Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Mem.1187

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:07:49.632256321Z	48	PC: 1517e \| Get DOS version
2018-12-17T23:07:49.633731025Z	42	PC: 15334 \| Get date 0x15334: add dl, 5 0x15337: cmp dh, dl 0x15339: jne 0x15365 0x1533b: cmp al, 4 0x1533d: jb 0x15365 0x1533f: cmp cx, 0x7cb 0x15343: jb 0x15365 0x15345: mov ah, 0x2c 0x15347: int 0x21 0x15349: and dh, 7 0x1534c: jne 0x15365 0x1534e: call 0x15366 0x15351: mov ah, 9 0x15353: lea dx, word ptr [bp + 0x39d] 0x15357: int 0x21 0x15359: mov ax, 2 0x1535c: mov cx, 0xa 0x1535f: cli 0x15360: cdq 0x15361: int 0x26
2018-12-17T23:07:49.637746609Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T23:07:49.639633919Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T23:07:49.650363846Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15987,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:59.163355711Z	48	PC: 1517e \| Get DOS version
2018-12-25T12:44:59.166177893Z	42	PC: 15334 \| Get date 0x15334: add dl, 5 0x15337: cmp dh, dl 0x15339: jne 0x15365 0x1533b: cmp al, 4 0x1533d: jb 0x15365 0x1533f: cmp cx, 0x7cb 0x15343: jb 0x15365 0x15345: mov ah, 0x2c 0x15347: int 0x21 0x15349: and dh, 7 0x1534c: jne 0x15365 0x1534e: call 0x15366 0x15351: mov ah, 9 0x15353: lea dx, word ptr [bp + 0x39d] 0x15357: int 0x21 0x15359: mov ax, 2 0x1535c: mov cx, 0xa 0x1535f: cli 0x15360: cdq 0x15361: int 0x26
2018-12-25T12:44:59.171192172Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:44:59.173774418Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:44:59.186220431Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15987,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:59.338403914Z	48	PC: 1517e \| Get DOS version
2018-12-25T12:44:59.340555237Z	42	PC: 15334 \| Get date 0x15334: add dl, 5 0x15337: cmp dh, dl 0x15339: jne 0x15365 0x1533b: cmp al, 4 0x1533d: jb 0x15365 0x1533f: cmp cx, 0x7cb 0x15343: jb 0x15365 0x15345: mov ah, 0x2c 0x15347: int 0x21 0x15349: and dh, 7 0x1534c: jne 0x15365 0x1534e: call 0x15366 0x15351: mov ah, 9 0x15353: lea dx, word ptr [bp + 0x39d] 0x15357: int 0x21 0x15359: mov ax, 2 0x1535c: mov cx, 0xa 0x1535f: cli 0x15360: cdq 0x15361: int 0x26
2018-12-25T12:44:59.345197298Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:44:59.347521538Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:44:59.382934838Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15987,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:44:59.946415364Z	48	PC: 1517e \| Get DOS version
2018-12-25T12:44:59.947734331Z	42	PC: 15334 \| Get date 0x15334: add dl, 5 0x15337: cmp dh, dl 0x15339: jne 0x15365 0x1533b: cmp al, 4 0x1533d: jb 0x15365 0x1533f: cmp cx, 0x7cb 0x15343: jb 0x15365 0x15345: mov ah, 0x2c 0x15347: int 0x21 0x15349: and dh, 7 0x1534c: jne 0x15365 0x1534e: call 0x15366 0x15351: mov ah, 9 0x15353: lea dx, word ptr [bp + 0x39d] 0x15357: int 0x21 0x15359: mov ax, 2 0x1535c: mov cx, 0xa 0x1535f: cli 0x15360: cdq 0x15361: int 0x26
2018-12-25T12:44:59.952549177Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:44:59.954677874Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:44:59.96644511Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":15987,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:00.012583083Z	48	PC: 1517e \| Get DOS version
2018-12-25T12:45:00.014698723Z	42	PC: 15334 \| Get date 0x15334: add dl, 5 0x15337: cmp dh, dl 0x15339: jne 0x15365 0x1533b: cmp al, 4 0x1533d: jb 0x15365 0x1533f: cmp cx, 0x7cb 0x15343: jb 0x15365 0x15345: mov ah, 0x2c 0x15347: int 0x21 0x15349: and dh, 7 0x1534c: jne 0x15365 0x1534e: call 0x15366 0x15351: mov ah, 9 0x15353: lea dx, word ptr [bp + 0x39d] 0x15357: int 0x21 0x15359: mov ax, 2 0x1535c: mov cx, 0xa 0x1535f: cli 0x15360: cdq 0x15361: int 0x26
2018-12-25T12:45:00.027598628Z	44	PC: 15349 \| Get time 0x15349: and dh, 7 0x1534c: jne 0x15365 0x1534e: call 0x15366 0x15351: mov ah, 9 0x15353: lea dx, word ptr [bp + 0x39d] 0x15357: int 0x21 0x15359: mov ax, 2 0x1535c: mov cx, 0xa 0x1535f: cli 0x15360: cdq 0x15361: int 0x26 0x15363: cli 0x15364: hlt 0x15365: ret 0x15366: push si 0x15367: push di 0x15368: push bp 0x15369: call 0x1536c 0x1536c: pop di 0x1536d: sub di, 0x21c
2018-12-25T12:45:00.033402101Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:45:00.036510313Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:45:00.049387802Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')