Sample viewer

vx.netlux.org/Virus.DOS.I13.Paraguay.2800

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:53:41.62499799Z 219 PC: 12ae7 | UNKNOWN!
2018-12-17T21:53:41.626101738Z 205 PC: 12af3 | UNKNOWN!
2018-12-17T21:53:41.626647444Z 53 PC: 12b01 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:53:41.627520472Z 53 PC: 12b1a | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T21:53:41.629023808Z 74 PC: 12b6f | Reallocate memory
2018-12-17T21:53:41.63023323Z 72 PC: 12b76 | Allocate memory
2018-12-17T21:53:41.631771849Z 42 PC: 12bbe | Get date 0x12bbe: cmp dh, 5
0x12bc1: jne 0x12bea
0x12bc3: in ax, 0x40
0x12bc5: cmp al, 0xc8
0x12bc7: jb 0x12bea
0x12bc9: push es
0x12bca: mov ax, 0x70
0x12bcd: mov ds, ax
0x12bcf: xor ax, ax
0x12bd1: mov es, ax
0x12bd3: mov si, 0xb4
0x12bd6: mov di, 0x4c
0x12bd9: movsw word ptr es:[di], word ptr [si]
0x12bda: movsw word ptr es:[di], word ptr [si]
0x12bdb: pop es
0x12bdc: push cs
0x12bdd: pop ds
0x12bde: mov ah, 9
0x12be0: lea dx, word ptr [bp + 0x639]
0x12be4: int 0x21
2018-12-17T21:53:41.633870834Z 76 PC: 1405e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":389,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:51.858172511Z 219 PC: 12ae7 | UNKNOWN!
2018-12-25T11:40:51.859590146Z 205 PC: 12af3 | UNKNOWN!
2018-12-25T11:40:51.860210941Z 53 PC: 12b01 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:51.861195109Z 53 PC: 12b1a | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:40:51.874465126Z 74 PC: 12b6f | Reallocate memory
2018-12-25T11:40:51.875739289Z 72 PC: 12b76 | Allocate memory
2018-12-25T11:40:51.877307224Z 42 PC: 12bbe | Get date 0x12bbe: cmp dh, 5
0x12bc1: jne 0x12bea
0x12bc3: in ax, 0x40
0x12bc5: cmp al, 0xc8
0x12bc7: jb 0x12bea
0x12bc9: push es
0x12bca: mov ax, 0x70
0x12bcd: mov ds, ax
0x12bcf: xor ax, ax
0x12bd1: mov es, ax
0x12bd3: mov si, 0xb4
0x12bd6: mov di, 0x4c
0x12bd9: movsw word ptr es:[di], word ptr [si]
0x12bda: movsw word ptr es:[di], word ptr [si]
0x12bdb: pop es
0x12bdc: push cs
0x12bdd: pop ds
0x12bde: mov ah, 9
0x12be0: lea dx, word ptr [bp + 0x639]
0x12be4: int 0x21
2018-12-25T11:40:51.879870717Z 76 PC: 1405e | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":389,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:51.924099057Z 219 PC: 12ae7 | UNKNOWN!
2018-12-25T11:40:51.925789944Z 205 PC: 12af3 | UNKNOWN!
2018-12-25T11:40:51.926839949Z 53 PC: 12b01 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:40:51.928586246Z 53 PC: 12b1a | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:40:51.930644534Z 74 PC: 12b6f | Reallocate memory
2018-12-25T11:40:51.932640287Z 72 PC: 12b76 | Allocate memory
2018-12-25T11:40:51.93488495Z 42 PC: 12bbe | Get date 0x12bbe: cmp dh, 5
0x12bc1: jne 0x12bea
0x12bc3: in ax, 0x40
0x12bc5: cmp al, 0xc8
0x12bc7: jb 0x12bea
0x12bc9: push es
0x12bca: mov ax, 0x70
0x12bcd: mov ds, ax
0x12bcf: xor ax, ax
0x12bd1: mov es, ax
0x12bd3: mov si, 0xb4
0x12bd6: mov di, 0x4c
0x12bd9: movsw word ptr es:[di], word ptr [si]
0x12bda: movsw word ptr es:[di], word ptr [si]
0x12bdb: pop es
0x12bdc: push cs
0x12bdd: pop ds
0x12bde: mov ah, 9
0x12be0: lea dx, word ptr [bp + 0x639]
0x12be4: int 0x21
2018-12-25T11:40:51.93794243Z 9 PC: 12be6 | Display string (String= '+WTt��U��� �t@9Tu�9Du���E�9RP�����������������XZPR+���������ZX� ��� P���� ���X����������r�������=�� ��@�� �� �!&�E&�E�@����!�7�� &�M�{�>�!�� .�� �')