Sample viewer

vx.netlux.org/Virus.DOS.FaxFree.1024.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:14.623828746Z 42 PC: 12ed5 | Get date 0x12ed5: cmp dh, 5
0x12ed8: jae 0x12ee5
0x12eda: xor ax, ax
0x12edc: push ax
0x12edd: pop es
0x12ede: mov ax, 0x11
0x12ee1: mov word ptr es:[0x3fe], ax
0x12ee5: jmp 0x12c30
0x12ee8: nop
0x12ee9: mov ah, 0x4c
0x12eeb: int 0x21
0x12eed: add byte ptr [bx + di], bh
0x12eef: push es
0x12ef0: lodsb al, byte ptr [si]
0x12ef1: add dh, byte ptr [si + 6]
0x12ef4: mov word ptr [0x2ac], 0xffff
0x12efa: and byte ptr [0x31d], 0xfb
0x12eff: cmp byte ptr [0x2a2], al
0x12f03: jne 0x12f08
0x12f05: jmp 0x1304d
2018-12-17T23:09:14.626528734Z 48 PC: 12c7b | Get DOS version
2018-12-17T23:09:14.628520834Z 53 PC: 12ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:09:14.630721801Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16464,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:57.499266777Z 42 PC: 12ed5 | Get date 0x12ed5: cmp dh, 5
0x12ed8: jae 0x12ee5
0x12eda: xor ax, ax
0x12edc: push ax
0x12edd: pop es
0x12ede: mov ax, 0x11
0x12ee1: mov word ptr es:[0x3fe], ax
0x12ee5: jmp 0x12c30
0x12ee8: nop
0x12ee9: mov ah, 0x4c
0x12eeb: int 0x21
0x12eed: add byte ptr [bx + di], bh
0x12eef: push es
0x12ef0: lodsb al, byte ptr [si]
0x12ef1: add dh, byte ptr [si + 6]
0x12ef4: mov word ptr [0x2ac], 0xffff
0x12efa: and byte ptr [0x31d], 0xfb
0x12eff: cmp byte ptr [0x2a2], al
0x12f03: jne 0x12f08
0x12f05: jmp 0x1304d
2018-12-25T12:52:57.501381336Z 48 PC: 12c7b | Get DOS version
2018-12-25T12:52:57.502935577Z 53 PC: 12ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.50406806Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16464,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:52:57.585818125Z 42 PC: 12ed5 | Get date 0x12ed5: cmp dh, 5
0x12ed8: jae 0x12ee5
0x12eda: xor ax, ax
0x12edc: push ax
0x12edd: pop es
0x12ede: mov ax, 0x11
0x12ee1: mov word ptr es:[0x3fe], ax
0x12ee5: jmp 0x12c30
0x12ee8: nop
0x12ee9: mov ah, 0x4c
0x12eeb: int 0x21
0x12eed: add byte ptr [bx + di], bh
0x12eef: push es
0x12ef0: lodsb al, byte ptr [si]
0x12ef1: add dh, byte ptr [si + 6]
0x12ef4: mov word ptr [0x2ac], 0xffff
0x12efa: and byte ptr [0x31d], 0xfb
0x12eff: cmp byte ptr [0x2a2], al
0x12f03: jne 0x12f08
0x12f05: jmp 0x1304d
2018-12-25T12:52:57.589063833Z 48 PC: 12c7b | Get DOS version
2018-12-25T12:52:57.591143607Z 53 PC: 12ce4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:52:57.592579951Z 76 PC: 12aa4 | Terminate with return code (Return code = '0')