Sample viewer

vx.netlux.org/Virus.DOS.V.1241

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:05:26.709783873Z	75	PC: 12e13 \| Execute program
2018-12-17T23:05:26.712663162Z	80	PC: 13476 \| Set current PSP
2018-12-17T23:05:26.713797647Z	26	PC: 12bbb \| Set disk transfer address
2018-12-17T23:05:26.714879986Z	53	PC: 12bc5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:26.716985541Z	37	PC: 12bd6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:05:26.718157057Z	42	PC: 12bda \| Get date 0x12bda: cmp cx, 0x7c7 0x12bde: ja 0x12be9 0x12be0: cmp dx, 0xb01 0x12be4: jae 0x12be9 0x12be6: jmp 0x12df7 0x12be9: xor ax, ax 0x12beb: mov al, dh 0x12bed: mov cl, 2 0x12bef: div cl 0x12bf1: cmp ah, 0 0x12bf4: je 0x12bf9 0x12bf6: jmp 0x12df7 0x12bf9: cmp dl, 0x13 0x12bfc: je 0x12c01 0x12bfe: jmp 0x12df7 0x12c01: mov ah, 0x4a 0x12c03: mov bx, 0x1000 0x12c06: push cs 0x12c07: pop dx 0x12c08: add dx, 0x5f
2018-12-17T23:05:26.720968082Z	9	PC: 130f0 \| Display string (String= ' 654336 Bytes Total Memory ')
2018-12-17T23:05:26.725246363Z	9	PC: 13141 \| Display string (String= ' 576720 Bytes Available Memory (88.13%) ')
2018-12-17T23:05:26.738401893Z	53	PC: 13166 \| Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-17T23:05:26.739593564Z	76	PC: 131f1 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15203,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:54.312343186Z	75	PC: 12e13 \| Execute program
2018-12-25T12:42:54.314922055Z	80	PC: 13476 \| Set current PSP
2018-12-25T12:42:54.31636865Z	26	PC: 12bbb \| Set disk transfer address
2018-12-25T12:42:54.317272928Z	53	PC: 12bc5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:54.318425361Z	37	PC: 12bd6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:54.319707146Z	42	PC: 12bda \| Get date 0x12bda: cmp cx, 0x7c7 0x12bde: ja 0x12be9 0x12be0: cmp dx, 0xb01 0x12be4: jae 0x12be9 0x12be6: jmp 0x12df7 0x12be9: xor ax, ax 0x12beb: mov al, dh 0x12bed: mov cl, 2 0x12bef: div cl 0x12bf1: cmp ah, 0 0x12bf4: je 0x12bf9 0x12bf6: jmp 0x12df7 0x12bf9: cmp dl, 0x13 0x12bfc: je 0x12c01 0x12bfe: jmp 0x12df7 0x12c01: mov ah, 0x4a 0x12c03: mov bx, 0x1000 0x12c06: push cs 0x12c07: pop dx 0x12c08: add dx, 0x5f
2018-12-25T12:42:54.322133241Z	9	PC: 130f0 \| Display string (String= ' 654336 Bytes Total Memory ')
2018-12-25T12:42:54.328794999Z	9	PC: 13141 \| Display string (String= ' 576720 Bytes Available Memory (88.13%) ')
2018-12-25T12:42:54.336779545Z	53	PC: 13166 \| Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-25T12:42:54.33790088Z	76	PC: 131f1 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15203,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:54.326115032Z	75	PC: 12e13 \| Execute program
2018-12-25T12:42:54.328605177Z	80	PC: 13476 \| Set current PSP
2018-12-25T12:42:54.33108982Z	26	PC: 12bbb \| Set disk transfer address
2018-12-25T12:42:54.340607806Z	53	PC: 12bc5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:54.34217335Z	37	PC: 12bd6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:54.344362884Z	42	PC: 12bda \| Get date 0x12bda: cmp cx, 0x7c7 0x12bde: ja 0x12be9 0x12be0: cmp dx, 0xb01 0x12be4: jae 0x12be9 0x12be6: jmp 0x12df7 0x12be9: xor ax, ax 0x12beb: mov al, dh 0x12bed: mov cl, 2 0x12bef: div cl 0x12bf1: cmp ah, 0 0x12bf4: je 0x12bf9 0x12bf6: jmp 0x12df7 0x12bf9: cmp dl, 0x13 0x12bfc: je 0x12c01 0x12bfe: jmp 0x12df7 0x12c01: mov ah, 0x4a 0x12c03: mov bx, 0x1000 0x12c06: push cs 0x12c07: pop dx 0x12c08: add dx, 0x5f
2018-12-25T12:42:54.346983837Z	9	PC: 130f0 \| Display string (String= ' 654336 Bytes Total Memory ')
2018-12-25T12:42:54.351579749Z	9	PC: 13141 \| Display string (String= ' 576720 Bytes Available Memory (88.13%) ')
2018-12-25T12:42:54.358510404Z	53	PC: 13166 \| Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-25T12:42:54.359872376Z	76	PC: 131f1 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15203,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:42:54.647820806Z	75	PC: 12e13 \| Execute program
2018-12-25T12:42:54.650490059Z	80	PC: 13476 \| Set current PSP
2018-12-25T12:42:54.652448737Z	26	PC: 12bbb \| Set disk transfer address
2018-12-25T12:42:54.654167392Z	53	PC: 12bc5 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:54.656697181Z	37	PC: 12bd6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:42:54.658611585Z	42	PC: 12bda \| Get date 0x12bda: cmp cx, 0x7c7 0x12bde: ja 0x12be9 0x12be0: cmp dx, 0xb01 0x12be4: jae 0x12be9 0x12be6: jmp 0x12df7 0x12be9: xor ax, ax 0x12beb: mov al, dh 0x12bed: mov cl, 2 0x12bef: div cl 0x12bf1: cmp ah, 0 0x12bf4: je 0x12bf9 0x12bf6: jmp 0x12df7 0x12bf9: cmp dl, 0x13 0x12bfc: je 0x12c01 0x12bfe: jmp 0x12df7 0x12c01: mov ah, 0x4a 0x12c03: mov bx, 0x1000 0x12c06: push cs 0x12c07: pop dx 0x12c08: add dx, 0x5f
2018-12-25T12:42:54.661567238Z	9	PC: 130f0 \| Display string (String= ' 654336 Bytes Total Memory ')
2018-12-25T12:42:54.666121598Z	9	PC: 13141 \| Display string (String= ' 576720 Bytes Available Memory (88.13%) ')
2018-12-25T12:42:54.674272666Z	53	PC: 13166 \| Get interrupt vector (Interrupt = '103' AKA 'Set handle count')
2018-12-25T12:42:54.675565718Z	76	PC: 131f1 \| Terminate with return code (Return code = '0')