Sample viewer

vx.netlux.org/Virus.DOS.Barrotes.1310.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:57.168559133Z 238 PC: 13250 | UNKNOWN!
2018-12-17T23:08:57.170702672Z 53 PC: 1325d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:57.172735612Z 54 PC: 9f771 | Get free disk space
2018-12-17T23:08:57.182634678Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:08:57.184305328Z 67 PC: 9f7be | Get or set file attributes
2018-12-17T23:08:57.195385282Z 67 PC: 9f7ca | Get or set file attributes
2018-12-17T23:08:57.204176455Z 67 PC: 9fa0b | Get or set file attributes
2018-12-17T23:08:57.210179187Z 42 PC: 132ec | Get date 0x132ec: cmp dx, 0x105
0x132f0: jne 0x13311
0x132f2: xor ax, ax
0x132f4: mov es, ax
0x132f6: mov dx, 0x49f
0x132f9: mov word ptr es:[0x70], dx
0x132fe: mov word ptr es:[0x72], ds
0x13303: mov dx, 0x80
0x13306: mov cx, 1
0x13309: mov ax, 0x301
0x1330c: mov bx, 0x100
0x1330f: int 0x13
0x13311: cmp byte ptr cs:[si + 0x3b], 1
0x13316: je 0x1332a
0x13318: push cs
0x13319: push cs
0x1331a: pop ds
0x1331b: pop es
0x1331c: add si, 4
0x1331f: mov di, 0x100

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16364,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:36.106043647Z 238 PC: 13250 | UNKNOWN!
2018-12-25T12:52:36.107193591Z 53 PC: 1325d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:36.108474868Z 54 PC: 9f771 | Get free disk space
2018-12-25T12:52:36.116974901Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:36.118568729Z 67 PC: 9f7be | Get or set file attributes
2018-12-25T12:52:36.124111188Z 67 PC: 9f7ca | Get or set file attributes
2018-12-25T12:52:36.134137426Z 67 PC: 9fa0b | Get or set file attributes
2018-12-25T12:52:36.144186482Z 42 PC: 132ec | Get date 0x132ec: cmp dx, 0x105
0x132f0: jne 0x13311
0x132f2: xor ax, ax
0x132f4: mov es, ax
0x132f6: mov dx, 0x49f
0x132f9: mov word ptr es:[0x70], dx
0x132fe: mov word ptr es:[0x72], ds
0x13303: mov dx, 0x80
0x13306: mov cx, 1
0x13309: mov ax, 0x301
0x1330c: mov bx, 0x100
0x1330f: int 0x13
0x13311: cmp byte ptr cs:[si + 0x3b], 1
0x13316: je 0x1332a
0x13318: push cs
0x13319: push cs
0x1331a: pop ds
0x1331b: pop es
0x1331c: add si, 4
0x1331f: mov di, 0x100

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16364,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:36.421160586Z 238 PC: 13250 | UNKNOWN!
2018-12-25T12:52:36.422891369Z 53 PC: 1325d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:36.42433947Z 54 PC: 9f771 | Get free disk space
2018-12-25T12:52:36.433038332Z 53 PC: 9f793 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:52:36.434741538Z 67 PC: 9f7be | Get or set file attributes
2018-12-25T12:52:36.44079881Z 67 PC: 9f7ca | Get or set file attributes
2018-12-25T12:52:36.446682937Z 67 PC: 9fa0b | Get or set file attributes
2018-12-25T12:52:36.45208606Z 42 PC: 132ec | Get date 0x132ec: cmp dx, 0x105
0x132f0: jne 0x13311
0x132f2: xor ax, ax
0x132f4: mov es, ax
0x132f6: mov dx, 0x49f
0x132f9: mov word ptr es:[0x70], dx
0x132fe: mov word ptr es:[0x72], ds
0x13303: mov dx, 0x80
0x13306: mov cx, 1
0x13309: mov ax, 0x301
0x1330c: mov bx, 0x100
0x1330f: int 0x13
0x13311: cmp byte ptr cs:[si + 0x3b], 1
0x13316: je 0x1332a
0x13318: push cs
0x13319: push cs
0x1331a: pop ds
0x1331b: pop es
0x1331c: add si, 4
0x1331f: mov di, 0x100