Sample viewer

vx.netlux.org/Virus.DOS.Tremor.a.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:07:20.100434981Z	42	PC: 13732 \| Get date 0x13732: mov al, 0x72 0x13734: cmp dx, 0x504 0x13738: jb 0x13740 0x1373a: cmp cx, 0x7c9 0x1373e: jae 0x13742 0x13740: mov al, 0xeb 0x13742: mov byte ptr cs:[si - 0xbb9], al 0x13747: mov ah, 0x30 0x13749: cld 0x1374a: int 0x21 0x1374c: xchg ah, al 0x1374e: cmp ax, 0x31d 0x13751: ja 0x13756 0x13753: jmp 0x139e2 0x13756: mov ax, 0xf1e9 0x13759: int 0x21 0x1375b: cmp ax, 0xcade 0x1375e: je 0x13753 0x13760: xor di, di 0x13762: mov ax, 0x40
2018-12-17T22:07:20.102815307Z	48	PC: 1374c \| Get DOS version
2018-12-17T22:07:20.103864402Z	241	PC: 1375b \| UNKNOWN!
2018-12-17T22:07:20.104487996Z	98	PC: 13772 \| Get current PSP
2018-12-17T22:07:20.10560859Z	88	PC: 1377f \| case 0xGet or set allocation strateg:
2018-12-17T22:07:20.106601Z	88	PC: 1378a \| case 0xGet or set allocation strateg:
2018-12-17T22:07:20.107570393Z	88	PC: 1378f \| case 0xGet or set allocation strateg:
2018-12-17T22:07:20.108998213Z	88	PC: 1379a \| case 0xGet or set allocation strateg:
2018-12-17T22:07:20.110506615Z	88	PC: 13804 \| case 0xGet or set allocation strateg:
2018-12-17T22:07:20.111671918Z	88	PC: 1380a \| case 0xGet or set allocation strateg:
2018-12-17T22:07:20.113520199Z	74	PC: 1381e \| Reallocate memory
2018-12-17T22:07:20.114922246Z	74	PC: 1382a \| Reallocate memory
2018-12-17T22:07:20.116213675Z	53	PC: 13852 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:07:20.117201982Z	53	PC: 13870 \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-17T22:07:20.122893122Z	82	PC: 13565 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:07:20.124238183Z	53	PC: 138f1 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:07:20.125398422Z	37	PC: 138fc \| Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":4,"Month":5,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1935,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:34.290315816Z	42	PC: 13732 \| Get date 0x13732: mov al, 0x72 0x13734: cmp dx, 0x504 0x13738: jb 0x13740 0x1373a: cmp cx, 0x7c9 0x1373e: jae 0x13742 0x13740: mov al, 0xeb 0x13742: mov byte ptr cs:[si - 0xbb9], al 0x13747: mov ah, 0x30 0x13749: cld 0x1374a: int 0x21 0x1374c: xchg ah, al 0x1374e: cmp ax, 0x31d 0x13751: ja 0x13756 0x13753: jmp 0x139e2 0x13756: mov ax, 0xf1e9 0x13759: int 0x21 0x1375b: cmp ax, 0xcade 0x1375e: je 0x13753 0x13760: xor di, di 0x13762: mov ax, 0x40
2018-12-25T11:44:34.293374074Z	48	PC: 1374c \| Get DOS version
2018-12-25T11:44:34.295052034Z	241	PC: 1375b \| UNKNOWN!
2018-12-25T11:44:34.296220273Z	98	PC: 13772 \| Get current PSP
2018-12-25T11:44:34.298395813Z	88	PC: 1377f \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.300567596Z	88	PC: 1378a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.302093249Z	88	PC: 1378f \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.303600702Z	88	PC: 1379a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.306507284Z	88	PC: 13804 \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.308181747Z	88	PC: 1380a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.309660896Z	74	PC: 1381e \| Reallocate memory
2018-12-25T11:44:34.316152934Z	74	PC: 1382a \| Reallocate memory
2018-12-25T11:44:34.317756706Z	53	PC: 13852 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:34.319180488Z	53	PC: 13870 \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T11:44:34.323827069Z	82	PC: 13565 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:44:34.325239247Z	53	PC: 138f1 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:44:34.326371877Z	37	PC: 138fc \| Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1935,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:34.693288617Z	42	PC: 13732 \| Get date 0x13732: mov al, 0x72 0x13734: cmp dx, 0x504 0x13738: jb 0x13740 0x1373a: cmp cx, 0x7c9 0x1373e: jae 0x13742 0x13740: mov al, 0xeb 0x13742: mov byte ptr cs:[si - 0xbb9], al 0x13747: mov ah, 0x30 0x13749: cld 0x1374a: int 0x21 0x1374c: xchg ah, al 0x1374e: cmp ax, 0x31d 0x13751: ja 0x13756 0x13753: jmp 0x139e2 0x13756: mov ax, 0xf1e9 0x13759: int 0x21 0x1375b: cmp ax, 0xcade 0x1375e: je 0x13753 0x13760: xor di, di 0x13762: mov ax, 0x40
2018-12-25T11:44:34.698416555Z	48	PC: 1374c \| Get DOS version
2018-12-25T11:44:34.700046165Z	241	PC: 1375b \| UNKNOWN!
2018-12-25T11:44:34.701100251Z	98	PC: 13772 \| Get current PSP
2018-12-25T11:44:34.7034694Z	88	PC: 1377f \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.705195684Z	88	PC: 1378a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.706565928Z	88	PC: 1378f \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.70795201Z	88	PC: 1379a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.71261733Z	88	PC: 13804 \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.714438493Z	88	PC: 1380a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.716048919Z	74	PC: 1381e \| Reallocate memory
2018-12-25T11:44:34.718435067Z	74	PC: 1382a \| Reallocate memory
2018-12-25T11:44:34.723415291Z	53	PC: 13852 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:34.726700649Z	53	PC: 13870 \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T11:44:34.728877074Z	82	PC: 13565 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:44:34.73039091Z	53	PC: 138f1 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:44:34.731821029Z	37	PC: 138fc \| Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":4,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":1935,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:44:34.780250003Z	42	PC: 13732 \| Get date 0x13732: mov al, 0x72 0x13734: cmp dx, 0x504 0x13738: jb 0x13740 0x1373a: cmp cx, 0x7c9 0x1373e: jae 0x13742 0x13740: mov al, 0xeb 0x13742: mov byte ptr cs:[si - 0xbb9], al 0x13747: mov ah, 0x30 0x13749: cld 0x1374a: int 0x21 0x1374c: xchg ah, al 0x1374e: cmp ax, 0x31d 0x13751: ja 0x13756 0x13753: jmp 0x139e2 0x13756: mov ax, 0xf1e9 0x13759: int 0x21 0x1375b: cmp ax, 0xcade 0x1375e: je 0x13753 0x13760: xor di, di 0x13762: mov ax, 0x40
2018-12-25T11:44:34.783587302Z	48	PC: 1374c \| Get DOS version
2018-12-25T11:44:34.785292178Z	241	PC: 1375b \| UNKNOWN!
2018-12-25T11:44:34.786624359Z	98	PC: 13772 \| Get current PSP
2018-12-25T11:44:34.788320207Z	88	PC: 1377f \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.78997859Z	88	PC: 1378a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.791443309Z	88	PC: 1378f \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.792875152Z	88	PC: 1379a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.795421024Z	88	PC: 13804 \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.797487318Z	88	PC: 1380a \| case 0xGet or set allocation strateg:
2018-12-25T11:44:34.799321519Z	74	PC: 1381e \| Reallocate memory
2018-12-25T11:44:34.801738285Z	74	PC: 1382a \| Reallocate memory
2018-12-25T11:44:34.803444313Z	53	PC: 13852 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:44:34.805255292Z	53	PC: 13870 \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T11:44:34.807316894Z	82	PC: 13565 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:44:34.80871128Z	53	PC: 138f1 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:44:34.809898702Z	37	PC: 138fc \| Set interrupt vector (Interrupt = '1' AKA 'Character input')