Sample viewer

vx.netlux.org/Virus.DOS.Level3.4866

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:54:03.263564377Z 42 PC: 13986 | Get date 0x13986: cmp dl, 7
0x13989: jne 0x1399f
0x1398b: mov ah, 9
0x1398d: mov dx, 0xff3
0x13990: int 0x21
0x13992: mov dx, 0x3cc
0x13995: in al, dx
0x13996: and al, 0xfd
0x13998: mov dl, 0xc2
0x1399a: out dx, al
0x1399b: mov ah, 0x4c
0x1399d: int 0x21
0x1399f: call 0x23901
0x139a2: mov ah, 0x62
0x139a4: int 0x21
0x139a6: push bx
0x139a7: xor ax, ax
0x139a9: mov ds, ax
0x139ab: mov ds, word ptr [0x4fe]
0x139af: cmp word ptr [0xe7d], 0x4f43
2018-12-17T21:54:03.266828885Z 82 PC: 1391e | Get DOS internal pointers (SYSVARS)
2018-12-17T21:54:03.268509275Z 98 PC: 139a6 | Get current PSP
2018-12-17T21:54:03.270373098Z 82 PC: 9f60e | Get DOS internal pointers (SYSVARS)
2018-12-17T21:54:03.27201866Z 76 PC: 12ac5 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":431,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:54.34887267Z 42 PC: 13986 | Get date 0x13986: cmp dl, 7
0x13989: jne 0x1399f
0x1398b: mov ah, 9
0x1398d: mov dx, 0xff3
0x13990: int 0x21
0x13992: mov dx, 0x3cc
0x13995: in al, dx
0x13996: and al, 0xfd
0x13998: mov dl, 0xc2
0x1399a: out dx, al
0x1399b: mov ah, 0x4c
0x1399d: int 0x21
0x1399f: call 0x23901
0x139a2: mov ah, 0x62
0x139a4: int 0x21
0x139a6: push bx
0x139a7: xor ax, ax
0x139a9: mov ds, ax
0x139ab: mov ds, word ptr [0x4fe]
0x139af: cmp word ptr [0xe7d], 0x4f43
2018-12-25T11:40:54.353167427Z 82 PC: 1391e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:40:54.355130689Z 98 PC: 139a6 | Get current PSP
2018-12-25T11:40:54.358279165Z 82 PC: 9f60e | Get DOS internal pointers (SYSVARS)
2018-12-25T11:40:54.361272609Z 76 PC: 12ac5 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":431,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:40:54.404398095Z 42 PC: 13986 | Get date 0x13986: cmp dl, 7
0x13989: jne 0x1399f
0x1398b: mov ah, 9
0x1398d: mov dx, 0xff3
0x13990: int 0x21
0x13992: mov dx, 0x3cc
0x13995: in al, dx
0x13996: and al, 0xfd
0x13998: mov dl, 0xc2
0x1399a: out dx, al
0x1399b: mov ah, 0x4c
0x1399d: int 0x21
0x1399f: call 0x23901
0x139a2: mov ah, 0x62
0x139a4: int 0x21
0x139a6: push bx
0x139a7: xor ax, ax
0x139a9: mov ds, ax
0x139ab: mov ds, word ptr [0x4fe]
0x139af: cmp word ptr [0xe7d], 0x4f43
2018-12-25T11:40:54.406611582Z 9 PC: 13992 | Display string (String= '�^Y��u&�&����u�ZX�COMMAND������P��P���+I��������� �u�*�!��u� ���!���')
2018-12-25T11:40:54.415017009Z 76 PC: 1399f | Terminate with return code (Return code = '101')