Sample viewer

vx.netlux.org/Virus.DOS.Sailor.Saturn.4562

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:04:24.383461234Z 24 PC: 12a5b | Reserved
2018-12-17T23:04:24.38535893Z 82 PC: 12a69 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:04:24.387079081Z 53 PC: 12ad2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:24.388435274Z 37 PC: 12ae1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:04:24.390100814Z 42 PC: 12aea | Get date 0x12aea: cmp dx, 0x90e
0x12aee: jne 0x12af3
0x12af0: call 0x12b57
0x12af3: pop es
0x12af4: pop di
0x12af5: pop ax
0x12af6: push es
0x12af7: pop ds
0x12af8: jmp 0x130e1
0x12afb: push bx
0x12afc: popaw
0x12afd: imul bp, word ptr [si + 0x6f], 0x5f72
0x12b02: push bx
0x12b03: popaw
0x12b04: je 0x12b7b
0x12b06: jb 0x12b76
0x12b08: add byte ptr [di], ch
0x12b0a: bound si, dword ptr [bx + si]
0x12b0c: jp 0x12b3e
0x12b0e: das

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14857,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:48.48899217Z 24 PC: 12a5b | Reserved
2018-12-25T12:41:48.491178179Z 82 PC: 12a69 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:41:48.493953049Z 53 PC: 12ad2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:48.495724152Z 37 PC: 12ae1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:48.501870887Z 42 PC: 12aea | Get date 0x12aea: cmp dx, 0x90e
0x12aee: jne 0x12af3
0x12af0: call 0x12b57
0x12af3: pop es
0x12af4: pop di
0x12af5: pop ax
0x12af6: push es
0x12af7: pop ds
0x12af8: jmp 0x130e1
0x12afb: push bx
0x12afc: popaw
0x12afd: imul bp, word ptr [si + 0x6f], 0x5f72
0x12b02: push bx
0x12b03: popaw
0x12b04: je 0x12b7b
0x12b06: jb 0x12b76
0x12b08: add byte ptr [di], ch
0x12b0a: bound si, dword ptr [bx + si]
0x12b0c: jp 0x12b3e
0x12b0e: das

{"DateBased":true,"Day":14,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14857,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:50.102720484Z 24 PC: 12a5b | Reserved
2018-12-25T12:41:50.105535518Z 82 PC: 12a69 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:41:50.107818415Z 53 PC: 12ad2 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:50.110029576Z 37 PC: 12ae1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:41:50.124229711Z 42 PC: 12aea | Get date 0x12aea: cmp dx, 0x90e
0x12aee: jne 0x12af3
0x12af0: call 0x12b57
0x12af3: pop es
0x12af4: pop di
0x12af5: pop ax
0x12af6: push es
0x12af7: pop ds
0x12af8: jmp 0x130e1
0x12afb: push bx
0x12afc: popaw
0x12afd: imul bp, word ptr [si + 0x6f], 0x5f72
0x12b02: push bx
0x12b03: popaw
0x12b04: je 0x12b7b
0x12b06: jb 0x12b76
0x12b08: add byte ptr [di], ch
0x12b0a: bound si, dword ptr [bx + si]
0x12b0c: jp 0x12b3e
0x12b0e: das