Sample viewer

vx.netlux.org/Virus.DOS.Lilo.1573

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:52:44.966905538Z	45	PC: 12e5d \| Set time
2018-12-17T21:52:44.978150643Z	53	PC: 12e9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:44.979590627Z	37	PC: 12eaa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:52:44.980996838Z	42	PC: 12eb3 \| Get date 0x12eb3: cmp dl, 0xd 0x12eb6: jne 0x12f05 0x12eb8: mov ah, 0x2c 0x12eba: int 0x21 0x12ebc: cmp ch, 0xc 0x12ebf: jne 0x12f05 0x12ec1: cmp cl, 5 0x12ec4: jae 0x12f05 0x12ec6: cmp cl, 0 0x12ec9: jne 0x12edd 0x12ecb: cmp dh, 3 0x12ece: jae 0x12edd 0x12ed0: call 0x131ee 0x12ed3: mov cx, 0x8000 0x12ed6: loop 0x12ed6 0x12ed8: ljmp 0xf000:0xfff0 0x12edd: call 0x131d2 0x12ee0: cmp byte ptr cs:[0x622], 0 0x12ee6: je 0x12ef0 0x12ee8: mov dx, 0x17a
2018-12-17T21:52:44.991553723Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":284,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:24.584798631Z	45	PC: 12e5d \| Set time
2018-12-25T11:40:24.585979304Z	53	PC: 12e9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.587240562Z	37	PC: 12eaa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.588598409Z	42	PC: 12eb3 \| Get date 0x12eb3: cmp dl, 0xd 0x12eb6: jne 0x12f05 0x12eb8: mov ah, 0x2c 0x12eba: int 0x21 0x12ebc: cmp ch, 0xc 0x12ebf: jne 0x12f05 0x12ec1: cmp cl, 5 0x12ec4: jae 0x12f05 0x12ec6: cmp cl, 0 0x12ec9: jne 0x12edd 0x12ecb: cmp dh, 3 0x12ece: jae 0x12edd 0x12ed0: call 0x131ee 0x12ed3: mov cx, 0x8000 0x12ed6: loop 0x12ed6 0x12ed8: ljmp 0xf000:0xfff0 0x12edd: call 0x131d2 0x12ee0: cmp byte ptr cs:[0x622], 0 0x12ee6: je 0x12ef0 0x12ee8: mov dx, 0x17a
2018-12-25T11:40:24.590272129Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":284,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:25.127854731Z	45	PC: 12e5d \| Set time
2018-12-25T11:40:25.129251541Z	53	PC: 12e9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:25.130253158Z	37	PC: 12eaa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:25.131250385Z	42	PC: 12eb3 \| Get date 0x12eb3: cmp dl, 0xd 0x12eb6: jne 0x12f05 0x12eb8: mov ah, 0x2c 0x12eba: int 0x21 0x12ebc: cmp ch, 0xc 0x12ebf: jne 0x12f05 0x12ec1: cmp cl, 5 0x12ec4: jae 0x12f05 0x12ec6: cmp cl, 0 0x12ec9: jne 0x12edd 0x12ecb: cmp dh, 3 0x12ece: jae 0x12edd 0x12ed0: call 0x131ee 0x12ed3: mov cx, 0x8000 0x12ed6: loop 0x12ed6 0x12ed8: ljmp 0xf000:0xfff0 0x12edd: call 0x131d2 0x12ee0: cmp byte ptr cs:[0x622], 0 0x12ee6: je 0x12ef0 0x12ee8: mov dx, 0x17a
2018-12-25T11:40:25.133812086Z	44	PC: 12ebc \| Get time 0x12ebc: cmp ch, 0xc 0x12ebf: jne 0x12f05 0x12ec1: cmp cl, 5 0x12ec4: jae 0x12f05 0x12ec6: cmp cl, 0 0x12ec9: jne 0x12edd 0x12ecb: cmp dh, 3 0x12ece: jae 0x12edd 0x12ed0: call 0x131ee 0x12ed3: mov cx, 0x8000 0x12ed6: loop 0x12ed6 0x12ed8: ljmp 0xf000:0xfff0 0x12edd: call 0x131d2 0x12ee0: cmp byte ptr cs:[0x622], 0 0x12ee6: je 0x12ef0 0x12ee8: mov dx, 0x17a 0x12eeb: mov cx, 0x22 0x12eee: jmp 0x12ef6 0x12ef0: mov dx, 0x16c 0x12ef3: mov cx, 0xe
2018-12-25T11:40:25.135977163Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":284,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:24.803385683Z	45	PC: 12e5d \| Set time
2018-12-25T11:40:24.805567318Z	53	PC: 12e9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.806873715Z	37	PC: 12eaa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.808177577Z	42	PC: 12eb3 \| Get date 0x12eb3: cmp dl, 0xd 0x12eb6: jne 0x12f05 0x12eb8: mov ah, 0x2c 0x12eba: int 0x21 0x12ebc: cmp ch, 0xc 0x12ebf: jne 0x12f05 0x12ec1: cmp cl, 5 0x12ec4: jae 0x12f05 0x12ec6: cmp cl, 0 0x12ec9: jne 0x12edd 0x12ecb: cmp dh, 3 0x12ece: jae 0x12edd 0x12ed0: call 0x131ee 0x12ed3: mov cx, 0x8000 0x12ed6: loop 0x12ed6 0x12ed8: ljmp 0xf000:0xfff0 0x12edd: call 0x131d2 0x12ee0: cmp byte ptr cs:[0x622], 0 0x12ee6: je 0x12ef0 0x12ee8: mov dx, 0x17a
2018-12-25T11:40:24.811061271Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":284,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:40:24.791982396Z	45	PC: 12e5d \| Set time
2018-12-25T11:40:24.793252286Z	53	PC: 12e9a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.794903395Z	37	PC: 12eaa \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:24.795814345Z	42	PC: 12eb3 \| Get date 0x12eb3: cmp dl, 0xd 0x12eb6: jne 0x12f05 0x12eb8: mov ah, 0x2c 0x12eba: int 0x21 0x12ebc: cmp ch, 0xc 0x12ebf: jne 0x12f05 0x12ec1: cmp cl, 5 0x12ec4: jae 0x12f05 0x12ec6: cmp cl, 0 0x12ec9: jne 0x12edd 0x12ecb: cmp dh, 3 0x12ece: jae 0x12edd 0x12ed0: call 0x131ee 0x12ed3: mov cx, 0x8000 0x12ed6: loop 0x12ed6 0x12ed8: ljmp 0xf000:0xfff0 0x12edd: call 0x131d2 0x12ee0: cmp byte ptr cs:[0x622], 0 0x12ee6: je 0x12ef0 0x12ee8: mov dx, 0x17a
2018-12-25T11:40:24.797774971Z	44	PC: 12ebc \| Get time 0x12ebc: cmp ch, 0xc 0x12ebf: jne 0x12f05 0x12ec1: cmp cl, 5 0x12ec4: jae 0x12f05 0x12ec6: cmp cl, 0 0x12ec9: jne 0x12edd 0x12ecb: cmp dh, 3 0x12ece: jae 0x12edd 0x12ed0: call 0x131ee 0x12ed3: mov cx, 0x8000 0x12ed6: loop 0x12ed6 0x12ed8: ljmp 0xf000:0xfff0 0x12edd: call 0x131d2 0x12ee0: cmp byte ptr cs:[0x622], 0 0x12ee6: je 0x12ef0 0x12ee8: mov dx, 0x17a 0x12eeb: mov cx, 0x22 0x12eee: jmp 0x12ef6 0x12ef0: mov dx, 0x16c 0x12ef3: mov cx, 0xe
2018-12-25T11:40:24.799958389Z	76	PC: 12a48 \| Terminate with return code (Return code = '76')