Sample viewer

vx.netlux.org/Virus.DOS.Alicia.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:26.58783795Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13ec1 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d7e 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-17T23:05:26.605286796Z	19	PC: 12a73 \| Delete file
2018-12-17T23:05:26.606608347Z	42	PC: 13d84 \| Get date 0x13d84: mov word ptr cs:[bp + 0x13c6], cx 0x13d89: mov word ptr cs:[bp + 0x19a9], cx 0x13d8e: mov ah, 0x2c 0x13d90: int 0x21 0x13d92: mov word ptr cs:[bp + 0x19a3], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa
2018-12-17T23:05:26.608609358Z	44	PC: 13d92 \| Get time 0x13d92: mov word ptr cs:[bp + 0x19a3], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa 0x13dc4: rcl ch, 1 0x13dc6: and ch, 7 0x13dc9: call 0x23a0b 0x13dcc: mov byte ptr cs:[bp + 0x13ce], ch
2018-12-17T23:05:26.615786556Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:26.616930758Z	98	PC: 12a91 \| Get current PSP
2018-12-17T23:05:26.617690619Z	74	PC: 12b9f \| Reallocate memory
2018-12-17T23:05:26.619314489Z	74	PC: 12ba5 \| Reallocate memory
2018-12-17T23:05:26.621136918Z	72	PC: 12bac \| Allocate memory
2018-12-17T23:05:26.622493138Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15202,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:53.497323016Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13ec1 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d7e 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T12:42:53.500248778Z	19	PC: 12a73 \| Delete file
2018-12-25T12:42:53.50192877Z	42	PC: 13d84 \| Get date 0x13d84: mov word ptr cs:[bp + 0x13c6], cx 0x13d89: mov word ptr cs:[bp + 0x19a9], cx 0x13d8e: mov ah, 0x2c 0x13d90: int 0x21 0x13d92: mov word ptr cs:[bp + 0x19a3], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa
2018-12-25T12:42:53.504070513Z	44	PC: 13d92 \| Get time 0x13d92: mov word ptr cs:[bp + 0x19a3], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa 0x13dc4: rcl ch, 1 0x13dc6: and ch, 7 0x13dc9: call 0x23a0b 0x13dcc: mov byte ptr cs:[bp + 0x13ce], ch
2018-12-25T12:42:53.508968692Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:53.510286183Z	98	PC: 12a91 \| Get current PSP
2018-12-25T12:42:53.51115577Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T12:42:53.51320471Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T12:42:53.514801133Z	72	PC: 12bac \| Allocate memory
2018-12-25T12:42:53.516413398Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15202,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:54.165266033Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13ec1 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d7e 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T12:42:54.168347769Z	19	PC: 12a73 \| Delete file
2018-12-25T12:42:54.169747978Z	42	PC: 13d84 \| Get date 0x13d84: mov word ptr cs:[bp + 0x13c6], cx 0x13d89: mov word ptr cs:[bp + 0x19a9], cx 0x13d8e: mov ah, 0x2c 0x13d90: int 0x21 0x13d92: mov word ptr cs:[bp + 0x19a3], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa
2018-12-25T12:42:54.171694972Z	44	PC: 13d92 \| Get time 0x13d92: mov word ptr cs:[bp + 0x19a3], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa 0x13dc4: rcl ch, 1 0x13dc6: and ch, 7 0x13dc9: call 0x23a0b 0x13dcc: mov byte ptr cs:[bp + 0x13ce], ch
2018-12-25T12:42:54.182398814Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:54.183887373Z	98	PC: 12a91 \| Get current PSP
2018-12-25T12:42:54.18496613Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T12:42:54.18664488Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T12:42:54.188639488Z	72	PC: 12bac \| Allocate memory
2018-12-25T12:42:54.190210594Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')