Sample viewer

vx.netlux.org/Virus.DOS.Andromeda.800

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:07.071393018Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-17T23:07:07.074535017Z	48	PC: 12abf \| Get DOS version
2018-12-17T23:07:07.075686733Z	38	PC: 12aff \| Create PSP
2018-12-17T23:07:07.076975278Z	53	PC: 12b2f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:07.079145785Z	53	PC: 12b46 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:07:07.080270687Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:07.081399061Z	42	PC: 12b65 \| Get date 0x12b65: mov al, 0x1e 0x12b67: sub al, dh 0x12b69: cmp al, dl 0x12b6b: jne 0x12b75 0x12b6d: mov dx, 0x342 0x12b70: mov ax, 0x251c 0x12b73: int 0x21 0x12b75: push cs 0x12b76: pop ds 0x12b77: mov si, 0x3e7 0x12b7a: mov ax, word ptr es:[si] 0x12b7d: mov word ptr cs:[0x100], ax 0x12b81: add si, 2 0x12b84: mov ax, word ptr es:[si] 0x12b87: mov word ptr cs:[0x102], ax 0x12b8b: add si, 1 0x12b8e: mov al, byte ptr es:[si] 0x12b91: mov byte ptr cs:[0x104], al 0x12b95: push cs 0x12b96: pop es
2018-12-17T23:07:07.083496091Z	9	PC: 12aa2 \| Display string (String= 'AACDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:25.492354749Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:25.495802343Z	48	PC: 12abf \| Get DOS version
2018-12-25T12:44:25.496968239Z	38	PC: 12aff \| Create PSP
2018-12-25T12:44:25.498344468Z	53	PC: 12b2f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:25.499808587Z	53	PC: 12b46 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:25.501965804Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:25.503456529Z	42	PC: 12b65 \| Get date 0x12b65: mov al, 0x1e 0x12b67: sub al, dh 0x12b69: cmp al, dl 0x12b6b: jne 0x12b75 0x12b6d: mov dx, 0x342 0x12b70: mov ax, 0x251c 0x12b73: int 0x21 0x12b75: push cs 0x12b76: pop ds 0x12b77: mov si, 0x3e7 0x12b7a: mov ax, word ptr es:[si] 0x12b7d: mov word ptr cs:[0x100], ax 0x12b81: add si, 2 0x12b84: mov ax, word ptr es:[si] 0x12b87: mov word ptr cs:[0x102], ax 0x12b8b: add si, 1 0x12b8e: mov al, byte ptr es:[si] 0x12b91: mov byte ptr cs:[0x104], al 0x12b95: push cs 0x12b96: pop es
2018-12-25T12:44:25.505983614Z	9	PC: 12aa2 \| Display string (String= 'AACDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:25.842505268Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:25.845612013Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:26.403086677Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:26.406289688Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":29,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:26.473843329Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:26.476688405Z	48	PC: 12abf \| Get DOS version
2018-12-25T12:44:26.478212701Z	38	PC: 12aff \| Create PSP
2018-12-25T12:44:26.479914403Z	53	PC: 12b2f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:26.481623Z	53	PC: 12b46 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:26.490254358Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:26.491634889Z	42	PC: 12b65 \| Get date 0x12b65: mov al, 0x1e 0x12b67: sub al, dh 0x12b69: cmp al, dl 0x12b6b: jne 0x12b75 0x12b6d: mov dx, 0x342 0x12b70: mov ax, 0x251c 0x12b73: int 0x21 0x12b75: push cs 0x12b76: pop ds 0x12b77: mov si, 0x3e7 0x12b7a: mov ax, word ptr es:[si] 0x12b7d: mov word ptr cs:[0x100], ax 0x12b81: add si, 2 0x12b84: mov ax, word ptr es:[si] 0x12b87: mov word ptr cs:[0x102], ax 0x12b8b: add si, 1 0x12b8e: mov al, byte ptr es:[si] 0x12b91: mov byte ptr cs:[0x104], al 0x12b95: push cs 0x12b96: pop es
2018-12-25T12:44:26.494053646Z	37	PC: 12b75 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:26.495844318Z	9	PC: 12aa2 \| Display string (String= 'AACDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:26.983574073Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:26.987136124Z	48	PC: 12abf \| Get DOS version
2018-12-25T12:44:26.988828085Z	38	PC: 12aff \| Create PSP
2018-12-25T12:44:26.990761163Z	53	PC: 12b2f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:26.992726244Z	53	PC: 12b46 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:26.994410376Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:26.996633184Z	42	PC: 12b65 \| Get date 0x12b65: mov al, 0x1e 0x12b67: sub al, dh 0x12b69: cmp al, dl 0x12b6b: jne 0x12b75 0x12b6d: mov dx, 0x342 0x12b70: mov ax, 0x251c 0x12b73: int 0x21 0x12b75: push cs 0x12b76: pop ds 0x12b77: mov si, 0x3e7 0x12b7a: mov ax, word ptr es:[si] 0x12b7d: mov word ptr cs:[0x100], ax 0x12b81: add si, 2 0x12b84: mov ax, word ptr es:[si] 0x12b87: mov word ptr cs:[0x102], ax 0x12b8b: add si, 1 0x12b8e: mov al, byte ptr es:[si] 0x12b91: mov byte ptr cs:[0x104], al 0x12b95: push cs 0x12b96: pop es
2018-12-25T12:44:26.999416622Z	9	PC: 12aa2 \| Display string (String= 'AACDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:29.526320986Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:29.529413289Z	48	PC: 12abf \| Get DOS version
2018-12-25T12:44:29.530541139Z	38	PC: 12aff \| Create PSP
2018-12-25T12:44:29.531789186Z	53	PC: 12b2f \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:29.537477921Z	53	PC: 12b46 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:44:29.538929572Z	37	PC: 12b61 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:44:29.540165768Z	42	PC: 12b65 \| Get date 0x12b65: mov al, 0x1e 0x12b67: sub al, dh 0x12b69: cmp al, dl 0x12b6b: jne 0x12b75 0x12b6d: mov dx, 0x342 0x12b70: mov ax, 0x251c 0x12b73: int 0x21 0x12b75: push cs 0x12b76: pop ds 0x12b77: mov si, 0x3e7 0x12b7a: mov ax, word ptr es:[si] 0x12b7d: mov word ptr cs:[0x100], ax 0x12b81: add si, 2 0x12b84: mov ax, word ptr es:[si] 0x12b87: mov word ptr cs:[0x102], ax 0x12b8b: add si, 1 0x12b8e: mov al, byte ptr es:[si] 0x12b91: mov byte ptr cs:[0x104], al 0x12b95: push cs 0x12b96: pop es
2018-12-25T12:44:29.542375246Z	9	PC: 12aa2 \| Display string (String= 'AACDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:29.709810807Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:29.713925449Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15760,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:29.755370829Z	42	PC: 12ab0 \| Get date 0x12ab0: cmp al, 6 0x12ab2: je 0x12ac5 0x12ab4: cmp al, 0 0x12ab6: je 0x12ac5 0x12ab8: mov si, 0xcdfe 0x12abb: mov ah, 0x30 0x12abd: int 0x21 0x12abf: cmp di, 0x1b3d 0x12ac3: jne 0x12adc 0x12ac5: mov si, 0x3e7 0x12ac8: pop bx 0x12ac9: sub bx, 0x100 0x12acd: add si, bx 0x12acf: mov di, 0x100 0x12ad2: mov cx, 5 0x12ad5: rep movsb byte ptr es:[di], byte ptr [si] 0x12ad7: mov ax, 0x100 0x12ada: jmp ax 0x12adc: push es 0x12add: mov ax, cs
2018-12-25T12:44:29.757891811Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')