Sample viewer

vx.netlux.org/Virus.DOS.Hypnotiser.1784

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:25.761617882Z 65 PC: 1ce97 | Delete file (Filename = 'chklist.ms')
2018-12-17T23:08:25.767625551Z 42 PC: 1ce9b | Get date 0x1ce9b: cmp dl, 0xa
0x1ce9e: jne 0x1cec8
0x1cea0: in al, 0x40
0x1cea2: cmp al, 0xa
0x1cea4: ja 0x1cec8
0x1cea6: lea di, word ptr [bp + 0x7f8]
0x1ceaa: shr di, 4
0x1cead: mov ax, cs
0x1ceaf: add ax, di
0x1ceb1: mov es, ax
0x1ceb3: mov di, 0x100
0x1ceb6: push es
0x1ceb7: pop ss
0x1ceb8: push es
0x1ceb9: push di
0x1ceba: push cs
0x1cebb: pop ds
0x1cebc: lea si, word ptr [bp + 0x703]
0x1cec0: mov cx, 0xf5
0x1cec3: repne movsb byte ptr es:[di], byte ptr [si]
2018-12-17T23:08:25.769991218Z 190 PC: 1cecd | UNKNOWN!
2018-12-17T23:08:25.771293934Z 82 PC: 1cf3b | Get DOS internal pointers (SYSVARS)
2018-12-17T23:08:25.77332331Z 37 PC: 1cfb9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:25.774515631Z 9 PC: 12a51 | Display string (String= 'This is a huge sample!')
2018-12-17T23:08:25.776810892Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16187,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:43.55866095Z 65 PC: 1ce97 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:45:43.564127939Z 42 PC: 1ce9b | Get date 0x1ce9b: cmp dl, 0xa
0x1ce9e: jne 0x1cec8
0x1cea0: in al, 0x40
0x1cea2: cmp al, 0xa
0x1cea4: ja 0x1cec8
0x1cea6: lea di, word ptr [bp + 0x7f8]
0x1ceaa: shr di, 4
0x1cead: mov ax, cs
0x1ceaf: add ax, di
0x1ceb1: mov es, ax
0x1ceb3: mov di, 0x100
0x1ceb6: push es
0x1ceb7: pop ss
0x1ceb8: push es
0x1ceb9: push di
0x1ceba: push cs
0x1cebb: pop ds
0x1cebc: lea si, word ptr [bp + 0x703]
0x1cec0: mov cx, 0xf5
0x1cec3: repne movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:45:43.565983838Z 190 PC: 1cecd | UNKNOWN!
2018-12-25T12:45:43.567312032Z 82 PC: 1cf3b | Get DOS internal pointers (SYSVARS)
2018-12-25T12:45:43.568881013Z 37 PC: 1cfb9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:43.569974361Z 9 PC: 12a51 | Display string (String= 'This is a huge sample!')
2018-12-25T12:45:43.572591888Z 76 PC: 12a56 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16187,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:45:43.61464642Z 65 PC: 1ce97 | Delete file (Filename = 'chklist.ms')
2018-12-25T12:45:43.620290056Z 42 PC: 1ce9b | Get date 0x1ce9b: cmp dl, 0xa
0x1ce9e: jne 0x1cec8
0x1cea0: in al, 0x40
0x1cea2: cmp al, 0xa
0x1cea4: ja 0x1cec8
0x1cea6: lea di, word ptr [bp + 0x7f8]
0x1ceaa: shr di, 4
0x1cead: mov ax, cs
0x1ceaf: add ax, di
0x1ceb1: mov es, ax
0x1ceb3: mov di, 0x100
0x1ceb6: push es
0x1ceb7: pop ss
0x1ceb8: push es
0x1ceb9: push di
0x1ceba: push cs
0x1cebb: pop ds
0x1cebc: lea si, word ptr [bp + 0x703]
0x1cec0: mov cx, 0xf5
0x1cec3: repne movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:45:43.622217196Z 190 PC: 1cecd | UNKNOWN!
2018-12-25T12:45:43.623430961Z 82 PC: 1cf3b | Get DOS internal pointers (SYSVARS)
2018-12-25T12:45:43.625138402Z 37 PC: 1cfb9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:45:43.626187261Z 9 PC: 12a51 | Display string (String= 'This is a huge sample!')
2018-12-25T12:45:43.628431015Z 76 PC: 12a56 | Terminate with return code (Return code = '0')