Sample viewer

vx.netlux.org/Virus.DOS.Unique.1744

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:25:56.411988497Z 53 PC: 13c91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:25:56.413494678Z 42 PC: 13cb6 | Get date 0x13cb6: cmp al, 5
0x13cb8: jne 0x13cce
0x13cba: mov ah, 0xe
0x13cbc: push cs
0x13cbd: pop ds
0x13cbe: mov si, 0x294
0x13cc1: mov al, byte ptr [si]
0x13cc3: sub al, 0x32
0x13cc5: je 0x13cce
0x13cc7: mov bh, 0
0x13cc9: int 0x10
0x13ccb: inc si
0x13ccc: loop 0x13cc1
0x13cce: mov ds, word ptr cs:[0x2e9]
0x13cd3: mov es, word ptr cs:[0x2eb]
0x13cd8: mov ah, 0x49
0x13cda: int 0x21
0x13cdc: mov bx, 0xffff
0x13cdf: mov ah, 0x48
0x13ce1: int 0x21
2018-12-17T22:25:56.416268234Z 73 PC: 13cdc | Release memory
2018-12-17T22:25:56.417751169Z 72 PC: 13ce3 | Allocate memory
2018-12-17T22:25:56.419749376Z 74 PC: 13cf0 | Reallocate memory
2018-12-17T22:25:56.42222306Z 74 PC: 13d00 | Reallocate memory
2018-12-17T22:25:56.425132054Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-17T22:25:56.431457288Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4591,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:17.250613911Z 53 PC: 13c91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:17.253317809Z 42 PC: 13cb6 | Get date 0x13cb6: cmp al, 5
0x13cb8: jne 0x13cce
0x13cba: mov ah, 0xe
0x13cbc: push cs
0x13cbd: pop ds
0x13cbe: mov si, 0x294
0x13cc1: mov al, byte ptr [si]
0x13cc3: sub al, 0x32
0x13cc5: je 0x13cce
0x13cc7: mov bh, 0
0x13cc9: int 0x10
0x13ccb: inc si
0x13ccc: loop 0x13cc1
0x13cce: mov ds, word ptr cs:[0x2e9]
0x13cd3: mov es, word ptr cs:[0x2eb]
0x13cd8: mov ah, 0x49
0x13cda: int 0x21
0x13cdc: mov bx, 0xffff
0x13cdf: mov ah, 0x48
0x13ce1: int 0x21
2018-12-25T11:52:17.25690532Z 73 PC: 13cdc | Release memory
2018-12-25T11:52:17.258907745Z 72 PC: 13ce3 | Allocate memory
2018-12-25T11:52:17.261426488Z 74 PC: 13cf0 | Reallocate memory
2018-12-25T11:52:17.265888279Z 74 PC: 13d00 | Reallocate memory
2018-12-25T11:52:17.268615614Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T11:52:17.27553877Z 76 PC: 12a61 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4591,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:17.43955139Z 53 PC: 13c91 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:17.441075187Z 42 PC: 13cb6 | Get date 0x13cb6: cmp al, 5
0x13cb8: jne 0x13cce
0x13cba: mov ah, 0xe
0x13cbc: push cs
0x13cbd: pop ds
0x13cbe: mov si, 0x294
0x13cc1: mov al, byte ptr [si]
0x13cc3: sub al, 0x32
0x13cc5: je 0x13cce
0x13cc7: mov bh, 0
0x13cc9: int 0x10
0x13ccb: inc si
0x13ccc: loop 0x13cc1
0x13cce: mov ds, word ptr cs:[0x2e9]
0x13cd3: mov es, word ptr cs:[0x2eb]
0x13cd8: mov ah, 0x49
0x13cda: int 0x21
0x13cdc: mov bx, 0xffff
0x13cdf: mov ah, 0x48
0x13ce1: int 0x21
2018-12-25T11:52:17.44382017Z 73 PC: 13cdc | Release memory
2018-12-25T11:52:17.445145901Z 72 PC: 13ce3 | Allocate memory
2018-12-25T11:52:17.446976696Z 74 PC: 13cf0 | Reallocate memory
2018-12-25T11:52:17.447979613Z 74 PC: 13d00 | Reallocate memory
2018-12-25T11:52:17.449209282Z 9 PC: 12a5c | Display string (Could not find end pointer)
2018-12-25T11:52:17.45433238Z 76 PC: 12a61 | Terminate with return code (Return code = '0')