Sample viewer

vx.netlux.org/Virus.DOS.MadSatan.639

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:22.424458879Z	42	PC: 140f6 \| Get date 0x140f6: cmp dh, 1 0x140f9: jne 0x14122 0x140fb: cmp dl, 7 0x140fe: jae 0x14122 0x14100: mov di, 0x310 0x14103: mov al, 0x99 0x14105: add di, si 0x14107: mov cx, 0x71 0x1410a: mov ah, byte ptr [di] 0x1410c: mov dl, ah 0x1410e: xor ah, al 0x14110: mov byte ptr [di], ah 0x14112: mov al, dl 0x14114: inc di 0x14115: loop 0x1410a 0x14117: mov ah, 9 0x14119: mov dx, 0x310 0x1411c: add dx, si 0x1411e: int 0x21 0x14120: jmp 0x14120
2018-12-17T22:19:22.427771695Z	255	PC: 14136 \| UNKNOWN!
2018-12-17T22:19:22.429200089Z	49	PC: 1417b \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3334,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:53.682401133Z	42	PC: 140f6 \| Get date 0x140f6: cmp dh, 1 0x140f9: jne 0x14122 0x140fb: cmp dl, 7 0x140fe: jae 0x14122 0x14100: mov di, 0x310 0x14103: mov al, 0x99 0x14105: add di, si 0x14107: mov cx, 0x71 0x1410a: mov ah, byte ptr [di] 0x1410c: mov dl, ah 0x1410e: xor ah, al 0x14110: mov byte ptr [di], ah 0x14112: mov al, dl 0x14114: inc di 0x14115: loop 0x1410a 0x14117: mov ah, 9 0x14119: mov dx, 0x310 0x1411c: add dx, si 0x1411e: int 0x21 0x14120: jmp 0x14120
2018-12-25T11:48:53.684616261Z	255	PC: 14136 \| UNKNOWN!
2018-12-25T11:48:53.69356642Z	49	PC: 1417b \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3334,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:56.917330966Z	42	PC: 140f6 \| Get date 0x140f6: cmp dh, 1 0x140f9: jne 0x14122 0x140fb: cmp dl, 7 0x140fe: jae 0x14122 0x14100: mov di, 0x310 0x14103: mov al, 0x99 0x14105: add di, si 0x14107: mov cx, 0x71 0x1410a: mov ah, byte ptr [di] 0x1410c: mov dl, ah 0x1410e: xor ah, al 0x14110: mov byte ptr [di], ah 0x14112: mov al, dl 0x14114: inc di 0x14115: loop 0x1410a 0x14117: mov ah, 9 0x14119: mov dx, 0x310 0x1411c: add dx, si 0x1411e: int 0x21 0x14120: jmp 0x14120
2018-12-25T11:48:56.920277948Z	255	PC: 14136 \| UNKNOWN!
2018-12-25T11:48:56.921413699Z	49	PC: 1417b \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3334,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.009084957Z	42	PC: 140f6 \| Get date 0x140f6: cmp dh, 1 0x140f9: jne 0x14122 0x140fb: cmp dl, 7 0x140fe: jae 0x14122 0x14100: mov di, 0x310 0x14103: mov al, 0x99 0x14105: add di, si 0x14107: mov cx, 0x71 0x1410a: mov ah, byte ptr [di] 0x1410c: mov dl, ah 0x1410e: xor ah, al 0x14110: mov byte ptr [di], ah 0x14112: mov al, dl 0x14114: inc di 0x14115: loop 0x1410a 0x14117: mov ah, 9 0x14119: mov dx, 0x310 0x1411c: add dx, si 0x1411e: int 0x21 0x14120: jmp 0x14120
2018-12-25T11:48:57.012505317Z	9	PC: 14120 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3334,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.341981171Z	42	PC: 140f6 \| Get date 0x140f6: cmp dh, 1 0x140f9: jne 0x14122 0x140fb: cmp dl, 7 0x140fe: jae 0x14122 0x14100: mov di, 0x310 0x14103: mov al, 0x99 0x14105: add di, si 0x14107: mov cx, 0x71 0x1410a: mov ah, byte ptr [di] 0x1410c: mov dl, ah 0x1410e: xor ah, al 0x14110: mov byte ptr [di], ah 0x14112: mov al, dl 0x14114: inc di 0x14115: loop 0x1410a 0x14117: mov ah, 9 0x14119: mov dx, 0x310 0x1411c: add dx, si 0x1411e: int 0x21 0x14120: jmp 0x14120
2018-12-25T11:48:57.345010828Z	9	PC: 14120 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":8,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3334,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.400136159Z	42	PC: 140f6 \| Get date 0x140f6: cmp dh, 1 0x140f9: jne 0x14122 0x140fb: cmp dl, 7 0x140fe: jae 0x14122 0x14100: mov di, 0x310 0x14103: mov al, 0x99 0x14105: add di, si 0x14107: mov cx, 0x71 0x1410a: mov ah, byte ptr [di] 0x1410c: mov dl, ah 0x1410e: xor ah, al 0x14110: mov byte ptr [di], ah 0x14112: mov al, dl 0x14114: inc di 0x14115: loop 0x1410a 0x14117: mov ah, 9 0x14119: mov dx, 0x310 0x1411c: add dx, si 0x1411e: int 0x21 0x14120: jmp 0x14120
2018-12-25T11:48:57.402996292Z	255	PC: 14136 \| UNKNOWN!
2018-12-25T11:48:57.403775695Z	49	PC: 1417b \| Terminate and stay resident (Return code = '0' \| Memory size = '68')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3334,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.426062668Z	42	PC: 140f6 \| Get date 0x140f6: cmp dh, 1 0x140f9: jne 0x14122 0x140fb: cmp dl, 7 0x140fe: jae 0x14122 0x14100: mov di, 0x310 0x14103: mov al, 0x99 0x14105: add di, si 0x14107: mov cx, 0x71 0x1410a: mov ah, byte ptr [di] 0x1410c: mov dl, ah 0x1410e: xor ah, al 0x14110: mov byte ptr [di], ah 0x14112: mov al, dl 0x14114: inc di 0x14115: loop 0x1410a 0x14117: mov ah, 9 0x14119: mov dx, 0x310 0x1411c: add dx, si 0x1411e: int 0x21 0x14120: jmp 0x14120
2018-12-25T11:48:57.434369462Z	255	PC: 14136 \| UNKNOWN!
2018-12-25T11:48:57.435323162Z	49	PC: 1417b \| Terminate and stay resident (Return code = '0' \| Memory size = '68')