Sample viewer

vx.netlux.org/Virus.DOS.HH&HH.4091.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:09:41.911730132Z 37 PC: 12ad7 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:09:41.913081129Z 42 PC: 12adb | Get date 0x12adb: cmp al, 1
0x12add: jne 0x12ae7
0x12adf: dec al
0x12ae1: out 0xa0, al
0x12ae3: mov al, 0xb0
0x12ae5: out 0x41, al
0x12ae7: mov ax, cs
0x12ae9: mov ds, ax
0x12aeb: mov es, ax
0x12aed: pop ax
0x12aee: push cs
0x12aef: mov cx, 0x100
0x12af2: push cx
0x12af3: mov cx, word ptr [0xfe]
0x12af7: sub cx, 0x100
0x12afb: retf
0x12afc: int 0x20
0x12afe: nop
0x12aff: mov ax, 0xe000
0x12b02: mov ds, ax

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2201,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:07.430373165Z 37 PC: 12ad7 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:07.431564854Z 42 PC: 12adb | Get date 0x12adb: cmp al, 1
0x12add: jne 0x12ae7
0x12adf: dec al
0x12ae1: out 0xa0, al
0x12ae3: mov al, 0xb0
0x12ae5: out 0x41, al
0x12ae7: mov ax, cs
0x12ae9: mov ds, ax
0x12aeb: mov es, ax
0x12aed: pop ax
0x12aee: push cs
0x12aef: mov cx, 0x100
0x12af2: push cx
0x12af3: mov cx, word ptr [0xfe]
0x12af7: sub cx, 0x100
0x12afb: retf
0x12afc: int 0x20
0x12afe: nop
0x12aff: mov ax, 0xe000
0x12b02: mov ds, ax

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2201,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:07.499432074Z 37 PC: 12ad7 | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:45:07.500856794Z 42 PC: 12adb | Get date 0x12adb: cmp al, 1
0x12add: jne 0x12ae7
0x12adf: dec al
0x12ae1: out 0xa0, al
0x12ae3: mov al, 0xb0
0x12ae5: out 0x41, al
0x12ae7: mov ax, cs
0x12ae9: mov ds, ax
0x12aeb: mov es, ax
0x12aed: pop ax
0x12aee: push cs
0x12aef: mov cx, 0x100
0x12af2: push cx
0x12af3: mov cx, word ptr [0xfe]
0x12af7: sub cx, 0x100
0x12afb: retf
0x12afc: int 0x20
0x12afe: nop
0x12aff: mov ax, 0xe000
0x12b02: mov ds, ax