Sample viewer

vx.netlux.org/Virus.DOS.Xuxa.1413

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:09:21.899019952Z	221	PC: 12a5f \| UNKNOWN!
2018-12-17T22:09:21.900652768Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:21.90181072Z	37	PC: 12a9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:09:21.902889272Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:09:21.90489963Z	37	PC: 12ab2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:09:21.906556636Z	74	PC: 12acd \| Reallocate memory
2018-12-17T22:09:21.908323515Z	75	PC: 12b04 \| Execute program
2018-12-17T22:09:21.923706Z	48	PC: 13d9b \| Get DOS version
2018-12-17T22:09:21.927745273Z	9	PC: 13da7 \| Display string (String= ' Incorrect DOS version ')
2018-12-17T22:09:21.93550195Z	77	PC: 12b08 \| Get program return code
2018-12-17T22:09:21.936959753Z	49	PC: 12b11 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')

{"DateBased":true,"Day":2,"Month":8,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2162,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:02.2308475Z	221	PC: 12a5f \| UNKNOWN!
2018-12-25T11:45:02.232097183Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.234477486Z	37	PC: 12a9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.236059302Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.237727698Z	37	PC: 12ab2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.240182765Z	74	PC: 12acd \| Reallocate memory
2018-12-25T11:45:02.241935602Z	75	PC: 12b04 \| Execute program
2018-12-25T11:45:02.258401374Z	48	PC: 13d9b \| Get DOS version
2018-12-25T11:45:02.26094773Z	9	PC: 13da7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T11:45:02.269454807Z	77	PC: 12b08 \| Get program return code
2018-12-25T11:45:02.271198305Z	49	PC: 12b11 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')

{"DateBased":true,"Day":3,"Month":8,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2162,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:02.243264923Z	221	PC: 12a5f \| UNKNOWN!
2018-12-25T11:45:02.244795225Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.246047575Z	37	PC: 12a9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.247118467Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.249428073Z	37	PC: 12ab2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.251187782Z	74	PC: 12acd \| Reallocate memory
2018-12-25T11:45:02.252692558Z	75	PC: 12b04 \| Execute program
2018-12-25T11:45:02.268900713Z	48	PC: 13d9b \| Get DOS version
2018-12-25T11:45:02.270356735Z	9	PC: 13da7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T11:45:02.277969598Z	77	PC: 12b08 \| Get program return code
2018-12-25T11:45:02.279365781Z	49	PC: 12b11 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2162,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:02.262396323Z	221	PC: 12a5f \| UNKNOWN!
2018-12-25T11:45:02.263881423Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.26503063Z	37	PC: 12a9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.266161467Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.268616927Z	37	PC: 12ab2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.269987245Z	74	PC: 12acd \| Reallocate memory
2018-12-25T11:45:02.271331359Z	75	PC: 12b04 \| Execute program
2018-12-25T11:45:02.286161497Z	48	PC: 13d9b \| Get DOS version
2018-12-25T11:45:02.288084745Z	9	PC: 13da7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T11:45:02.29514293Z	77	PC: 12b08 \| Get program return code
2018-12-25T11:45:02.296416844Z	49	PC: 12b11 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')

{"DateBased":true,"Day":1,"Month":1,"Year":1988,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2162,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:02.247219205Z	221	PC: 12a5f \| UNKNOWN!
2018-12-25T11:45:02.249404767Z	53	PC: 12a8d \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.25123592Z	37	PC: 12a9d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:02.252933295Z	53	PC: 12aa2 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.254637862Z	37	PC: 12ab2 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:02.256426059Z	74	PC: 12acd \| Reallocate memory
2018-12-25T11:45:02.258684701Z	75	PC: 12b04 \| Execute program
2018-12-25T11:45:02.277046468Z	48	PC: 13d9b \| Get DOS version
2018-12-25T11:45:02.279869535Z	9	PC: 13da7 \| Display string (String= ' Incorrect DOS version ')
2018-12-25T11:45:02.289413403Z	77	PC: 12b08 \| Get program return code
2018-12-25T11:45:02.291367925Z	49	PC: 12b11 \| Terminate and stay resident (Return code = '0' \| Memory size = '105')