Sample viewer

vx.netlux.org/Virus.DOS.Koder.1024.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:18:21.635188155Z	42	PC: 9f4e9 \| Get date 0x9f4e9: cmp cx, 0x7cd 0x9f4ed: jb 0x9f510 0x9f4ef: cmp dh, 2 0x9f4f2: jb 0x9f510 0x9f4f4: mov bx, 0xa 0x9f4f7: push cs 0x9f4f8: pop es 0x9f4f9: mov word ptr es:[bx], 0x8c50 0x9f4fe: mov word ptr es:[bx + 6], 0xa126 0x9f504: mov word ptr es:[bx - 6], 0xc32b 0x9f50a: mov word ptr es:[bx + 0xc], 0xa326 0x9f510: ret 0x9f511: clc 0x9f512: inc ax 0x9f513: sbb word ptr [bx + si], ax 0x9f515: mov cx, cs 0x9f517: mov ds, cx 0x9f519: mov ax, 0x3521 0x9f51c: int 0x21 0x9f51e: mov word ptr [0x111], bx
2018-12-17T22:18:21.651771085Z	42	PC: 9f6dc \| Get date 0x9f6dc: cmp cx, 0x7cd 0x9f6e0: jb 0x9f704 0x9f6e2: cmp dh, 2 0x9f6e5: jb 0x9f704 0x9f6e7: mov ax, 0x13 0x9f6ea: int 0x10 0x9f6ec: call 0x9f77a 0x9f6ef: call 0x9f7f5 0x9f6f2: call 0x9f7dd 0x9f6f5: mov ah, 0xb 0x9f6f7: int 0x21 0x9f6f9: cmp al, 0xff 0x9f6fb: je 0x9f6ff 0x9f6fd: jmp 0x9f6ec 0x9f6ff: mov ax, 3 0x9f702: int 0x10 0x9f704: pop es 0x9f705: pop ds 0x9f706: popaw 0x9f707: popf

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3156,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:39.584893342Z	42	PC: 9f4e9 \| Get date 0x9f4e9: cmp cx, 0x7cd 0x9f4ed: jb 0x9f510 0x9f4ef: cmp dh, 2 0x9f4f2: jb 0x9f510 0x9f4f4: mov bx, 0xa 0x9f4f7: push cs 0x9f4f8: pop es 0x9f4f9: mov word ptr es:[bx], 0x8c50 0x9f4fe: mov word ptr es:[bx + 6], 0xa126 0x9f504: mov word ptr es:[bx - 6], 0xc32b 0x9f50a: mov word ptr es:[bx + 0xc], 0xa326 0x9f510: ret 0x9f511: clc 0x9f512: inc ax 0x9f513: sbb word ptr [bx + si], ax 0x9f515: mov cx, cs 0x9f517: mov ds, cx 0x9f519: mov ax, 0x3521 0x9f51c: int 0x21 0x9f51e: mov word ptr [0x111], bx
2018-12-25T11:48:39.587785465Z	42	PC: 9f6dc \| Get date 0x9f6dc: cmp cx, 0x7cd 0x9f6e0: jb 0x9f704 0x9f6e2: cmp dh, 2 0x9f6e5: jb 0x9f704 0x9f6e7: mov ax, 0x13 0x9f6ea: int 0x10 0x9f6ec: call 0x9f77a 0x9f6ef: call 0x9f7f5 0x9f6f2: call 0x9f7dd 0x9f6f5: mov ah, 0xb 0x9f6f7: int 0x21 0x9f6f9: cmp al, 0xff 0x9f6fb: je 0x9f6ff 0x9f6fd: jmp 0x9f6ec 0x9f6ff: mov ax, 3 0x9f702: int 0x10 0x9f704: pop es 0x9f705: pop ds 0x9f706: popaw 0x9f707: popf
2018-12-25T11:48:39.590317487Z	53	PC: 9f51e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.591881975Z	37	PC: 9f531 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.593908783Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T11:48:39.596697646Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3156,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:39.592712785Z	42	PC: 9f4e9 \| Get date 0x9f4e9: cmp cx, 0x7cd 0x9f4ed: jb 0x9f510 0x9f4ef: cmp dh, 2 0x9f4f2: jb 0x9f510 0x9f4f4: mov bx, 0xa 0x9f4f7: push cs 0x9f4f8: pop es 0x9f4f9: mov word ptr es:[bx], 0x8c50 0x9f4fe: mov word ptr es:[bx + 6], 0xa126 0x9f504: mov word ptr es:[bx - 6], 0xc32b 0x9f50a: mov word ptr es:[bx + 0xc], 0xa326 0x9f510: ret 0x9f511: clc 0x9f512: inc ax 0x9f513: sbb word ptr [bx + si], ax 0x9f515: mov cx, cs 0x9f517: mov ds, cx 0x9f519: mov ax, 0x3521 0x9f51c: int 0x21 0x9f51e: mov word ptr [0x111], bx
2018-12-25T11:48:39.59547438Z	42	PC: 9f6dc \| Get date 0x9f6dc: cmp cx, 0x7cd 0x9f6e0: jb 0x9f704 0x9f6e2: cmp dh, 2 0x9f6e5: jb 0x9f704 0x9f6e7: mov ax, 0x13 0x9f6ea: int 0x10 0x9f6ec: call 0x9f77a 0x9f6ef: call 0x9f7f5 0x9f6f2: call 0x9f7dd 0x9f6f5: mov ah, 0xb 0x9f6f7: int 0x21 0x9f6f9: cmp al, 0xff 0x9f6fb: je 0x9f6ff 0x9f6fd: jmp 0x9f6ec 0x9f6ff: mov ax, 3 0x9f702: int 0x10 0x9f704: pop es 0x9f705: pop ds 0x9f706: popaw 0x9f707: popf
2018-12-25T11:48:39.598849512Z	53	PC: 9f51e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.601929848Z	37	PC: 9f531 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.604062745Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T11:48:39.607140839Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3156,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:39.686480466Z	42	PC: 9f4e9 \| Get date 0x9f4e9: cmp cx, 0x7cd 0x9f4ed: jb 0x9f510 0x9f4ef: cmp dh, 2 0x9f4f2: jb 0x9f510 0x9f4f4: mov bx, 0xa 0x9f4f7: push cs 0x9f4f8: pop es 0x9f4f9: mov word ptr es:[bx], 0x8c50 0x9f4fe: mov word ptr es:[bx + 6], 0xa126 0x9f504: mov word ptr es:[bx - 6], 0xc32b 0x9f50a: mov word ptr es:[bx + 0xc], 0xa326 0x9f510: ret 0x9f511: clc 0x9f512: inc ax 0x9f513: sbb word ptr [bx + si], ax 0x9f515: mov cx, cs 0x9f517: mov ds, cx 0x9f519: mov ax, 0x3521 0x9f51c: int 0x21 0x9f51e: mov word ptr [0x111], bx
2018-12-25T11:48:39.688608455Z	42	PC: 9f6dc \| Get date 0x9f6dc: cmp cx, 0x7cd 0x9f6e0: jb 0x9f704 0x9f6e2: cmp dh, 2 0x9f6e5: jb 0x9f704 0x9f6e7: mov ax, 0x13 0x9f6ea: int 0x10 0x9f6ec: call 0x9f77a 0x9f6ef: call 0x9f7f5 0x9f6f2: call 0x9f7dd 0x9f6f5: mov ah, 0xb 0x9f6f7: int 0x21 0x9f6f9: cmp al, 0xff 0x9f6fb: je 0x9f6ff 0x9f6fd: jmp 0x9f6ec 0x9f6ff: mov ax, 3 0x9f702: int 0x10 0x9f704: pop es 0x9f705: pop ds 0x9f706: popaw 0x9f707: popf

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3156,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:39.76428884Z	42	PC: 9f4e9 \| Get date 0x9f4e9: cmp cx, 0x7cd 0x9f4ed: jb 0x9f510 0x9f4ef: cmp dh, 2 0x9f4f2: jb 0x9f510 0x9f4f4: mov bx, 0xa 0x9f4f7: push cs 0x9f4f8: pop es 0x9f4f9: mov word ptr es:[bx], 0x8c50 0x9f4fe: mov word ptr es:[bx + 6], 0xa126 0x9f504: mov word ptr es:[bx - 6], 0xc32b 0x9f50a: mov word ptr es:[bx + 0xc], 0xa326 0x9f510: ret 0x9f511: clc 0x9f512: inc ax 0x9f513: sbb word ptr [bx + si], ax 0x9f515: mov cx, cs 0x9f517: mov ds, cx 0x9f519: mov ax, 0x3521 0x9f51c: int 0x21 0x9f51e: mov word ptr [0x111], bx
2018-12-25T11:48:39.767275135Z	42	PC: 9f6dc \| Get date 0x9f6dc: cmp cx, 0x7cd 0x9f6e0: jb 0x9f704 0x9f6e2: cmp dh, 2 0x9f6e5: jb 0x9f704 0x9f6e7: mov ax, 0x13 0x9f6ea: int 0x10 0x9f6ec: call 0x9f77a 0x9f6ef: call 0x9f7f5 0x9f6f2: call 0x9f7dd 0x9f6f5: mov ah, 0xb 0x9f6f7: int 0x21 0x9f6f9: cmp al, 0xff 0x9f6fb: je 0x9f6ff 0x9f6fd: jmp 0x9f6ec 0x9f6ff: mov ax, 3 0x9f702: int 0x10 0x9f704: pop es 0x9f705: pop ds 0x9f706: popaw 0x9f707: popf
2018-12-25T11:48:39.769816749Z	53	PC: 9f51e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.771248832Z	37	PC: 9f531 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.773048322Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T11:48:39.776093036Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3156,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:39.794253967Z	42	PC: 9f4e9 \| Get date 0x9f4e9: cmp cx, 0x7cd 0x9f4ed: jb 0x9f510 0x9f4ef: cmp dh, 2 0x9f4f2: jb 0x9f510 0x9f4f4: mov bx, 0xa 0x9f4f7: push cs 0x9f4f8: pop es 0x9f4f9: mov word ptr es:[bx], 0x8c50 0x9f4fe: mov word ptr es:[bx + 6], 0xa126 0x9f504: mov word ptr es:[bx - 6], 0xc32b 0x9f50a: mov word ptr es:[bx + 0xc], 0xa326 0x9f510: ret 0x9f511: clc 0x9f512: inc ax 0x9f513: sbb word ptr [bx + si], ax 0x9f515: mov cx, cs 0x9f517: mov ds, cx 0x9f519: mov ax, 0x3521 0x9f51c: int 0x21 0x9f51e: mov word ptr [0x111], bx
2018-12-25T11:48:39.798201789Z	42	PC: 9f6dc \| Get date 0x9f6dc: cmp cx, 0x7cd 0x9f6e0: jb 0x9f704 0x9f6e2: cmp dh, 2 0x9f6e5: jb 0x9f704 0x9f6e7: mov ax, 0x13 0x9f6ea: int 0x10 0x9f6ec: call 0x9f77a 0x9f6ef: call 0x9f7f5 0x9f6f2: call 0x9f7dd 0x9f6f5: mov ah, 0xb 0x9f6f7: int 0x21 0x9f6f9: cmp al, 0xff 0x9f6fb: je 0x9f6ff 0x9f6fd: jmp 0x9f6ec 0x9f6ff: mov ax, 3 0x9f702: int 0x10 0x9f704: pop es 0x9f705: pop ds 0x9f706: popaw 0x9f707: popf
2018-12-25T11:48:39.800831295Z	53	PC: 9f51e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.801944079Z	37	PC: 9f531 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:39.803680469Z	9	PC: 12a54 \| Display string (Could not find end pointer)
2018-12-25T11:48:39.805963848Z	76	PC: 12a59 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":2,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3156,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:40.387501586Z	42	PC: 9f4e9 \| Get date 0x9f4e9: cmp cx, 0x7cd 0x9f4ed: jb 0x9f510 0x9f4ef: cmp dh, 2 0x9f4f2: jb 0x9f510 0x9f4f4: mov bx, 0xa 0x9f4f7: push cs 0x9f4f8: pop es 0x9f4f9: mov word ptr es:[bx], 0x8c50 0x9f4fe: mov word ptr es:[bx + 6], 0xa126 0x9f504: mov word ptr es:[bx - 6], 0xc32b 0x9f50a: mov word ptr es:[bx + 0xc], 0xa326 0x9f510: ret 0x9f511: clc 0x9f512: inc ax 0x9f513: sbb word ptr [bx + si], ax 0x9f515: mov cx, cs 0x9f517: mov ds, cx 0x9f519: mov ax, 0x3521 0x9f51c: int 0x21 0x9f51e: mov word ptr [0x111], bx
2018-12-25T11:48:40.389684131Z	42	PC: 9f6dc \| Get date 0x9f6dc: cmp cx, 0x7cd 0x9f6e0: jb 0x9f704 0x9f6e2: cmp dh, 2 0x9f6e5: jb 0x9f704 0x9f6e7: mov ax, 0x13 0x9f6ea: int 0x10 0x9f6ec: call 0x9f77a 0x9f6ef: call 0x9f7f5 0x9f6f2: call 0x9f7dd 0x9f6f5: mov ah, 0xb 0x9f6f7: int 0x21 0x9f6f9: cmp al, 0xff 0x9f6fb: je 0x9f6ff 0x9f6fd: jmp 0x9f6ec 0x9f6ff: mov ax, 3 0x9f702: int 0x10 0x9f704: pop es 0x9f705: pop ds 0x9f706: popaw 0x9f707: popf