Sample viewer

vx.netlux.org/Virus.DOS.Agena.723

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:28.83447598Z	72	PC: 13bf7 \| Allocate memory
2018-12-17T23:15:28.836167683Z	74	PC: 13c08 \| Reallocate memory
2018-12-17T23:15:28.837385257Z	72	PC: 13bf7 \| Allocate memory
2018-12-17T23:15:28.838513706Z	53	PC: 13c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:28.840052417Z	53	PC: 13c22 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T23:15:28.841090508Z	87	PC: 13c42 \| Get or set file date and time
2018-12-17T23:15:28.842293215Z	37	PC: 13c71 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:28.843725823Z	37	PC: 13c78 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T23:15:28.844996162Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-17T23:15:28.849273434Z	81	PC: 9f96e \| Get current PSP
2018-12-17T23:15:28.850364329Z	37	PC: 9f7a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:28.851509579Z	37	PC: 9f7a8 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T23:15:28.8526136Z	73	PC: 9f989 \| Release memory
2018-12-17T23:15:28.854165725Z	49	PC: 9f990 \| Terminate and stay resident (Return code = '111' \| Memory size = '96')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4205,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:17.193456354Z	72	PC: 13bf7 \| Allocate memory
2018-12-25T11:51:17.195479075Z	74	PC: 13c08 \| Reallocate memory
2018-12-25T11:51:17.196795618Z	72	PC: 13bf7 \| Allocate memory (See above)
2018-12-25T11:51:17.198126301Z	53	PC: 13c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.199514726Z	53	PC: 13c22 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.200839976Z	87	PC: 13c42 \| Get or set file date and time
2018-12-25T11:51:17.202055113Z	37	PC: 13c71 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.203052824Z	37	PC: 13c78 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.204675302Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-25T11:51:17.208536219Z	81	PC: 9f96e \| Get current PSP
2018-12-25T11:51:17.209465271Z	37	PC: 9f7a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.211174914Z	37	PC: 9f7a8 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.212437199Z	73	PC: 9f989 \| Release memory
2018-12-25T11:51:17.213898701Z	49	PC: 9f990 \| Terminate and stay resident (Return code = '111' \| Memory size = '96')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4205,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:17.219885343Z	72	PC: 13bf7 \| Allocate memory
2018-12-25T11:51:17.221996832Z	74	PC: 13c08 \| Reallocate memory
2018-12-25T11:51:17.224024244Z	72	PC: 13bf7 \| Allocate memory (See above)
2018-12-25T11:51:17.225549127Z	53	PC: 13c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.226714569Z	53	PC: 13c22 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.228892987Z	87	PC: 13c42 \| Get or set file date and time
2018-12-25T11:51:17.231577819Z	37	PC: 13c71 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.233006137Z	37	PC: 13c78 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.235259804Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-25T11:51:17.241804809Z	81	PC: 9f96e \| Get current PSP
2018-12-25T11:51:17.243046471Z	37	PC: 9f7a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.252158328Z	37	PC: 9f7a8 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.253885454Z	73	PC: 9f989 \| Release memory
2018-12-25T11:51:17.255790409Z	49	PC: 9f990 \| Terminate and stay resident (Return code = '111' \| Memory size = '96')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4205,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:17.647508132Z	72	PC: 13bf7 \| Allocate memory
2018-12-25T11:51:17.650101594Z	74	PC: 13c08 \| Reallocate memory
2018-12-25T11:51:17.651895971Z	72	PC: 13bf7 \| Allocate memory (See above)
2018-12-25T11:51:17.653706292Z	53	PC: 13c16 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.656140438Z	53	PC: 13c22 \| Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.658050235Z	87	PC: 13c42 \| Get or set file date and time
2018-12-25T11:51:17.659819832Z	37	PC: 13c71 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.661260533Z	37	PC: 13c78 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.663695492Z	9	PC: 13bc2 \| Display string (Could not find end pointer)
2018-12-25T11:51:17.669524106Z	81	PC: 9f96e \| Get current PSP
2018-12-25T11:51:17.670526177Z	37	PC: 9f7a1 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:51:17.672660409Z	37	PC: 9f7a8 \| Set interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T11:51:17.674041596Z	73	PC: 9f989 \| Release memory
2018-12-25T11:51:17.675602192Z	49	PC: 9f990 \| Terminate and stay resident (Return code = '111' \| Memory size = '96')