Sample viewer

vx.netlux.org/Virus.DOS.Alicia.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:06:06.706813972Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13eba 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d77 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-17T23:06:06.709804449Z	19	PC: 12a73 \| Delete file
2018-12-17T23:06:06.714206676Z	42	PC: 13d7d \| Get date 0x13d7d: mov word ptr cs:[bp + 0x13bf], cx 0x13d82: mov word ptr cs:[bp + 0x19a2], cx 0x13d87: mov ah, 0x2c 0x13d89: int 0x21 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa
2018-12-17T23:06:06.717341778Z	44	PC: 13d8b \| Get time 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa 0x13dbd: rcl ch, 1 0x13dbf: and ch, 7 0x13dc2: call 0x23a0a 0x13dc5: mov byte ptr cs:[bp + 0x13c7], ch
2018-12-17T23:06:06.721276597Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:06.722756422Z	98	PC: 12a91 \| Get current PSP
2018-12-17T23:06:06.723707693Z	74	PC: 12b9f \| Reallocate memory
2018-12-17T23:06:06.725591296Z	74	PC: 12ba5 \| Reallocate memory
2018-12-17T23:06:06.727838963Z	72	PC: 12bac \| Allocate memory
2018-12-17T23:06:06.730008316Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15431,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:23.37949164Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13eba 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d77 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T12:43:23.382758197Z	19	PC: 12a73 \| Delete file
2018-12-25T12:43:23.384339634Z	42	PC: 13d7d \| Get date 0x13d7d: mov word ptr cs:[bp + 0x13bf], cx 0x13d82: mov word ptr cs:[bp + 0x19a2], cx 0x13d87: mov ah, 0x2c 0x13d89: int 0x21 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa
2018-12-25T12:43:23.386380446Z	44	PC: 13d8b \| Get time 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa 0x13dbd: rcl ch, 1 0x13dbf: and ch, 7 0x13dc2: call 0x23a0a 0x13dc5: mov byte ptr cs:[bp + 0x13c7], ch
2018-12-25T12:43:23.38886181Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:23.390802397Z	98	PC: 12a91 \| Get current PSP
2018-12-25T12:43:23.39211024Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T12:43:23.394175212Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T12:43:23.396657395Z	72	PC: 12bac \| Allocate memory
2018-12-25T12:43:23.398971171Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":24,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15431,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:24.315394947Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13eba 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d77 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T12:43:24.359747247Z	19	PC: 12a73 \| Delete file
2018-12-25T12:43:24.36178473Z	42	PC: 13d7d \| Get date 0x13d7d: mov word ptr cs:[bp + 0x13bf], cx 0x13d82: mov word ptr cs:[bp + 0x19a2], cx 0x13d87: mov ah, 0x2c 0x13d89: int 0x21 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa
2018-12-25T12:43:24.364735118Z	44	PC: 13d8b \| Get time 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa 0x13dbd: rcl ch, 1 0x13dbf: and ch, 7 0x13dc2: call 0x23a0a 0x13dc5: mov byte ptr cs:[bp + 0x13c7], ch
2018-12-25T12:43:24.367931249Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:24.371200268Z	98	PC: 12a91 \| Get current PSP
2018-12-25T12:43:24.372273809Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T12:43:24.374297364Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T12:43:24.376576645Z	72	PC: 12bac \| Allocate memory
2018-12-25T12:43:24.379000223Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15431,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:43:24.917049919Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13eba 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d77 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T12:43:24.91994423Z	19	PC: 12a73 \| Delete file
2018-12-25T12:43:24.921253491Z	42	PC: 13d7d \| Get date 0x13d7d: mov word ptr cs:[bp + 0x13bf], cx 0x13d82: mov word ptr cs:[bp + 0x19a2], cx 0x13d87: mov ah, 0x2c 0x13d89: int 0x21 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa
2018-12-25T12:43:24.923495328Z	44	PC: 13d8b \| Get time 0x13d8b: mov word ptr cs:[bp + 0x199c], dx 0x13d90: mov ch, dh 0x13d92: mov cl, dh 0x13d94: and ch, 3 0x13d97: add ch, 4 0x13d9a: call 0x239f9 0x13d9d: mov byte ptr cs:[bp + 0x13c5], ch 0x13da2: mov ch, dh 0x13da4: xor ch, 0x87 0x13da7: rcr ch, 2 0x13daa: and ch, 7 0x13dad: call 0x23a0a 0x13db0: mov byte ptr cs:[bp + 0x13c8], ch 0x13db5: mov ch, dh 0x13db7: xor ch, 0x1e 0x13dba: add ch, 0xaa 0x13dbd: rcl ch, 1 0x13dbf: and ch, 7 0x13dc2: call 0x23a0a 0x13dc5: mov byte ptr cs:[bp + 0x13c7], ch
2018-12-25T12:43:24.930933773Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:24.932103734Z	98	PC: 12a91 \| Get current PSP
2018-12-25T12:43:24.933090928Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T12:43:24.938581028Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T12:43:24.939933515Z	72	PC: 12bac \| Allocate memory
2018-12-25T12:43:24.941559009Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')