Sample viewer

vx.netlux.org/Virus.DOS.Xuxa.1656

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:19:01.259685945Z 48 PC: 12a48 | Get DOS version
2018-12-17T22:19:01.261589682Z 187 PC: 12a83 | UNKNOWN!
2018-12-17T22:19:01.262445775Z 42 PC: 12ada | Get date 0x12ada: cmp dh, 3
0x12add: jne 0x12af4
0x12adf: cmp al, 6
0x12ae1: jne 0x12af4
0x12ae3: mov ah, 0x2c
0x12ae5: int 0x21
0x12ae7: cmp ch, 9
0x12aea: jb 0x12af4
0x12aec: cmp ch, 0xb
0x12aef: jae 0x12af4
0x12af1: jmp 0x12fa9
0x12af4: cli
0x12af5: mov si, 0x84
0x12af8: mov di, 0xc
0x12afb: push 0
0x12afd: push 0
0x12aff: pop ds
0x12b00: pop es
0x12b01: mov cx, 2
0x12b04: cld
2018-12-17T22:19:01.264728453Z 74 PC: 12b21 | Reallocate memory
2018-12-17T22:19:01.26713051Z 72 PC: 12b27 | Allocate memory
2018-12-17T22:19:01.26859261Z 53 PC: 12b48 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:01.269649111Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:01.270905557Z 98 PC: 12b5a | Get current PSP
2018-12-17T22:19:01.283276931Z 250 PC: 9f1d4 | UNKNOWN!
2018-12-17T22:19:01.284414604Z 53 PC: 9eee1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:01.286092577Z 37 PC: 9eef4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:01.289017057Z 67 PC: 9eefc | Get or set file attributes
2018-12-17T22:19:01.295449527Z 67 PC: 9ef07 | Get or set file attributes
2018-12-17T22:19:02.322785017Z 61 PC: 9ef52 | Open file (Filename = '�7')
2018-12-17T22:19:02.329920329Z 87 PC: 9ef5c | Get or set file date and time
2018-12-17T22:19:02.331308828Z 63 PC: 9ef82 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:19:02.333946818Z 66 PC: 9f119 | Move file pointer
2018-12-17T22:19:02.336425538Z 66 PC: 9f04f | Move file pointer
2018-12-17T22:19:02.338658713Z 64 PC: 9f150 | Write file or device (Write 1656 bytes on handle 5)
2018-12-17T22:19:02.346840737Z 66 PC: 9f119 | Move file pointer
2018-12-17T22:19:02.348933368Z 64 PC: 9f07a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:19:02.351969173Z 67 PC: 9f0b7 | Get or set file attributes
2018-12-17T22:19:02.357275241Z 67 PC: 9f0b7 | Get or set file attributes
2018-12-17T22:19:02.363094938Z 67 PC: 9f0b7 | Get or set file attributes
2018-12-17T22:19:02.369671563Z 87 PC: 9f0e1 | Get or set file date and time
2018-12-17T22:19:02.371536631Z 62 PC: 9f0e4 | Close file
2018-12-17T22:19:02.378111554Z 67 PC: 9f0ef | Get or set file attributes
2018-12-17T22:19:02.387748064Z 37 PC: 9f0fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:02.38891284Z 250 PC: 9f1d4 | UNKNOWN!
2018-12-17T22:19:02.390039699Z 186 PC: 12b89 | UNKNOWN!
2018-12-17T22:19:02.392019748Z 48 PC: 12a48 | Get DOS version

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3268,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:45.094657207Z 48 PC: 12a48 | Get DOS version
2018-12-25T11:48:45.096226677Z 187 PC: 12a83 | UNKNOWN!
2018-12-25T11:48:45.096974042Z 42 PC: 12ada | Get date 0x12ada: cmp dh, 3
0x12add: jne 0x12af4
0x12adf: cmp al, 6
0x12ae1: jne 0x12af4
0x12ae3: mov ah, 0x2c
0x12ae5: int 0x21
0x12ae7: cmp ch, 9
0x12aea: jb 0x12af4
0x12aec: cmp ch, 0xb
0x12aef: jae 0x12af4
0x12af1: jmp 0x12fa9
0x12af4: cli
0x12af5: mov si, 0x84
0x12af8: mov di, 0xc
0x12afb: push 0
0x12afd: push 0
0x12aff: pop ds
0x12b00: pop es
0x12b01: mov cx, 2
0x12b04: cld
2018-12-25T11:48:45.09908499Z 74 PC: 12b21 | Reallocate memory
2018-12-25T11:48:45.10843828Z 72 PC: 12b27 | Allocate memory
2018-12-25T11:48:45.11056064Z 53 PC: 12b48 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:45.11220744Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:45.113938206Z 98 PC: 12b5a | Get current PSP
2018-12-25T11:48:45.114959488Z 250 PC: 9f1d4 | UNKNOWN!
2018-12-25T11:48:45.115821798Z 53 PC: 9eee1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:45.117640626Z 37 PC: 9eef4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:45.119336733Z 67 PC: 9eefc | Get or set file attributes
2018-12-25T11:48:45.12498713Z 67 PC: 9ef07 | Get or set file attributes
2018-12-25T11:48:48.362817316Z 61 PC: 9ef52 | Open file (Filename = '�7')
2018-12-25T11:48:48.377070971Z 87 PC: 9ef5c | Get or set file date and time
2018-12-25T11:48:48.378628194Z 63 PC: 9ef82 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:48:48.381533099Z 66 PC: 9f119 | Move file pointer
2018-12-25T11:48:48.383648985Z 66 PC: 9f04f | Move file pointer
2018-12-25T11:48:48.385862294Z 64 PC: 9f150 | Write file or device (Write 1656 bytes on handle 5)
2018-12-25T11:48:48.393620424Z 66 PC: 9f119 | Move file pointer (See above)
2018-12-25T11:48:48.395658816Z 64 PC: 9f07a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:48.398805433Z 67 PC: 9f0b7 | Get or set file attributes
2018-12-25T11:48:48.409426092Z 67 PC: 9f0b7 | Get or set file attributes (See above)
2018-12-25T11:48:48.416464242Z 67 PC: 9f0b7 | Get or set file attributes (See above)
2018-12-25T11:48:48.421878413Z 87 PC: 9f0e1 | Get or set file date and time
2018-12-25T11:48:48.423326841Z 62 PC: 9f0e4 | Close file
2018-12-25T11:48:48.432612256Z 67 PC: 9f0ef | Get or set file attributes
2018-12-25T11:48:48.444511874Z 37 PC: 9f0fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:48.446001489Z 250 PC: 9f1d4 | UNKNOWN! (See above)
2018-12-25T11:48:48.447984237Z 186 PC: 12b89 | UNKNOWN!
2018-12-25T11:48:48.453564139Z 48 PC: 12a48 | Get DOS version (See above)

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3268,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:45.103272554Z 48 PC: 12a48 | Get DOS version
2018-12-25T11:48:45.10567197Z 187 PC: 12a83 | UNKNOWN!
2018-12-25T11:48:45.106513773Z 42 PC: 12ada | Get date 0x12ada: cmp dh, 3
0x12add: jne 0x12af4
0x12adf: cmp al, 6
0x12ae1: jne 0x12af4
0x12ae3: mov ah, 0x2c
0x12ae5: int 0x21
0x12ae7: cmp ch, 9
0x12aea: jb 0x12af4
0x12aec: cmp ch, 0xb
0x12aef: jae 0x12af4
0x12af1: jmp 0x12fa9
0x12af4: cli
0x12af5: mov si, 0x84
0x12af8: mov di, 0xc
0x12afb: push 0
0x12afd: push 0
0x12aff: pop ds
0x12b00: pop es
0x12b01: mov cx, 2
0x12b04: cld
2018-12-25T11:48:45.108654499Z 44 PC: 12ae7 | Get time 0x12ae7: cmp ch, 9
0x12aea: jb 0x12af4
0x12aec: cmp ch, 0xb
0x12aef: jae 0x12af4
0x12af1: jmp 0x12fa9
0x12af4: cli
0x12af5: mov si, 0x84
0x12af8: mov di, 0xc
0x12afb: push 0
0x12afd: push 0
0x12aff: pop ds
0x12b00: pop es
0x12b01: mov cx, 2
0x12b04: cld
0x12b05: rep movsd dword ptr es:[di], dword ptr [si]
0x12b07: sti
0x12b08: pop ds
0x12b09: push ds
0x12b0a: mov bx, 0xec
0x12b0d: mov ax, ds
2018-12-25T11:48:45.112030997Z 74 PC: 12b21 | Reallocate memory
2018-12-25T11:48:45.113514422Z 72 PC: 12b27 | Allocate memory
2018-12-25T11:48:45.115054761Z 53 PC: 12b48 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:45.116741115Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:45.117695192Z 98 PC: 12b5a | Get current PSP
2018-12-25T11:48:45.118563696Z 250 PC: 9f1d4 | UNKNOWN!
2018-12-25T11:48:45.119746935Z 53 PC: 9eee1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:45.120837464Z 37 PC: 9eef4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:45.1218888Z 67 PC: 9eefc | Get or set file attributes
2018-12-25T11:48:45.127193969Z 67 PC: 9ef07 | Get or set file attributes
2018-12-25T11:48:48.364044728Z 61 PC: 9ef52 | Open file (Filename = '�7')
2018-12-25T11:48:48.370186954Z 87 PC: 9ef5c | Get or set file date and time
2018-12-25T11:48:48.372196166Z 63 PC: 9ef82 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:48:48.375769667Z 66 PC: 9f119 | Move file pointer
2018-12-25T11:48:48.377540374Z 66 PC: 9f04f | Move file pointer
2018-12-25T11:48:48.38016936Z 64 PC: 9f150 | Write file or device (Write 1656 bytes on handle 5)
2018-12-25T11:48:48.39040678Z 66 PC: 9f119 | Move file pointer (See above)
2018-12-25T11:48:48.394213125Z 64 PC: 9f07a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:48.407909011Z 67 PC: 9f0b7 | Get or set file attributes
2018-12-25T11:48:48.414887892Z 67 PC: 9f0b7 | Get or set file attributes (See above)
2018-12-25T11:48:48.420858894Z 67 PC: 9f0b7 | Get or set file attributes (See above)
2018-12-25T11:48:48.426562173Z 87 PC: 9f0e1 | Get or set file date and time
2018-12-25T11:48:48.4290371Z 62 PC: 9f0e4 | Close file
2018-12-25T11:48:48.435057854Z 67 PC: 9f0ef | Get or set file attributes
2018-12-25T11:48:48.441024498Z 37 PC: 9f0fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:48.442665073Z 250 PC: 9f1d4 | UNKNOWN! (See above)
2018-12-25T11:48:48.44343912Z 186 PC: 12b89 | UNKNOWN!
2018-12-25T11:48:48.444347211Z 48 PC: 12a48 | Get DOS version (See above)

{"DateBased":true,"Day":2,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3268,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:48:45.139428683Z 48 PC: 12a48 | Get DOS version
2018-12-25T11:48:45.141170325Z 187 PC: 12a83 | UNKNOWN!
2018-12-25T11:48:45.142228852Z 42 PC: 12ada | Get date 0x12ada: cmp dh, 3
0x12add: jne 0x12af4
0x12adf: cmp al, 6
0x12ae1: jne 0x12af4
0x12ae3: mov ah, 0x2c
0x12ae5: int 0x21
0x12ae7: cmp ch, 9
0x12aea: jb 0x12af4
0x12aec: cmp ch, 0xb
0x12aef: jae 0x12af4
0x12af1: jmp 0x12fa9
0x12af4: cli
0x12af5: mov si, 0x84
0x12af8: mov di, 0xc
0x12afb: push 0
0x12afd: push 0
0x12aff: pop ds
0x12b00: pop es
0x12b01: mov cx, 2
0x12b04: cld
2018-12-25T11:48:45.144454974Z 74 PC: 12b21 | Reallocate memory
2018-12-25T11:48:45.146672948Z 72 PC: 12b27 | Allocate memory
2018-12-25T11:48:45.148224302Z 53 PC: 12b48 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:45.149333896Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:45.150958282Z 98 PC: 12b5a | Get current PSP
2018-12-25T11:48:45.151932714Z 250 PC: 9f1d4 | UNKNOWN!
2018-12-25T11:48:45.152645769Z 53 PC: 9eee1 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:45.153912203Z 37 PC: 9eef4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:45.158739727Z 67 PC: 9eefc | Get or set file attributes
2018-12-25T11:48:45.164039423Z 67 PC: 9ef07 | Get or set file attributes
2018-12-25T11:48:48.356616514Z 61 PC: 9ef52 | Open file (Filename = '�7')
2018-12-25T11:48:48.364296916Z 87 PC: 9ef5c | Get or set file date and time
2018-12-25T11:48:48.366225706Z 63 PC: 9ef82 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T11:48:48.37024254Z 66 PC: 9f119 | Move file pointer
2018-12-25T11:48:48.373068036Z 66 PC: 9f04f | Move file pointer
2018-12-25T11:48:48.375591296Z 64 PC: 9f150 | Write file or device (Write 1656 bytes on handle 5)
2018-12-25T11:48:48.383206767Z 66 PC: 9f119 | Move file pointer (See above)
2018-12-25T11:48:48.385403737Z 64 PC: 9f07a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T11:48:48.388689157Z 67 PC: 9f0b7 | Get or set file attributes
2018-12-25T11:48:48.394288647Z 67 PC: 9f0b7 | Get or set file attributes (See above)
2018-12-25T11:48:48.400915803Z 67 PC: 9f0b7 | Get or set file attributes (See above)
2018-12-25T11:48:48.406352951Z 87 PC: 9f0e1 | Get or set file date and time
2018-12-25T11:48:48.408126661Z 62 PC: 9f0e4 | Close file
2018-12-25T11:48:48.4188813Z 67 PC: 9f0ef | Get or set file attributes
2018-12-25T11:48:48.433185232Z 37 PC: 9f0fe | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:48.43479919Z 250 PC: 9f1d4 | UNKNOWN! (See above)
2018-12-25T11:48:48.439944689Z 186 PC: 12b89 | UNKNOWN!
2018-12-25T11:48:48.441798683Z 48 PC: 12a48 | Get DOS version (See above)