Sample viewer

vx.netlux.org/Virus.DOS.V.883

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:23:05.017673242Z	42	PC: 12c1c \| Get date 0x12c1c: mov dl, 0xc 0x12c1e: cmp dh, dl 0x12c20: je 0x12c37 0x12c22: dec dl 0x12c24: jne 0x12c28 0x12c26: mov dl, 0xc 0x12c28: cmp dh, dl 0x12c2a: je 0x12c38 0x12c2c: mov di, 0x2dd 0x12c2f: mov byte ptr [di], dh 0x12c31: mov ah, 0xd0 0x12c33: int 0x21 0x12c35: or ah, ah 0x12c37: ret 0x12c38: call 0x12c44 0x12c3b: jo 0x12cb4 0x12c3d: nop 0x12c3e: int3 0x12c3f: cmp al, 0xa3 0x12c41: in ax, 9
2018-12-17T22:23:05.020450268Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4042,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:50:51.269150801Z	42	PC: 12c1c \| Get date 0x12c1c: mov dl, 0xc 0x12c1e: cmp dh, dl 0x12c20: je 0x12c37 0x12c22: dec dl 0x12c24: jne 0x12c28 0x12c26: mov dl, 0xc 0x12c28: cmp dh, dl 0x12c2a: je 0x12c38 0x12c2c: mov di, 0x2dd 0x12c2f: mov byte ptr [di], dh 0x12c31: mov ah, 0xd0 0x12c33: int 0x21 0x12c35: or ah, ah 0x12c37: ret 0x12c38: call 0x12c44 0x12c3b: jo 0x12cb4 0x12c3d: nop 0x12c3e: int3 0x12c3f: cmp al, 0xa3 0x12c41: in ax, 9
2018-12-25T11:50:51.283991751Z	208	PC: 12c35 \| UNKNOWN!
2018-12-25T11:50:51.299585965Z	67	PC: 9f98f \| Get or set file attributes
2018-12-25T11:50:51.308780399Z	61	PC: 9f98f \| Open file (See above)
2018-12-25T11:50:51.315794065Z	75	PC: 12d41 \| Execute program
2018-12-25T11:50:51.317089136Z	67	PC: 9f98f \| Get or set file attributes (See above)
2018-12-25T11:50:51.322920099Z	61	PC: 9f98f \| Open file (See above)
2018-12-25T11:50:51.329327546Z	66	PC: 9f98f \| Move file pointer (See above)
2018-12-25T11:50:51.330618272Z	63	PC: 9f98f \| Read file or device (See above)
2018-12-25T11:50:51.333368155Z	62	PC: 9f98f \| Close file (See above)
2018-12-25T11:50:51.336091433Z	67	PC: 9f98f \| Get or set file attributes (See above)
2018-12-25T11:50:51.674250927Z	61	PC: 9f98f \| Open file (See above)
2018-12-25T11:50:51.680618484Z	87	PC: 9f8e4 \| Get or set file date and time
2018-12-25T11:50:51.681908913Z	63	PC: 9f98f \| Read file or device (See above)
2018-12-25T11:50:51.685818163Z	66	PC: 9f98f \| Move file pointer (See above)
2018-12-25T11:50:51.687901073Z	64	PC: 9fb79 \| Write file or device (Write 883 bytes on handle 5)
2018-12-25T11:50:51.697749522Z	66	PC: 9f98f \| Move file pointer (See above)
2018-12-25T11:50:51.700703444Z	64	PC: 9f98f \| Write file or device (See above)
2018-12-25T11:50:51.703531477Z	87	PC: 9f956 \| Get or set file date and time
2018-12-25T11:50:51.704974973Z	62	PC: 9f98f \| Close file (See above)
2018-12-25T11:50:51.712916346Z	67	PC: 9f98f \| Get or set file attributes (See above)
2018-12-25T11:50:51.72256216Z	75	PC: 12d4d \| Execute program
2018-12-25T11:50:51.724307506Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4042,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:06:51.693275623Z	42	PC: 12c1c \| Get date 0x12c1c: mov dl, 0xc 0x12c1e: cmp dh, dl 0x12c20: je 0x12c37 0x12c22: dec dl 0x12c24: jne 0x12c28 0x12c26: mov dl, 0xc 0x12c28: cmp dh, dl 0x12c2a: je 0x12c38 0x12c2c: mov di, 0x2dd 0x12c2f: mov byte ptr [di], dh 0x12c31: mov ah, 0xd0 0x12c33: int 0x21 0x12c35: or ah, ah 0x12c37: ret 0x12c38: call 0x12c44 0x12c3b: jo 0x12cb4 0x12c3d: nop 0x12c3e: int3 0x12c3f: cmp al, 0xa3 0x12c41: in ax, 9
2018-12-25T13:06:51.696621405Z	76	PC: 12a45 \| Terminate with return code (Return code = '0')