Sample viewer

vx.netlux.org/Virus.DOS.Esime.379

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:03:43.115507866Z	42	PC: 17c02 \| Get date 0x17c02: cmp dh, 3 0x17c05: je 0x17c0a 0x17c07: jmp 0x17c1e 0x17c09: nop 0x17c0a: cmp dl, 5 0x17c0d: je 0x17c12 0x17c0f: jmp 0x17c1e 0x17c11: nop 0x17c12: mov ah, 0x19 0x17c14: int 0x21 0x17c16: mov cx, 0x100 0x17c19: cli 0x17c1a: cdq 0x17c1b: int 0x26 0x17c1d: sti 0x17c1e: call 0x17c21 0x17c21: pop bp 0x17c22: sub bp, 0x23 0x17c26: push es 0x17c27: push ds
2018-12-17T23:03:43.118716688Z	224	PC: 17c2c \| UNKNOWN!
2018-12-17T23:03:43.119660228Z	74	PC: 17c38 \| Reallocate memory
2018-12-17T23:03:43.121428419Z	74	PC: 17c40 \| Reallocate memory
2018-12-17T23:03:43.123069283Z	72	PC: 17c4f \| Allocate memory
2018-12-17T23:03:43.131536012Z	48	PC: 18097 \| Get DOS version
2018-12-17T23:03:43.133601623Z	37	PC: 182f6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T23:03:43.13530436Z	37	PC: 1832a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T23:03:43.137889934Z	37	PC: 182c4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14628,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:11.460048448Z	42	PC: 17c02 \| Get date 0x17c02: cmp dh, 3 0x17c05: je 0x17c0a 0x17c07: jmp 0x17c1e 0x17c09: nop 0x17c0a: cmp dl, 5 0x17c0d: je 0x17c12 0x17c0f: jmp 0x17c1e 0x17c11: nop 0x17c12: mov ah, 0x19 0x17c14: int 0x21 0x17c16: mov cx, 0x100 0x17c19: cli 0x17c1a: cdq 0x17c1b: int 0x26 0x17c1d: sti 0x17c1e: call 0x17c21 0x17c21: pop bp 0x17c22: sub bp, 0x23 0x17c26: push es 0x17c27: push ds
2018-12-25T12:41:11.463022052Z	224	PC: 17c2c \| UNKNOWN!
2018-12-25T12:41:11.463789854Z	74	PC: 17c38 \| Reallocate memory
2018-12-25T12:41:11.46568441Z	74	PC: 17c40 \| Reallocate memory
2018-12-25T12:41:11.468192224Z	72	PC: 17c4f \| Allocate memory
2018-12-25T12:41:11.476073668Z	48	PC: 18097 \| Get DOS version
2018-12-25T12:41:11.477675305Z	37	PC: 182f6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:41:11.479679634Z	37	PC: 1832a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:41:11.480936505Z	37	PC: 182c4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14628,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:11.904571312Z	42	PC: 17c02 \| Get date 0x17c02: cmp dh, 3 0x17c05: je 0x17c0a 0x17c07: jmp 0x17c1e 0x17c09: nop 0x17c0a: cmp dl, 5 0x17c0d: je 0x17c12 0x17c0f: jmp 0x17c1e 0x17c11: nop 0x17c12: mov ah, 0x19 0x17c14: int 0x21 0x17c16: mov cx, 0x100 0x17c19: cli 0x17c1a: cdq 0x17c1b: int 0x26 0x17c1d: sti 0x17c1e: call 0x17c21 0x17c21: pop bp 0x17c22: sub bp, 0x23 0x17c26: push es 0x17c27: push ds
2018-12-25T12:41:11.907000382Z	224	PC: 17c2c \| UNKNOWN!
2018-12-25T12:41:11.907593194Z	74	PC: 17c38 \| Reallocate memory
2018-12-25T12:41:11.908987741Z	74	PC: 17c40 \| Reallocate memory
2018-12-25T12:41:11.912061256Z	72	PC: 17c4f \| Allocate memory
2018-12-25T12:41:11.919462021Z	48	PC: 18097 \| Get DOS version
2018-12-25T12:41:11.920690688Z	37	PC: 182f6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:41:11.922210199Z	37	PC: 1832a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:41:11.923370129Z	37	PC: 182c4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":5,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14628,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:11.936257109Z	42	PC: 17c02 \| Get date 0x17c02: cmp dh, 3 0x17c05: je 0x17c0a 0x17c07: jmp 0x17c1e 0x17c09: nop 0x17c0a: cmp dl, 5 0x17c0d: je 0x17c12 0x17c0f: jmp 0x17c1e 0x17c11: nop 0x17c12: mov ah, 0x19 0x17c14: int 0x21 0x17c16: mov cx, 0x100 0x17c19: cli 0x17c1a: cdq 0x17c1b: int 0x26 0x17c1d: sti 0x17c1e: call 0x17c21 0x17c21: pop bp 0x17c22: sub bp, 0x23 0x17c26: push es 0x17c27: push ds
2018-12-25T12:41:11.938900233Z	25	PC: 17c16 \| Get default drive
2018-12-25T12:41:12.98634805Z	224	PC: 17c2c \| UNKNOWN!
2018-12-25T12:41:12.986979454Z	74	PC: 17c38 \| Reallocate memory
2018-12-25T12:41:12.989221281Z	74	PC: 17c40 \| Reallocate memory
2018-12-25T12:41:12.990723778Z	72	PC: 17c4f \| Allocate memory
2018-12-25T12:41:12.997379576Z	48	PC: 18097 \| Get DOS version
2018-12-25T12:41:12.999119282Z	37	PC: 182f6 \| Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T12:41:13.000374862Z	37	PC: 1832a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:41:13.001536005Z	37	PC: 182c4 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')