Sample viewer

vx.netlux.org/Virus.DOS.Rubbit.2060

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:12:57.812665091Z 75 PC: 13791 | Execute program
2018-12-17T23:12:57.814598857Z 82 PC: 13836 | Get DOS internal pointers (SYSVARS)
2018-12-17T23:12:57.821525983Z 53 PC: 9cfb9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:57.825456673Z 37 PC: 9cfcc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:12:57.827160437Z 42 PC: 9cfd0 | Get date 0x9cfd0: cmp dx, 0x909
0x9cfd4: jne 0x9cfdb
0x9cfd6: mov byte ptr [0x25f], 1
0x9cfdb: mov es, word ptr [0x23d]
0x9cfdf: jmp 0x9cf46
0x9cfe2: mov ah, 0x52
0x9cfe4: int 0x21
0x9cfe6: mov es, word ptr es:[bx - 2]
0x9cfea: mov dl, byte ptr es:[0]
0x9cfef: cmp dl, 0x4d
0x9cff2: je 0x9cff9
0x9cff4: cmp dl, 0x5a
0x9cff7: jne 0x9d006
0x9cff9: mov bx, es
0x9cffb: mov ax, word ptr es:[3]
0x9cfff: add ax, bx
0x9d001: inc ax
0x9d002: mov es, ax
0x9d004: jmp 0x9cfea
0x9d006: mov es, bx
2018-12-17T23:12:57.831679674Z 9 PC: 12a47 | Display string (String= 'Warning!! RuBBit V1.5 virus come in !! Written By Peter Ferng !!')

{"DateBased":true,"Day":9,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17687,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:22.271303818Z 75 PC: 13791 | Execute program
2018-12-25T12:56:22.272863661Z 82 PC: 13836 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:56:22.273937049Z 53 PC: 9cfb9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:22.275014115Z 37 PC: 9cfcc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:22.276440237Z 42 PC: 9cfd0 | Get date 0x9cfd0: cmp dx, 0x909
0x9cfd4: jne 0x9cfdb
0x9cfd6: mov byte ptr [0x25f], 1
0x9cfdb: mov es, word ptr [0x23d]
0x9cfdf: jmp 0x9cf46
0x9cfe2: mov ah, 0x52
0x9cfe4: int 0x21
0x9cfe6: mov es, word ptr es:[bx - 2]
0x9cfea: mov dl, byte ptr es:[0]
0x9cfef: cmp dl, 0x4d
0x9cff2: je 0x9cff9
0x9cff4: cmp dl, 0x5a
0x9cff7: jne 0x9d006
0x9cff9: mov bx, es
0x9cffb: mov ax, word ptr es:[3]
0x9cfff: add ax, bx
0x9d001: inc ax
0x9d002: mov es, ax
0x9d004: jmp 0x9cfea
0x9d006: mov es, bx
2018-12-25T12:56:22.278498939Z 9 PC: 12a47 | Display string (String= 'Warning!! RuBBit V1.5 virus come in !! Written By Peter Ferng !!')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":17687,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:56:22.285521946Z 75 PC: 13791 | Execute program
2018-12-25T12:56:22.287158454Z 82 PC: 13836 | Get DOS internal pointers (SYSVARS)
2018-12-25T12:56:22.288346219Z 53 PC: 9cfb9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:22.289745884Z 37 PC: 9cfcc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:56:22.291374663Z 42 PC: 9cfd0 | Get date 0x9cfd0: cmp dx, 0x909
0x9cfd4: jne 0x9cfdb
0x9cfd6: mov byte ptr [0x25f], 1
0x9cfdb: mov es, word ptr [0x23d]
0x9cfdf: jmp 0x9cf46
0x9cfe2: mov ah, 0x52
0x9cfe4: int 0x21
0x9cfe6: mov es, word ptr es:[bx - 2]
0x9cfea: mov dl, byte ptr es:[0]
0x9cfef: cmp dl, 0x4d
0x9cff2: je 0x9cff9
0x9cff4: cmp dl, 0x5a
0x9cff7: jne 0x9d006
0x9cff9: mov bx, es
0x9cffb: mov ax, word ptr es:[3]
0x9cfff: add ax, bx
0x9d001: inc ax
0x9d002: mov es, ax
0x9d004: jmp 0x9cfea
0x9d006: mov es, bx
2018-12-25T12:56:22.293578704Z 9 PC: 12a47 | Display string (String= 'Warning!! RuBBit V1.5 virus come in !! Written By Peter Ferng !!')