Sample viewer

vx.netlux.org/Virus.DOS.Espacio.8491

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:04.874005558Z	200	PC: 1769c \| UNKNOWN!
2018-12-17T23:10:04.879891769Z	80	PC: 1f366 \| Set current PSP
2018-12-17T23:10:04.880955101Z	74	PC: 1f36e \| Reallocate memory
2018-12-17T23:10:04.882543932Z	80	PC: 1f373 \| Set current PSP
2018-12-17T23:10:04.887920535Z	38	PC: 12b86 \| Create PSP
2018-12-17T23:10:04.889524188Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:04.891131385Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:04.892906608Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c5 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6bd 0x12bbc: mov ah, 0x25 0x12bbe: nop 0x12bbf: nop 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax
2018-12-17T23:10:04.896571793Z	53	PC: 12bb1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T23:10:04.899183978Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-17T23:10:04.906754091Z	66	PC: 12bf5 \| Move file pointer
2018-12-17T23:10:04.909670348Z	62	PC: 12c1b \| Close file
2018-12-17T23:10:04.911892914Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-17T23:10:04.916507481Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16743,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:43.488380257Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:53:43.49143461Z	80	PC: 1f366 \| Set current PSP
2018-12-25T12:53:43.493196178Z	74	PC: 1f36e \| Reallocate memory
2018-12-25T12:53:43.495448383Z	80	PC: 1f373 \| Set current PSP
2018-12-25T12:53:43.50027297Z	38	PC: 12b86 \| Create PSP
2018-12-25T12:53:43.502795266Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:43.504250947Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:43.506810123Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c5 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6bd 0x12bbc: mov ah, 0x25 0x12bbe: int 0x21 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax 0x12bd5: xor di, di
2018-12-25T12:53:43.509783687Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-25T12:53:43.517650811Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T12:53:43.519591343Z	62	PC: 12c1b \| Close file
2018-12-25T12:53:43.522501583Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:53:43.528491624Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":27,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16743,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:43.716093455Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:53:43.718209193Z	80	PC: 1f366 \| Set current PSP
2018-12-25T12:53:43.718987681Z	74	PC: 1f36e \| Reallocate memory
2018-12-25T12:53:43.720228118Z	80	PC: 1f373 \| Set current PSP
2018-12-25T12:53:43.726999076Z	38	PC: 12b86 \| Create PSP
2018-12-25T12:53:43.728278146Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:43.729375499Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:43.731227957Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c5 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6bd 0x12bbc: mov ah, 0x25 0x12bbe: int 0x21 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax 0x12bd5: xor di, di
2018-12-25T12:53:43.733262423Z	53	PC: 12bb1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:43.734299213Z	37	PC: 12bc0 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:43.735688496Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-25T12:53:43.742249926Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T12:53:43.743485292Z	62	PC: 12c1b \| Close file
2018-12-25T12:53:43.745332246Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:53:43.750505782Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16743,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:53:43.828002918Z	200	PC: 1769c \| UNKNOWN!
2018-12-25T12:53:43.829837444Z	80	PC: 1f366 \| Set current PSP
2018-12-25T12:53:43.83049047Z	74	PC: 1f36e \| Reallocate memory
2018-12-25T12:53:43.831520672Z	80	PC: 1f373 \| Set current PSP
2018-12-25T12:53:43.835424229Z	38	PC: 12b86 \| Create PSP
2018-12-25T12:53:43.836523669Z	53	PC: 12b8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:43.837581191Z	37	PC: 12b9c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:43.839548616Z	42	PC: 12ba0 \| Get date 0x12ba0: cmp cx, 0x7c9 0x12ba4: ja 0x12bac 0x12ba6: cmp dx, 0x61b 0x12baa: jb 0x12bc0 0x12bac: mov ax, 0x351c 0x12baf: int 0x21 0x12bb1: mov si, 0x6c5 0x12bb4: mov word ptr [si], bx 0x12bb6: mov word ptr [si + 2], es 0x12bb9: mov dx, 0x6bd 0x12bbc: mov ah, 0x25 0x12bbe: int 0x21 0x12bc0: mov es, bp 0x12bc2: push es 0x12bc3: cmp byte ptr cs:[0x123], 0 0x12bc9: je 0x12c1b 0x12bcb: mov es, word ptr es:[0x2c] 0x12bd0: mov cx, 0xffff 0x12bd3: xor ax, ax 0x12bd5: xor di, di
2018-12-25T12:53:43.841567001Z	53	PC: 12bb1 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:43.842704254Z	37	PC: 12bc0 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:53:43.844304898Z	61	PC: 12be7 \| Open file (Filename = '')
2018-12-25T12:53:43.850865401Z	66	PC: 12bf5 \| Move file pointer
2018-12-25T12:53:43.852197549Z	62	PC: 12c1b \| Close file
2018-12-25T12:53:43.854669764Z	9	PC: 1f26a \| Display string (Could not find end pointer)
2018-12-25T12:53:43.859871817Z	76	PC: 1f270 \| Terminate with return code (Return code = '0')