Sample viewer

vx.netlux.org/Virus.DOS.G2.OJ

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:11:41.599513104Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 6 0x12a47: jne 0x12a63 0x12a49: cmp dl, 0xc 0x12a4c: jne 0x12a63 0x12a4e: mov ah, 9 0x12a50: lea dx, word ptr [bp + 0x2b3] 0x12a54: int 0x21 0x12a56: mov al, 2 0x12a58: mov cx, 0x13e6 0x12a5b: cli 0x12a5c: cdq 0x12a5d: int 0x26 0x12a5f: sti 0x12a60: call 0x12a64 0x12a63: ret 0x12a64: pop bp 0x12a65: sub bp, 0x124 0x12a69: push es 0x12a6a: push ds 0x12a6b: push cs

{"DateBased":true,"Day":12,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2422,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:47.127324895Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 6 0x12a47: jne 0x12a63 0x12a49: cmp dl, 0xc 0x12a4c: jne 0x12a63 0x12a4e: mov ah, 9 0x12a50: lea dx, word ptr [bp + 0x2b3] 0x12a54: int 0x21 0x12a56: mov al, 2 0x12a58: mov cx, 0x13e6 0x12a5b: cli 0x12a5c: cdq 0x12a5d: int 0x26 0x12a5f: sti 0x12a60: call 0x12a64 0x12a63: ret 0x12a64: pop bp 0x12a65: sub bp, 0x124 0x12a69: push es 0x12a6a: push ds 0x12a6b: push cs
2018-12-25T11:45:47.130137548Z	9	PC: 12a56 \| Display string (Could not find end pointer)
2018-12-25T11:45:47.14208Z	71	PC: 12a78 \| Get current directory
2018-12-25T11:45:47.145051631Z	26	PC: 12a80 \| Set disk transfer address
2018-12-25T11:45:47.146277001Z	53	PC: 12a87 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:45:47.147753288Z	37	PC: 12a90 \| Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T11:45:47.149113248Z	78	PC: 12afe \| Find first file
2018-12-25T11:45:47.150830856Z	59	PC: 12ab8 \| Change current directory
2018-12-25T11:45:47.153077787Z	59	PC: 12ac6 \| Change current directory
2018-12-25T11:45:47.157525789Z	26	PC: 12ace \| Set disk transfer address
2018-12-25T11:45:47.158720435Z	78	PC: 12afe \| Find first file (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2422,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:48.413804347Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 6 0x12a47: jne 0x12a63 0x12a49: cmp dl, 0xc 0x12a4c: jne 0x12a63 0x12a4e: mov ah, 9 0x12a50: lea dx, word ptr [bp + 0x2b3] 0x12a54: int 0x21 0x12a56: mov al, 2 0x12a58: mov cx, 0x13e6 0x12a5b: cli 0x12a5c: cdq 0x12a5d: int 0x26 0x12a5f: sti 0x12a60: call 0x12a64 0x12a63: ret 0x12a64: pop bp 0x12a65: sub bp, 0x124 0x12a69: push es 0x12a6a: push ds 0x12a6b: push cs

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2422,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:45:48.720252265Z	42	PC: 12a44 \| Get date 0x12a44: cmp dh, 6 0x12a47: jne 0x12a63 0x12a49: cmp dl, 0xc 0x12a4c: jne 0x12a63 0x12a4e: mov ah, 9 0x12a50: lea dx, word ptr [bp + 0x2b3] 0x12a54: int 0x21 0x12a56: mov al, 2 0x12a58: mov cx, 0x13e6 0x12a5b: cli 0x12a5c: cdq 0x12a5d: int 0x26 0x12a5f: sti 0x12a60: call 0x12a64 0x12a63: ret 0x12a64: pop bp 0x12a65: sub bp, 0x124 0x12a69: push es 0x12a6a: push ds 0x12a6b: push cs