Sample viewer

vx.netlux.org/Virus.DOS.Flash.688.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:10:55.908354232Z	53	PC: 15176 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:55.91045823Z	81	PC: 15192 \| Get current PSP
2018-12-17T23:10:55.91237715Z	74	PC: 151a2 \| Reallocate memory
2018-12-17T23:10:55.91450355Z	74	PC: 151a9 \| Reallocate memory
2018-12-17T23:10:55.916370251Z	85	PC: 151b4 \| Create program PSP
2018-12-17T23:10:55.918964711Z	37	PC: 151ce \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:10:55.92061217Z	42	PC: 151d2 \| Get date 0x151d2: cmp cl, 0xc6 0x151d5: jb 0x151f3 0x151d7: jne 0x151de 0x151d9: cmp dh, 6 0x151dc: jb 0x151f3 0x151de: mov ax, 0x3508 0x151e1: int 0x21 0x151e3: mov word ptr [0x3c4], bx 0x151e7: mov word ptr [0x3c6], es 0x151eb: mov dx, 0x2f7 0x151ee: nop 0x151ef: mov ah, 0x25 0x151f1: int 0x21 0x151f3: sub si, 0x21a 0x151f7: mov word ptr [0xa], si 0x151fb: mov word ptr [0xc], cs 0x151ff: pop si 0x15200: mov dx, 0x3d0 0x15203: nop 0x15204: int 0x27
2018-12-17T23:10:55.923389444Z	53	PC: 151e3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:10:55.925763169Z	37	PC: 151f3 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T23:10:55.927155718Z	49	PC: 15206 \| Terminate and stay resident (Return code = '0' \| Memory size = '61')
2018-12-17T23:10:55.929567415Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17018,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:38.63291338Z	53	PC: 15176 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:38.63482883Z	81	PC: 15192 \| Get current PSP
2018-12-25T12:54:38.636190969Z	74	PC: 151a2 \| Reallocate memory
2018-12-25T12:54:38.638059709Z	74	PC: 151a9 \| Reallocate memory
2018-12-25T12:54:38.640209033Z	85	PC: 151b4 \| Create program PSP
2018-12-25T12:54:38.64413302Z	37	PC: 151ce \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:38.652825593Z	42	PC: 151d2 \| Get date 0x151d2: cmp cl, 0xc6 0x151d5: jb 0x151f3 0x151d7: jne 0x151de 0x151d9: cmp dh, 6 0x151dc: jb 0x151f3 0x151de: mov ax, 0x3508 0x151e1: int 0x21 0x151e3: mov word ptr [0x3c4], bx 0x151e7: mov word ptr [0x3c6], es 0x151eb: mov dx, 0x2f7 0x151ee: nop 0x151ef: mov ah, 0x25 0x151f1: int 0x21 0x151f3: sub si, 0x21a 0x151f7: mov word ptr [0xa], si 0x151fb: mov word ptr [0xc], cs 0x151ff: pop si 0x15200: mov dx, 0x3d0 0x15203: nop 0x15204: int 0x27
2018-12-25T12:54:38.655978109Z	53	PC: 151e3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:38.657520802Z	37	PC: 151f3 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:38.65882339Z	49	PC: 15206 \| Terminate and stay resident (Return code = '0' \| Memory size = '61')
2018-12-25T12:54:38.661825202Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17018,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:38.804788123Z	53	PC: 15176 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:38.806176472Z	81	PC: 15192 \| Get current PSP
2018-12-25T12:54:38.806826014Z	74	PC: 151a2 \| Reallocate memory
2018-12-25T12:54:38.808101358Z	74	PC: 151a9 \| Reallocate memory
2018-12-25T12:54:38.809582527Z	85	PC: 151b4 \| Create program PSP
2018-12-25T12:54:38.811085018Z	37	PC: 151ce \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:38.811992601Z	42	PC: 151d2 \| Get date 0x151d2: cmp cl, 0xc6 0x151d5: jb 0x151f3 0x151d7: jne 0x151de 0x151d9: cmp dh, 6 0x151dc: jb 0x151f3 0x151de: mov ax, 0x3508 0x151e1: int 0x21 0x151e3: mov word ptr [0x3c4], bx 0x151e7: mov word ptr [0x3c6], es 0x151eb: mov dx, 0x2f7 0x151ee: nop 0x151ef: mov ah, 0x25 0x151f1: int 0x21 0x151f3: sub si, 0x21a 0x151f7: mov word ptr [0xa], si 0x151fb: mov word ptr [0xc], cs 0x151ff: pop si 0x15200: mov dx, 0x3d0 0x15203: nop 0x15204: int 0x27
2018-12-25T12:54:38.814313884Z	53	PC: 151e3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:38.815267899Z	37	PC: 151f3 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:38.816159274Z	49	PC: 15206 \| Terminate and stay resident (Return code = '0' \| Memory size = '61')
2018-12-25T12:54:38.818267893Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17018,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:38.900563898Z	53	PC: 15176 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:38.902155062Z	81	PC: 15192 \| Get current PSP
2018-12-25T12:54:38.902827452Z	74	PC: 151a2 \| Reallocate memory
2018-12-25T12:54:38.903945379Z	74	PC: 151a9 \| Reallocate memory
2018-12-25T12:54:38.905506291Z	85	PC: 151b4 \| Create program PSP
2018-12-25T12:54:38.907030109Z	37	PC: 151ce \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:38.907880845Z	42	PC: 151d2 \| Get date 0x151d2: cmp cl, 0xc6 0x151d5: jb 0x151f3 0x151d7: jne 0x151de 0x151d9: cmp dh, 6 0x151dc: jb 0x151f3 0x151de: mov ax, 0x3508 0x151e1: int 0x21 0x151e3: mov word ptr [0x3c4], bx 0x151e7: mov word ptr [0x3c6], es 0x151eb: mov dx, 0x2f7 0x151ee: nop 0x151ef: mov ah, 0x25 0x151f1: int 0x21 0x151f3: sub si, 0x21a 0x151f7: mov word ptr [0xa], si 0x151fb: mov word ptr [0xc], cs 0x151ff: pop si 0x15200: mov dx, 0x3d0 0x15203: nop 0x15204: int 0x27
2018-12-25T12:54:38.909709796Z	49	PC: 15206 \| Terminate and stay resident (Return code = '0' \| Memory size = '61')
2018-12-25T12:54:38.911317439Z	76	PC: 1514d \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17018,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:38.990929713Z	53	PC: 15176 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:38.992888993Z	81	PC: 15192 \| Get current PSP
2018-12-25T12:54:38.994083333Z	74	PC: 151a2 \| Reallocate memory
2018-12-25T12:54:38.996169726Z	74	PC: 151a9 \| Reallocate memory
2018-12-25T12:54:38.997536458Z	85	PC: 151b4 \| Create program PSP
2018-12-25T12:54:38.999661405Z	37	PC: 151ce \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:39.000687218Z	42	PC: 151d2 \| Get date 0x151d2: cmp cl, 0xc6 0x151d5: jb 0x151f3 0x151d7: jne 0x151de 0x151d9: cmp dh, 6 0x151dc: jb 0x151f3 0x151de: mov ax, 0x3508 0x151e1: int 0x21 0x151e3: mov word ptr [0x3c4], bx 0x151e7: mov word ptr [0x3c6], es 0x151eb: mov dx, 0x2f7 0x151ee: nop 0x151ef: mov ah, 0x25 0x151f1: int 0x21 0x151f3: sub si, 0x21a 0x151f7: mov word ptr [0xa], si 0x151fb: mov word ptr [0xc], cs 0x151ff: pop si 0x15200: mov dx, 0x3d0 0x15203: nop 0x15204: int 0x27
2018-12-25T12:54:39.00319354Z	49	PC: 15206 \| Terminate and stay resident (Return code = '0' \| Memory size = '61')
2018-12-25T12:54:39.007466585Z	76	PC: 1514d \| Terminate with return code (Return code = '0')