Sample viewer

vx.netlux.org/Virus.DOS.Linda.517

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:10:36.545301718Z 74 PC: 12a4a | Reallocate memory
2018-12-17T23:10:36.547640949Z 42 PC: 12a52 | Get date 0x12a52: cmp dl, 0xc
0x12a55: jne 0x12a5d
0x12a57: mov byte ptr cs:[0x304], 1
0x12a5d: mov ah, 0x4a
0x12a5f: sub bx, 0x22
0x12a62: int 0x21
0x12a64: mov ah, 0x48
0x12a66: mov bx, 0x21
0x12a69: int 0x21
0x12a6b: dec ax
0x12a6c: mov es, ax
0x12a6e: mov word ptr es:[1], 8
0x12a75: push cs
0x12a76: pop ds
0x12a77: cld
0x12a78: sub ax, 0xf
0x12a7b: mov es, ax
0x12a7d: mov di, 0x100
0x12a80: mov si, 0x100
0x12a83: mov cx, 0x103
2018-12-17T23:10:36.552062196Z 74 PC: 12a64 | Reallocate memory
2018-12-17T23:10:36.553830933Z 72 PC: 12a6b | Allocate memory
2018-12-17T23:10:36.555788024Z 53 PC: 12a8f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:36.558831339Z 53 PC: 12a9b | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T23:10:36.560292488Z 37 PC: 12ab8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:36.561736755Z 37 PC: 12abf | Set interrupt vector (Interrupt = '9' AKA 'Display string')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16919,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:12.33426883Z 74 PC: 12a4a | Reallocate memory
2018-12-25T12:54:12.336421213Z 42 PC: 12a52 | Get date 0x12a52: cmp dl, 0xc
0x12a55: jne 0x12a5d
0x12a57: mov byte ptr cs:[0x304], 1
0x12a5d: mov ah, 0x4a
0x12a5f: sub bx, 0x22
0x12a62: int 0x21
0x12a64: mov ah, 0x48
0x12a66: mov bx, 0x21
0x12a69: int 0x21
0x12a6b: dec ax
0x12a6c: mov es, ax
0x12a6e: mov word ptr es:[1], 8
0x12a75: push cs
0x12a76: pop ds
0x12a77: cld
0x12a78: sub ax, 0xf
0x12a7b: mov es, ax
0x12a7d: mov di, 0x100
0x12a80: mov si, 0x100
0x12a83: mov cx, 0x103
2018-12-25T12:54:12.338523591Z 74 PC: 12a64 | Reallocate memory
2018-12-25T12:54:12.339795036Z 72 PC: 12a6b | Allocate memory
2018-12-25T12:54:12.341544331Z 53 PC: 12a8f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:12.342591773Z 53 PC: 12a9b | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:12.343659375Z 37 PC: 12ab8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:12.345210207Z 37 PC: 12abf | Set interrupt vector (Interrupt = '9' AKA 'Display string')

{"DateBased":true,"Day":12,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":16919,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:54:12.658024857Z 74 PC: 12a4a | Reallocate memory
2018-12-25T12:54:12.659976904Z 42 PC: 12a52 | Get date 0x12a52: cmp dl, 0xc
0x12a55: jne 0x12a5d
0x12a57: mov byte ptr cs:[0x304], 1
0x12a5d: mov ah, 0x4a
0x12a5f: sub bx, 0x22
0x12a62: int 0x21
0x12a64: mov ah, 0x48
0x12a66: mov bx, 0x21
0x12a69: int 0x21
0x12a6b: dec ax
0x12a6c: mov es, ax
0x12a6e: mov word ptr es:[1], 8
0x12a75: push cs
0x12a76: pop ds
0x12a77: cld
0x12a78: sub ax, 0xf
0x12a7b: mov es, ax
0x12a7d: mov di, 0x100
0x12a80: mov si, 0x100
0x12a83: mov cx, 0x103
2018-12-25T12:54:12.661886454Z 74 PC: 12a64 | Reallocate memory
2018-12-25T12:54:12.663045801Z 72 PC: 12a6b | Allocate memory
2018-12-25T12:54:12.664690978Z 53 PC: 12a8f | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:12.665702289Z 53 PC: 12a9b | Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:54:12.666674735Z 37 PC: 12ab8 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:12.667962918Z 37 PC: 12abf | Set interrupt vector (Interrupt = '9' AKA 'Display string')