Sample viewer

vx.netlux.org/Virus.DOS.Rage.2341

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:10:59.046389573Z 42 PC: 1df00 | Get date 0x1df00: cmp dx, 0x510
0x1df04: je 0x1df37
0x1df06: cmp dx, 0xa1b
0x1df0a: je 0x1df37
0x1df0c: cmp al, 0
0x1df0e: je 0x1df14
0x1df10: cmp al, 1
0x1df12: jne 0x1df45
0x1df14: mov al, 4
0x1df16: out 0x70, al
0x1df18: in al, 0x71
0x1df1a: mov dh, al
0x1df1c: mov al, 2
0x1df1e: out 0x70, al
0x1df20: in al, 0x71
0x1df22: mov dl, al
0x1df24: sti
0x1df25: cmp dx, 0x516
0x1df29: je 0x1df37
0x1df2b: cmp dx, 0x1027
2018-12-17T22:10:59.049306505Z 74 PC: 1df67 | Reallocate memory
2018-12-17T22:10:59.050864478Z 72 PC: 1df6e | Allocate memory
2018-12-17T22:10:59.052719021Z 52 PC: 1df91 | Get InDOS flag pointer
2018-12-17T22:10:59.058755771Z 48 PC: 12d2c | Get DOS version
2018-12-17T22:10:59.060380476Z 74 PC: 12da1 | Reallocate memory
2018-12-17T22:10:59.063023998Z 48 PC: 13018 | Get DOS version
2018-12-17T22:10:59.066583361Z 53 PC: 12e17 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:59.068076476Z 37 PC: 12e29 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:10:59.069593758Z 68 PC: 12ebe | I/O control for devices (Set for = '�B')
2018-12-17T22:10:59.07225258Z 68 PC: 12ebe | I/O control for devices (Set for = '�/������������')
2018-12-17T22:10:59.07390727Z 68 PC: 12ebe | I/O control for devices (Set for = '�s������������������������')
2018-12-17T22:10:59.075946283Z 68 PC: 12ebe | I/O control for devices (Set for = '�������')
2018-12-17T22:10:59.078610878Z 68 PC: 12ebe | I/O control for devices (Set for = '�������')

{"DateBased":true,"Day":27,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2345,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:33.621832594Z 42 PC: 1df00 | Get date 0x1df00: cmp dx, 0x510
0x1df04: je 0x1df37
0x1df06: cmp dx, 0xa1b
0x1df0a: je 0x1df37
0x1df0c: cmp al, 0
0x1df0e: je 0x1df14
0x1df10: cmp al, 1
0x1df12: jne 0x1df45
0x1df14: mov al, 4
0x1df16: out 0x70, al
0x1df18: in al, 0x71
0x1df1a: mov dh, al
0x1df1c: mov al, 2
0x1df1e: out 0x70, al
0x1df20: in al, 0x71
0x1df22: mov dl, al
0x1df24: sti
0x1df25: cmp dx, 0x516
0x1df29: je 0x1df37
0x1df2b: cmp dx, 0x1027
2018-12-25T11:45:33.62444472Z 9 PC: 1df3e | Display string (Could not find end pointer)
2018-12-25T11:45:33.654841764Z 1 PC: 1df42 | Character input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2345,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:33.683017469Z 42 PC: 1df00 | Get date 0x1df00: cmp dx, 0x510
0x1df04: je 0x1df37
0x1df06: cmp dx, 0xa1b
0x1df0a: je 0x1df37
0x1df0c: cmp al, 0
0x1df0e: je 0x1df14
0x1df10: cmp al, 1
0x1df12: jne 0x1df45
0x1df14: mov al, 4
0x1df16: out 0x70, al
0x1df18: in al, 0x71
0x1df1a: mov dh, al
0x1df1c: mov al, 2
0x1df1e: out 0x70, al
0x1df20: in al, 0x71
0x1df22: mov dl, al
0x1df24: sti
0x1df25: cmp dx, 0x516
0x1df29: je 0x1df37
0x1df2b: cmp dx, 0x1027
2018-12-25T11:45:33.685911635Z 74 PC: 1df67 | Reallocate memory
2018-12-25T11:45:33.687201962Z 72 PC: 1df6e | Allocate memory
2018-12-25T11:45:33.688882617Z 52 PC: 1df91 | Get InDOS flag pointer
2018-12-25T11:45:33.696747119Z 48 PC: 12d2c | Get DOS version
2018-12-25T11:45:33.697886191Z 74 PC: 12da1 | Reallocate memory
2018-12-25T11:45:33.699946711Z 48 PC: 13018 | Get DOS version
2018-12-25T11:45:33.701320908Z 53 PC: 12e17 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:33.702449672Z 37 PC: 12e29 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:33.703638786Z 68 PC: 12ebe | I/O control for devices (Set for = '�B')
2018-12-25T11:45:33.705061105Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:33.70633697Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:33.707615568Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:33.709272551Z 68 PC: 12ebe | I/O control for devices (See above)

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2345,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:33.85921155Z 42 PC: 1df00 | Get date 0x1df00: cmp dx, 0x510
0x1df04: je 0x1df37
0x1df06: cmp dx, 0xa1b
0x1df0a: je 0x1df37
0x1df0c: cmp al, 0
0x1df0e: je 0x1df14
0x1df10: cmp al, 1
0x1df12: jne 0x1df45
0x1df14: mov al, 4
0x1df16: out 0x70, al
0x1df18: in al, 0x71
0x1df1a: mov dh, al
0x1df1c: mov al, 2
0x1df1e: out 0x70, al
0x1df20: in al, 0x71
0x1df22: mov dl, al
0x1df24: sti
0x1df25: cmp dx, 0x516
0x1df29: je 0x1df37
0x1df2b: cmp dx, 0x1027
2018-12-25T11:45:33.862339098Z 74 PC: 1df67 | Reallocate memory
2018-12-25T11:45:33.864026605Z 72 PC: 1df6e | Allocate memory
2018-12-25T11:45:33.866278292Z 52 PC: 1df91 | Get InDOS flag pointer
2018-12-25T11:45:33.872293839Z 48 PC: 12d2c | Get DOS version
2018-12-25T11:45:33.873665753Z 74 PC: 12da1 | Reallocate memory
2018-12-25T11:45:33.876083183Z 48 PC: 13018 | Get DOS version
2018-12-25T11:45:33.878174534Z 53 PC: 12e17 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:33.879704551Z 37 PC: 12e29 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:33.881306452Z 68 PC: 12ebe | I/O control for devices (Set for = '�B')
2018-12-25T11:45:33.885871593Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:33.887296618Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:33.888819847Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:33.890914679Z 68 PC: 12ebe | I/O control for devices (See above)

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2345,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:34.074174909Z 42 PC: 1df00 | Get date 0x1df00: cmp dx, 0x510
0x1df04: je 0x1df37
0x1df06: cmp dx, 0xa1b
0x1df0a: je 0x1df37
0x1df0c: cmp al, 0
0x1df0e: je 0x1df14
0x1df10: cmp al, 1
0x1df12: jne 0x1df45
0x1df14: mov al, 4
0x1df16: out 0x70, al
0x1df18: in al, 0x71
0x1df1a: mov dh, al
0x1df1c: mov al, 2
0x1df1e: out 0x70, al
0x1df20: in al, 0x71
0x1df22: mov dl, al
0x1df24: sti
0x1df25: cmp dx, 0x516
0x1df29: je 0x1df37
0x1df2b: cmp dx, 0x1027
2018-12-25T11:45:34.07819035Z 74 PC: 1df67 | Reallocate memory
2018-12-25T11:45:34.079609859Z 72 PC: 1df6e | Allocate memory
2018-12-25T11:45:34.08128594Z 52 PC: 1df91 | Get InDOS flag pointer
2018-12-25T11:45:34.092265392Z 48 PC: 12d2c | Get DOS version
2018-12-25T11:45:34.093703074Z 74 PC: 12da1 | Reallocate memory
2018-12-25T11:45:34.096131619Z 48 PC: 13018 | Get DOS version
2018-12-25T11:45:34.10770681Z 53 PC: 12e17 | Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:34.109697718Z 37 PC: 12e29 | Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T11:45:34.11134464Z 68 PC: 12ebe | I/O control for devices (Set for = '�B')
2018-12-25T11:45:34.112872068Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:34.115069422Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:34.116839452Z 68 PC: 12ebe | I/O control for devices (See above)
2018-12-25T11:45:34.118444493Z 68 PC: 12ebe | I/O control for devices (See above)

{"DateBased":true,"Day":16,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2345,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:45:34.262923945Z 42 PC: 1df00 | Get date 0x1df00: cmp dx, 0x510
0x1df04: je 0x1df37
0x1df06: cmp dx, 0xa1b
0x1df0a: je 0x1df37
0x1df0c: cmp al, 0
0x1df0e: je 0x1df14
0x1df10: cmp al, 1
0x1df12: jne 0x1df45
0x1df14: mov al, 4
0x1df16: out 0x70, al
0x1df18: in al, 0x71
0x1df1a: mov dh, al
0x1df1c: mov al, 2
0x1df1e: out 0x70, al
0x1df20: in al, 0x71
0x1df22: mov dl, al
0x1df24: sti
0x1df25: cmp dx, 0x516
0x1df29: je 0x1df37
0x1df2b: cmp dx, 0x1027
2018-12-25T11:45:34.270845799Z 9 PC: 1df3e | Display string (Could not find end pointer)
2018-12-25T11:45:34.302055619Z 1 PC: 1df42 | Character input