Sample viewer

vx.netlux.org/Virus.DOS.Mutator.780

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:00.701605522Z	42	PC: 12b17 \| Get date 0x12b17: cmp dh, 0xa 0x12b1a: jne 0x12b28 0x12b1c: cmp dl, 0x1e 0x12b1f: jne 0x12b28 0x12b21: mov ah, 9 0x12b23: mov dx, 0x381 0x12b26: int 0x21 0x12b28: mov ax, 0xdaff 0x12b2b: int 0x21 0x12b2d: cmp ax, 0x5892 0x12b30: je 0x12b85 0x12b32: push ds 0x12b33: mov ax, ds 0x12b35: dec ax 0x12b36: mov ds, ax 0x12b38: cmp byte ptr [0], 0x5a 0x12b3d: jne 0x12b85 0x12b3f: mov ax, word ptr [3] 0x12b42: sub ax, 0x80 0x12b45: mov word ptr [3], ax
2018-12-17T23:04:00.704552877Z	218	PC: 12b2d \| UNKNOWN!
2018-12-17T23:04:00.705979082Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:00.707407799Z	37	PC: 12b82 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14735,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:31.937179769Z	42	PC: 12b17 \| Get date 0x12b17: cmp dh, 0xa 0x12b1a: jne 0x12b28 0x12b1c: cmp dl, 0x1e 0x12b1f: jne 0x12b28 0x12b21: mov ah, 9 0x12b23: mov dx, 0x381 0x12b26: int 0x21 0x12b28: mov ax, 0xdaff 0x12b2b: int 0x21 0x12b2d: cmp ax, 0x5892 0x12b30: je 0x12b85 0x12b32: push ds 0x12b33: mov ax, ds 0x12b35: dec ax 0x12b36: mov ds, ax 0x12b38: cmp byte ptr [0], 0x5a 0x12b3d: jne 0x12b85 0x12b3f: mov ax, word ptr [3] 0x12b42: sub ax, 0x80 0x12b45: mov word ptr [3], ax
2018-12-25T12:41:31.940313474Z	218	PC: 12b2d \| UNKNOWN!
2018-12-25T12:41:31.941115332Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:31.942246397Z	37	PC: 12b82 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14735,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:32.5413551Z	42	PC: 12b17 \| Get date 0x12b17: cmp dh, 0xa 0x12b1a: jne 0x12b28 0x12b1c: cmp dl, 0x1e 0x12b1f: jne 0x12b28 0x12b21: mov ah, 9 0x12b23: mov dx, 0x381 0x12b26: int 0x21 0x12b28: mov ax, 0xdaff 0x12b2b: int 0x21 0x12b2d: cmp ax, 0x5892 0x12b30: je 0x12b85 0x12b32: push ds 0x12b33: mov ax, ds 0x12b35: dec ax 0x12b36: mov ds, ax 0x12b38: cmp byte ptr [0], 0x5a 0x12b3d: jne 0x12b85 0x12b3f: mov ax, word ptr [3] 0x12b42: sub ax, 0x80 0x12b45: mov word ptr [3], ax
2018-12-25T12:41:32.543983672Z	218	PC: 12b2d \| UNKNOWN!
2018-12-25T12:41:32.545223033Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:32.546654894Z	37	PC: 12b82 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":30,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14735,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:41:32.721260613Z	42	PC: 12b17 \| Get date 0x12b17: cmp dh, 0xa 0x12b1a: jne 0x12b28 0x12b1c: cmp dl, 0x1e 0x12b1f: jne 0x12b28 0x12b21: mov ah, 9 0x12b23: mov dx, 0x381 0x12b26: int 0x21 0x12b28: mov ax, 0xdaff 0x12b2b: int 0x21 0x12b2d: cmp ax, 0x5892 0x12b30: je 0x12b85 0x12b32: push ds 0x12b33: mov ax, ds 0x12b35: dec ax 0x12b36: mov ds, ax 0x12b38: cmp byte ptr [0], 0x5a 0x12b3d: jne 0x12b85 0x12b3f: mov ax, word ptr [3] 0x12b42: sub ax, 0x80 0x12b45: mov word ptr [3], ax
2018-12-25T12:41:32.732551797Z	9	PC: 12b28 \| Display string (String= '�� u��@�u� �� !�B�u3�3��!�@�u��q�!Í�� Y�H�a�� {=Hey! Holloween almost here! Better be good, or the demon's will get you!')
2018-12-25T12:41:32.736461984Z	218	PC: 12b2d \| UNKNOWN!
2018-12-25T12:41:32.737271694Z	53	PC: 12b6a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:32.738558099Z	37	PC: 12b82 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')