Sample viewer

vx.netlux.org/Virus.DOS.Maresme.1062

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:20:14.649926544Z 42 PC: 12d06 | Get date 0x12d06: xor dl, 0x1f
0x12d09: jne 0x12d0e
0x12d0b: jmp 0x12fb8
0x12d0e: int3
0x12d0f: mov ax, 0x9900
0x12d12: int 0x21
0x12d14: cmp ax, 0x4f4b
0x12d17: je 0x12d1a
0x12d19: ret
0x12d1a: jmp 0x12f43
0x12d1d: pop di
0x12d1e: pop dx
0x12d1f: pop cx
0x12d20: pop bx
0x12d21: pop ax
0x12d22: pop es
0x12d23: pop ds
0x12d24: jne 0x12d29
0x12d26: jmp 0x12d66
0x12d28: nop
2018-12-17T22:20:14.652914091Z 153 PC: 12d14 | UNKNOWN!
2018-12-17T22:20:14.653775043Z 53 PC: 9f76d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:14.654927694Z 37 PC: 9f77e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:14.656627692Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T22:20:14.660703912Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3503,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:19.501929373Z 42 PC: 12d06 | Get date 0x12d06: xor dl, 0x1f
0x12d09: jne 0x12d0e
0x12d0b: jmp 0x12fb8
0x12d0e: int3
0x12d0f: mov ax, 0x9900
0x12d12: int 0x21
0x12d14: cmp ax, 0x4f4b
0x12d17: je 0x12d1a
0x12d19: ret
0x12d1a: jmp 0x12f43
0x12d1d: pop di
0x12d1e: pop dx
0x12d1f: pop cx
0x12d20: pop bx
0x12d21: pop ax
0x12d22: pop es
0x12d23: pop ds
0x12d24: jne 0x12d29
0x12d26: jmp 0x12d66
0x12d28: nop
2018-12-25T11:49:19.504050423Z 153 PC: 12d14 | UNKNOWN!
2018-12-25T11:49:19.504915225Z 53 PC: 9f76d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:19.511117531Z 37 PC: 9f77e | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:19.512687269Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:49:19.519119831Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3503,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:49:20.599204137Z 42 PC: 12d06 | Get date 0x12d06: xor dl, 0x1f
0x12d09: jne 0x12d0e
0x12d0b: jmp 0x12fb8
0x12d0e: int3
0x12d0f: mov ax, 0x9900
0x12d12: int 0x21
0x12d14: cmp ax, 0x4f4b
0x12d17: je 0x12d1a
0x12d19: ret
0x12d1a: jmp 0x12f43
0x12d1d: pop di
0x12d1e: pop dx
0x12d1f: pop cx
0x12d20: pop bx
0x12d21: pop ax
0x12d22: pop es
0x12d23: pop ds
0x12d24: jne 0x12d29
0x12d26: jmp 0x12d66
0x12d28: nop
2018-12-25T11:49:20.601919203Z 53 PC: 12fbe | Get interrupt vector (Interrupt = '25' AKA 'Get default drive')
2018-12-25T11:49:20.603425555Z 37 PC: 12fc8 | Set interrupt vector (Interrupt = '25' AKA 'Get default drive')