Sample viewer

vx.netlux.org/Virus.DOS.Troi.512

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:18:55.597453419Z	42	PC: 12a66 \| Get date 0x12a66: cmp cx, 0x7c8 0x12a6a: jb 0x12a7d 0x12a6c: ja 0x12a74 0x12a6e: cmp dx, 0x501 0x12a72: jb 0x12a7d 0x12a74: mov ah, 0xfc 0x12a76: int 0x21 0x12a78: cmp ah, 0x55 0x12a7b: jne 0x12a99 0x12a7d: pop es 0x12a7e: pop ds 0x12a7f: mov ax, cs 0x12a81: add ax, 0xe 0x12a84: push ax 0x12a85: mov ax, 0 0x12a88: push ax 0x12a89: retf 0x12a8a: sub ax, 0x7254 0x12a90: outsw dx, word ptr [si] 0x12a91: imul sp, word ptr [bx + si], 0x7754
2018-12-17T22:18:55.599941756Z	252	PC: 12a78 \| UNKNOWN!

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3243,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:44.75846272Z	42	PC: 12a66 \| Get date 0x12a66: cmp cx, 0x7c8 0x12a6a: jb 0x12a7d 0x12a6c: ja 0x12a74 0x12a6e: cmp dx, 0x501 0x12a72: jb 0x12a7d 0x12a74: mov ah, 0xfc 0x12a76: int 0x21 0x12a78: cmp ah, 0x55 0x12a7b: jne 0x12a99 0x12a7d: pop es 0x12a7e: pop ds 0x12a7f: mov ax, cs 0x12a81: add ax, 0xe 0x12a84: push ax 0x12a85: mov ax, 0 0x12a88: push ax 0x12a89: retf 0x12a8a: sub ax, 0x7254 0x12a90: outsw dx, word ptr [si] 0x12a91: imul sp, word ptr [bx + si], 0x7754
2018-12-25T11:48:44.769818223Z	9	PC: 12a49 \| Display string (Could not find end pointer)
2018-12-25T11:48:44.776748602Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3243,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:44.757097449Z	42	PC: 12a66 \| Get date 0x12a66: cmp cx, 0x7c8 0x12a6a: jb 0x12a7d 0x12a6c: ja 0x12a74 0x12a6e: cmp dx, 0x501 0x12a72: jb 0x12a7d 0x12a74: mov ah, 0xfc 0x12a76: int 0x21 0x12a78: cmp ah, 0x55 0x12a7b: jne 0x12a99 0x12a7d: pop es 0x12a7e: pop ds 0x12a7f: mov ax, cs 0x12a81: add ax, 0xe 0x12a84: push ax 0x12a85: mov ax, 0 0x12a88: push ax 0x12a89: retf 0x12a8a: sub ax, 0x7254 0x12a90: outsw dx, word ptr [si] 0x12a91: imul sp, word ptr [bx + si], 0x7754
2018-12-25T11:48:44.759694234Z	9	PC: 12a49 \| Display string (Could not find end pointer)
2018-12-25T11:48:44.761973429Z	76	PC: 12a4e \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3243,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:44.804571861Z	42	PC: 12a66 \| Get date 0x12a66: cmp cx, 0x7c8 0x12a6a: jb 0x12a7d 0x12a6c: ja 0x12a74 0x12a6e: cmp dx, 0x501 0x12a72: jb 0x12a7d 0x12a74: mov ah, 0xfc 0x12a76: int 0x21 0x12a78: cmp ah, 0x55 0x12a7b: jne 0x12a99 0x12a7d: pop es 0x12a7e: pop ds 0x12a7f: mov ax, cs 0x12a81: add ax, 0xe 0x12a84: push ax 0x12a85: mov ax, 0 0x12a88: push ax 0x12a89: retf 0x12a8a: sub ax, 0x7254 0x12a90: outsw dx, word ptr [si] 0x12a91: imul sp, word ptr [bx + si], 0x7754
2018-12-25T11:48:44.80843438Z	252	PC: 12a78 \| UNKNOWN!

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3243,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:44.86678142Z	42	PC: 12a66 \| Get date 0x12a66: cmp cx, 0x7c8 0x12a6a: jb 0x12a7d 0x12a6c: ja 0x12a74 0x12a6e: cmp dx, 0x501 0x12a72: jb 0x12a7d 0x12a74: mov ah, 0xfc 0x12a76: int 0x21 0x12a78: cmp ah, 0x55 0x12a7b: jne 0x12a99 0x12a7d: pop es 0x12a7e: pop ds 0x12a7f: mov ax, cs 0x12a81: add ax, 0xe 0x12a84: push ax 0x12a85: mov ax, 0 0x12a88: push ax 0x12a89: retf 0x12a8a: sub ax, 0x7254 0x12a90: outsw dx, word ptr [si] 0x12a91: imul sp, word ptr [bx + si], 0x7754
2018-12-25T11:48:44.869675174Z	252	PC: 12a78 \| UNKNOWN!