Sample viewer

vx.netlux.org/Virus.DOS.Andromeda.1536.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:05:01.971174798Z 48 PC: 13557 | Get DOS version
2018-12-17T22:05:01.973193069Z 38 PC: 1359f | Create PSP
2018-12-17T22:05:01.974844189Z 42 PC: 135e6 | Get date 0x135e6: add dh, dh
0x135e8: cmp dh, dl
0x135ea: jne 0x135f1
0x135ec: mov byte ptr [0x5f0], 0xff
0x135f1: xor ax, ax
0x135f3: mov es, ax
0x135f5: mov dx, word ptr es:[0x84]
0x135fa: mov word ptr [0x5f5], dx
0x135fe: mov dx, word ptr es:[0x86]
0x13603: mov word ptr [0x5f7], dx
0x13607: mov dx, 0x30a
0x1360a: cli
0x1360b: mov word ptr es:[0x84], dx
0x13610: mov word ptr es:[0x86], ds
0x13615: sti
0x13616: cmp byte ptr [0x5f0], 0xff
0x1361b: jne 0x13632
0x1361d: mov ax, 0x3509
0x13620: int 0x21
0x13622: mov word ptr [0x5f1], bx
2018-12-17T22:05:01.977370436Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1682,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:03.032943551Z 48 PC: 13557 | Get DOS version
2018-12-25T11:44:03.034504331Z 38 PC: 1359f | Create PSP
2018-12-25T11:44:03.036117159Z 42 PC: 135e6 | Get date 0x135e6: add dh, dh
0x135e8: cmp dh, dl
0x135ea: jne 0x135f1
0x135ec: mov byte ptr [0x5f0], 0xff
0x135f1: xor ax, ax
0x135f3: mov es, ax
0x135f5: mov dx, word ptr es:[0x84]
0x135fa: mov word ptr [0x5f5], dx
0x135fe: mov dx, word ptr es:[0x86]
0x13603: mov word ptr [0x5f7], dx
0x13607: mov dx, 0x30a
0x1360a: cli
0x1360b: mov word ptr es:[0x84], dx
0x13610: mov word ptr es:[0x86], ds
0x13615: sti
0x13616: cmp byte ptr [0x5f0], 0xff
0x1361b: jne 0x13632
0x1361d: mov ax, 0x3509
0x13620: int 0x21
0x13622: mov word ptr [0x5f1], bx
2018-12-25T11:44:03.038419439Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1682,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:44:03.246220523Z 48 PC: 13557 | Get DOS version
2018-12-25T11:44:03.247799428Z 38 PC: 1359f | Create PSP
2018-12-25T11:44:03.249496183Z 42 PC: 135e6 | Get date 0x135e6: add dh, dh
0x135e8: cmp dh, dl
0x135ea: jne 0x135f1
0x135ec: mov byte ptr [0x5f0], 0xff
0x135f1: xor ax, ax
0x135f3: mov es, ax
0x135f5: mov dx, word ptr es:[0x84]
0x135fa: mov word ptr [0x5f5], dx
0x135fe: mov dx, word ptr es:[0x86]
0x13603: mov word ptr [0x5f7], dx
0x13607: mov dx, 0x30a
0x1360a: cli
0x1360b: mov word ptr es:[0x84], dx
0x13610: mov word ptr es:[0x86], ds
0x13615: sti
0x13616: cmp byte ptr [0x5f0], 0xff
0x1361b: jne 0x13632
0x1361d: mov ax, 0x3509
0x13620: int 0x21
0x13622: mov word ptr [0x5f1], bx
2018-12-25T11:44:03.251984407Z 53 PC: 13622 | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:44:03.253281561Z 37 PC: 13632 | Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T11:44:03.254948419Z 76 PC: 12a45 | Terminate with return code (Return code = '0')