Sample viewer

vx.netlux.org/Virus.DOS.Jain.1614

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:22:23.957396433Z	42	PC: 132d9 \| Get date 0x132d9: cmp dx, 0x70d 0x132dd: jbe 0x132e6 0x132df: cmp al, 4 0x132e1: jne 0x132e6 0x132e3: call 0x137bb 0x132e6: mov byte ptr cs:[bx + 9], 0 0x132eb: mov ah, 0x30 0x132ed: int 0x21 0x132ef: mov bx, word ptr [bp] 0x132f2: nop 0x132f3: cmp byte ptr cs:[bx + 9], 0 0x132f8: je 0x132fd 0x132fa: jmp 0x13360 0x132fc: nop 0x132fd: lds si, ptr es:[6] 0x13302: lds si, ptr [si + 1] 0x13305: mov word ptr cs:[bx + 7], ds 0x13309: xor ax, ax 0x1330b: mov ds, ax 0x1330d: lds si, ptr [4]
2018-12-17T22:22:23.96102891Z	48	PC: 132ef \| Get DOS version
2018-12-17T22:22:23.962437583Z	48	PC: 13344 \| Get DOS version
2018-12-17T22:22:23.963705706Z	72	PC: 13369 \| Allocate memory
2018-12-17T22:22:23.96585105Z	74	PC: 1337e \| Reallocate memory
2018-12-17T22:22:23.967650364Z	72	PC: 13369 \| Allocate memory

{"DateBased":true,"Day":13,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3927,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:21.665116522Z	42	PC: 132d9 \| Get date 0x132d9: cmp dx, 0x70d 0x132dd: jbe 0x132e6 0x132df: cmp al, 4 0x132e1: jne 0x132e6 0x132e3: call 0x137bb 0x132e6: mov byte ptr cs:[bx + 9], 0 0x132eb: mov ah, 0x30 0x132ed: int 0x21 0x132ef: mov bx, word ptr [bp] 0x132f2: nop 0x132f3: cmp byte ptr cs:[bx + 9], 0 0x132f8: je 0x132fd 0x132fa: jmp 0x13360 0x132fc: nop 0x132fd: lds si, ptr es:[6] 0x13302: lds si, ptr [si + 1] 0x13305: mov word ptr cs:[bx + 7], ds 0x13309: xor ax, ax 0x1330b: mov ds, ax 0x1330d: lds si, ptr [4]
2018-12-25T11:50:21.667694105Z	48	PC: 132ef \| Get DOS version
2018-12-25T11:50:21.669117434Z	48	PC: 13344 \| Get DOS version
2018-12-25T11:50:21.670393448Z	72	PC: 13369 \| Allocate memory
2018-12-25T11:50:21.671904626Z	74	PC: 1337e \| Reallocate memory
2018-12-25T11:50:21.673203627Z	72	PC: 13369 \| Allocate memory (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3927,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:21.968849423Z	42	PC: 132d9 \| Get date 0x132d9: cmp dx, 0x70d 0x132dd: jbe 0x132e6 0x132df: cmp al, 4 0x132e1: jne 0x132e6 0x132e3: call 0x137bb 0x132e6: mov byte ptr cs:[bx + 9], 0 0x132eb: mov ah, 0x30 0x132ed: int 0x21 0x132ef: mov bx, word ptr [bp] 0x132f2: nop 0x132f3: cmp byte ptr cs:[bx + 9], 0 0x132f8: je 0x132fd 0x132fa: jmp 0x13360 0x132fc: nop 0x132fd: lds si, ptr es:[6] 0x13302: lds si, ptr [si + 1] 0x13305: mov word ptr cs:[bx + 7], ds 0x13309: xor ax, ax 0x1330b: mov ds, ax 0x1330d: lds si, ptr [4]
2018-12-25T11:50:21.971517096Z	48	PC: 132ef \| Get DOS version
2018-12-25T11:50:21.972771342Z	48	PC: 13344 \| Get DOS version
2018-12-25T11:50:21.973946348Z	72	PC: 13369 \| Allocate memory
2018-12-25T11:50:21.976627921Z	74	PC: 1337e \| Reallocate memory
2018-12-25T11:50:21.978048456Z	72	PC: 13369 \| Allocate memory (See above)

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3927,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:22.385285923Z	42	PC: 132d9 \| Get date 0x132d9: cmp dx, 0x70d 0x132dd: jbe 0x132e6 0x132df: cmp al, 4 0x132e1: jne 0x132e6 0x132e3: call 0x137bb 0x132e6: mov byte ptr cs:[bx + 9], 0 0x132eb: mov ah, 0x30 0x132ed: int 0x21 0x132ef: mov bx, word ptr [bp] 0x132f2: nop 0x132f3: cmp byte ptr cs:[bx + 9], 0 0x132f8: je 0x132fd 0x132fa: jmp 0x13360 0x132fc: nop 0x132fd: lds si, ptr es:[6] 0x13302: lds si, ptr [si + 1] 0x13305: mov word ptr cs:[bx + 7], ds 0x13309: xor ax, ax 0x1330b: mov ds, ax 0x1330d: lds si, ptr [4]
2018-12-25T11:50:22.388146912Z	48	PC: 132ef \| Get DOS version
2018-12-25T11:50:22.38930253Z	48	PC: 13344 \| Get DOS version
2018-12-25T11:50:22.39084846Z	72	PC: 13369 \| Allocate memory
2018-12-25T11:50:22.393053496Z	74	PC: 1337e \| Reallocate memory
2018-12-25T11:50:22.39458168Z	72	PC: 13369 \| Allocate memory (See above)

{"DateBased":true,"Day":13,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3927,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:22.445514673Z	42	PC: 132d9 \| Get date 0x132d9: cmp dx, 0x70d 0x132dd: jbe 0x132e6 0x132df: cmp al, 4 0x132e1: jne 0x132e6 0x132e3: call 0x137bb 0x132e6: mov byte ptr cs:[bx + 9], 0 0x132eb: mov ah, 0x30 0x132ed: int 0x21 0x132ef: mov bx, word ptr [bp] 0x132f2: nop 0x132f3: cmp byte ptr cs:[bx + 9], 0 0x132f8: je 0x132fd 0x132fa: jmp 0x13360 0x132fc: nop 0x132fd: lds si, ptr es:[6] 0x13302: lds si, ptr [si + 1] 0x13305: mov word ptr cs:[bx + 7], ds 0x13309: xor ax, ax 0x1330b: mov ds, ax 0x1330d: lds si, ptr [4]
2018-12-25T11:50:22.448255181Z	48	PC: 132ef \| Get DOS version
2018-12-25T11:50:22.449456675Z	48	PC: 13344 \| Get DOS version
2018-12-25T11:50:22.450615841Z	72	PC: 13369 \| Allocate memory
2018-12-25T11:50:22.453871483Z	74	PC: 1337e \| Reallocate memory
2018-12-25T11:50:22.455403358Z	72	PC: 13369 \| Allocate memory (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3927,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:23.071982024Z	42	PC: 132d9 \| Get date 0x132d9: cmp dx, 0x70d 0x132dd: jbe 0x132e6 0x132df: cmp al, 4 0x132e1: jne 0x132e6 0x132e3: call 0x137bb 0x132e6: mov byte ptr cs:[bx + 9], 0 0x132eb: mov ah, 0x30 0x132ed: int 0x21 0x132ef: mov bx, word ptr [bp] 0x132f2: nop 0x132f3: cmp byte ptr cs:[bx + 9], 0 0x132f8: je 0x132fd 0x132fa: jmp 0x13360 0x132fc: nop 0x132fd: lds si, ptr es:[6] 0x13302: lds si, ptr [si + 1] 0x13305: mov word ptr cs:[bx + 7], ds 0x13309: xor ax, ax 0x1330b: mov ds, ax 0x1330d: lds si, ptr [4]
2018-12-25T11:50:23.07431593Z	48	PC: 132ef \| Get DOS version
2018-12-25T11:50:23.077131999Z	48	PC: 13344 \| Get DOS version
2018-12-25T11:50:23.078654059Z	72	PC: 13369 \| Allocate memory
2018-12-25T11:50:23.080623312Z	74	PC: 1337e \| Reallocate memory
2018-12-25T11:50:23.082864835Z	72	PC: 13369 \| Allocate memory (See above)

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":3927,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:23.118138402Z	42	PC: 132d9 \| Get date 0x132d9: cmp dx, 0x70d 0x132dd: jbe 0x132e6 0x132df: cmp al, 4 0x132e1: jne 0x132e6 0x132e3: call 0x137bb 0x132e6: mov byte ptr cs:[bx + 9], 0 0x132eb: mov ah, 0x30 0x132ed: int 0x21 0x132ef: mov bx, word ptr [bp] 0x132f2: nop 0x132f3: cmp byte ptr cs:[bx + 9], 0 0x132f8: je 0x132fd 0x132fa: jmp 0x13360 0x132fc: nop 0x132fd: lds si, ptr es:[6] 0x13302: lds si, ptr [si + 1] 0x13305: mov word ptr cs:[bx + 7], ds 0x13309: xor ax, ax 0x1330b: mov ds, ax 0x1330d: lds si, ptr [4]
2018-12-25T11:50:23.121151423Z	48	PC: 132ef \| Get DOS version
2018-12-25T11:50:23.122474714Z	48	PC: 13344 \| Get DOS version
2018-12-25T11:50:23.123652377Z	72	PC: 13369 \| Allocate memory
2018-12-25T11:50:23.125397493Z	74	PC: 1337e \| Reallocate memory
2018-12-25T11:50:23.126859002Z	72	PC: 13369 \| Allocate memory (See above)