Sample viewer

vx.netlux.org/Virus.DOS.Metallica.1103

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:44.729927373Z 48 PC: 181bf | Get DOS version
2018-12-17T22:10:44.731432974Z 53 PC: 181cb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:44.732631793Z 53 PC: 18216 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:44.733733495Z 37 PC: 18225 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:44.735532685Z 42 PC: 18229 | Get date 0x18229: cmp dx, 0x416
0x1822d: jne 0x18266
0x1822f: sti
0x18230: xor ax, ax
0x18232: mov es, ax
0x18234: mov al, 2
0x18236: out 0x21, al
0x18238: mov dx, word ptr es:[0x463]
0x1823d: mov cx, 9
0x18240: mov al, cl
0x18242: out dx, al
0x18243: inc dx
0x18244: mov al, byte ptr es:[0x46c]
0x18248: out dx, al
0x18249: shl al, 1
0x1824b: shl al, 1
0x1824d: out dx, al
0x1824e: dec dx
0x1824f: loop 0x18240
0x18251: jmp 0x1823d
2018-12-17T22:10:44.737675045Z 9 PC: 12a54 | Display string (Could not find end pointer)
2018-12-17T22:10:44.739786346Z 76 PC: 12a59 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2317,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:30.248666293Z 48 PC: 181bf | Get DOS version
2018-12-25T11:45:30.250432783Z 53 PC: 181cb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:30.252339009Z 53 PC: 18216 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:30.254334907Z 37 PC: 18225 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:30.256526675Z 42 PC: 18229 | Get date 0x18229: cmp dx, 0x416
0x1822d: jne 0x18266
0x1822f: sti
0x18230: xor ax, ax
0x18232: mov es, ax
0x18234: mov al, 2
0x18236: out 0x21, al
0x18238: mov dx, word ptr es:[0x463]
0x1823d: mov cx, 9
0x18240: mov al, cl
0x18242: out dx, al
0x18243: inc dx
0x18244: mov al, byte ptr es:[0x46c]
0x18248: out dx, al
0x18249: shl al, 1
0x1824b: shl al, 1
0x1824d: out dx, al
0x1824e: dec dx
0x1824f: loop 0x18240
0x18251: jmp 0x1823d
2018-12-25T11:45:30.25877641Z 9 PC: 12a54 | Display string (Could not find end pointer)
2018-12-25T11:45:30.261000005Z 76 PC: 12a59 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":22,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2317,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:30.258577374Z 48 PC: 181bf | Get DOS version
2018-12-25T11:45:30.26439185Z 53 PC: 181cb | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:30.26552113Z 53 PC: 18216 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:30.26648391Z 37 PC: 18225 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:30.276484867Z 42 PC: 18229 | Get date 0x18229: cmp dx, 0x416
0x1822d: jne 0x18266
0x1822f: sti
0x18230: xor ax, ax
0x18232: mov es, ax
0x18234: mov al, 2
0x18236: out 0x21, al
0x18238: mov dx, word ptr es:[0x463]
0x1823d: mov cx, 9
0x18240: mov al, cl
0x18242: out dx, al
0x18243: inc dx
0x18244: mov al, byte ptr es:[0x46c]
0x18248: out dx, al
0x18249: shl al, 1
0x1824b: shl al, 1
0x1824d: out dx, al
0x1824e: dec dx
0x1824f: loop 0x18240
0x18251: jmp 0x1823d