Sample viewer

vx.netlux.org/Virus.DOS.MtE.Coffeeshop

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:14:01.412686609Z 48 PC: 12cb8 | Get DOS version
2018-12-17T22:14:01.414442419Z 51 PC: 12cc4 | Get or set Ctrl-Break
2018-12-17T22:14:01.415407467Z 53 PC: 12d00 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:14:01.416589665Z 37 PC: 12d10 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:14:01.41864712Z 42 PC: 12d1a | Get date 0x12d1a: cmp al, 5
0x12d1c: jne 0x12d2b
0x12d1e: mov ah, 0x2c
0x12d20: int 0x21
0x12d22: or dh, dh
0x12d24: jne 0x12d2b
0x12d26: pop ax
0x12d27: push ax
0x12d28: call 0x12d5f
0x12d2b: pop si
0x12d2c: pop di
0x12d2d: pop es
0x12d2e: pop ds
0x12d2f: pop ax
0x12d30: add si, 0xcd0
0x12d34: sub si, di
0x12d36: cmp byte ptr cs:[si + 0x1c], 1
0x12d3b: je 0x12d42
0x12d3d: mov ax, 0x4cff
0x12d40: int 0x21
2018-12-17T22:14:01.420881316Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T22:14:01.427860113Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2682,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:15.096363936Z 48 PC: 12cb8 | Get DOS version
2018-12-25T11:46:15.09805713Z 51 PC: 12cc4 | Get or set Ctrl-Break
2018-12-25T11:46:15.099506519Z 53 PC: 12d00 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:15.100853655Z 37 PC: 12d10 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:15.102213372Z 42 PC: 12d1a | Get date 0x12d1a: cmp al, 5
0x12d1c: jne 0x12d2b
0x12d1e: mov ah, 0x2c
0x12d20: int 0x21
0x12d22: or dh, dh
0x12d24: jne 0x12d2b
0x12d26: pop ax
0x12d27: push ax
0x12d28: call 0x12d5f
0x12d2b: pop si
0x12d2c: pop di
0x12d2d: pop es
0x12d2e: pop ds
0x12d2f: pop ax
0x12d30: add si, 0xcd0
0x12d34: sub si, di
0x12d36: cmp byte ptr cs:[si + 0x1c], 1
0x12d3b: je 0x12d42
0x12d3d: mov ax, 0x4cff
0x12d40: int 0x21
2018-12-25T11:46:15.105511391Z 44 PC: 12d22 | Get time 0x12d22: or dh, dh
0x12d24: jne 0x12d2b
0x12d26: pop ax
0x12d27: push ax
0x12d28: call 0x12d5f
0x12d2b: pop si
0x12d2c: pop di
0x12d2d: pop es
0x12d2e: pop ds
0x12d2f: pop ax
0x12d30: add si, 0xcd0
0x12d34: sub si, di
0x12d36: cmp byte ptr cs:[si + 0x1c], 1
0x12d3b: je 0x12d42
0x12d3d: mov ax, 0x4cff
0x12d40: int 0x21
0x12d42: mov bx, ds
0x12d44: add bx, 0x10
0x12d47: mov cx, bx
0x12d49: add bx, word ptr cs:[si + 0xe]
2018-12-25T11:46:15.108950918Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:46:15.115477074Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2682,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:46:15.113811316Z 48 PC: 12cb8 | Get DOS version
2018-12-25T11:46:15.120209086Z 51 PC: 12cc4 | Get or set Ctrl-Break
2018-12-25T11:46:15.121429352Z 53 PC: 12d00 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:15.122744435Z 37 PC: 12d10 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:46:15.124833048Z 42 PC: 12d1a | Get date 0x12d1a: cmp al, 5
0x12d1c: jne 0x12d2b
0x12d1e: mov ah, 0x2c
0x12d20: int 0x21
0x12d22: or dh, dh
0x12d24: jne 0x12d2b
0x12d26: pop ax
0x12d27: push ax
0x12d28: call 0x12d5f
0x12d2b: pop si
0x12d2c: pop di
0x12d2d: pop es
0x12d2e: pop ds
0x12d2f: pop ax
0x12d30: add si, 0xcd0
0x12d34: sub si, di
0x12d36: cmp byte ptr cs:[si + 0x1c], 1
0x12d3b: je 0x12d42
0x12d3d: mov ax, 0x4cff
0x12d40: int 0x21
2018-12-25T11:46:15.129922581Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:46:15.135852017Z 76 PC: 12c28 | Terminate with return code (Return code = '0')