Sample viewer

vx.netlux.org/Virus.DOS.MadSatan.2060

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:27:11.756144844Z 75 PC: 13481 | Execute program
2018-12-17T22:27:11.758089897Z 82 PC: 13526 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:27:11.759256998Z 53 PC: 9cfb9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:27:11.760384534Z 37 PC: 9cfcc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:27:11.762643913Z 42 PC: 9cfd0 | Get date 0x9cfd0: cmp dx, 0x909
0x9cfd4: jne 0x9cfdb
0x9cfd6: mov byte ptr [0x25f], 1
0x9cfdb: mov es, word ptr [0x23d]
0x9cfdf: jmp 0x9cf46
0x9cfe2: mov ah, 0x52
0x9cfe4: int 0x21
0x9cfe6: mov es, word ptr es:[bx - 2]
0x9cfea: mov dl, byte ptr es:[0]
0x9cfef: cmp dl, 0x4d
0x9cff2: je 0x9cff9
0x9cff4: cmp dl, 0x5a
0x9cff7: jne 0x9d006
0x9cff9: mov bx, es
0x9cffb: mov ax, word ptr es:[3]
0x9cfff: add ax, bx
0x9d001: inc ax
0x9d002: mov es, ax
0x9d004: jmp 0x9cfea
0x9d006: mov es, bx
2018-12-17T22:27:11.765674206Z 9 PC: 12a47 | Display string (String= 'Satan Virus - Satan Virus..... Satan Virus - Satan Virus..... ')

{"DateBased":true,"Day":9,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.202025551Z 75 PC: 13481 | Execute program
2018-12-25T11:52:58.205652691Z 82 PC: 13526 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:52:58.207400763Z 53 PC: 9cfb9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:58.212036483Z 37 PC: 9cfcc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:58.213366119Z 42 PC: 9cfd0 | Get date 0x9cfd0: cmp dx, 0x909
0x9cfd4: jne 0x9cfdb
0x9cfd6: mov byte ptr [0x25f], 1
0x9cfdb: mov es, word ptr [0x23d]
0x9cfdf: jmp 0x9cf46
0x9cfe2: mov ah, 0x52
0x9cfe4: int 0x21
0x9cfe6: mov es, word ptr es:[bx - 2]
0x9cfea: mov dl, byte ptr es:[0]
0x9cfef: cmp dl, 0x4d
0x9cff2: je 0x9cff9
0x9cff4: cmp dl, 0x5a
0x9cff7: jne 0x9d006
0x9cff9: mov bx, es
0x9cffb: mov ax, word ptr es:[3]
0x9cfff: add ax, bx
0x9d001: inc ax
0x9d002: mov es, ax
0x9d004: jmp 0x9cfea
0x9d006: mov es, bx
2018-12-25T11:52:58.215732908Z 9 PC: 12a47 | Display string (String= 'Satan Virus - Satan Virus..... Satan Virus - Satan Virus..... ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4830,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:52:58.329115256Z 75 PC: 13481 | Execute program
2018-12-25T11:52:58.332427106Z 82 PC: 13526 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:52:58.333825927Z 53 PC: 9cfb9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:58.335068622Z 37 PC: 9cfcc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:52:58.336757622Z 42 PC: 9cfd0 | Get date 0x9cfd0: cmp dx, 0x909
0x9cfd4: jne 0x9cfdb
0x9cfd6: mov byte ptr [0x25f], 1
0x9cfdb: mov es, word ptr [0x23d]
0x9cfdf: jmp 0x9cf46
0x9cfe2: mov ah, 0x52
0x9cfe4: int 0x21
0x9cfe6: mov es, word ptr es:[bx - 2]
0x9cfea: mov dl, byte ptr es:[0]
0x9cfef: cmp dl, 0x4d
0x9cff2: je 0x9cff9
0x9cff4: cmp dl, 0x5a
0x9cff7: jne 0x9d006
0x9cff9: mov bx, es
0x9cffb: mov ax, word ptr es:[3]
0x9cfff: add ax, bx
0x9d001: inc ax
0x9d002: mov es, ax
0x9d004: jmp 0x9cfea
0x9d006: mov es, bx
2018-12-25T11:52:58.338825859Z 9 PC: 12a47 | Display string (String= 'Satan Virus - Satan Virus..... Satan Virus - Satan Virus..... ')