Sample viewer

vx.netlux.org/Virus.DOS.IVP.363.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:00.263052384Z	53	PC: 12a50 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:00.270237437Z	37	PC: 12a61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:00.273669897Z	71	PC: 12a6c \| Get current directory
2018-12-17T23:10:00.277277136Z	78	PC: 12aa0 \| Find first file
2018-12-17T23:10:00.284582095Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.290760978Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.294116534Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.297435982Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.306455112Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.309693338Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.312875178Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.31720247Z	79	PC: 12aa0 \| Find next file
2018-12-17T23:10:00.326907459Z	59	PC: 12a79 \| Change current directory
2018-12-17T23:10:00.333368472Z	42	PC: 12af2 \| Get date 0x12af2: cmp cx, 0x7ca 0x12af6: jb 0x12b3a 0x12af8: mov ah, 9 0x12afa: mov dx, 0x222 0x12afd: int 0x21 0x12aff: mov cx, 6 0x12b02: push cx 0x12b03: cli 0x12b04: mov dx, 0x2ee0 0x12b07: sub dx, word ptr cs:[0x1388] 0x12b0c: mov bx, 0x64 0x12b0f: mov al, 0xb6 0x12b11: out 0x43, al 0x12b13: mov ax, bx 0x12b15: out 0x42, al 0x12b17: mov al, ah 0x12b19: out 0x42, al 0x12b1b: in al, 0x61 0x12b1d: mov ah, 0 0x12b1f: or ax, 3
2018-12-17T23:10:00.336210713Z	9	PC: 12aff \| Display string (String= 'Somehing is growing inside! And your not going to like it! [IVP] ')
2018-12-17T23:10:00.467157627Z	37	PC: 12a86 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:10:00.468949916Z	59	PC: 12a8f \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16716,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.404864634Z	53	PC: 12a50 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.406414485Z	37	PC: 12a61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.407436771Z	71	PC: 12a6c \| Get current directory
2018-12-25T12:53:37.410197206Z	78	PC: 12aa0 \| Find first file
2018-12-25T12:53:37.424596135Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.427000015Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.429302314Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.438397014Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.440761814Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.443108347Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.445908212Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.448206022Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.450260675Z	59	PC: 12a79 \| Change current directory
2018-12-25T12:53:37.459055291Z	42	PC: 12af2 \| Get date 0x12af2: cmp cx, 0x7ca 0x12af6: jb 0x12b3a 0x12af8: mov ah, 9 0x12afa: mov dx, 0x222 0x12afd: int 0x21 0x12aff: mov cx, 6 0x12b02: push cx 0x12b03: cli 0x12b04: mov dx, 0x2ee0 0x12b07: sub dx, word ptr cs:[0x1388] 0x12b0c: mov bx, 0x64 0x12b0f: mov al, 0xb6 0x12b11: out 0x43, al 0x12b13: mov ax, bx 0x12b15: out 0x42, al 0x12b17: mov al, ah 0x12b19: out 0x42, al 0x12b1b: in al, 0x61 0x12b1d: mov ah, 0 0x12b1f: or ax, 3
2018-12-25T12:53:37.461232826Z	37	PC: 12a86 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.462172292Z	59	PC: 12a8f \| Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16716,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:37.468847693Z	53	PC: 12a50 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.471061888Z	37	PC: 12a61 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.47263724Z	71	PC: 12a6c \| Get current directory
2018-12-25T12:53:37.475742959Z	78	PC: 12aa0 \| Find first file
2018-12-25T12:53:37.482855747Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.486230377Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.489078829Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.49187083Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.495481806Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.498491376Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.50142194Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.504773025Z	79	PC: 12aa0 \| Find next file (See above)
2018-12-25T12:53:37.50739726Z	59	PC: 12a79 \| Change current directory
2018-12-25T12:53:37.511977141Z	42	PC: 12af2 \| Get date 0x12af2: cmp cx, 0x7ca 0x12af6: jb 0x12b3a 0x12af8: mov ah, 9 0x12afa: mov dx, 0x222 0x12afd: int 0x21 0x12aff: mov cx, 6 0x12b02: push cx 0x12b03: cli 0x12b04: mov dx, 0x2ee0 0x12b07: sub dx, word ptr cs:[0x1388] 0x12b0c: mov bx, 0x64 0x12b0f: mov al, 0xb6 0x12b11: out 0x43, al 0x12b13: mov ax, bx 0x12b15: out 0x42, al 0x12b17: mov al, ah 0x12b19: out 0x42, al 0x12b1b: in al, 0x61 0x12b1d: mov ah, 0 0x12b1f: or ax, 3
2018-12-25T12:53:37.515079085Z	9	PC: 12aff \| Display string (String= 'Somehing is growing inside! And your not going to like it! [IVP] ')
2018-12-25T12:53:37.666127359Z	37	PC: 12a86 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:53:37.667254183Z	59	PC: 12a8f \| Change current directory