Sample viewer

vx.netlux.org/Virus.DOS.Jessica.1234

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:09:26.812033252Z	42	PC: 13987 \| Get date 0x13987: cmp dh, 8 0x1398a: jne 0x139b2 0x1398c: cmp dl, 0xa 0x1398f: jne 0x139b2 0x13991: cmp bh, 0 0x13994: jne 0x139b2 0x13996: push cs 0x13997: pop ds 0x13998: push si 0x13999: push cx 0x1399a: mov si, 0x5a2 0x1399d: mov cx, 0x35 0x139a0: mov al, byte ptr [si] 0x139a2: xor al, 0xa9 0x139a4: mov byte ptr [si], al 0x139a6: inc si 0x139a7: loop 0x139a0 0x139a9: pop cx 0x139aa: pop si 0x139ab: mov ah, 9
2018-12-17T22:09:26.823063615Z	238	PC: 139c8 \| UNKNOWN!
2018-12-17T22:09:26.824110157Z	53	PC: 139d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":10,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2175,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:03.056652202Z	42	PC: 13987 \| Get date 0x13987: cmp dh, 8 0x1398a: jne 0x139b2 0x1398c: cmp dl, 0xa 0x1398f: jne 0x139b2 0x13991: cmp bh, 0 0x13994: jne 0x139b2 0x13996: push cs 0x13997: pop ds 0x13998: push si 0x13999: push cx 0x1399a: mov si, 0x5a2 0x1399d: mov cx, 0x35 0x139a0: mov al, byte ptr [si] 0x139a2: xor al, 0xa9 0x139a4: mov byte ptr [si], al 0x139a6: inc si 0x139a7: loop 0x139a0 0x139a9: pop cx 0x139aa: pop si 0x139ab: mov ah, 9
2018-12-25T11:45:03.059632424Z	238	PC: 139c8 \| UNKNOWN!
2018-12-25T11:45:03.061643255Z	53	PC: 139d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2175,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:03.186658559Z	42	PC: 13987 \| Get date 0x13987: cmp dh, 8 0x1398a: jne 0x139b2 0x1398c: cmp dl, 0xa 0x1398f: jne 0x139b2 0x13991: cmp bh, 0 0x13994: jne 0x139b2 0x13996: push cs 0x13997: pop ds 0x13998: push si 0x13999: push cx 0x1399a: mov si, 0x5a2 0x1399d: mov cx, 0x35 0x139a0: mov al, byte ptr [si] 0x139a2: xor al, 0xa9 0x139a4: mov byte ptr [si], al 0x139a6: inc si 0x139a7: loop 0x139a0 0x139a9: pop cx 0x139aa: pop si 0x139ab: mov ah, 9
2018-12-25T11:45:03.189463346Z	238	PC: 139c8 \| UNKNOWN!
2018-12-25T11:45:03.190751844Z	53	PC: 139d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2175,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:04.258134953Z	42	PC: 13987 \| Get date 0x13987: cmp dh, 8 0x1398a: jne 0x139b2 0x1398c: cmp dl, 0xa 0x1398f: jne 0x139b2 0x13991: cmp bh, 0 0x13994: jne 0x139b2 0x13996: push cs 0x13997: pop ds 0x13998: push si 0x13999: push cx 0x1399a: mov si, 0x5a2 0x1399d: mov cx, 0x35 0x139a0: mov al, byte ptr [si] 0x139a2: xor al, 0xa9 0x139a4: mov byte ptr [si], al 0x139a6: inc si 0x139a7: loop 0x139a0 0x139a9: pop cx 0x139aa: pop si 0x139ab: mov ah, 9
2018-12-25T11:45:04.26073757Z	238	PC: 139c8 \| UNKNOWN!
2018-12-25T11:45:04.261611511Z	53	PC: 139d2 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')