Sample viewer

vx.netlux.org/Virus.DOS.Australian.Demo.3896

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:06:18.310654001Z	48	PC: 12a5a \| Get DOS version
2018-12-17T22:06:18.31302808Z	53	PC: 12a89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:18.314404874Z	37	PC: 12a99 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:06:18.315858822Z	42	PC: 12aa1 \| Get date 0x12aa1: cmp dh, dl 0x12aa3: jne 0x12ac0 0x12aa5: mov ah, 0x3c 0x12aa7: lea dx, word ptr [bp + 0x17d] 0x12aab: xor cx, cx 0x12aad: int 0x21 0x12aaf: mov bx, ax 0x12ab1: mov ah, 0x40 0x12ab3: mov cx, 0xe07 0x12ab6: lea dx, word ptr [bp + 0x231] 0x12aba: int 0x21 0x12abc: mov ah, 0x3e 0x12abe: int 0x21 0x12ac0: ret 0x12ac1: inc sp 0x12ac2: inc bp 0x12ac3: dec bp 0x12ac4: dec di 0x12ac5: inc bx 0x12ac7: dec di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1823,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:26.583797191Z	48	PC: 12a5a \| Get DOS version
2018-12-25T11:44:26.586015398Z	53	PC: 12a89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:26.587668335Z	37	PC: 12a99 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:26.58922938Z	42	PC: 12aa1 \| Get date 0x12aa1: cmp dh, dl 0x12aa3: jne 0x12ac0 0x12aa5: mov ah, 0x3c 0x12aa7: lea dx, word ptr [bp + 0x17d] 0x12aab: xor cx, cx 0x12aad: int 0x21 0x12aaf: mov bx, ax 0x12ab1: mov ah, 0x40 0x12ab3: mov cx, 0xe07 0x12ab6: lea dx, word ptr [bp + 0x231] 0x12aba: int 0x21 0x12abc: mov ah, 0x3e 0x12abe: int 0x21 0x12ac0: ret 0x12ac1: inc sp 0x12ac2: inc bp 0x12ac3: dec bp 0x12ac4: dec di 0x12ac5: inc bx 0x12ac7: dec di
2018-12-25T11:44:26.592107135Z	60	PC: 12aaf \| Create or truncate file
2018-12-25T11:44:26.620569915Z	64	PC: 12abc \| Write file or device (Write 3591 bytes on handle 5)
2018-12-25T11:44:26.630060181Z	62	PC: 12ac0 \| Close file

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1823,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:26.587368527Z	48	PC: 12a5a \| Get DOS version
2018-12-25T11:44:26.590327649Z	53	PC: 12a89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:26.591839977Z	37	PC: 12a99 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:26.593340026Z	42	PC: 12aa1 \| Get date 0x12aa1: cmp dh, dl 0x12aa3: jne 0x12ac0 0x12aa5: mov ah, 0x3c 0x12aa7: lea dx, word ptr [bp + 0x17d] 0x12aab: xor cx, cx 0x12aad: int 0x21 0x12aaf: mov bx, ax 0x12ab1: mov ah, 0x40 0x12ab3: mov cx, 0xe07 0x12ab6: lea dx, word ptr [bp + 0x231] 0x12aba: int 0x21 0x12abc: mov ah, 0x3e 0x12abe: int 0x21 0x12ac0: ret 0x12ac1: inc sp 0x12ac2: inc bp 0x12ac3: dec bp 0x12ac4: dec di 0x12ac5: inc bx 0x12ac7: dec di

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1823,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:26.859187782Z	48	PC: 12a5a \| Get DOS version
2018-12-25T11:44:26.862900336Z	53	PC: 12a89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:26.864459128Z	37	PC: 12a99 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:26.865906691Z	42	PC: 12aa1 \| Get date 0x12aa1: cmp dh, dl 0x12aa3: jne 0x12ac0 0x12aa5: mov ah, 0x3c 0x12aa7: lea dx, word ptr [bp + 0x17d] 0x12aab: xor cx, cx 0x12aad: int 0x21 0x12aaf: mov bx, ax 0x12ab1: mov ah, 0x40 0x12ab3: mov cx, 0xe07 0x12ab6: lea dx, word ptr [bp + 0x231] 0x12aba: int 0x21 0x12abc: mov ah, 0x3e 0x12abe: int 0x21 0x12ac0: ret 0x12ac1: inc sp 0x12ac2: inc bp 0x12ac3: dec bp 0x12ac4: dec di 0x12ac5: inc bx 0x12ac7: dec di
2018-12-25T11:44:26.868342731Z	60	PC: 12aaf \| Create or truncate file
2018-12-25T11:44:26.886582002Z	64	PC: 12abc \| Write file or device (Write 3591 bytes on handle 5)
2018-12-25T11:44:26.894949367Z	62	PC: 12ac0 \| Close file

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1823,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:27.021837384Z	48	PC: 12a5a \| Get DOS version
2018-12-25T11:44:27.023427236Z	53	PC: 12a89 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:27.02499208Z	37	PC: 12a99 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:27.02614221Z	42	PC: 12aa1 \| Get date 0x12aa1: cmp dh, dl 0x12aa3: jne 0x12ac0 0x12aa5: mov ah, 0x3c 0x12aa7: lea dx, word ptr [bp + 0x17d] 0x12aab: xor cx, cx 0x12aad: int 0x21 0x12aaf: mov bx, ax 0x12ab1: mov ah, 0x40 0x12ab3: mov cx, 0xe07 0x12ab6: lea dx, word ptr [bp + 0x231] 0x12aba: int 0x21 0x12abc: mov ah, 0x3e 0x12abe: int 0x21 0x12ac0: ret 0x12ac1: inc sp 0x12ac2: inc bp 0x12ac3: dec bp 0x12ac4: dec di 0x12ac5: inc bx 0x12ac7: dec di