Sample viewer

vx.netlux.org/Virus.DOS.Macedonia.1024

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:19:22.54479414Z	42	PC: 12a7a \| Get date 0x12a7a: cmp dx, 0xa1c 0x12a7e: je 0x12a8f 0x12a80: cmp cx, 0x7cb 0x12a84: je 0x12a92 0x12a86: cmp dx, 0x319 0x12a8a: je 0x12a8f 0x12a8c: jmp 0x12a92 0x12a8e: nop 0x12a8f: call 0x12c9d 0x12a92: mov di, 0x100 0x12a95: mov si, 0x100 0x12a98: mov cx, 0x519 0x12a9b: cld 0x12a9c: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9e: mov ax, 0x164 0x12aa1: push es 0x12aa2: push ax 0x12aa3: retf 0x12aa4: push cs 0x12aa5: pop ds
2018-12-17T22:19:22.549414236Z	53	PC: 12aab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:22.551134059Z	37	PC: 12c5a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:19:22.552919303Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:22.554557813Z	53	PC: 12ac8 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:19:22.556923009Z	74	PC: 12ad9 \| Reallocate memory
2018-12-17T22:19:22.564247738Z	54	PC: 12b5b \| Get free disk space
2018-12-17T22:19:22.574383212Z	67	PC: 12b6a \| Get or set file attributes
2018-12-17T22:19:22.59373911Z	61	PC: 12b6f \| Open file (Filename = '')
2018-12-17T22:19:22.602259388Z	37	PC: 12c68 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:22.603935889Z	37	PC: 12c70 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:19:22.606400192Z	63	PC: 12b82 \| Read file or device (Read 24 bytes on handle 5)
2018-12-17T22:19:22.610766925Z	62	PC: 12c3e \| Close file
2018-12-17T22:19:22.613000855Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:19:22.615720719Z	37	PC: 12c94 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-17T22:19:22.617262263Z	75	PC: 12b04 \| Execute program
2018-12-17T22:19:22.63485035Z	77	PC: 12b0f \| Get program return code
2018-12-17T22:19:22.636553757Z	49	PC: 12b16 \| Terminate and stay resident (Return code = '0' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3335,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.504670709Z	42	PC: 12a7a \| Get date 0x12a7a: cmp dx, 0xa1c 0x12a7e: je 0x12a8f 0x12a80: cmp cx, 0x7cb 0x12a84: je 0x12a92 0x12a86: cmp dx, 0x319 0x12a8a: je 0x12a8f 0x12a8c: jmp 0x12a92 0x12a8e: nop 0x12a8f: call 0x12c9d 0x12a92: mov di, 0x100 0x12a95: mov si, 0x100 0x12a98: mov cx, 0x519 0x12a9b: cld 0x12a9c: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9e: mov ax, 0x164 0x12aa1: push es 0x12aa2: push ax 0x12aa3: retf 0x12aa4: push cs 0x12aa5: pop ds
2018-12-25T11:48:57.509115967Z	53	PC: 12aab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:57.510103574Z	37	PC: 12c5a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:57.511092684Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:57.520068394Z	53	PC: 12ac8 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:48:57.521469881Z	74	PC: 12ad9 \| Reallocate memory
2018-12-25T11:48:57.523896627Z	54	PC: 12b5b \| Get free disk space
2018-12-25T11:48:57.533067193Z	67	PC: 12b6a \| Get or set file attributes
2018-12-25T11:48:57.550309992Z	61	PC: 12b6f \| Open file (Filename = '')
2018-12-25T11:48:57.556334228Z	37	PC: 12c68 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:57.557901811Z	37	PC: 12c70 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:48:57.558919385Z	63	PC: 12b82 \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:57.56071201Z	62	PC: 12c3e \| Close file
2018-12-25T11:48:57.561920323Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:57.563068159Z	37	PC: 12c94 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:48:57.563883723Z	75	PC: 12b04 \| Execute program
2018-12-25T11:48:57.574552928Z	77	PC: 12b0f \| Get program return code
2018-12-25T11:48:57.579106891Z	49	PC: 12b16 \| Terminate and stay resident (Return code = '0' \| Memory size = '128')

{"DateBased":true,"Day":25,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3335,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.543714392Z	42	PC: 12a7a \| Get date 0x12a7a: cmp dx, 0xa1c 0x12a7e: je 0x12a8f 0x12a80: cmp cx, 0x7cb 0x12a84: je 0x12a92 0x12a86: cmp dx, 0x319 0x12a8a: je 0x12a8f 0x12a8c: jmp 0x12a92 0x12a8e: nop 0x12a8f: call 0x12c9d 0x12a92: mov di, 0x100 0x12a95: mov si, 0x100 0x12a98: mov cx, 0x519 0x12a9b: cld 0x12a9c: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9e: mov ax, 0x164 0x12aa1: push es 0x12aa2: push ax 0x12aa3: retf 0x12aa4: push cs 0x12aa5: pop ds
2018-12-25T11:48:57.599511749Z	9	PC: 12d03 \| Display string (String= 'THE STAR OF VERGINA AND THE')
2018-12-25T11:48:57.604629728Z	9	PC: 12d13 \| Display string (String= 'NAME "MACEDONIA" ARE GREEK!')

{"DateBased":true,"Day":28,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3335,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.563629186Z	42	PC: 12a7a \| Get date 0x12a7a: cmp dx, 0xa1c 0x12a7e: je 0x12a8f 0x12a80: cmp cx, 0x7cb 0x12a84: je 0x12a92 0x12a86: cmp dx, 0x319 0x12a8a: je 0x12a8f 0x12a8c: jmp 0x12a92 0x12a8e: nop 0x12a8f: call 0x12c9d 0x12a92: mov di, 0x100 0x12a95: mov si, 0x100 0x12a98: mov cx, 0x519 0x12a9b: cld 0x12a9c: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9e: mov ax, 0x164 0x12aa1: push es 0x12aa2: push ax 0x12aa3: retf 0x12aa4: push cs 0x12aa5: pop ds
2018-12-25T11:48:57.615417697Z	9	PC: 12d03 \| Display string (String= 'THE STAR OF VERGINA AND THE')
2018-12-25T11:48:57.618184289Z	9	PC: 12d13 \| Display string (String= 'NAME "MACEDONIA" ARE GREEK!')

{"DateBased":true,"Day":1,"Month":1,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3335,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:48:57.66472076Z	42	PC: 12a7a \| Get date 0x12a7a: cmp dx, 0xa1c 0x12a7e: je 0x12a8f 0x12a80: cmp cx, 0x7cb 0x12a84: je 0x12a92 0x12a86: cmp dx, 0x319 0x12a8a: je 0x12a8f 0x12a8c: jmp 0x12a92 0x12a8e: nop 0x12a8f: call 0x12c9d 0x12a92: mov di, 0x100 0x12a95: mov si, 0x100 0x12a98: mov cx, 0x519 0x12a9b: cld 0x12a9c: rep movsb byte ptr es:[di], byte ptr [si] 0x12a9e: mov ax, 0x164 0x12aa1: push es 0x12aa2: push ax 0x12aa3: retf 0x12aa4: push cs 0x12aa5: pop ds
2018-12-25T11:48:57.667418595Z	53	PC: 12aab \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:57.668291305Z	37	PC: 12c5a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:48:57.669207005Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:57.67070688Z	53	PC: 12ac8 \| Get interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:48:57.671836717Z	74	PC: 12ad9 \| Reallocate memory
2018-12-25T11:48:57.672919843Z	54	PC: 12b5b \| Get free disk space
2018-12-25T11:48:57.67804804Z	67	PC: 12b6a \| Get or set file attributes
2018-12-25T11:48:58.655311889Z	61	PC: 12b6f \| Open file (Filename = '')
2018-12-25T11:48:58.666445629Z	37	PC: 12c68 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:58.667796986Z	37	PC: 12c70 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:48:58.669945774Z	63	PC: 12b82 \| Read file or device (Read 24 bytes on handle 5)
2018-12-25T11:48:58.674538546Z	62	PC: 12c3e \| Close file
2018-12-25T11:48:58.676648849Z	37	PC: 12c84 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:48:58.679343578Z	37	PC: 12c94 \| Set interrupt vector (Interrupt = '22' AKA 'Create or truncate file')
2018-12-25T11:48:58.680820616Z	75	PC: 12b04 \| Execute program
2018-12-25T11:48:58.695454344Z	77	PC: 12b0f \| Get program return code
2018-12-25T11:48:58.696907354Z	49	PC: 12b16 \| Terminate and stay resident (Return code = '0' \| Memory size = '128')