Sample viewer

vx.netlux.org/Virus.DOS.I13.Paraguay.2886

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:05.79627682Z 219 PC: 13aaa | UNKNOWN!
2018-12-17T23:10:05.797278503Z 205 PC: 13ab6 | UNKNOWN!
2018-12-17T23:10:05.799034927Z 53 PC: 13ac4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:05.80038761Z 53 PC: 13add | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T23:10:05.801828463Z 74 PC: 13b32 | Reallocate memory
2018-12-17T23:10:05.803292303Z 72 PC: 13b39 | Allocate memory
2018-12-17T23:10:05.80492986Z 42 PC: 13b81 | Get date 0x13b81: cmp dh, 5
0x13b84: jne 0x13bc7
0x13b86: in ax, 0x40
0x13b88: cmp al, 0xc8
0x13b8a: jb 0x13bc7
0x13b8c: push cs
0x13b8d: pop ds
0x13b8e: mov ah, 0x3b
0x13b90: lea dx, word ptr [bp + 0x6ef]
0x13b94: int 0x21
0x13b96: jb 0x13bad
0x13b98: lea ax, word ptr [bp + 0x1b6]
0x13b9c: push ax
0x13b9d: push cs
0x13b9e: pushf
0x13b9f: mov cl, 0x13
0x13ba1: lea dx, word ptr [bp + 0x702]
0x13ba5: sub ax, ax
0x13ba7: push ax
0x13ba8: mov ax, 0xc0
2018-12-17T23:10:05.808806271Z 9 PC: 12a47 | Display string (String= '')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16753,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:47.753314737Z 219 PC: 13aaa | UNKNOWN!
2018-12-25T12:53:47.754422344Z 205 PC: 13ab6 | UNKNOWN!
2018-12-25T12:53:47.755044439Z 53 PC: 13ac4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:47.756031946Z 53 PC: 13add | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:53:47.757855489Z 74 PC: 13b32 | Reallocate memory
2018-12-25T12:53:47.759111549Z 72 PC: 13b39 | Allocate memory
2018-12-25T12:53:47.760697876Z 42 PC: 13b81 | Get date 0x13b81: cmp dh, 5
0x13b84: jne 0x13bc7
0x13b86: in ax, 0x40
0x13b88: cmp al, 0xc8
0x13b8a: jb 0x13bc7
0x13b8c: push cs
0x13b8d: pop ds
0x13b8e: mov ah, 0x3b
0x13b90: lea dx, word ptr [bp + 0x6ef]
0x13b94: int 0x21
0x13b96: jb 0x13bad
0x13b98: lea ax, word ptr [bp + 0x1b6]
0x13b9c: push ax
0x13b9d: push cs
0x13b9e: pushf
0x13b9f: mov cl, 0x13
0x13ba1: lea dx, word ptr [bp + 0x702]
0x13ba5: sub ax, ax
0x13ba7: push ax
0x13ba8: mov ax, 0xc0
2018-12-25T12:53:47.763521109Z 9 PC: 12a47 | Display string (String= '')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16753,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:53:48.200853286Z 219 PC: 13aaa | UNKNOWN!
2018-12-25T12:53:48.202078544Z 205 PC: 13ab6 | UNKNOWN!
2018-12-25T12:53:48.202743667Z 53 PC: 13ac4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:53:48.203863836Z 53 PC: 13add | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:53:48.205337995Z 74 PC: 13b32 | Reallocate memory
2018-12-25T12:53:48.206444975Z 72 PC: 13b39 | Allocate memory
2018-12-25T12:53:48.207962996Z 42 PC: 13b81 | Get date 0x13b81: cmp dh, 5
0x13b84: jne 0x13bc7
0x13b86: in ax, 0x40
0x13b88: cmp al, 0xc8
0x13b8a: jb 0x13bc7
0x13b8c: push cs
0x13b8d: pop ds
0x13b8e: mov ah, 0x3b
0x13b90: lea dx, word ptr [bp + 0x6ef]
0x13b94: int 0x21
0x13b96: jb 0x13bad
0x13b98: lea ax, word ptr [bp + 0x1b6]
0x13b9c: push ax
0x13b9d: push cs
0x13b9e: pushf
0x13b9f: mov cl, 0x13
0x13ba1: lea dx, word ptr [bp + 0x702]
0x13ba5: sub ax, ax
0x13ba7: push ax
0x13ba8: mov ax, 0xc0
2018-12-25T12:53:48.21050037Z 59 PC: 13b96 | Change current directory
2018-12-25T12:53:48.590658633Z 9 PC: 13bc3 | Display string (Could not find end pointer)