Sample viewer

vx.netlux.org/Virus.DOS.Mvf.1866

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:13:15.597983459Z	44	PC: 12a93 \| Get time 0x12a93: cmp ax, 0xcdef 0x12a96: jne 0x12a9d 0x12a98: push cs 0x12a99: pop es 0x12a9a: jmp 0x12bf5 0x12a9d: mov ah, 2 0x12a9f: mov byte ptr [si + 0x4f], ah 0x12aa2: mov ah, 0xff 0x12aa4: mov byte ptr [si + 0x5f], ah 0x12aa7: mov ax, 0x3521 0x12aaa: int 0x21 0x12aac: push es 0x12aad: xor ax, ax 0x12aaf: mov es, ax 0x12ab1: mov ax, word ptr es:[0] 0x12ab5: mov word ptr cs:[si + 0x4c], ax 0x12ab9: mov ax, word ptr es:[2] 0x12abd: mov word ptr cs:[si + 0x4e], ax 0x12ac1: mov ax, word ptr es:[0x4c] 0x12ac5: mov di, word ptr es:[0x4e]
2018-12-17T22:13:15.60187246Z	53	PC: 12aac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:13:15.603462833Z	80	PC: 12b16 \| Set current PSP
2018-12-17T22:13:15.605140818Z	37	PC: 13442 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2595,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:04.085956571Z	44	PC: 12a93 \| Get time 0x12a93: cmp ax, 0xcdef 0x12a96: jne 0x12a9d 0x12a98: push cs 0x12a99: pop es 0x12a9a: jmp 0x12bf5 0x12a9d: mov ah, 2 0x12a9f: mov byte ptr [si + 0x4f], ah 0x12aa2: mov ah, 0xff 0x12aa4: mov byte ptr [si + 0x5f], ah 0x12aa7: mov ax, 0x3521 0x12aaa: int 0x21 0x12aac: push es 0x12aad: xor ax, ax 0x12aaf: mov es, ax 0x12ab1: mov ax, word ptr es:[0] 0x12ab5: mov word ptr cs:[si + 0x4c], ax 0x12ab9: mov ax, word ptr es:[2] 0x12abd: mov word ptr cs:[si + 0x4e], ax 0x12ac1: mov ax, word ptr es:[0x4c] 0x12ac5: mov di, word ptr es:[0x4e]
2018-12-25T11:46:04.088656749Z	53	PC: 12aac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:04.089873356Z	80	PC: 12b16 \| Set current PSP
2018-12-25T11:46:04.091189743Z	37	PC: 13442 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2595,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:04.633186387Z	44	PC: 12a93 \| Get time 0x12a93: cmp ax, 0xcdef 0x12a96: jne 0x12a9d 0x12a98: push cs 0x12a99: pop es 0x12a9a: jmp 0x12bf5 0x12a9d: mov ah, 2 0x12a9f: mov byte ptr [si + 0x4f], ah 0x12aa2: mov ah, 0xff 0x12aa4: mov byte ptr [si + 0x5f], ah 0x12aa7: mov ax, 0x3521 0x12aaa: int 0x21 0x12aac: push es 0x12aad: xor ax, ax 0x12aaf: mov es, ax 0x12ab1: mov ax, word ptr es:[0] 0x12ab5: mov word ptr cs:[si + 0x4c], ax 0x12ab9: mov ax, word ptr es:[2] 0x12abd: mov word ptr cs:[si + 0x4e], ax 0x12ac1: mov ax, word ptr es:[0x4c] 0x12ac5: mov di, word ptr es:[0x4e]
2018-12-25T11:46:04.640757588Z	53	PC: 12aac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:04.642883605Z	80	PC: 12b16 \| Set current PSP
2018-12-25T11:46:04.644705795Z	37	PC: 13442 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":2,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2595,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:04.67138349Z	44	PC: 12a93 \| Get time 0x12a93: cmp ax, 0xcdef 0x12a96: jne 0x12a9d 0x12a98: push cs 0x12a99: pop es 0x12a9a: jmp 0x12bf5 0x12a9d: mov ah, 2 0x12a9f: mov byte ptr [si + 0x4f], ah 0x12aa2: mov ah, 0xff 0x12aa4: mov byte ptr [si + 0x5f], ah 0x12aa7: mov ax, 0x3521 0x12aaa: int 0x21 0x12aac: push es 0x12aad: xor ax, ax 0x12aaf: mov es, ax 0x12ab1: mov ax, word ptr es:[0] 0x12ab5: mov word ptr cs:[si + 0x4c], ax 0x12ab9: mov ax, word ptr es:[2] 0x12abd: mov word ptr cs:[si + 0x4e], ax 0x12ac1: mov ax, word ptr es:[0x4c] 0x12ac5: mov di, word ptr es:[0x4e]
2018-12-25T11:46:04.674763719Z	53	PC: 12aac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:04.676490321Z	80	PC: 12b16 \| Set current PSP
2018-12-25T11:46:04.67791029Z	37	PC: 13442 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":13,"Month":8,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2595,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:46:04.831752677Z	44	PC: 12a93 \| Get time 0x12a93: cmp ax, 0xcdef 0x12a96: jne 0x12a9d 0x12a98: push cs 0x12a99: pop es 0x12a9a: jmp 0x12bf5 0x12a9d: mov ah, 2 0x12a9f: mov byte ptr [si + 0x4f], ah 0x12aa2: mov ah, 0xff 0x12aa4: mov byte ptr [si + 0x5f], ah 0x12aa7: mov ax, 0x3521 0x12aaa: int 0x21 0x12aac: push es 0x12aad: xor ax, ax 0x12aaf: mov es, ax 0x12ab1: mov ax, word ptr es:[0] 0x12ab5: mov word ptr cs:[si + 0x4c], ax 0x12ab9: mov ax, word ptr es:[2] 0x12abd: mov word ptr cs:[si + 0x4e], ax 0x12ac1: mov ax, word ptr es:[0x4c] 0x12ac5: mov di, word ptr es:[0x4e]
2018-12-25T11:46:04.835200322Z	53	PC: 12aac \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:04.836520214Z	80	PC: 12b16 \| Set current PSP
2018-12-25T11:46:04.838064348Z	37	PC: 13442 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')