Sample viewer

vx.netlux.org/Virus.DOS.Rebel.1509

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:25:40.526253237Z	221	PC: 12f09 \| UNKNOWN!
2018-12-17T22:25:40.527959107Z	53	PC: 12f2a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:40.53016167Z	72	PC: 12f46 \| Allocate memory
2018-12-17T22:25:40.532726457Z	74	PC: 12f5e \| Reallocate memory
2018-12-17T22:25:40.535286126Z	72	PC: 12f66 \| Allocate memory
2018-12-17T22:25:40.541932223Z	42	PC: 13308 \| Get date 0x13308: cmp dh, 4 0x1330b: jne 0x13342 0x1330d: cmp dl, 0x10 0x13310: jne 0x13342 0x13312: mov bx, 0x533 0x13315: mov cx, 0x5bf 0x13318: mov ah, byte ptr [bx] 0x1331a: xor ah, 0x45 0x1331d: mov byte ptr [bx], ah 0x1331f: inc bx 0x13320: cmp bx, cx 0x13322: jne 0x13318 0x13324: mov ax, 7 0x13327: int 0x10 0x13329: push cs 0x1332a: pop ds 0x1332b: mov di, 0x533 0x1332e: mov si, 0x5bf 0x13331: mov ah, 0xe 0x13333: mov bl, 7

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4541,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:06.938716944Z	221	PC: 12f09 \| UNKNOWN!
2018-12-25T11:52:06.940690828Z	53	PC: 12f2a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:06.941918955Z	72	PC: 12f46 \| Allocate memory
2018-12-25T11:52:06.943535855Z	74	PC: 12f5e \| Reallocate memory
2018-12-25T11:52:06.94540041Z	72	PC: 12f66 \| Allocate memory
2018-12-25T11:52:06.946992639Z	42	PC: 13308 \| Get date 0x13308: cmp dh, 4 0x1330b: jne 0x13342 0x1330d: cmp dl, 0x10 0x13310: jne 0x13342 0x13312: mov bx, 0x533 0x13315: mov cx, 0x5bf 0x13318: mov ah, byte ptr [bx] 0x1331a: xor ah, 0x45 0x1331d: mov byte ptr [bx], ah 0x1331f: inc bx 0x13320: cmp bx, cx 0x13322: jne 0x13318 0x13324: mov ax, 7 0x13327: int 0x10 0x13329: push cs 0x1332a: pop ds 0x1332b: mov di, 0x533 0x1332e: mov si, 0x5bf 0x13331: mov ah, 0xe 0x13333: mov bl, 7

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4541,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:06.987112674Z	221	PC: 12f09 \| UNKNOWN!
2018-12-25T11:52:06.988397545Z	53	PC: 12f2a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:06.989613373Z	72	PC: 12f46 \| Allocate memory
2018-12-25T11:52:06.991404634Z	74	PC: 12f5e \| Reallocate memory
2018-12-25T11:52:06.992957861Z	72	PC: 12f66 \| Allocate memory
2018-12-25T11:52:06.99492052Z	42	PC: 13308 \| Get date 0x13308: cmp dh, 4 0x1330b: jne 0x13342 0x1330d: cmp dl, 0x10 0x13310: jne 0x13342 0x13312: mov bx, 0x533 0x13315: mov cx, 0x5bf 0x13318: mov ah, byte ptr [bx] 0x1331a: xor ah, 0x45 0x1331d: mov byte ptr [bx], ah 0x1331f: inc bx 0x13320: cmp bx, cx 0x13322: jne 0x13318 0x13324: mov ax, 7 0x13327: int 0x10 0x13329: push cs 0x1332a: pop ds 0x1332b: mov di, 0x533 0x1332e: mov si, 0x5bf 0x13331: mov ah, 0xe 0x13333: mov bl, 7

{"DateBased":true,"Day":16,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4541,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:52:07.170737434Z	221	PC: 12f09 \| UNKNOWN!
2018-12-25T11:52:07.171797204Z	53	PC: 12f2a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:07.173583702Z	72	PC: 12f46 \| Allocate memory
2018-12-25T11:52:07.175458233Z	74	PC: 12f5e \| Reallocate memory
2018-12-25T11:52:07.176885601Z	72	PC: 12f66 \| Allocate memory
2018-12-25T11:52:07.178921255Z	42	PC: 13308 \| Get date 0x13308: cmp dh, 4 0x1330b: jne 0x13342 0x1330d: cmp dl, 0x10 0x13310: jne 0x13342 0x13312: mov bx, 0x533 0x13315: mov cx, 0x5bf 0x13318: mov ah, byte ptr [bx] 0x1331a: xor ah, 0x45 0x1331d: mov byte ptr [bx], ah 0x1331f: inc bx 0x13320: cmp bx, cx 0x13322: jne 0x13318 0x13324: mov ax, 7 0x13327: int 0x10 0x13329: push cs 0x1332a: pop ds 0x1332b: mov di, 0x533 0x1332e: mov si, 0x5bf 0x13331: mov ah, 0xe 0x13333: mov bl, 7