Sample viewer

vx.netlux.org/Virus.DOS.IVP.411

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:37.370471998Z 53 PC: 12a53 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:37.37309445Z 37 PC: 12a64 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:12:37.375042412Z 78 PC: 12a8a | Find first file
2018-12-17T23:12:37.382744675Z 42 PC: 12ae3 | Get date 0x12ae3: cmp cx, 0x7ca
0x12ae7: jb 0x12b2b
0x12ae9: mov ah, 9
0x12aeb: mov dx, 0x213
0x12aee: int 0x21
0x12af0: mov cx, 3
0x12af3: push cx
0x12af4: cli
0x12af5: mov dx, 0x2ee0
0x12af8: sub dx, word ptr cs:[0x1388]
0x12afd: mov bx, 0x64
0x12b00: mov al, 0xb6
0x12b02: out 0x43, al
0x12b04: mov ax, bx
0x12b06: out 0x42, al
0x12b08: mov al, ah
0x12b0a: out 0x42, al
0x12b0c: in al, 0x61
0x12b0e: mov ah, 0
0x12b10: or ax, 3
2018-12-17T23:12:37.385769042Z 9 PC: 12af0 | Display string (String= 'HOT ZONE 6 VIRUS Somehing is growing inside! by eMpIrE-X [IVP] ')
2018-12-17T23:12:37.457342455Z 37 PC: 12a77 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17580,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:07.776656659Z 53 PC: 12a53 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:07.77837401Z 37 PC: 12a64 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:07.780481729Z 78 PC: 12a8a | Find first file
2018-12-25T12:56:07.787537536Z 42 PC: 12ae3 | Get date 0x12ae3: cmp cx, 0x7ca
0x12ae7: jb 0x12b2b
0x12ae9: mov ah, 9
0x12aeb: mov dx, 0x213
0x12aee: int 0x21
0x12af0: mov cx, 3
0x12af3: push cx
0x12af4: cli
0x12af5: mov dx, 0x2ee0
0x12af8: sub dx, word ptr cs:[0x1388]
0x12afd: mov bx, 0x64
0x12b00: mov al, 0xb6
0x12b02: out 0x43, al
0x12b04: mov ax, bx
0x12b06: out 0x42, al
0x12b08: mov al, ah
0x12b0a: out 0x42, al
0x12b0c: in al, 0x61
0x12b0e: mov ah, 0
0x12b10: or ax, 3
2018-12-25T12:56:07.790368884Z 37 PC: 12a77 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17580,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:07.906375156Z 53 PC: 12a53 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:07.91304366Z 37 PC: 12a64 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:56:07.914219128Z 78 PC: 12a8a | Find first file
2018-12-25T12:56:07.920626402Z 42 PC: 12ae3 | Get date 0x12ae3: cmp cx, 0x7ca
0x12ae7: jb 0x12b2b
0x12ae9: mov ah, 9
0x12aeb: mov dx, 0x213
0x12aee: int 0x21
0x12af0: mov cx, 3
0x12af3: push cx
0x12af4: cli
0x12af5: mov dx, 0x2ee0
0x12af8: sub dx, word ptr cs:[0x1388]
0x12afd: mov bx, 0x64
0x12b00: mov al, 0xb6
0x12b02: out 0x43, al
0x12b04: mov ax, bx
0x12b06: out 0x42, al
0x12b08: mov al, ah
0x12b0a: out 0x42, al
0x12b0c: in al, 0x61
0x12b0e: mov ah, 0
0x12b10: or ax, 3
2018-12-25T12:56:07.923267854Z 9 PC: 12af0 | Display string (String= 'HOT ZONE 6 VIRUS Somehing is growing inside! by eMpIrE-X [IVP] ')
2018-12-25T12:56:07.990597883Z 37 PC: 12a77 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')