Sample viewer

vx.netlux.org/Virus.DOS.Xav.Kureluque.5337

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:52.976477161Z 75 PC: 1c937 | Execute program
2018-12-17T22:10:52.978933204Z 53 PC: 1c941 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:52.979917323Z 74 PC: 1c95e | Reallocate memory
2018-12-17T22:10:52.980998822Z 72 PC: 1c965 | Allocate memory
2018-12-17T22:10:52.982708228Z 37 PC: 1c98e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:10:52.983852509Z 42 PC: 1c995 | Get date 0x1c995: cmp dx, 0x501
0x1c999: je 0x1c99e
0x1c99b: jmp 0x1ca44
0x1c99e: mov ah, 0xf
0x1c9a0: int 0x10
0x1c9a2: xor ah, ah
0x1c9a4: push ax
0x1c9a5: mov ax, 0x13
0x1c9a8: int 0x10
0x1c9aa: mov cx, 0x1c
0x1c9ad: xor bx, bx
0x1c9af: lea si, word ptr [bp + 0x42f]
0x1c9b3: mov dx, 0x3c8
0x1c9b6: mov al, bl
0x1c9b8: out dx, al
0x1c9b9: lodsb al, byte ptr [si]
0x1c9ba: mov dx, 0x3c9
0x1c9bd: out dx, al
0x1c9be: lodsb al, byte ptr [si]
0x1c9bf: out dx, al

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2335,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:32.691425448Z 75 PC: 1c937 | Execute program
2018-12-25T11:45:32.693811599Z 53 PC: 1c941 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:32.695383629Z 74 PC: 1c95e | Reallocate memory
2018-12-25T11:45:32.697030018Z 72 PC: 1c965 | Allocate memory
2018-12-25T11:45:32.699392733Z 37 PC: 1c98e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:32.700973974Z 42 PC: 1c995 | Get date 0x1c995: cmp dx, 0x501
0x1c999: je 0x1c99e
0x1c99b: jmp 0x1ca44
0x1c99e: mov ah, 0xf
0x1c9a0: int 0x10
0x1c9a2: xor ah, ah
0x1c9a4: push ax
0x1c9a5: mov ax, 0x13
0x1c9a8: int 0x10
0x1c9aa: mov cx, 0x1c
0x1c9ad: xor bx, bx
0x1c9af: lea si, word ptr [bp + 0x42f]
0x1c9b3: mov dx, 0x3c8
0x1c9b6: mov al, bl
0x1c9b8: out dx, al
0x1c9b9: lodsb al, byte ptr [si]
0x1c9ba: mov dx, 0x3c9
0x1c9bd: out dx, al
0x1c9be: lodsb al, byte ptr [si]
0x1c9bf: out dx, al

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2335,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:32.833143188Z 75 PC: 1c937 | Execute program
2018-12-25T11:45:32.834939376Z 53 PC: 1c941 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:32.835974845Z 74 PC: 1c95e | Reallocate memory
2018-12-25T11:45:32.837157093Z 72 PC: 1c965 | Allocate memory
2018-12-25T11:45:32.839149894Z 37 PC: 1c98e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:32.840134589Z 42 PC: 1c995 | Get date 0x1c995: cmp dx, 0x501
0x1c999: je 0x1c99e
0x1c99b: jmp 0x1ca44
0x1c99e: mov ah, 0xf
0x1c9a0: int 0x10
0x1c9a2: xor ah, ah
0x1c9a4: push ax
0x1c9a5: mov ax, 0x13
0x1c9a8: int 0x10
0x1c9aa: mov cx, 0x1c
0x1c9ad: xor bx, bx
0x1c9af: lea si, word ptr [bp + 0x42f]
0x1c9b3: mov dx, 0x3c8
0x1c9b6: mov al, bl
0x1c9b8: out dx, al
0x1c9b9: lodsb al, byte ptr [si]
0x1c9ba: mov dx, 0x3c9
0x1c9bd: out dx, al
0x1c9be: lodsb al, byte ptr [si]
0x1c9bf: out dx, al