Sample viewer

vx.netlux.org/Virus.DOS.TPE.Girafe.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:20:41.810734509Z	48	PC: 145d0 \| Get DOS version
2018-12-17T22:20:41.813464101Z	51	PC: 145dc \| Get or set Ctrl-Break
2018-12-17T22:20:41.814711903Z	53	PC: 1460e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:41.816298227Z	37	PC: 1461e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:20:41.818205719Z	44	PC: 9e24e \| Get time 0x9e24e: in al, 0x40 0x9e250: mov ah, al 0x9e252: in al, 0x40 0x9e254: xor ax, cx 0x9e256: xor dx, ax 0x9e258: jmp 0x9e275 0x9e25a: push dx 0x9e25b: push cx 0x9e25c: push bx 0x9e25d: mov ax, 0xa72e 0x9e260: mov dx, 0x5e33 0x9e263: mov cx, 7 0x9e266: shl ax, 1 0x9e268: rcl dx, 1 0x9e26a: mov bl, al 0x9e26c: xor bl, dh 0x9e26e: jns 0x9e272 0x9e270: inc al 0x9e272: loop 0x9e266 0x9e274: pop bx
2018-12-17T22:20:41.821934944Z	51	PC: 14623 \| Get or set Ctrl-Break
2018-12-17T22:20:41.823365798Z	42	PC: 14627 \| Get date 0x14627: cmp al, 5 0x14629: jne 0x14638 0x1462b: mov ah, 0x2c 0x1462d: int 0x21 0x1462f: or dh, dh 0x14631: jne 0x14638 0x14633: mov ax, 0x33dc 0x14636: int 0x21 0x14638: pop si 0x14639: pop di 0x1463a: pop es 0x1463b: pop ds 0x1463c: pop ax 0x1463d: add si, 0x9c1 0x14641: sub si, di 0x14643: cmp byte ptr cs:[si], 0x4d 0x14647: je 0x14650 0x14649: push di 0x1464a: mov cx, 0x1c 0x1464d: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:20:41.82639104Z	76	PC: 14595 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3588,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:31.42282378Z	48	PC: 145d0 \| Get DOS version
2018-12-25T11:49:31.425080928Z	51	PC: 145dc \| Get or set Ctrl-Break
2018-12-25T11:49:31.426477526Z	53	PC: 1460e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:31.428198764Z	37	PC: 1461e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:31.429949362Z	44	PC: 9e24e \| Get time 0x9e24e: in al, 0x40 0x9e250: mov ah, al 0x9e252: in al, 0x40 0x9e254: xor ax, cx 0x9e256: xor dx, ax 0x9e258: jmp 0x9e275 0x9e25a: push dx 0x9e25b: push cx 0x9e25c: push bx 0x9e25d: mov ax, 0xa72e 0x9e260: mov dx, 0x5e33 0x9e263: mov cx, 7 0x9e266: shl ax, 1 0x9e268: rcl dx, 1 0x9e26a: mov bl, al 0x9e26c: xor bl, dh 0x9e26e: jns 0x9e272 0x9e270: inc al 0x9e272: loop 0x9e266 0x9e274: pop bx
2018-12-25T11:49:31.432765874Z	51	PC: 14623 \| Get or set Ctrl-Break
2018-12-25T11:49:31.433844752Z	42	PC: 14627 \| Get date 0x14627: cmp al, 5 0x14629: jne 0x14638 0x1462b: mov ah, 0x2c 0x1462d: int 0x21 0x1462f: or dh, dh 0x14631: jne 0x14638 0x14633: mov ax, 0x33dc 0x14636: int 0x21 0x14638: pop si 0x14639: pop di 0x1463a: pop es 0x1463b: pop ds 0x1463c: pop ax 0x1463d: add si, 0x9c1 0x14641: sub si, di 0x14643: cmp byte ptr cs:[si], 0x4d 0x14647: je 0x14650 0x14649: push di 0x1464a: mov cx, 0x1c 0x1464d: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T11:49:31.436577707Z	76	PC: 14595 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3588,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:49:32.030587391Z	48	PC: 145d0 \| Get DOS version
2018-12-25T11:49:32.032035476Z	51	PC: 145dc \| Get or set Ctrl-Break
2018-12-25T11:49:32.033217237Z	53	PC: 1460e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:32.034750147Z	37	PC: 1461e \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:49:32.036465545Z	44	PC: 9e24e \| Get time 0x9e24e: in al, 0x40 0x9e250: mov ah, al 0x9e252: in al, 0x40 0x9e254: xor ax, cx 0x9e256: xor dx, ax 0x9e258: jmp 0x9e275 0x9e25a: push dx 0x9e25b: push cx 0x9e25c: push bx 0x9e25d: mov ax, 0xa72e 0x9e260: mov dx, 0x5e33 0x9e263: mov cx, 7 0x9e266: shl ax, 1 0x9e268: rcl dx, 1 0x9e26a: mov bl, al 0x9e26c: xor bl, dh 0x9e26e: jns 0x9e272 0x9e270: inc al 0x9e272: loop 0x9e266 0x9e274: pop bx
2018-12-25T11:49:32.039922353Z	51	PC: 14623 \| Get or set Ctrl-Break
2018-12-25T11:49:32.041371093Z	42	PC: 14627 \| Get date 0x14627: cmp al, 5 0x14629: jne 0x14638 0x1462b: mov ah, 0x2c 0x1462d: int 0x21 0x1462f: or dh, dh 0x14631: jne 0x14638 0x14633: mov ax, 0x33dc 0x14636: int 0x21 0x14638: pop si 0x14639: pop di 0x1463a: pop es 0x1463b: pop ds 0x1463c: pop ax 0x1463d: add si, 0x9c1 0x14641: sub si, di 0x14643: cmp byte ptr cs:[si], 0x4d 0x14647: je 0x14650 0x14649: push di 0x1464a: mov cx, 0x1c 0x1464d: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T11:49:32.048852825Z	44	PC: 1462f \| Get time 0x1462f: or dh, dh 0x14631: jne 0x14638 0x14633: mov ax, 0x33dc 0x14636: int 0x21 0x14638: pop si 0x14639: pop di 0x1463a: pop es 0x1463b: pop ds 0x1463c: pop ax 0x1463d: add si, 0x9c1 0x14641: sub si, di 0x14643: cmp byte ptr cs:[si], 0x4d 0x14647: je 0x14650 0x14649: push di 0x1464a: mov cx, 0x1c 0x1464d: rep movsb byte ptr es:[di], byte ptr [si] 0x1464f: ret 0x14650: mov bx, ds 0x14652: add bx, 0x10 0x14655: mov cx, bx
2018-12-25T11:49:32.051038846Z	76	PC: 14595 \| Terminate with return code (Return code = '0')