Sample viewer

vx.netlux.org/Virus.DOS.Vodka.560

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:06:41.756665999Z 97 PC: 12c34 | Reserved
2018-12-17T23:06:41.758864547Z 53 PC: 12c60 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:41.760536056Z 37 PC: 12c75 | Set interrupt vector (Interrupt = '246' AKA 'UNKNOWN!')
2018-12-17T23:06:41.762178128Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:06:41.763289303Z 44 PC: 12c8f | Get time 0x12c8f: cmp ch, 1
0x12c92: jne 0x12c97
0x12c94: call 0x12de2
0x12c97: pop ax
0x12c98: mov ds, ax
0x12c9a: mov es, ax
0x12c9c: add ax, 0x10
0x12c9f: add ax, word ptr cs:[bp + 0x1df]
0x12ca4: push ax
0x12ca5: push word ptr cs:[bp + 0x1e1]
0x12caa: nop
0x12cab: nop
0x12cac: nop
0x12cad: nop
0x12cae: retf
0x12caf: cmp ah, 0x61
0x12cb2: jne 0x12cb7
0x12cb4: mov al, 0x20
0x12cb6: iret
0x12cb7: cmp ah, 0x4b
2018-12-17T23:06:41.766167954Z 9 PC: 12dec | Display string (String= 't) ����������� ver. 1.2 ����,����� ���� - ���஢�� �।���!? (Y/N) ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15624,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:01.991493808Z 97 PC: 12c34 | Reserved
2018-12-25T12:44:01.993381654Z 53 PC: 12c60 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:01.995922928Z 37 PC: 12c75 | Set interrupt vector (Interrupt = '246' AKA 'UNKNOWN!')
2018-12-25T12:44:02.00494599Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:02.006298779Z 44 PC: 12c8f | Get time 0x12c8f: cmp ch, 1
0x12c92: jne 0x12c97
0x12c94: call 0x12de2
0x12c97: pop ax
0x12c98: mov ds, ax
0x12c9a: mov es, ax
0x12c9c: add ax, 0x10
0x12c9f: add ax, word ptr cs:[bp + 0x1df]
0x12ca4: push ax
0x12ca5: push word ptr cs:[bp + 0x1e1]
0x12caa: nop
0x12cab: nop
0x12cac: nop
0x12cad: nop
0x12cae: retf
0x12caf: cmp ah, 0x61
0x12cb2: jne 0x12cb7
0x12cb4: mov al, 0x20
0x12cb6: iret
0x12cb7: cmp ah, 0x4b
2018-12-25T12:44:02.008748825Z 9 PC: 12dec | Display string (String= 't) ����������� ver. 1.2 ����,����� ���� - ���஢�� �।���!? (Y/N) ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":15624,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:44:02.018074822Z 97 PC: 12c34 | Reserved
2018-12-25T12:44:02.020094766Z 53 PC: 12c60 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:02.021392634Z 37 PC: 12c75 | Set interrupt vector (Interrupt = '246' AKA 'UNKNOWN!')
2018-12-25T12:44:02.022547655Z 37 PC: 12c8b | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:02.024122402Z 44 PC: 12c8f | Get time 0x12c8f: cmp ch, 1
0x12c92: jne 0x12c97
0x12c94: call 0x12de2
0x12c97: pop ax
0x12c98: mov ds, ax
0x12c9a: mov es, ax
0x12c9c: add ax, 0x10
0x12c9f: add ax, word ptr cs:[bp + 0x1df]
0x12ca4: push ax
0x12ca5: push word ptr cs:[bp + 0x1e1]
0x12caa: nop
0x12cab: nop
0x12cac: nop
0x12cad: nop
0x12cae: retf
0x12caf: cmp ah, 0x61
0x12cb2: jne 0x12cb7
0x12cb4: mov al, 0x20
0x12cb6: iret
0x12cb7: cmp ah, 0x4b
2018-12-25T12:44:02.02635078Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T12:44:02.030311308Z 76 PC: 12c28 | Terminate with return code (Return code = '0')