Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Mem.972

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:36.990436225Z	48	PC: 1517c \| Get DOS version
2018-12-17T23:08:36.992830122Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15359 0x15339: cmp al, 4 0x1533b: jb 0x15359 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15359 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15359 0x1534c: call 0x1535a 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x376] 0x15355: int 0x21 0x15357: cli 0x15358: hlt 0x15359: ret 0x1535a: push si 0x1535b: push di
2018-12-17T23:08:36.997291312Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T23:08:36.999497081Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T23:08:37.012427032Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16262,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:27.403362062Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:52:27.405287879Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15359 0x15339: cmp al, 4 0x1533b: jb 0x15359 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15359 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15359 0x1534c: call 0x1535a 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x376] 0x15355: int 0x21 0x15357: cli 0x15358: hlt 0x15359: ret 0x1535a: push si 0x1535b: push di
2018-12-25T12:52:27.40987177Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:52:27.41192355Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:52:27.424287333Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16262,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:27.641143506Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:52:27.642770811Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15359 0x15339: cmp al, 4 0x1533b: jb 0x15359 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15359 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15359 0x1534c: call 0x1535a 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x376] 0x15355: int 0x21 0x15357: cli 0x15358: hlt 0x15359: ret 0x1535a: push si 0x1535b: push di
2018-12-25T12:52:27.647569639Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:52:27.649579126Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:52:27.661791718Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16262,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:27.835582748Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:52:27.837117613Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15359 0x15339: cmp al, 4 0x1533b: jb 0x15359 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15359 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15359 0x1534c: call 0x1535a 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x376] 0x15355: int 0x21 0x15357: cli 0x15358: hlt 0x15359: ret 0x1535a: push si 0x1535b: push di
2018-12-25T12:52:27.839401885Z	44	PC: 15347 \| Get time 0x15347: and dh, 7 0x1534a: jne 0x15359 0x1534c: call 0x1535a 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x376] 0x15355: int 0x21 0x15357: cli 0x15358: hlt 0x15359: ret 0x1535a: push si 0x1535b: push di 0x1535c: push bp 0x1535d: call 0x15360 0x15360: pop di 0x15361: sub di, 0x210 0x15365: lea si, word ptr [di + 0x261] 0x15369: mov bx, word ptr [si] 0x1536b: or bx, bx 0x1536d: je 0x153ad 0x1536f: mov ax, 0x34dd
2018-12-25T12:52:27.843892285Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:52:27.845826631Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:52:27.859127748Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16262,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:27.969694666Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:52:27.971310012Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15359 0x15339: cmp al, 4 0x1533b: jb 0x15359 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15359 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15359 0x1534c: call 0x1535a 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x376] 0x15355: int 0x21 0x15357: cli 0x15358: hlt 0x15359: ret 0x1535a: push si 0x1535b: push di
2018-12-25T12:52:27.975176083Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:52:27.976935289Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:52:27.988134989Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')