Sample viewer

vx.netlux.org/Virus.DOS.Mutator.780

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:00.701605522Z 42 PC: 12b17 | Get date 0x12b17: cmp dh, 0xa
0x12b1a: jne 0x12b28
0x12b1c: cmp dl, 0x1e
0x12b1f: jne 0x12b28
0x12b21: mov ah, 9
0x12b23: mov dx, 0x381
0x12b26: int 0x21
0x12b28: mov ax, 0xdaff
0x12b2b: int 0x21
0x12b2d: cmp ax, 0x5892
0x12b30: je 0x12b85
0x12b32: push ds
0x12b33: mov ax, ds
0x12b35: dec ax
0x12b36: mov ds, ax
0x12b38: cmp byte ptr [0], 0x5a
0x12b3d: jne 0x12b85
0x12b3f: mov ax, word ptr [3]
0x12b42: sub ax, 0x80
0x12b45: mov word ptr [3], ax
2018-12-17T23:04:00.704552877Z 218 PC: 12b2d | UNKNOWN!
2018-12-17T23:04:00.705979082Z 53 PC: 12b6a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:00.707407799Z 37 PC: 12b82 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:31.937179769Z 42 PC: 12b17 | Get date 0x12b17: cmp dh, 0xa
0x12b1a: jne 0x12b28
0x12b1c: cmp dl, 0x1e
0x12b1f: jne 0x12b28
0x12b21: mov ah, 9
0x12b23: mov dx, 0x381
0x12b26: int 0x21
0x12b28: mov ax, 0xdaff
0x12b2b: int 0x21
0x12b2d: cmp ax, 0x5892
0x12b30: je 0x12b85
0x12b32: push ds
0x12b33: mov ax, ds
0x12b35: dec ax
0x12b36: mov ds, ax
0x12b38: cmp byte ptr [0], 0x5a
0x12b3d: jne 0x12b85
0x12b3f: mov ax, word ptr [3]
0x12b42: sub ax, 0x80
0x12b45: mov word ptr [3], ax
2018-12-25T12:41:31.940313474Z 218 PC: 12b2d | UNKNOWN!
2018-12-25T12:41:31.941115332Z 53 PC: 12b6a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:31.942246397Z 37 PC: 12b82 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:32.5413551Z 42 PC: 12b17 | Get date 0x12b17: cmp dh, 0xa
0x12b1a: jne 0x12b28
0x12b1c: cmp dl, 0x1e
0x12b1f: jne 0x12b28
0x12b21: mov ah, 9
0x12b23: mov dx, 0x381
0x12b26: int 0x21
0x12b28: mov ax, 0xdaff
0x12b2b: int 0x21
0x12b2d: cmp ax, 0x5892
0x12b30: je 0x12b85
0x12b32: push ds
0x12b33: mov ax, ds
0x12b35: dec ax
0x12b36: mov ds, ax
0x12b38: cmp byte ptr [0], 0x5a
0x12b3d: jne 0x12b85
0x12b3f: mov ax, word ptr [3]
0x12b42: sub ax, 0x80
0x12b45: mov word ptr [3], ax
2018-12-25T12:41:32.543983672Z 218 PC: 12b2d | UNKNOWN!
2018-12-25T12:41:32.545223033Z 53 PC: 12b6a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:32.546654894Z 37 PC: 12b82 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":30,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14735,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:32.721260613Z 42 PC: 12b17 | Get date 0x12b17: cmp dh, 0xa
0x12b1a: jne 0x12b28
0x12b1c: cmp dl, 0x1e
0x12b1f: jne 0x12b28
0x12b21: mov ah, 9
0x12b23: mov dx, 0x381
0x12b26: int 0x21
0x12b28: mov ax, 0xdaff
0x12b2b: int 0x21
0x12b2d: cmp ax, 0x5892
0x12b30: je 0x12b85
0x12b32: push ds
0x12b33: mov ax, ds
0x12b35: dec ax
0x12b36: mov ds, ax
0x12b38: cmp byte ptr [0], 0x5a
0x12b3d: jne 0x12b85
0x12b3f: mov ax, word ptr [3]
0x12b42: sub ax, 0x80
0x12b45: mov word ptr [3], ax
2018-12-25T12:41:32.732551797Z 9 PC: 12b28 | Display string (String= '�� � ��� �� �u���@�u� �� �!�B�u3�3��!�@�u��q�!��� �Y�H�a��� �{=Hey! Holloween almost here! Better be good, or the demon's will get you!')
2018-12-25T12:41:32.736461984Z 218 PC: 12b2d | UNKNOWN!
2018-12-25T12:41:32.737271694Z 53 PC: 12b6a | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:32.738558099Z 37 PC: 12b82 | Set interrupt vector (Interrupt = '33' AKA 'Random read')