Sample viewer

vx.netlux.org/Virus.DOS.Australian.482

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:17.631325529Z	84	PC: 12b27 \| Get verify flag
2018-12-17T23:08:17.632936968Z	53	PC: 12b5b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:17.634808906Z	37	PC: 12b6b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:17.636014342Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dx, 0x71b 0x12b73: jb 0x12b86 0x12b75: cmp dx, 0x71f 0x12b79: ja 0x12b86 0x12b7b: mov ah, 9 0x12b7d: mov dx, 0x17d 0x12b80: int 0x21 0x12b82: xor ax, ax 0x12b84: int 0x16 0x12b86: push cs 0x12b87: push cs 0x12b88: pop es 0x12b89: pop ds 0x12b8a: ret 0x12b8b: mov sp, 0x3ab 0x12b8e: ret 0x12b8f: or ax, 0x540a 0x12b92: push 0x2065 0x12b95: dec ax 0x12b96: imul si, word ptr [si + 0x63], 0x6568
2018-12-17T23:08:17.638519861Z	9	PC: 12a47 \| Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-17T23:08:17.646870648Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16145,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:28.297127851Z	84	PC: 12b27 \| Get verify flag
2018-12-25T12:45:28.298591161Z	53	PC: 12b5b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:28.299561179Z	37	PC: 12b6b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:28.300524741Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dx, 0x71b 0x12b73: jb 0x12b86 0x12b75: cmp dx, 0x71f 0x12b79: ja 0x12b86 0x12b7b: mov ah, 9 0x12b7d: mov dx, 0x17d 0x12b80: int 0x21 0x12b82: xor ax, ax 0x12b84: int 0x16 0x12b86: push cs 0x12b87: push cs 0x12b88: pop es 0x12b89: pop ds 0x12b8a: ret 0x12b8b: mov sp, 0x3ab 0x12b8e: ret 0x12b8f: or ax, 0x540a 0x12b92: push 0x2065 0x12b95: dec ax 0x12b96: imul si, word ptr [si + 0x63], 0x6568
2018-12-25T12:45:28.302518213Z	9	PC: 12a47 \| Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-25T12:45:28.306918188Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":27,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16145,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:28.838694288Z	84	PC: 12b27 \| Get verify flag
2018-12-25T12:45:28.840337085Z	53	PC: 12b5b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:28.841443974Z	37	PC: 12b6b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:28.842470509Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dx, 0x71b 0x12b73: jb 0x12b86 0x12b75: cmp dx, 0x71f 0x12b79: ja 0x12b86 0x12b7b: mov ah, 9 0x12b7d: mov dx, 0x17d 0x12b80: int 0x21 0x12b82: xor ax, ax 0x12b84: int 0x16 0x12b86: push cs 0x12b87: push cs 0x12b88: pop es 0x12b89: pop ds 0x12b8a: ret 0x12b8b: mov sp, 0x3ab 0x12b8e: ret 0x12b8f: or ax, 0x540a 0x12b92: push 0x2065 0x12b95: dec ax 0x12b96: imul si, word ptr [si + 0x63], 0x6568
2018-12-25T12:45:28.845850099Z	9	PC: 12b82 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16145,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:45:29.301325603Z	84	PC: 12b27 \| Get verify flag
2018-12-25T12:45:29.302941352Z	53	PC: 12b5b \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:29.304055331Z	37	PC: 12b6b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:29.305101861Z	42	PC: 12b6f \| Get date 0x12b6f: cmp dx, 0x71b 0x12b73: jb 0x12b86 0x12b75: cmp dx, 0x71f 0x12b79: ja 0x12b86 0x12b7b: mov ah, 9 0x12b7d: mov dx, 0x17d 0x12b80: int 0x21 0x12b82: xor ax, ax 0x12b84: int 0x16 0x12b86: push cs 0x12b87: push cs 0x12b88: pop es 0x12b89: pop ds 0x12b8a: ret 0x12b8b: mov sp, 0x3ab 0x12b8e: ret 0x12b8f: or ax, 0x540a 0x12b92: push 0x2065 0x12b95: dec ax 0x12b96: imul si, word ptr [si + 0x63], 0x6568
2018-12-25T12:45:29.307683384Z	9	PC: 12a47 \| Display string (String= '(C) 1993 American Eagle Publications Inc., All Rights Reserved. Unauthorized use will be prosecuted under applicable copyright and software piracy laws. HOST #1 - You have just released a virus!')
2018-12-25T12:45:29.315362207Z	76	PC: 12a4c \| Terminate with return code (Return code = '0')