Sample viewer

vx.netlux.org/Virus.DOS.Insane.653

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:17:55.128242196Z	255	PC: 12e57 \| UNKNOWN!
2018-12-17T22:17:55.12933155Z	72	PC: 12e72 \| Allocate memory
2018-12-17T22:17:55.131185721Z	74	PC: 12e84 \| Reallocate memory
2018-12-17T22:17:55.132759307Z	72	PC: 12e72 \| Allocate memory
2018-12-17T22:17:55.135070055Z	53	PC: 9f797 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:55.136273772Z	53	PC: 9f7a3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-17T22:17:55.137201412Z	37	PC: 9f7b3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:17:55.139260059Z	42	PC: 9f7b7 \| Get date 0x9f7b7: cmp al, 5 0x9f7b9: jne 0x9f7ce 0x9f7bb: cmp dl, 0xd 0x9f7be: jne 0x9f7ce 0x9f7c0: mov ax, 0x2508 0x9f7c3: mov dx, 0x1d3 0x9f7c6: int 0x21 0x9f7c8: mov word ptr [0x35c], 0 0x9f7ce: push ss 0x9f7cf: pop ds 0x9f7d0: push ds 0x9f7d1: pop es 0x9f7d2: xor ax, ax 0x9f7d4: xor bx, bx 0x9f7d6: xor cx, cx 0x9f7d8: xor dx, dx 0x9f7da: xor di, di 0x9f7dc: ljmp ptr cs:[0x35e] 0x9f7e1: int 0x20 0x9f7e3: pushf

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3106,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.513004232Z	255	PC: 12e57 \| UNKNOWN!
2018-12-25T11:48:12.51449066Z	72	PC: 12e72 \| Allocate memory
2018-12-25T11:48:12.5164664Z	74	PC: 12e84 \| Reallocate memory
2018-12-25T11:48:12.518227368Z	72	PC: 12e72 \| Allocate memory (See above)
2018-12-25T11:48:12.519837517Z	53	PC: 9f797 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.521488289Z	53	PC: 9f7a3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:48:12.522514398Z	37	PC: 9f7b3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.523714005Z	42	PC: 9f7b7 \| Get date 0x9f7b7: cmp al, 5 0x9f7b9: jne 0x9f7ce 0x9f7bb: cmp dl, 0xd 0x9f7be: jne 0x9f7ce 0x9f7c0: mov ax, 0x2508 0x9f7c3: mov dx, 0x1d3 0x9f7c6: int 0x21 0x9f7c8: mov word ptr [0x35c], 0 0x9f7ce: push ss 0x9f7cf: pop ds 0x9f7d0: push ds 0x9f7d1: pop es 0x9f7d2: xor ax, ax 0x9f7d4: xor bx, bx 0x9f7d6: xor cx, cx 0x9f7d8: xor dx, dx 0x9f7da: xor di, di 0x9f7dc: ljmp ptr cs:[0x35e] 0x9f7e1: int 0x20 0x9f7e3: pushf
2018-12-25T11:48:12.526440487Z	37	PC: 9f7c8 \| Set interrupt vector (Interrupt = '8' AKA 'Console input without echo')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3106,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.58453299Z	255	PC: 12e57 \| UNKNOWN!
2018-12-25T11:48:12.59702273Z	72	PC: 12e72 \| Allocate memory
2018-12-25T11:48:12.598769714Z	74	PC: 12e84 \| Reallocate memory
2018-12-25T11:48:12.600091148Z	72	PC: 12e72 \| Allocate memory (See above)
2018-12-25T11:48:12.602099551Z	53	PC: 9f797 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.603937433Z	53	PC: 9f7a3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:48:12.60524291Z	37	PC: 9f7b3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.606942794Z	42	PC: 9f7b7 \| Get date 0x9f7b7: cmp al, 5 0x9f7b9: jne 0x9f7ce 0x9f7bb: cmp dl, 0xd 0x9f7be: jne 0x9f7ce 0x9f7c0: mov ax, 0x2508 0x9f7c3: mov dx, 0x1d3 0x9f7c6: int 0x21 0x9f7c8: mov word ptr [0x35c], 0 0x9f7ce: push ss 0x9f7cf: pop ds 0x9f7d0: push ds 0x9f7d1: pop es 0x9f7d2: xor ax, ax 0x9f7d4: xor bx, bx 0x9f7d6: xor cx, cx 0x9f7d8: xor dx, dx 0x9f7da: xor di, di 0x9f7dc: ljmp ptr cs:[0x35e] 0x9f7e1: int 0x20 0x9f7e3: pushf

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3106,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:12.624618528Z	255	PC: 12e57 \| UNKNOWN!
2018-12-25T11:48:12.626652801Z	72	PC: 12e72 \| Allocate memory
2018-12-25T11:48:12.628943918Z	74	PC: 12e84 \| Reallocate memory
2018-12-25T11:48:12.630611554Z	72	PC: 12e72 \| Allocate memory (See above)
2018-12-25T11:48:12.633036545Z	53	PC: 9f797 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.634676942Z	53	PC: 9f7a3 \| Get interrupt vector (Interrupt = '8' AKA 'Console input without echo')
2018-12-25T11:48:12.636124558Z	37	PC: 9f7b3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:12.637562896Z	42	PC: 9f7b7 \| Get date 0x9f7b7: cmp al, 5 0x9f7b9: jne 0x9f7ce 0x9f7bb: cmp dl, 0xd 0x9f7be: jne 0x9f7ce 0x9f7c0: mov ax, 0x2508 0x9f7c3: mov dx, 0x1d3 0x9f7c6: int 0x21 0x9f7c8: mov word ptr [0x35c], 0 0x9f7ce: push ss 0x9f7cf: pop ds 0x9f7d0: push ds 0x9f7d1: pop es 0x9f7d2: xor ax, ax 0x9f7d4: xor bx, bx 0x9f7d6: xor cx, cx 0x9f7d8: xor dx, dx 0x9f7da: xor di, di 0x9f7dc: ljmp ptr cs:[0x35e] 0x9f7e1: int 0x20 0x9f7e3: pushf