Sample viewer

vx.netlux.org/Virus.DOS.KOV.Eddy.1422

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:31.359450777Z 42 PC: 12f03 | Get date 0x12f03: cmp cx, 0x7cc
0x12f07: jne 0x12f13
0x12f09: cmp dh, 3
0x12f0c: ja 0x12f13
0x12f0e: cmp dl, 0x14
0x12f11: jb 0x12f5c
0x12f13: mov al, 0xff
0x12f15: mov ah, 0xf
0x12f17: xchg al, ah
0x12f19: nop
0x12f1a: int 0x21
0x12f1c: cmp ax, 0x101
0x12f1f: jne 0x12f25
0x12f21: call 0x12f60
0x12f24: nop
0x12f25: mov ax, 0x3521
0x12f28: nop
0x12f29: int 0x21
0x12f2b: cmp word ptr es:[0xa], 0x4254
0x12f32: jne 0x12f40
2018-12-17T23:06:31.363059531Z 255 PC: 12f1c | UNKNOWN!
2018-12-17T23:06:31.364261131Z 53 PC: 12f2b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:31.365833016Z 240 PC: 12f5a | UNKNOWN!
2018-12-17T23:06:31.368011171Z 44 PC: 12e58 | Get time 0x12e58: cmp cl, 6
0x12e5b: jne 0x12e92
0x12e5d: mov ax, 0xb800
0x12e60: mov es, ax
0x12e62: mov cx, 0x30
0x12e65: push cx
0x12e66: mov cx, 0x7c0
0x12e69: xor si, si
0x12e6b: mov ah, byte ptr es:[si]
0x12e6e: cmp ah, 0x77
0x12e71: jb 0x12e80
0x12e73: dec ah
0x12e75: mov byte ptr es:[si], ah
0x12e78: mov byte ptr es:[si + 1], 0x79
0x12e7d: jmp 0x12e8a
0x12e7f: nop
0x12e80: inc ah
0x12e82: mov byte ptr es:[si], ah
0x12e85: mov byte ptr es:[si + 1], 0x8f
0x12e8a: inc si
2018-12-17T23:06:31.380004699Z 98 PC: 16c00 | Get current PSP
2018-12-17T23:06:31.381798401Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-17T23:06:31.383596381Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-17T23:06:31.38571814Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-17T23:06:31.387646967Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-17T23:06:31.389346983Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T23:06:31.392395264Z 48 PC: 14911 | Get DOS version
2018-12-17T23:06:31.394716157Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T23:06:31.400643762Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15560,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:50.035400341Z 42 PC: 12f03 | Get date 0x12f03: cmp cx, 0x7cc
0x12f07: jne 0x12f13
0x12f09: cmp dh, 3
0x12f0c: ja 0x12f13
0x12f0e: cmp dl, 0x14
0x12f11: jb 0x12f5c
0x12f13: mov al, 0xff
0x12f15: mov ah, 0xf
0x12f17: xchg al, ah
0x12f19: nop
0x12f1a: int 0x21
0x12f1c: cmp ax, 0x101
0x12f1f: jne 0x12f25
0x12f21: call 0x12f60
0x12f24: nop
0x12f25: mov ax, 0x3521
0x12f28: nop
0x12f29: int 0x21
0x12f2b: cmp word ptr es:[0xa], 0x4254
0x12f32: jne 0x12f40
2018-12-25T12:43:50.038796211Z 255 PC: 12f1c | UNKNOWN!
2018-12-25T12:43:50.040050073Z 53 PC: 12f2b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:50.041772739Z 240 PC: 12f5a | UNKNOWN!
2018-12-25T12:43:50.043932585Z 44 PC: 12e58 | Get time 0x12e58: cmp cl, 6
0x12e5b: jne 0x12e92
0x12e5d: mov ax, 0xb800
0x12e60: mov es, ax
0x12e62: mov cx, 0x30
0x12e65: push cx
0x12e66: mov cx, 0x7c0
0x12e69: xor si, si
0x12e6b: mov ah, byte ptr es:[si]
0x12e6e: cmp ah, 0x77
0x12e71: jb 0x12e80
0x12e73: dec ah
0x12e75: mov byte ptr es:[si], ah
0x12e78: mov byte ptr es:[si + 1], 0x79
0x12e7d: jmp 0x12e8a
0x12e7f: nop
0x12e80: inc ah
0x12e82: mov byte ptr es:[si], ah
0x12e85: mov byte ptr es:[si + 1], 0x8f
0x12e8a: inc si
2018-12-25T12:43:50.05714593Z 98 PC: 16c00 | Get current PSP
2018-12-25T12:43:50.058996413Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T12:43:50.068233734Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T12:43:50.069984861Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T12:43:50.071978133Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T12:43:50.074525318Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:43:50.07649398Z 48 PC: 14911 | Get DOS version
2018-12-25T12:43:50.07837091Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:43:50.083645071Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15560,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:50.472947715Z 42 PC: 12f03 | Get date 0x12f03: cmp cx, 0x7cc
0x12f07: jne 0x12f13
0x12f09: cmp dh, 3
0x12f0c: ja 0x12f13
0x12f0e: cmp dl, 0x14
0x12f11: jb 0x12f5c
0x12f13: mov al, 0xff
0x12f15: mov ah, 0xf
0x12f17: xchg al, ah
0x12f19: nop
0x12f1a: int 0x21
0x12f1c: cmp ax, 0x101
0x12f1f: jne 0x12f25
0x12f21: call 0x12f60
0x12f24: nop
0x12f25: mov ax, 0x3521
0x12f28: nop
0x12f29: int 0x21
0x12f2b: cmp word ptr es:[0xa], 0x4254
0x12f32: jne 0x12f40
2018-12-25T12:43:50.476051513Z 255 PC: 12f1c | UNKNOWN!
2018-12-25T12:43:50.47686175Z 53 PC: 12f2b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:50.478337763Z 240 PC: 12f5a | UNKNOWN!
2018-12-25T12:43:50.481013219Z 44 PC: 12e58 | Get time 0x12e58: cmp cl, 6
0x12e5b: jne 0x12e92
0x12e5d: mov ax, 0xb800
0x12e60: mov es, ax
0x12e62: mov cx, 0x30
0x12e65: push cx
0x12e66: mov cx, 0x7c0
0x12e69: xor si, si
0x12e6b: mov ah, byte ptr es:[si]
0x12e6e: cmp ah, 0x77
0x12e71: jb 0x12e80
0x12e73: dec ah
0x12e75: mov byte ptr es:[si], ah
0x12e78: mov byte ptr es:[si + 1], 0x79
0x12e7d: jmp 0x12e8a
0x12e7f: nop
0x12e80: inc ah
0x12e82: mov byte ptr es:[si], ah
0x12e85: mov byte ptr es:[si + 1], 0x8f
0x12e8a: inc si
2018-12-25T12:43:50.492688688Z 98 PC: 16c00 | Get current PSP
2018-12-25T12:43:50.494300004Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T12:43:50.496710196Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T12:43:50.499852133Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T12:43:50.501736599Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T12:43:50.503608981Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:43:50.505916111Z 48 PC: 14911 | Get DOS version
2018-12-25T12:43:50.50782521Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:43:50.512968362Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":15560,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:50.562546913Z 42 PC: 12f03 | Get date 0x12f03: cmp cx, 0x7cc
0x12f07: jne 0x12f13
0x12f09: cmp dh, 3
0x12f0c: ja 0x12f13
0x12f0e: cmp dl, 0x14
0x12f11: jb 0x12f5c
0x12f13: mov al, 0xff
0x12f15: mov ah, 0xf
0x12f17: xchg al, ah
0x12f19: nop
0x12f1a: int 0x21
0x12f1c: cmp ax, 0x101
0x12f1f: jne 0x12f25
0x12f21: call 0x12f60
0x12f24: nop
0x12f25: mov ax, 0x3521
0x12f28: nop
0x12f29: int 0x21
0x12f2b: cmp word ptr es:[0xa], 0x4254
0x12f32: jne 0x12f40
2018-12-25T12:43:50.570527057Z 255 PC: 12f1c | UNKNOWN!
2018-12-25T12:43:50.571520407Z 53 PC: 12f2b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:50.572775135Z 240 PC: 12f5a | UNKNOWN!
2018-12-25T12:43:50.578614244Z 44 PC: 12e58 | Get time 0x12e58: cmp cl, 6
0x12e5b: jne 0x12e92
0x12e5d: mov ax, 0xb800
0x12e60: mov es, ax
0x12e62: mov cx, 0x30
0x12e65: push cx
0x12e66: mov cx, 0x7c0
0x12e69: xor si, si
0x12e6b: mov ah, byte ptr es:[si]
0x12e6e: cmp ah, 0x77
0x12e71: jb 0x12e80
0x12e73: dec ah
0x12e75: mov byte ptr es:[si], ah
0x12e78: mov byte ptr es:[si + 1], 0x79
0x12e7d: jmp 0x12e8a
0x12e7f: nop
0x12e80: inc ah
0x12e82: mov byte ptr es:[si], ah
0x12e85: mov byte ptr es:[si + 1], 0x8f
0x12e8a: inc si
2018-12-25T12:43:50.648772343Z 98 PC: 16c00 | Get current PSP
2018-12-25T12:43:50.649924423Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T12:43:50.65220845Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T12:43:50.653601097Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T12:43:50.655206224Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T12:43:50.657487674Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:43:50.659210111Z 48 PC: 14911 | Get DOS version
2018-12-25T12:43:50.660830466Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:43:50.665471514Z 76 PC: 16c3a | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":6,"Second":0,"TimeBased":true,"OriginalID":15560,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:43:52.676154419Z 42 PC: 12f03 | Get date 0x12f03: cmp cx, 0x7cc
0x12f07: jne 0x12f13
0x12f09: cmp dh, 3
0x12f0c: ja 0x12f13
0x12f0e: cmp dl, 0x14
0x12f11: jb 0x12f5c
0x12f13: mov al, 0xff
0x12f15: mov ah, 0xf
0x12f17: xchg al, ah
0x12f19: nop
0x12f1a: int 0x21
0x12f1c: cmp ax, 0x101
0x12f1f: jne 0x12f25
0x12f21: call 0x12f60
0x12f24: nop
0x12f25: mov ax, 0x3521
0x12f28: nop
0x12f29: int 0x21
0x12f2b: cmp word ptr es:[0xa], 0x4254
0x12f32: jne 0x12f40
2018-12-25T12:43:52.679986945Z 255 PC: 12f1c | UNKNOWN!
2018-12-25T12:43:52.681277733Z 53 PC: 12f2b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:43:52.683032975Z 240 PC: 12f5a | UNKNOWN!
2018-12-25T12:43:52.685579008Z 44 PC: 12e58 | Get time 0x12e58: cmp cl, 6
0x12e5b: jne 0x12e92
0x12e5d: mov ax, 0xb800
0x12e60: mov es, ax
0x12e62: mov cx, 0x30
0x12e65: push cx
0x12e66: mov cx, 0x7c0
0x12e69: xor si, si
0x12e6b: mov ah, byte ptr es:[si]
0x12e6e: cmp ah, 0x77
0x12e71: jb 0x12e80
0x12e73: dec ah
0x12e75: mov byte ptr es:[si], ah
0x12e78: mov byte ptr es:[si + 1], 0x79
0x12e7d: jmp 0x12e8a
0x12e7f: nop
0x12e80: inc ah
0x12e82: mov byte ptr es:[si], ah
0x12e85: mov byte ptr es:[si + 1], 0x8f
0x12e8a: inc si
2018-12-25T12:43:52.771051927Z 98 PC: 16c00 | Get current PSP
2018-12-25T12:43:52.772827744Z 99 PC: 148d4 | Get DBCS lead byte table pointer
2018-12-25T12:43:52.775551295Z 68 PC: 148ee | I/O control for devices (Set for = '')
2018-12-25T12:43:52.777733291Z 68 PC: 148f9 | I/O control for devices (Set for = '')
2018-12-25T12:43:52.779781028Z 68 PC: 14904 | I/O control for devices (Set for = '')
2018-12-25T12:43:52.781796915Z 68 PC: 1490c | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:43:52.804555751Z 48 PC: 14911 | Get DOS version
2018-12-25T12:43:52.816752542Z 64 PC: 14a46 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:43:52.834878376Z 76 PC: 16c3a | Terminate with return code (Return code = '0')