Sample viewer

vx.netlux.org/Virus.DOS.Hydra.1162

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:11:03.036019945Z	42	PC: 12d2e \| Get date 0x12d2e: cmp cx, 0x7cb 0x12d32: jb 0x12d52 0x12d34: cmp dl, dh 0x12d36: jne 0x12d52 0x12d38: and dl, 3 0x12d3b: cmp dl, 1 0x12d3e: jne 0x12d52 0x12d40: mov word ptr es:[0x4f4], 0xfeda 0x12d47: mov dx, 0x441 0x12d4a: mov ah, 9 0x12d4c: int 0x21 0x12d4e: pop es 0x12d4f: pop ax 0x12d50: jmp 0x12cef 0x12d52: pop es 0x12d53: ret 0x12d54: push es 0x12d55: mov ax, 0x3025 0x12d58: mov bx, 0x1073 0x12d5b: mov cx, 0xfeda
2018-12-17T22:11:03.046471149Z	48	PC: 12d60 \| Get DOS version
2018-12-17T22:11:03.047555544Z	53	PC: 9f6df \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:11:03.048538825Z	37	PC: 9f6ef \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:11:03.050070542Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-17T22:11:03.053099004Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2355,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:34.366421483Z	42	PC: 12d2e \| Get date 0x12d2e: cmp cx, 0x7cb 0x12d32: jb 0x12d52 0x12d34: cmp dl, dh 0x12d36: jne 0x12d52 0x12d38: and dl, 3 0x12d3b: cmp dl, 1 0x12d3e: jne 0x12d52 0x12d40: mov word ptr es:[0x4f4], 0xfeda 0x12d47: mov dx, 0x441 0x12d4a: mov ah, 9 0x12d4c: int 0x21 0x12d4e: pop es 0x12d4f: pop ax 0x12d50: jmp 0x12cef 0x12d52: pop es 0x12d53: ret 0x12d54: push es 0x12d55: mov ax, 0x3025 0x12d58: mov bx, 0x1073 0x12d5b: mov cx, 0xfeda
2018-12-25T11:45:34.376760507Z	48	PC: 12d60 \| Get DOS version
2018-12-25T11:45:34.377983237Z	53	PC: 9f6df \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:34.379165393Z	37	PC: 9f6ef \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:34.381182436Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T11:45:34.386384287Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2355,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:34.455107431Z	42	PC: 12d2e \| Get date 0x12d2e: cmp cx, 0x7cb 0x12d32: jb 0x12d52 0x12d34: cmp dl, dh 0x12d36: jne 0x12d52 0x12d38: and dl, 3 0x12d3b: cmp dl, 1 0x12d3e: jne 0x12d52 0x12d40: mov word ptr es:[0x4f4], 0xfeda 0x12d47: mov dx, 0x441 0x12d4a: mov ah, 9 0x12d4c: int 0x21 0x12d4e: pop es 0x12d4f: pop ax 0x12d50: jmp 0x12cef 0x12d52: pop es 0x12d53: ret 0x12d54: push es 0x12d55: mov ax, 0x3025 0x12d58: mov bx, 0x1073 0x12d5b: mov cx, 0xfeda
2018-12-25T11:45:34.458438665Z	9	PC: 12d4e \| Display string (Could not find end pointer)
2018-12-25T11:45:34.468419376Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T11:45:34.474639919Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2355,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:34.634506834Z	42	PC: 12d2e \| Get date 0x12d2e: cmp cx, 0x7cb 0x12d32: jb 0x12d52 0x12d34: cmp dl, dh 0x12d36: jne 0x12d52 0x12d38: and dl, 3 0x12d3b: cmp dl, 1 0x12d3e: jne 0x12d52 0x12d40: mov word ptr es:[0x4f4], 0xfeda 0x12d47: mov dx, 0x441 0x12d4a: mov ah, 9 0x12d4c: int 0x21 0x12d4e: pop es 0x12d4f: pop ax 0x12d50: jmp 0x12cef 0x12d52: pop es 0x12d53: ret 0x12d54: push es 0x12d55: mov ax, 0x3025 0x12d58: mov bx, 0x1073 0x12d5b: mov cx, 0xfeda
2018-12-25T11:45:34.636990313Z	48	PC: 12d60 \| Get DOS version
2018-12-25T11:45:34.639449345Z	53	PC: 9f6df \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:34.641147191Z	37	PC: 9f6ef \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:34.642875359Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T11:45:34.652261341Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":2,"Month":2,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2355,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:34.633158383Z	42	PC: 12d2e \| Get date 0x12d2e: cmp cx, 0x7cb 0x12d32: jb 0x12d52 0x12d34: cmp dl, dh 0x12d36: jne 0x12d52 0x12d38: and dl, 3 0x12d3b: cmp dl, 1 0x12d3e: jne 0x12d52 0x12d40: mov word ptr es:[0x4f4], 0xfeda 0x12d47: mov dx, 0x441 0x12d4a: mov ah, 9 0x12d4c: int 0x21 0x12d4e: pop es 0x12d4f: pop ax 0x12d50: jmp 0x12cef 0x12d52: pop es 0x12d53: ret 0x12d54: push es 0x12d55: mov ax, 0x3025 0x12d58: mov bx, 0x1073 0x12d5b: mov cx, 0xfeda
2018-12-25T11:45:34.639517935Z	48	PC: 12d60 \| Get DOS version
2018-12-25T11:45:34.640687947Z	53	PC: 9f6df \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:34.641801887Z	37	PC: 9f6ef \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:34.643432115Z	9	PC: 12c22 \| Display string (Could not find end pointer)
2018-12-25T11:45:34.648609352Z	76	PC: 12c28 \| Terminate with return code (Return code = '0')