Sample viewer

vx.netlux.org/Virus.DOS.Apokalipsa.1167

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:28:00.139506252Z 42 PC: 13c70 | Get date 0x13c70: cmp cx, 0x7d0
0x13c74: jbe 0x13cc3
0x13c76: mov cx, 0x190
0x13c79: mov si, 0x2fe
0x13c7c: push cx
0x13c7d: push si
0x13c7e: mov al, byte ptr [si]
0x13c80: not al
0x13c82: mov byte ptr [si], al
0x13c84: inc si
0x13c85: loop 0x13c7e
0x13c87: mov ax, 0x600
0x13c8a: mov bh, 7
0x13c8c: xor cx, cx
0x13c8e: mov dx, 0x184f
0x13c91: int 0x10
0x13c93: mov ah, 2
0x13c95: mov bh, 0
0x13c97: xor dx, dx
0x13c99: int 0x10
2018-12-17T22:28:00.143896123Z 9 PC: 13ca2 | Display string (Could not find end pointer)
2018-12-17T22:28:00.149400411Z 8 PC: 13ca6 | Console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4990,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:19.875482162Z 42 PC: 13c70 | Get date 0x13c70: cmp cx, 0x7d0
0x13c74: jbe 0x13cc3
0x13c76: mov cx, 0x190
0x13c79: mov si, 0x2fe
0x13c7c: push cx
0x13c7d: push si
0x13c7e: mov al, byte ptr [si]
0x13c80: not al
0x13c82: mov byte ptr [si], al
0x13c84: inc si
0x13c85: loop 0x13c7e
0x13c87: mov ax, 0x600
0x13c8a: mov bh, 7
0x13c8c: xor cx, cx
0x13c8e: mov dx, 0x184f
0x13c91: int 0x10
0x13c93: mov ah, 2
0x13c95: mov bh, 0
0x13c97: xor dx, dx
0x13c99: int 0x10
2018-12-25T11:53:19.878670521Z 254 PC: 13cc8 | UNKNOWN!
2018-12-25T11:53:19.879834245Z 74 PC: 13cd4 | Reallocate memory
2018-12-25T11:53:19.882895086Z 74 PC: 13cdb | Reallocate memory
2018-12-25T11:53:19.885408994Z 72 PC: 13ce2 | Allocate memory
2018-12-25T11:53:19.887659526Z 53 PC: 9f7b4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:19.889298492Z 37 PC: 9f7c4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":4990,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:20.172890158Z 42 PC: 13c70 | Get date 0x13c70: cmp cx, 0x7d0
0x13c74: jbe 0x13cc3
0x13c76: mov cx, 0x190
0x13c79: mov si, 0x2fe
0x13c7c: push cx
0x13c7d: push si
0x13c7e: mov al, byte ptr [si]
0x13c80: not al
0x13c82: mov byte ptr [si], al
0x13c84: inc si
0x13c85: loop 0x13c7e
0x13c87: mov ax, 0x600
0x13c8a: mov bh, 7
0x13c8c: xor cx, cx
0x13c8e: mov dx, 0x184f
0x13c91: int 0x10
0x13c93: mov ah, 2
0x13c95: mov bh, 0
0x13c97: xor dx, dx
0x13c99: int 0x10
2018-12-25T11:53:20.176423147Z 254 PC: 13cc8 | UNKNOWN!
2018-12-25T11:53:20.178011257Z 74 PC: 13cd4 | Reallocate memory
2018-12-25T11:53:20.179830876Z 74 PC: 13cdb | Reallocate memory
2018-12-25T11:53:20.181452891Z 72 PC: 13ce2 | Allocate memory
2018-12-25T11:53:20.184229065Z 53 PC: 9f7b4 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:20.185697632Z 37 PC: 9f7c4 | Set interrupt vector (Interrupt = '33' AKA 'Random read')