Sample viewer

vx.netlux.org/Virus.DOS.Dutch_Tiny.218

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:04:48.305477841Z	42	PC: 12a5c \| Get date 0x12a5c: cmp dh, 4 0x12a5f: je 0x12a4e 0x12a61: cmp dh, 5 0x12a64: je 0x12a4e 0x12a66: pop si 0x12a67: sub si, 0x10b 0x12a6b: mov bp, word ptr [si + 0x1bb] 0x12a6f: add bp, 0x103 0x12a73: lea dx, word ptr [si + 0x1a2] 0x12a77: xor cx, cx 0x12a79: mov ah, 0x4e 0x12a7b: int 0x21 0x12a7d: jb 0x12af9 0x12a7f: mov dx, 0x9e 0x12a82: mov ax, 0x3d02 0x12a85: int 0x21 0x12a87: mov bx, ax 0x12a89: mov ah, 0x3f 0x12a8b: lea dx, word ptr [si + 0x1a8] 0x12a8f: mov di, dx
2018-12-17T23:04:48.30791405Z	78	PC: 12a7d \| Find first file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14984,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:16.609411879Z	42	PC: 12a5c \| Get date 0x12a5c: cmp dh, 4 0x12a5f: je 0x12a4e 0x12a61: cmp dh, 5 0x12a64: je 0x12a4e 0x12a66: pop si 0x12a67: sub si, 0x10b 0x12a6b: mov bp, word ptr [si + 0x1bb] 0x12a6f: add bp, 0x103 0x12a73: lea dx, word ptr [si + 0x1a2] 0x12a77: xor cx, cx 0x12a79: mov ah, 0x4e 0x12a7b: int 0x21 0x12a7d: jb 0x12af9 0x12a7f: mov dx, 0x9e 0x12a82: mov ax, 0x3d02 0x12a85: int 0x21 0x12a87: mov bx, ax 0x12a89: mov ah, 0x3f 0x12a8b: lea dx, word ptr [si + 0x1a8] 0x12a8f: mov di, dx
2018-12-25T12:42:16.611974963Z	78	PC: 12a7d \| Find first file

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14984,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:17.456342724Z	42	PC: 12a5c \| Get date 0x12a5c: cmp dh, 4 0x12a5f: je 0x12a4e 0x12a61: cmp dh, 5 0x12a64: je 0x12a4e 0x12a66: pop si 0x12a67: sub si, 0x10b 0x12a6b: mov bp, word ptr [si + 0x1bb] 0x12a6f: add bp, 0x103 0x12a73: lea dx, word ptr [si + 0x1a2] 0x12a77: xor cx, cx 0x12a79: mov ah, 0x4e 0x12a7b: int 0x21 0x12a7d: jb 0x12af9 0x12a7f: mov dx, 0x9e 0x12a82: mov ax, 0x3d02 0x12a85: int 0x21 0x12a87: mov bx, ax 0x12a89: mov ah, 0x3f 0x12a8b: lea dx, word ptr [si + 0x1a8] 0x12a8f: mov di, dx
2018-12-25T12:42:17.459356533Z	9	PC: 12a55 \| Display string (String= 'You have been hit by a bolt of lightning!')
2018-12-25T12:42:17.464026487Z	78	PC: 12a7d \| Find first file

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14984,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:17.531659925Z	42	PC: 12a5c \| Get date 0x12a5c: cmp dh, 4 0x12a5f: je 0x12a4e 0x12a61: cmp dh, 5 0x12a64: je 0x12a4e 0x12a66: pop si 0x12a67: sub si, 0x10b 0x12a6b: mov bp, word ptr [si + 0x1bb] 0x12a6f: add bp, 0x103 0x12a73: lea dx, word ptr [si + 0x1a2] 0x12a77: xor cx, cx 0x12a79: mov ah, 0x4e 0x12a7b: int 0x21 0x12a7d: jb 0x12af9 0x12a7f: mov dx, 0x9e 0x12a82: mov ax, 0x3d02 0x12a85: int 0x21 0x12a87: mov bx, ax 0x12a89: mov ah, 0x3f 0x12a8b: lea dx, word ptr [si + 0x1a8] 0x12a8f: mov di, dx
2018-12-25T12:42:17.535642442Z	9	PC: 12a55 \| Display string (String= 'You have been hit by a bolt of lightning!')
2018-12-25T12:42:17.539840442Z	78	PC: 12a7d \| Find first file