Sample viewer

vx.netlux.org/Virus.DOS.AllFools.844

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:50:40.16678488Z 26 PC: 12f47 | Set disk transfer address
2018-12-17T21:50:40.1685707Z 42 PC: 12f4b | Get date 0x12f4b: cmp cx, 0x7c8
0x12f4f: jb 0x12f54
0x12f51: jmp 0x130ea
0x12f54: mov ah, 0x4e
0x12f56: mov dx, 0x74
0x12f59: mov cx, 0x21
0x12f5c: int 0x21
0x12f5e: jae 0x12f63
0x12f60: jmp 0x13075
0x12f63: cmp word ptr [0x50], 0
0x12f68: jne 0x12f72
0x12f6a: cmp word ptr [0x4e], 0xea60
0x12f70: jbe 0x12f75
0x12f72: jmp 0x1305f
0x12f75: mov ax, word ptr [0x4e]
0x12f78: mov word ptr [0x7c], ax
0x12f7b: and ax, 0xf
0x12f7e: mov dx, 0x10
0x12f81: sub dx, ax
0x12f83: and dx, 0xf
2018-12-17T21:50:40.170145902Z 26 PC: 130f9 | Set disk transfer address
2018-12-17T21:50:40.17101516Z 9 PC: 12e27 | Display string (String= 'Hllo - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":32,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:46.484908132Z 26 PC: 12f47 | Set disk transfer address
2018-12-25T11:39:46.486463193Z 42 PC: 12f4b | Get date 0x12f4b: cmp cx, 0x7c8
0x12f4f: jb 0x12f54
0x12f51: jmp 0x130ea
0x12f54: mov ah, 0x4e
0x12f56: mov dx, 0x74
0x12f59: mov cx, 0x21
0x12f5c: int 0x21
0x12f5e: jae 0x12f63
0x12f60: jmp 0x13075
0x12f63: cmp word ptr [0x50], 0
0x12f68: jne 0x12f72
0x12f6a: cmp word ptr [0x4e], 0xea60
0x12f70: jbe 0x12f75
0x12f72: jmp 0x1305f
0x12f75: mov ax, word ptr [0x4e]
0x12f78: mov word ptr [0x7c], ax
0x12f7b: and ax, 0xf
0x12f7e: mov dx, 0x10
0x12f81: sub dx, ax
0x12f83: and dx, 0xf
2018-12-25T11:39:46.488698175Z 78 PC: 12f5e | Find first file
2018-12-25T11:39:46.490581634Z 42 PC: 13079 | Get date 0x13079: cmp dl, 3
0x1307c: jne 0x130ea
0x1307e: mov ah, 0x52
0x13080: int 0x21
0x13082: dec bx
0x13083: dec bx
0x13084: mov ax, word ptr es:[bx]
0x13087: mov es, ax
0x13089: xor bx, bx
0x1308b: cmp byte ptr es:[bx], 0x5a
0x1308f: je 0x1309c
0x13091: mov ax, es
0x13093: add ax, word ptr es:[bx + 3]
0x13097: inc ax
0x13098: mov es, ax
0x1309a: jmp 0x1308b
0x1309c: mov dx, 0xc
0x1309f: mov ax, word ptr es:[bx + 3]
0x130a3: mov cx, es
0x130a5: inc cx
2018-12-25T11:39:46.493355457Z 26 PC: 130f9 | Set disk transfer address
2018-12-25T11:39:46.494743657Z 9 PC: 12e27 | Display string (String= 'Hllo - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":32,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:39:46.672075331Z 26 PC: 12f47 | Set disk transfer address
2018-12-25T11:39:46.673872079Z 42 PC: 12f4b | Get date 0x12f4b: cmp cx, 0x7c8
0x12f4f: jb 0x12f54
0x12f51: jmp 0x130ea
0x12f54: mov ah, 0x4e
0x12f56: mov dx, 0x74
0x12f59: mov cx, 0x21
0x12f5c: int 0x21
0x12f5e: jae 0x12f63
0x12f60: jmp 0x13075
0x12f63: cmp word ptr [0x50], 0
0x12f68: jne 0x12f72
0x12f6a: cmp word ptr [0x4e], 0xea60
0x12f70: jbe 0x12f75
0x12f72: jmp 0x1305f
0x12f75: mov ax, word ptr [0x4e]
0x12f78: mov word ptr [0x7c], ax
0x12f7b: and ax, 0xf
0x12f7e: mov dx, 0x10
0x12f81: sub dx, ax
0x12f83: and dx, 0xf
2018-12-25T11:39:46.677252355Z 26 PC: 130f9 | Set disk transfer address
2018-12-25T11:39:46.678782241Z 9 PC: 12e27 | Display string (String= 'Hllo - Copyright S & S International, 1990 ')