Sample viewer

vx.netlux.org/Virus.DOS.China.882.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:11:07.217989228Z	127	PC: 12ac7 \| UNKNOWN!
2018-12-17T23:11:07.220044304Z	53	PC: 12aea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:07.221519265Z	37	PC: 12afe \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:11:07.22297238Z	37	PC: 12b06 \| Set interrupt vector (Interrupt = '247' AKA 'UNKNOWN!')
2018-12-17T23:11:07.225043141Z	42	PC: 12b0a \| Get date 0x12b0a: cmp dx, 0xa01 0x12b0e: jne 0x12b29 0x12b10: mov ax, 0x3508 0x12b13: int 0x21 0x12b15: mov word ptr cs:[0x39], bx 0x12b1a: mov word ptr cs:[0x3b], es 0x12b1f: mov ax, 0x2508 0x12b22: push cs 0x12b23: pop ds 0x12b24: mov dx, 0x2c2 0x12b27: int 0x21 0x12b29: mov es, word ptr cs:[0x11] 0x12b2e: mov bx, 0x600 0x12b31: mov cl, 4 0x12b33: shr bx, cl 0x12b35: add bx, 0x10 0x12b38: mov ah, 0x4a 0x12b3a: int 0x21 0x12b3c: mov es, word ptr cs:[0x11] 0x12b41: mov es, word ptr es:[0x2c]
2018-12-17T23:11:07.228220042Z	74	PC: 12b3c \| Reallocate memory
2018-12-17T23:11:07.230444156Z	18	PC: 12b7f \| Find next file
2018-12-17T23:11:07.232763918Z	73	PC: 12b85 \| Release memory
2018-12-17T23:11:07.235814219Z	77	PC: 12b89 \| Get program return code
2018-12-17T23:11:07.237630557Z	49	PC: 12b97 \| Terminate and stay resident (Return code = '0' \| Memory size = '112')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17085,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:46.184027922Z	127	PC: 12ac7 \| UNKNOWN!
2018-12-25T12:54:46.185077831Z	53	PC: 12aea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:46.18592411Z	37	PC: 12afe \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:46.186959256Z	37	PC: 12b06 \| Set interrupt vector (Interrupt = '247' AKA 'UNKNOWN!')
2018-12-25T12:54:46.198315326Z	42	PC: 12b0a \| Get date 0x12b0a: cmp dx, 0xa01 0x12b0e: jne 0x12b29 0x12b10: mov ax, 0x3508 0x12b13: int 0x21 0x12b15: mov word ptr cs:[0x39], bx 0x12b1a: mov word ptr cs:[0x3b], es 0x12b1f: mov ax, 0x2508 0x12b22: push cs 0x12b23: pop ds 0x12b24: mov dx, 0x2c2 0x12b27: int 0x21 0x12b29: mov es, word ptr cs:[0x11] 0x12b2e: mov bx, 0x600 0x12b31: mov cl, 4 0x12b33: shr bx, cl 0x12b35: add bx, 0x10 0x12b38: mov ah, 0x4a 0x12b3a: int 0x21 0x12b3c: mov es, word ptr cs:[0x11] 0x12b41: mov es, word ptr es:[0x2c]
2018-12-25T12:54:46.200004628Z	74	PC: 12b3c \| Reallocate memory
2018-12-25T12:54:46.201014998Z	18	PC: 12b7f \| Find next file
2018-12-25T12:54:46.202404349Z	73	PC: 12b85 \| Release memory
2018-12-25T12:54:46.2042389Z	77	PC: 12b89 \| Get program return code
2018-12-25T12:54:46.205264072Z	49	PC: 12b97 \| Terminate and stay resident (Return code = '0' \| Memory size = '112')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17085,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:54:46.31596351Z	127	PC: 12ac7 \| UNKNOWN!
2018-12-25T12:54:46.317048601Z	53	PC: 12aea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:46.318381885Z	37	PC: 12afe \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:54:46.319766567Z	37	PC: 12b06 \| Set interrupt vector (Interrupt = '247' AKA 'UNKNOWN!')
2018-12-25T12:54:46.321561675Z	42	PC: 12b0a \| Get date 0x12b0a: cmp dx, 0xa01 0x12b0e: jne 0x12b29 0x12b10: mov ax, 0x3508 0x12b13: int 0x21 0x12b15: mov word ptr cs:[0x39], bx 0x12b1a: mov word ptr cs:[0x3b], es 0x12b1f: mov ax, 0x2508 0x12b22: push cs 0x12b23: pop ds 0x12b24: mov dx, 0x2c2 0x12b27: int 0x21 0x12b29: mov es, word ptr cs:[0x11] 0x12b2e: mov bx, 0x600 0x12b31: mov cl, 4 0x12b33: shr bx, cl 0x12b35: add bx, 0x10 0x12b38: mov ah, 0x4a 0x12b3a: int 0x21 0x12b3c: mov es, word ptr cs:[0x11] 0x12b41: mov es, word ptr es:[0x2c]
2018-12-25T12:54:46.323810783Z	53	PC: 12b15 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:46.324841968Z	37	PC: 12b29 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T12:54:46.326146996Z	74	PC: 12b3c \| Reallocate memory
2018-12-25T12:54:46.327837476Z	18	PC: 12b7f \| Find next file
2018-12-25T12:54:46.32948238Z	73	PC: 12b85 \| Release memory
2018-12-25T12:54:46.330961714Z	77	PC: 12b89 \| Get program return code
2018-12-25T12:54:46.347083473Z	49	PC: 12b97 \| Terminate and stay resident (Return code = '0' \| Memory size = '112')