Sample viewer

vx.netlux.org/Virus.DOS.Vein.431

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:09:22.336913836Z	74	PC: 12a51 \| Reallocate memory
2018-12-17T23:09:22.340066681Z	78	PC: 12b5b \| Find first file
2018-12-17T23:09:22.347339842Z	42	PC: 12ad3 \| Get date 0x12ad3: cmp dh, 2 0x12ad6: jne 0x12ac0 0x12ad8: cmp dl, 3 0x12adb: jne 0x12ac0 0x12add: call 0x22a9f 0x12ae0: xor ax, ax 0x12ae2: mov al, 0x40 0x12ae4: mov ah, 0xf 0x12ae6: add ah, al 0x12ae8: call 0x12b59 0x12aeb: xor ax, ax 0x12aed: mov al, 0x3e 0x12aef: xchg al, ah 0x12af1: int 0x21 0x12af3: xor cx, cx 0x12af5: mov ax, 0x4301 0x12af8: inc cx 0x12af9: inc cx 0x12afa: inc cx 0x12afb: mov dx, 0x251
2018-12-17T23:09:22.350310681Z	81	PC: 12145 \| Get current PSP

{"DateBased":true,"Day":3,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16503,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:05.853238126Z	74	PC: 12a51 \| Reallocate memory
2018-12-25T12:53:05.855799366Z	78	PC: 12b5b \| Find first file
2018-12-25T12:53:05.861686454Z	42	PC: 12ad3 \| Get date 0x12ad3: cmp dh, 2 0x12ad6: jne 0x12ac0 0x12ad8: cmp dl, 3 0x12adb: jne 0x12ac0 0x12add: call 0x22a9f 0x12ae0: xor ax, ax 0x12ae2: mov al, 0x40 0x12ae4: mov ah, 0xf 0x12ae6: add ah, al 0x12ae8: call 0x12b59 0x12aeb: xor ax, ax 0x12aed: mov al, 0x3e 0x12aef: xchg al, ah 0x12af1: int 0x21 0x12af3: xor cx, cx 0x12af5: mov ax, 0x4301 0x12af8: inc cx 0x12af9: inc cx 0x12afa: inc cx 0x12afb: mov dx, 0x251
2018-12-25T12:53:05.863822119Z	9	PC: 12ab9 \| Display string (String= 'Estranged Virus (C) 1995 VEiN Who says you can't go backward ? ')
2018-12-25T12:53:05.874069052Z	76	PC: 12ac0 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16503,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:06.028370865Z	74	PC: 12a51 \| Reallocate memory
2018-12-25T12:53:06.030719556Z	78	PC: 12b5b \| Find first file
2018-12-25T12:53:06.037967823Z	42	PC: 12ad3 \| Get date 0x12ad3: cmp dh, 2 0x12ad6: jne 0x12ac0 0x12ad8: cmp dl, 3 0x12adb: jne 0x12ac0 0x12add: call 0x22a9f 0x12ae0: xor ax, ax 0x12ae2: mov al, 0x40 0x12ae4: mov ah, 0xf 0x12ae6: add ah, al 0x12ae8: call 0x12b59 0x12aeb: xor ax, ax 0x12aed: mov al, 0x3e 0x12aef: xchg al, ah 0x12af1: int 0x21 0x12af3: xor cx, cx 0x12af5: mov ax, 0x4301 0x12af8: inc cx 0x12af9: inc cx 0x12afa: inc cx 0x12afb: mov dx, 0x251
2018-12-25T12:53:06.040948426Z	81	PC: 12145 \| Get current PSP

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16503,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:06.026764293Z	74	PC: 12a51 \| Reallocate memory
2018-12-25T12:53:06.028680522Z	78	PC: 12b5b \| Find first file
2018-12-25T12:53:06.034417734Z	42	PC: 12ad3 \| Get date 0x12ad3: cmp dh, 2 0x12ad6: jne 0x12ac0 0x12ad8: cmp dl, 3 0x12adb: jne 0x12ac0 0x12add: call 0x22a9f 0x12ae0: xor ax, ax 0x12ae2: mov al, 0x40 0x12ae4: mov ah, 0xf 0x12ae6: add ah, al 0x12ae8: call 0x12b59 0x12aeb: xor ax, ax 0x12aed: mov al, 0x3e 0x12aef: xchg al, ah 0x12af1: int 0x21 0x12af3: xor cx, cx 0x12af5: mov ax, 0x4301 0x12af8: inc cx 0x12af9: inc cx 0x12afa: inc cx 0x12afb: mov dx, 0x251
2018-12-25T12:53:06.036587957Z	81	PC: 12145 \| Get current PSP