 12d6a | Get DOS version
2018-12-25T12:40:46.965461373Z 9 PC: 12dab | Display string (String= ' Antiviral ')
2018-12-25T12:40:46.970108451Z 61 PC: 12dba | Open file (Filename = 'TBMEMXXX')
2018-12-25T12:40:46.979042138Z 42 PC: 12e11 | Get date 0x12e11: dec al
0x12e13: jne 0x12e21
0x12e15: lea dx, word ptr [bp + 0x1eb]
0x12e19: mov ah, 9
0x12e1b: int 0x21
0x12e1d: xor ax, ax
0x12e1f: int 0x16
0x12e21: popaw
0x12e22: lea si, word ptr [bp + 0x124]
0x12e26: mov di, 0x101
0x12e29: dec di
0x12e2a: push di
0x12e2b: mov byte ptr [di], 0xc3
0x12e2e: call di
0x12e30: movsd dword ptr es:[di], dword ptr [si]
0x12e32: ret
0x12e33: pop sp
0x12e34: inc si
0x12e36: push es
0x12e37: jp 0x12e3c
2018-12-25T12:40:46.982302209Z 9 PC: 12a48 | Display string (String= 'Runtime error 1906:5D32 ')