Sample viewer

vx.netlux.org/Virus.DOS.CyberTech.RTL.510.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:05.970791529Z	42	PC: 12a74 \| Get date 0x12a74: cmp dh, 8 0x12a77: jb 0x12a8d 0x12a79: cmp dl, 0x16 0x12a7c: jb 0x12a8d 0x12a7e: cmp al, 3 0x12a80: jne 0x12a8d 0x12a82: mov ah, 9 0x12a84: lea dx, word ptr [bp + 0x138] 0x12a88: int 0x21 0x12a8a: cli 0x12a8b: jmp 0x12a8a 0x12a8d: cmp dh, 5 0x12a90: jae 0x12a95 0x12a92: jmp 0x12b4a 0x12a95: mov ah, 0x1a 0x12a97: mov dx, 0xfc00 0x12a9a: int 0x21 0x12a9c: mov ah, 0x4e 0x12a9e: lea dx, word ptr [bp + 0x132] 0x12aa2: xor cx, cx
2018-12-17T22:25:05.973770139Z	26	PC: 12a9c \| Set disk transfer address
2018-12-17T22:25:05.974814992Z	78	PC: 12aa6 \| Find first file
2018-12-17T22:25:05.979028591Z	26	PC: 12b51 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4435,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:49.316334069Z	42	PC: 12a74 \| Get date 0x12a74: cmp dh, 8 0x12a77: jb 0x12a8d 0x12a79: cmp dl, 0x16 0x12a7c: jb 0x12a8d 0x12a7e: cmp al, 3 0x12a80: jne 0x12a8d 0x12a82: mov ah, 9 0x12a84: lea dx, word ptr [bp + 0x138] 0x12a88: int 0x21 0x12a8a: cli 0x12a8b: jmp 0x12a8a 0x12a8d: cmp dh, 5 0x12a90: jae 0x12a95 0x12a92: jmp 0x12b4a 0x12a95: mov ah, 0x1a 0x12a97: mov dx, 0xfc00 0x12a9a: int 0x21 0x12a9c: mov ah, 0x4e 0x12a9e: lea dx, word ptr [bp + 0x132] 0x12aa2: xor cx, cx
2018-12-25T11:51:49.31915976Z	26	PC: 12b51 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4435,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:49.727127477Z	42	PC: 12a74 \| Get date 0x12a74: cmp dh, 8 0x12a77: jb 0x12a8d 0x12a79: cmp dl, 0x16 0x12a7c: jb 0x12a8d 0x12a7e: cmp al, 3 0x12a80: jne 0x12a8d 0x12a82: mov ah, 9 0x12a84: lea dx, word ptr [bp + 0x138] 0x12a88: int 0x21 0x12a8a: cli 0x12a8b: jmp 0x12a8a 0x12a8d: cmp dh, 5 0x12a90: jae 0x12a95 0x12a92: jmp 0x12b4a 0x12a95: mov ah, 0x1a 0x12a97: mov dx, 0xfc00 0x12a9a: int 0x21 0x12a9c: mov ah, 0x4e 0x12a9e: lea dx, word ptr [bp + 0x132] 0x12aa2: xor cx, cx
2018-12-25T11:51:49.73620652Z	26	PC: 12a9c \| Set disk transfer address
2018-12-25T11:51:49.73851522Z	78	PC: 12aa6 \| Find first file
2018-12-25T11:51:49.744212754Z	26	PC: 12b51 \| Set disk transfer address

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4435,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:50.244684042Z	42	PC: 12a74 \| Get date 0x12a74: cmp dh, 8 0x12a77: jb 0x12a8d 0x12a79: cmp dl, 0x16 0x12a7c: jb 0x12a8d 0x12a7e: cmp al, 3 0x12a80: jne 0x12a8d 0x12a82: mov ah, 9 0x12a84: lea dx, word ptr [bp + 0x138] 0x12a88: int 0x21 0x12a8a: cli 0x12a8b: jmp 0x12a8a 0x12a8d: cmp dh, 5 0x12a90: jae 0x12a95 0x12a92: jmp 0x12b4a 0x12a95: mov ah, 0x1a 0x12a97: mov dx, 0xfc00 0x12a9a: int 0x21 0x12a9c: mov ah, 0x4e 0x12a9e: lea dx, word ptr [bp + 0x132] 0x12aa2: xor cx, cx
2018-12-25T11:51:50.249516823Z	26	PC: 12a9c \| Set disk transfer address
2018-12-25T11:51:50.25077844Z	78	PC: 12aa6 \| Find first file
2018-12-25T11:51:50.255963895Z	26	PC: 12b51 \| Set disk transfer address

{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4435,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:51.309925654Z	42	PC: 12a74 \| Get date 0x12a74: cmp dh, 8 0x12a77: jb 0x12a8d 0x12a79: cmp dl, 0x16 0x12a7c: jb 0x12a8d 0x12a7e: cmp al, 3 0x12a80: jne 0x12a8d 0x12a82: mov ah, 9 0x12a84: lea dx, word ptr [bp + 0x138] 0x12a88: int 0x21 0x12a8a: cli 0x12a8b: jmp 0x12a8a 0x12a8d: cmp dh, 5 0x12a90: jae 0x12a95 0x12a92: jmp 0x12b4a 0x12a95: mov ah, 0x1a 0x12a97: mov dx, 0xfc00 0x12a9a: int 0x21 0x12a9c: mov ah, 0x4e 0x12a9e: lea dx, word ptr [bp + 0x132] 0x12aa2: xor cx, cx
2018-12-25T11:51:51.314031766Z	26	PC: 12a9c \| Set disk transfer address
2018-12-25T11:51:51.31534402Z	78	PC: 12aa6 \| Find first file
2018-12-25T11:51:51.319797071Z	26	PC: 12b51 \| Set disk transfer address

{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4435,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:51:51.302971238Z	42	PC: 12a74 \| Get date 0x12a74: cmp dh, 8 0x12a77: jb 0x12a8d 0x12a79: cmp dl, 0x16 0x12a7c: jb 0x12a8d 0x12a7e: cmp al, 3 0x12a80: jne 0x12a8d 0x12a82: mov ah, 9 0x12a84: lea dx, word ptr [bp + 0x138] 0x12a88: int 0x21 0x12a8a: cli 0x12a8b: jmp 0x12a8a 0x12a8d: cmp dh, 5 0x12a90: jae 0x12a95 0x12a92: jmp 0x12b4a 0x12a95: mov ah, 0x1a 0x12a97: mov dx, 0xfc00 0x12a9a: int 0x21 0x12a9c: mov ah, 0x4e 0x12a9e: lea dx, word ptr [bp + 0x132] 0x12aa2: xor cx, cx
2018-12-25T11:51:51.30577686Z	9	PC: 12a8a \| Display string (Could not find end pointer)