Sample viewer

vx.netlux.org/Virus.DOS.PS-MPC.T-Rex

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:09:47.481161449Z 68 PC: 12a5e | I/O control for devices (Set for = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-17T23:09:47.484719896Z 42 PC: 12ab7 | Get date 0x12ab7: cmp al, 1
0x12ab9: jae 0x12acb
0x12abb: pop es
0x12abc: pop ds
0x12abd: lea si, word ptr [bp + 0x88]
0x12ac1: mov di, 0x100
0x12ac4: push di
0x12ac5: movsw word ptr es:[di], word ptr [si]
0x12ac6: movsb byte ptr es:[di], byte ptr [si]
0x12ac7: ret
0x12ac8: int 0x20
0x12aca: add bl, ch
0x12acc: out dx, al
0x12acd: pop bx
0x12ace: dec bp
0x12acf: push ax
0x12ad0: inc bx
0x12ad1: pop bp
0x12ad2: add byte ptr [si + 0x2d], dl
0x12ad5: push dx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:35.248964581Z 68 PC: 12a5e | I/O control for devices (Set for = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T12:53:35.250968506Z 42 PC: 12ab7 | Get date 0x12ab7: cmp al, 1
0x12ab9: jae 0x12acb
0x12abb: pop es
0x12abc: pop ds
0x12abd: lea si, word ptr [bp + 0x88]
0x12ac1: mov di, 0x100
0x12ac4: push di
0x12ac5: movsw word ptr es:[di], word ptr [si]
0x12ac6: movsb byte ptr es:[di], byte ptr [si]
0x12ac7: ret
0x12ac8: int 0x20
0x12aca: add bl, ch
0x12acc: out dx, al
0x12acd: pop bx
0x12ace: dec bp
0x12acf: push ax
0x12ad0: inc bx
0x12ad1: pop bp
0x12ad2: add byte ptr [si + 0x2d], dl
0x12ad5: push dx

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16643,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:35.295020618Z 68 PC: 12a5e | I/O control for devices (Set for = 'is started by using +the SHELL command in the CONFIG.SYS file. F##¸#ã#,$z$À$%U% %à%,&y&')
2018-12-25T12:53:35.297018646Z 42 PC: 12ab7 | Get date 0x12ab7: cmp al, 1
0x12ab9: jae 0x12acb
0x12abb: pop es
0x12abc: pop ds
0x12abd: lea si, word ptr [bp + 0x88]
0x12ac1: mov di, 0x100
0x12ac4: push di
0x12ac5: movsw word ptr es:[di], word ptr [si]
0x12ac6: movsb byte ptr es:[di], byte ptr [si]
0x12ac7: ret
0x12ac8: int 0x20
0x12aca: add bl, ch
0x12acc: out dx, al
0x12acd: pop bx
0x12ace: dec bp
0x12acf: push ax
0x12ad0: inc bx
0x12ad1: pop bp
0x12ad2: add byte ptr [si + 0x2d], dl
0x12ad5: push dx