Sample viewer

vx.netlux.org/Virus.DOS.SuperVirus.1175

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:07:56.558918167Z 74 PC: 12add | Reallocate memory
2018-12-17T23:07:56.561388881Z 75 PC: 12b01 | Execute program
2018-12-17T23:07:56.583019309Z 74 PC: 13087 | Reallocate memory
2018-12-17T23:07:56.585449387Z 99 PC: 150f8 | Get DBCS lead byte table pointer
2018-12-17T23:07:56.587343568Z 68 PC: 15114 | I/O control for devices (Set for = '')
2018-12-17T23:07:56.594275528Z 68 PC: 1511f | I/O control for devices (Set for = '')
2018-12-17T23:07:56.596469862Z 68 PC: 1512a | I/O control for devices (Set for = '')
2018-12-17T23:07:56.598261529Z 68 PC: 15132 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T23:07:56.601434003Z 48 PC: 15137 | Get DOS version
2018-12-17T23:07:56.603558176Z 64 PC: 153c8 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T23:07:56.608979597Z 37 PC: 15f2b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T23:07:56.611372114Z 76 PC: 15f14 | Terminate with return code (Return code = '11')
2018-12-17T23:07:56.615318752Z 73 PC: 12b07 | Release memory
2018-12-17T23:07:56.617506986Z 53 PC: 12b0c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:56.620115098Z 37 PC: 12b1f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:07:56.621700377Z 37 PC: 12b28 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:07:56.623434437Z 42 PC: 12b2b | Get date 0x12b2b: cmp dh, 0xa
0x12b2e: jb 0x12b37
0x12b30: mov byte ptr cs:[0x413], 1
0x12b36: nop
0x12b37: pop dx
0x12b38: mov ax, 0x3100
0x12b3b: int3
0x12b3c: xor al, al
0x12b3e: iret
0x12b3f: cmp ax, 0x4b00
0x12b42: je 0x12b66
0x12b44: cmp ah, 0x40
0x12b47: jne 0x12b61
0x12b49: cmp bx, 3
0x12b4c: jb 0x12b61
0x12b4e: cmp byte ptr cs:[0x413], 1
0x12b54: jne 0x12b61
0x12b56: call 0x12dbe
0x12b59: jb 0x12b5e
0x12b5b: mov ax, cx
2018-12-17T23:07:56.626226746Z 49 PC: 12b3c | Terminate and stay resident (Return code = '0' | Memory size = '90')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16028,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:04.821208931Z 74 PC: 12add | Reallocate memory
2018-12-25T12:45:04.82291615Z 75 PC: 12b01 | Execute program
2018-12-25T12:45:04.846778088Z 74 PC: 13087 | Reallocate memory
2018-12-25T12:45:04.849300014Z 99 PC: 150f8 | Get DBCS lead byte table pointer
2018-12-25T12:45:04.850752155Z 68 PC: 15114 | I/O control for devices (Set for = '')
2018-12-25T12:45:04.852638635Z 68 PC: 1511f | I/O control for devices (Set for = '')
2018-12-25T12:45:04.854348955Z 68 PC: 1512a | I/O control for devices (Set for = '')
2018-12-25T12:45:04.855860277Z 68 PC: 15132 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:45:04.859363036Z 48 PC: 15137 | Get DOS version
2018-12-25T12:45:04.861137477Z 64 PC: 153c8 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:45:04.867922166Z 37 PC: 15f2b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:04.884337281Z 76 PC: 15f14 | Terminate with return code (Return code = '11')
2018-12-25T12:45:04.887643703Z 73 PC: 12b07 | Release memory
2018-12-25T12:45:04.889035905Z 53 PC: 12b0c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:04.890681205Z 37 PC: 12b1f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:45:04.89182079Z 37 PC: 12b28 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:04.893286111Z 42 PC: 12b2b | Get date 0x12b2b: cmp dh, 0xa
0x12b2e: jb 0x12b37
0x12b30: mov byte ptr cs:[0x413], 1
0x12b36: nop
0x12b37: pop dx
0x12b38: mov ax, 0x3100
0x12b3b: int3
0x12b3c: xor al, al
0x12b3e: iret
0x12b3f: cmp ax, 0x4b00
0x12b42: je 0x12b66
0x12b44: cmp ah, 0x40
0x12b47: jne 0x12b61
0x12b49: cmp bx, 3
0x12b4c: jb 0x12b61
0x12b4e: cmp byte ptr cs:[0x413], 1
0x12b54: jne 0x12b61
0x12b56: call 0x12dbe
0x12b59: jb 0x12b5e
0x12b5b: mov ax, cx
2018-12-25T12:45:04.89622741Z 49 PC: 12b3c | Terminate and stay resident (Return code = '0' | Memory size = '90')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16028,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:05.015599692Z 74 PC: 12add | Reallocate memory
2018-12-25T12:45:05.019071181Z 75 PC: 12b01 | Execute program
2018-12-25T12:45:05.039621614Z 74 PC: 13087 | Reallocate memory
2018-12-25T12:45:05.041552606Z 99 PC: 150f8 | Get DBCS lead byte table pointer
2018-12-25T12:45:05.043987771Z 68 PC: 15114 | I/O control for devices (Set for = '')
2018-12-25T12:45:05.045483802Z 68 PC: 1511f | I/O control for devices (Set for = '')
2018-12-25T12:45:05.047437685Z 68 PC: 1512a | I/O control for devices (Set for = '')
2018-12-25T12:45:05.049773956Z 68 PC: 15132 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:45:05.052281537Z 48 PC: 15137 | Get DOS version
2018-12-25T12:45:05.05393195Z 64 PC: 153c8 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:45:05.059281594Z 37 PC: 15f2b | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:45:05.060451615Z 76 PC: 15f14 | Terminate with return code (Return code = '11')
2018-12-25T12:45:05.063369477Z 73 PC: 12b07 | Release memory
2018-12-25T12:45:05.065195588Z 53 PC: 12b0c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:05.066515349Z 37 PC: 12b1f | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:45:05.067727951Z 37 PC: 12b28 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:05.069564911Z 42 PC: 12b2b | Get date 0x12b2b: cmp dh, 0xa
0x12b2e: jb 0x12b37
0x12b30: mov byte ptr cs:[0x413], 1
0x12b36: nop
0x12b37: pop dx
0x12b38: mov ax, 0x3100
0x12b3b: int3
0x12b3c: xor al, al
0x12b3e: iret
0x12b3f: cmp ax, 0x4b00
0x12b42: je 0x12b66
0x12b44: cmp ah, 0x40
0x12b47: jne 0x12b61
0x12b49: cmp bx, 3
0x12b4c: jb 0x12b61
0x12b4e: cmp byte ptr cs:[0x413], 1
0x12b54: jne 0x12b61
0x12b56: call 0x12dbe
0x12b59: jb 0x12b5e
0x12b5b: mov ax, cx
2018-12-25T12:45:05.072458361Z 49 PC: 12b3c | Terminate and stay resident (Return code = '0' | Memory size = '90')