Sample viewer

vx.netlux.org/Virus.DOS.Gdog.Baron.2000.d

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:08:58.095402012Z 77 PC: 12a51 | Get program return code
2018-12-17T23:08:58.096741278Z 82 PC: 12a79 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:08:58.098122832Z 53 PC: 12a83 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:58.099299089Z 74 PC: 12aa8 | Reallocate memory
2018-12-17T23:08:58.100599185Z 72 PC: 12aae | Allocate memory
2018-12-17T23:08:58.102738876Z 37 PC: 12ad2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:08:58.103839967Z 42 PC: 12ada | Get date 0x12ada: cmp dx, 0x80a
0x12ade: jne 0x12b32
0x12ae0: mov ax, 0xa000
0x12ae3: mov es, ax
0x12ae5: mov ax, 0x13
0x12ae8: int 0x10
0x12aea: mov di, 0x58c
0x12aed: mov cx, 0xc4
0x12af0: push cx
0x12af1: mov cx, 0x14
0x12af4: mov byte ptr es:[di], al
0x12af7: inc di
0x12af8: loop 0x12af4
0x12afa: add di, 0x12c
0x12afe: pop cx
0x12aff: loop 0x12af0
0x12b01: mov di, 0xbbc6
0x12b04: mov cx, 0x12
0x12b07: push cx
0x12b08: mov cx, 0xa0

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:36.706572632Z 77 PC: 12a51 | Get program return code
2018-12-25T12:52:36.70768137Z 82 PC: 12a79 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:36.709606378Z 53 PC: 12a83 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:36.710623535Z 74 PC: 12aa8 | Reallocate memory
2018-12-25T12:52:36.711758054Z 72 PC: 12aae | Allocate memory
2018-12-25T12:52:36.713661745Z 37 PC: 12ad2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:36.714647553Z 42 PC: 12ada | Get date 0x12ada: cmp dx, 0x80a
0x12ade: jne 0x12b32
0x12ae0: mov ax, 0xa000
0x12ae3: mov es, ax
0x12ae5: mov ax, 0x13
0x12ae8: int 0x10
0x12aea: mov di, 0x58c
0x12aed: mov cx, 0xc4
0x12af0: push cx
0x12af1: mov cx, 0x14
0x12af4: mov byte ptr es:[di], al
0x12af7: inc di
0x12af8: loop 0x12af4
0x12afa: add di, 0x12c
0x12afe: pop cx
0x12aff: loop 0x12af0
0x12b01: mov di, 0xbbc6
0x12b04: mov cx, 0x12
0x12b07: push cx
0x12b08: mov cx, 0xa0

{"DateBased":true,"Day":10,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16372,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:37.015059322Z 77 PC: 12a51 | Get program return code
2018-12-25T12:52:37.016965889Z 82 PC: 12a79 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:52:37.018040352Z 53 PC: 12a83 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:37.019044235Z 74 PC: 12aa8 | Reallocate memory
2018-12-25T12:52:37.025698586Z 72 PC: 12aae | Allocate memory
2018-12-25T12:52:37.027165129Z 37 PC: 12ad2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:37.028169471Z 42 PC: 12ada | Get date 0x12ada: cmp dx, 0x80a
0x12ade: jne 0x12b32
0x12ae0: mov ax, 0xa000
0x12ae3: mov es, ax
0x12ae5: mov ax, 0x13
0x12ae8: int 0x10
0x12aea: mov di, 0x58c
0x12aed: mov cx, 0xc4
0x12af0: push cx
0x12af1: mov cx, 0x14
0x12af4: mov byte ptr es:[di], al
0x12af7: inc di
0x12af8: loop 0x12af4
0x12afa: add di, 0x12c
0x12afe: pop cx
0x12aff: loop 0x12af0
0x12b01: mov di, 0xbbc6
0x12b04: mov cx, 0x12
0x12b07: push cx
0x12b08: mov cx, 0xa0
2018-12-25T12:52:37.038385855Z 9 PC: 12b20 | Display string (Could not find end pointer)