Sample viewer

vx.netlux.org/Virus.DOS.Andromeda.758.d

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:10:32.703313691Z	42	PC: 15670 \| Get date 0x15670: cmp dl, 0xa 0x15673: jne 0x15687 0x15675: nop 0x15676: nop 0x15677: nop 0x15678: nop 0x15679: nop 0x1567a: mov bx, 0x100 0x1567d: mov al, 0 0x1567f: mov cx, 0xd 0x15682: mov dx, 1 0x15685: int 0x26 0x15687: mov ah, 0x30 0x15689: mov si, 0x1234 0x1568c: int 0x21 0x1568e: cmp di, -0x23 0x15691: jne 0x156ab 0x15693: pop bx 0x15694: push bx 0x15695: mov si, 0x3e1
2018-12-17T22:10:32.717420635Z	48	PC: 1568e \| Get DOS version
2018-12-17T22:10:32.71859081Z	38	PC: 156ce \| Create PSP
2018-12-17T22:10:32.719837976Z	53	PC: 156fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:32.722148979Z	37	PC: 1571b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:32.723576739Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-17T22:10:32.72535961Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2298,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:25.431982045Z	42	PC: 15670 \| Get date 0x15670: cmp dl, 0xa 0x15673: jne 0x15687 0x15675: nop 0x15676: nop 0x15677: nop 0x15678: nop 0x15679: nop 0x1567a: mov bx, 0x100 0x1567d: mov al, 0 0x1567f: mov cx, 0xd 0x15682: mov dx, 1 0x15685: int 0x26 0x15687: mov ah, 0x30 0x15689: mov si, 0x1234 0x1568c: int 0x21 0x1568e: cmp di, -0x23 0x15691: jne 0x156ab 0x15693: pop bx 0x15694: push bx 0x15695: mov si, 0x3e1
2018-12-25T11:45:25.434083173Z	48	PC: 1568e \| Get DOS version
2018-12-25T11:45:25.435789025Z	38	PC: 156ce \| Create PSP
2018-12-25T11:45:25.437305238Z	53	PC: 156fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:25.438689954Z	37	PC: 1571b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:25.440343618Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-25T11:45:25.442535165Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":10,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2298,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:25.479483505Z	42	PC: 15670 \| Get date 0x15670: cmp dl, 0xa 0x15673: jne 0x15687 0x15675: nop 0x15676: nop 0x15677: nop 0x15678: nop 0x15679: nop 0x1567a: mov bx, 0x100 0x1567d: mov al, 0 0x1567f: mov cx, 0xd 0x15682: mov dx, 1 0x15685: int 0x26 0x15687: mov ah, 0x30 0x15689: mov si, 0x1234 0x1568c: int 0x21 0x1568e: cmp di, -0x23 0x15691: jne 0x156ab 0x15693: pop bx 0x15694: push bx 0x15695: mov si, 0x3e1
2018-12-25T11:45:25.74247812Z	48	PC: 1568e \| Get DOS version
2018-12-25T11:45:25.744499531Z	38	PC: 156ce \| Create PSP
2018-12-25T11:45:25.746978934Z	53	PC: 156fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:25.749623263Z	37	PC: 1571b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2298,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:25.487371623Z	42	PC: 15670 \| Get date 0x15670: cmp dl, 0xa 0x15673: jne 0x15687 0x15675: nop 0x15676: nop 0x15677: nop 0x15678: nop 0x15679: nop 0x1567a: mov bx, 0x100 0x1567d: mov al, 0 0x1567f: mov cx, 0xd 0x15682: mov dx, 1 0x15685: int 0x26 0x15687: mov ah, 0x30 0x15689: mov si, 0x1234 0x1568c: int 0x21 0x1568e: cmp di, -0x23 0x15691: jne 0x156ab 0x15693: pop bx 0x15694: push bx 0x15695: mov si, 0x3e1
2018-12-25T11:45:25.490576604Z	48	PC: 1568e \| Get DOS version
2018-12-25T11:45:25.491815123Z	38	PC: 156ce \| Create PSP
2018-12-25T11:45:25.49720057Z	53	PC: 156fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:25.501591734Z	37	PC: 1571b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:25.503804452Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-25T11:45:25.507242955Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2298,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:25.842996814Z	42	PC: 15670 \| Get date 0x15670: cmp dl, 0xa 0x15673: jne 0x15687 0x15675: nop 0x15676: nop 0x15677: nop 0x15678: nop 0x15679: nop 0x1567a: mov bx, 0x100 0x1567d: mov al, 0 0x1567f: mov cx, 0xd 0x15682: mov dx, 1 0x15685: int 0x26 0x15687: mov ah, 0x30 0x15689: mov si, 0x1234 0x1568c: int 0x21 0x1568e: cmp di, -0x23 0x15691: jne 0x156ab 0x15693: pop bx 0x15694: push bx 0x15695: mov si, 0x3e1
2018-12-25T11:45:25.846694313Z	48	PC: 1568e \| Get DOS version
2018-12-25T11:45:25.848542725Z	38	PC: 156ce \| Create PSP
2018-12-25T11:45:25.85018899Z	53	PC: 156fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:25.851641288Z	37	PC: 1571b \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:25.853837209Z	9	PC: 12a51 \| Display string (String= 'This is a sample!')
2018-12-25T11:45:25.856563984Z	76	PC: 12a56 \| Terminate with return code (Return code = '0')