Sample viewer

vx.netlux.org/Virus.DOS.Viaggio.1051

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:17:51.077050138Z 75 PC: 12e45 | Execute program
2018-12-17T22:17:51.078800661Z 61 PC: 12e67 | Open file (Filename = 'C:\^^___#@.$$$')
2018-12-17T22:17:51.084808342Z 53 PC: 12ead | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:51.086113477Z 37 PC: 12ebd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:51.087904647Z 53 PC: 12ec2 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:17:51.08936621Z 42 PC: 12ece | Get date 0x12ece: cmp dl, 1
0x12ed1: jne 0x12edb
0x12ed3: mov ax, 0x2508
0x12ed6: mov dx, 0x388
0x12ed9: int 0x21
0x12edb: mov ax, word ptr cs:[0x8fd]
0x12edf: mov word ptr cs:[0x100], ax
0x12ee3: mov ax, word ptr cs:[0x8ff]
0x12ee7: mov word ptr cs:[0x102], ax
0x12eeb: mov ax, cs
0x12eed: mov ss, ax
0x12eef: mov ds, ax
0x12ef1: mov es, ax
0x12ef3: pop ax
0x12ef4: mov ax, 0x100
0x12ef7: push ax
0x12ef8: ret
0x12ef9: and byte ptr [bx + 0x4c], cl
0x12efc: dec sp
0x12efd: inc bp

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3100,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:12.278971003Z 75 PC: 12e45 | Execute program
2018-12-25T11:48:12.280601474Z 61 PC: 12e67 | Open file (Filename = 'C:\^^___#@.$$$')
2018-12-25T11:48:12.288065779Z 53 PC: 12ead | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.289501979Z 37 PC: 12ebd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.290801754Z 53 PC: 12ec2 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:48:12.293224211Z 42 PC: 12ece | Get date 0x12ece: cmp dl, 1
0x12ed1: jne 0x12edb
0x12ed3: mov ax, 0x2508
0x12ed6: mov dx, 0x388
0x12ed9: int 0x21
0x12edb: mov ax, word ptr cs:[0x8fd]
0x12edf: mov word ptr cs:[0x100], ax
0x12ee3: mov ax, word ptr cs:[0x8ff]
0x12ee7: mov word ptr cs:[0x102], ax
0x12eeb: mov ax, cs
0x12eed: mov ss, ax
0x12eef: mov ds, ax
0x12ef1: mov es, ax
0x12ef3: pop ax
0x12ef4: mov ax, 0x100
0x12ef7: push ax
0x12ef8: ret
0x12ef9: and byte ptr [bx + 0x4c], cl
0x12efc: dec sp
0x12efd: inc bp
2018-12-25T11:48:12.295968447Z 37 PC: 12edb | Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3100,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:12.374175318Z 75 PC: 12e45 | Execute program
2018-12-25T11:48:12.377301167Z 61 PC: 12e67 | Open file (Filename = 'C:\^^___#@.$$$')
2018-12-25T11:48:12.384554225Z 53 PC: 12ead | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.387200823Z 37 PC: 12ebd | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.388950249Z 53 PC: 12ec2 | Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:48:12.391206867Z 42 PC: 12ece | Get date 0x12ece: cmp dl, 1
0x12ed1: jne 0x12edb
0x12ed3: mov ax, 0x2508
0x12ed6: mov dx, 0x388
0x12ed9: int 0x21
0x12edb: mov ax, word ptr cs:[0x8fd]
0x12edf: mov word ptr cs:[0x100], ax
0x12ee3: mov ax, word ptr cs:[0x8ff]
0x12ee7: mov word ptr cs:[0x102], ax
0x12eeb: mov ax, cs
0x12eed: mov ss, ax
0x12eef: mov ds, ax
0x12ef1: mov es, ax
0x12ef3: pop ax
0x12ef4: mov ax, 0x100
0x12ef7: push ax
0x12ef8: ret
0x12ef9: and byte ptr [bx + 0x4c], cl
0x12efc: dec sp
0x12efd: inc bp