Sample viewer

vx.netlux.org/Virus.DOS.Espacio.8444

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:15:41.292933926Z	200	PC: 12c6c \| UNKNOWN!
2018-12-17T22:15:41.296458526Z	80	PC: 2a91d \| Set current PSP
2018-12-17T22:15:41.297964339Z	74	PC: 2a925 \| Reallocate memory
2018-12-17T22:15:41.299579646Z	80	PC: 2a92a \| Set current PSP
2018-12-17T22:15:41.304059635Z	38	PC: 12b6d \| Create PSP
2018-12-17T22:15:41.305731877Z	53	PC: 12b74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:15:41.307167559Z	37	PC: 12b83 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:15:41.308607052Z	42	PC: 12b87 \| Get date 0x12b87: cmp cx, 0x7c9 0x12b8b: ja 0x12b93 0x12b8d: cmp dx, 0x614 0x12b91: jb 0x12ba7 0x12b93: mov ax, 0x351c 0x12b96: int 0x21 0x12b98: mov si, 0x696 0x12b9b: mov word ptr [si], bx 0x12b9d: mov word ptr [si + 2], es 0x12ba0: mov dx, 0x68e 0x12ba3: mov ah, 0x25 0x12ba5: nop 0x12ba6: nop 0x12ba7: mov es, bp 0x12ba9: push es 0x12baa: cmp byte ptr cs:[0x123], 0 0x12bb0: je 0x12c02 0x12bb2: mov es, word ptr es:[0x2c] 0x12bb7: mov cx, 0xffff 0x12bba: xor ax, ax
2018-12-17T22:15:41.312073229Z	53	PC: 12b98 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:15:41.31363742Z	61	PC: 12bce \| Open file (Filename = '')
2018-12-17T22:15:41.320469829Z	66	PC: 12bdc \| Move file pointer
2018-12-17T22:15:41.323296054Z	62	PC: 12c02 \| Close file
2018-12-17T22:15:41.325454613Z	9	PC: 1a832 \| Display string (Could not find end pointer)
2018-12-17T22:15:41.334045144Z	76	PC: 1a838 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2857,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:26.241237698Z	200	PC: 12c6c \| UNKNOWN!
2018-12-25T11:47:26.246252912Z	80	PC: 2a91d \| Set current PSP
2018-12-25T11:47:26.249808707Z	74	PC: 2a925 \| Reallocate memory
2018-12-25T11:47:26.251159163Z	80	PC: 2a92a \| Set current PSP
2018-12-25T11:47:26.255472749Z	38	PC: 12b6d \| Create PSP
2018-12-25T11:47:26.256810872Z	53	PC: 12b74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:26.258219693Z	37	PC: 12b83 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:26.259994727Z	42	PC: 12b87 \| Get date 0x12b87: cmp cx, 0x7c9 0x12b8b: ja 0x12b93 0x12b8d: cmp dx, 0x614 0x12b91: jb 0x12ba7 0x12b93: mov ax, 0x351c 0x12b96: int 0x21 0x12b98: mov si, 0x696 0x12b9b: mov word ptr [si], bx 0x12b9d: mov word ptr [si + 2], es 0x12ba0: mov dx, 0x68e 0x12ba3: mov ah, 0x25 0x12ba5: nop 0x12ba6: nop 0x12ba7: mov es, bp 0x12ba9: push es 0x12baa: cmp byte ptr cs:[0x123], 0 0x12bb0: je 0x12c02 0x12bb2: mov es, word ptr es:[0x2c] 0x12bb7: mov cx, 0xffff 0x12bba: xor ax, ax
2018-12-25T11:47:26.263284938Z	61	PC: 12bce \| Open file (Filename = '')
2018-12-25T11:47:26.270763836Z	66	PC: 12bdc \| Move file pointer
2018-12-25T11:47:26.272235095Z	62	PC: 12c02 \| Close file
2018-12-25T11:47:26.275018386Z	9	PC: 1a832 \| Display string (Could not find end pointer)
2018-12-25T11:47:26.280550411Z	76	PC: 1a838 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":20,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2857,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:26.807166305Z	200	PC: 12c6c \| UNKNOWN!
2018-12-25T11:47:26.809984126Z	80	PC: 2a91d \| Set current PSP
2018-12-25T11:47:26.817153585Z	74	PC: 2a925 \| Reallocate memory
2018-12-25T11:47:26.818819943Z	80	PC: 2a92a \| Set current PSP
2018-12-25T11:47:26.822288094Z	38	PC: 12b6d \| Create PSP
2018-12-25T11:47:26.827813167Z	53	PC: 12b74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:26.838724178Z	37	PC: 12b83 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:26.840015416Z	42	PC: 12b87 \| Get date 0x12b87: cmp cx, 0x7c9 0x12b8b: ja 0x12b93 0x12b8d: cmp dx, 0x614 0x12b91: jb 0x12ba7 0x12b93: mov ax, 0x351c 0x12b96: int 0x21 0x12b98: mov si, 0x696 0x12b9b: mov word ptr [si], bx 0x12b9d: mov word ptr [si + 2], es 0x12ba0: mov dx, 0x68e 0x12ba3: mov ah, 0x25 0x12ba5: nop 0x12ba6: nop 0x12ba7: mov es, bp 0x12ba9: push es 0x12baa: cmp byte ptr cs:[0x123], 0 0x12bb0: je 0x12c02 0x12bb2: mov es, word ptr es:[0x2c] 0x12bb7: mov cx, 0xffff 0x12bba: xor ax, ax
2018-12-25T11:47:26.842852502Z	53	PC: 12b98 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:47:26.843897864Z	61	PC: 12bce \| Open file (Filename = '')
2018-12-25T11:47:26.849278394Z	66	PC: 12bdc \| Move file pointer
2018-12-25T11:47:26.851308869Z	62	PC: 12c02 \| Close file
2018-12-25T11:47:26.863587023Z	9	PC: 1a832 \| Display string (Could not find end pointer)
2018-12-25T11:47:26.868080116Z	76	PC: 1a838 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2857,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:47:26.909204876Z	200	PC: 12c6c \| UNKNOWN!
2018-12-25T11:47:26.912192128Z	80	PC: 2a91d \| Set current PSP
2018-12-25T11:47:26.9132081Z	74	PC: 2a925 \| Reallocate memory
2018-12-25T11:47:26.914754182Z	80	PC: 2a92a \| Set current PSP
2018-12-25T11:47:26.918990724Z	38	PC: 12b6d \| Create PSP
2018-12-25T11:47:26.920478201Z	53	PC: 12b74 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:26.921779233Z	37	PC: 12b83 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:26.924052784Z	42	PC: 12b87 \| Get date 0x12b87: cmp cx, 0x7c9 0x12b8b: ja 0x12b93 0x12b8d: cmp dx, 0x614 0x12b91: jb 0x12ba7 0x12b93: mov ax, 0x351c 0x12b96: int 0x21 0x12b98: mov si, 0x696 0x12b9b: mov word ptr [si], bx 0x12b9d: mov word ptr [si + 2], es 0x12ba0: mov dx, 0x68e 0x12ba3: mov ah, 0x25 0x12ba5: nop 0x12ba6: nop 0x12ba7: mov es, bp 0x12ba9: push es 0x12baa: cmp byte ptr cs:[0x123], 0 0x12bb0: je 0x12c02 0x12bb2: mov es, word ptr es:[0x2c] 0x12bb7: mov cx, 0xffff 0x12bba: xor ax, ax
2018-12-25T11:47:26.926531601Z	53	PC: 12b98 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:47:26.927987559Z	61	PC: 12bce \| Open file (Filename = '')
2018-12-25T11:47:26.935403255Z	66	PC: 12bdc \| Move file pointer
2018-12-25T11:47:26.937179202Z	62	PC: 12c02 \| Close file
2018-12-25T11:47:26.939277277Z	9	PC: 1a832 \| Display string (Could not find end pointer)
2018-12-25T11:47:26.945231349Z	76	PC: 1a838 \| Terminate with return code (Return code = '0')