Sample viewer

vx.netlux.org/Virus.DOS.SixFaces.700

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:26:15.850421428Z 246 PC: 12c6c | UNKNOWN!
2018-12-17T22:26:15.852703014Z 42 PC: 12ca9 | Get date 0x12ca9: cmp dx, 0x402
0x12cad: jne 0x12cb6
0x12caf: mov word ptr es:[0x12b], 1
0x12cb6: push ds
0x12cb7: push es
0x12cb8: mov ax, 0x3521
0x12cbb: int 0x21
0x12cbd: pop ds
0x12cbe: push ds
0x12cbf: mov word ptr [0x227], bx
0x12cc3: mov word ptr [0x229], es
0x12cc7: mov ax, 0x351c
0x12cca: int 0x21
0x12ccc: mov word ptr [0x3b5], bx
0x12cd0: mov word ptr [0x3b7], es
0x12cd4: mov ax, 0x251c
0x12cd7: mov dx, 0x36f
0x12cda: int 0x21
0x12cdc: mov ax, 0x2521
0x12cdf: mov dx, 0x1d1
2018-12-17T22:26:15.856623124Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:26:15.858191686Z 53 PC: 12ccc | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:26:15.859691368Z 37 PC: 12cdc | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:26:15.862530098Z 37 PC: 12ce4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4658,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:39.35541775Z 246 PC: 12c6c | UNKNOWN!
2018-12-25T11:52:39.356916684Z 42 PC: 12ca9 | Get date 0x12ca9: cmp dx, 0x402
0x12cad: jne 0x12cb6
0x12caf: mov word ptr es:[0x12b], 1
0x12cb6: push ds
0x12cb7: push es
0x12cb8: mov ax, 0x3521
0x12cbb: int 0x21
0x12cbd: pop ds
0x12cbe: push ds
0x12cbf: mov word ptr [0x227], bx
0x12cc3: mov word ptr [0x229], es
0x12cc7: mov ax, 0x351c
0x12cca: int 0x21
0x12ccc: mov word ptr [0x3b5], bx
0x12cd0: mov word ptr [0x3b7], es
0x12cd4: mov ax, 0x251c
0x12cd7: mov dx, 0x36f
0x12cda: int 0x21
0x12cdc: mov ax, 0x2521
0x12cdf: mov dx, 0x1d1
2018-12-25T11:52:39.35924226Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:39.360370851Z 53 PC: 12ccc | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:52:39.361755258Z 37 PC: 12cdc | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:52:39.362846572Z 37 PC: 12ce4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4658,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:39.437698674Z 246 PC: 12c6c | UNKNOWN!
2018-12-25T11:52:39.4403343Z 42 PC: 12ca9 | Get date 0x12ca9: cmp dx, 0x402
0x12cad: jne 0x12cb6
0x12caf: mov word ptr es:[0x12b], 1
0x12cb6: push ds
0x12cb7: push es
0x12cb8: mov ax, 0x3521
0x12cbb: int 0x21
0x12cbd: pop ds
0x12cbe: push ds
0x12cbf: mov word ptr [0x227], bx
0x12cc3: mov word ptr [0x229], es
0x12cc7: mov ax, 0x351c
0x12cca: int 0x21
0x12ccc: mov word ptr [0x3b5], bx
0x12cd0: mov word ptr [0x3b7], es
0x12cd4: mov ax, 0x251c
0x12cd7: mov dx, 0x36f
0x12cda: int 0x21
0x12cdc: mov ax, 0x2521
0x12cdf: mov dx, 0x1d1
2018-12-25T11:52:39.443394028Z 53 PC: 12cbd | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:39.444633959Z 53 PC: 12ccc | Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:52:39.445892671Z 37 PC: 12cdc | Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:52:39.447336936Z 37 PC: 12ce4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')