Sample viewer

vx.netlux.org/Virus.DOS.Exp.1617

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:28:27.960704739Z 84 PC: 169a7 | Get verify flag
2018-12-17T22:28:27.962838132Z 42 PC: 169af | Get date 0x169af: cmp dx, 0x118
0x169b3: jne 0x169c1
0x169b5: call 0x268b3
0x169b8: add si, 0x604
0x169bc: call 0x268db
0x169bf: jmp 0x169bf
0x169c1: call 0x268e7
0x169c4: call 0x26953
0x169c7: call 0x26974
0x169ca: pop es
0x169cb: pop ds
0x169cc: mov ax, 0x1294
0x169cf: cli
0x169d0: mov ss, ax
0x169d2: mov sp, 0xfffe
0x169d5: sti
0x169d6: cmp word ptr cs:[si + 0x634], 0x5a4d
0x169dd: je 0x169eb
0x169df: add si, 0x634
0x169e3: mov di, 0x100
2018-12-17T22:28:27.965195081Z 48 PC: 168eb | Get DOS version
2018-12-17T22:28:27.966535526Z 88 PC: 168f6 | case 0xGet or set allocation strateg:
2018-12-17T22:28:27.968174072Z 88 PC: 168fc | case 0xGet or set allocation strateg:
2018-12-17T22:28:27.9697363Z 88 PC: 16905 | case 0xGet or set allocation strateg:
2018-12-17T22:28:27.971333043Z 88 PC: 16924 | case 0xGet or set allocation strateg:
2018-12-17T22:28:27.974020232Z 88 PC: 1692c | case 0xGet or set allocation strateg:
2018-12-17T22:28:27.982934266Z 72 PC: 16937 | Allocate memory
2018-12-17T22:28:27.984726728Z 74 PC: 16949 | Reallocate memory
2018-12-17T22:28:27.986128177Z 72 PC: 16950 | Allocate memory
2018-12-17T22:28:27.98865882Z 53 PC: 1697b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:27.990641167Z 37 PC: 1698d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:27.99266728Z 48 PC: 135e1 | Get DOS version
2018-12-17T22:28:27.995739542Z 9 PC: 135ed | Display string (String= ' Versi�n incorrecta de DOS ')
2018-12-17T22:28:27.999847715Z 76 PC: 13f73 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5078,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:40.598877463Z 84 PC: 169a7 | Get verify flag
2018-12-25T11:53:40.600734959Z 42 PC: 169af | Get date 0x169af: cmp dx, 0x118
0x169b3: jne 0x169c1
0x169b5: call 0x268b3
0x169b8: add si, 0x604
0x169bc: call 0x268db
0x169bf: jmp 0x169bf
0x169c1: call 0x268e7
0x169c4: call 0x26953
0x169c7: call 0x26974
0x169ca: pop es
0x169cb: pop ds
0x169cc: mov ax, 0x1294
0x169cf: cli
0x169d0: mov ss, ax
0x169d2: mov sp, 0xfffe
0x169d5: sti
0x169d6: cmp word ptr cs:[si + 0x634], 0x5a4d
0x169dd: je 0x169eb
0x169df: add si, 0x634
0x169e3: mov di, 0x100
2018-12-25T11:53:40.602753875Z 48 PC: 168eb | Get DOS version
2018-12-25T11:53:40.603768992Z 88 PC: 168f6 | case 0xGet or set allocation strateg:
2018-12-25T11:53:40.605756543Z 88 PC: 168fc | case 0xGet or set allocation strateg:
2018-12-25T11:53:40.607313303Z 88 PC: 16905 | case 0xGet or set allocation strateg:
2018-12-25T11:53:40.609060436Z 88 PC: 16924 | case 0xGet or set allocation strateg:
2018-12-25T11:53:40.611872957Z 88 PC: 1692c | case 0xGet or set allocation strateg:
2018-12-25T11:53:40.613145195Z 72 PC: 16937 | Allocate memory
2018-12-25T11:53:40.61477372Z 74 PC: 16949 | Reallocate memory
2018-12-25T11:53:40.616801588Z 72 PC: 16950 | Allocate memory
2018-12-25T11:53:40.618340714Z 53 PC: 1697b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:40.619471339Z 37 PC: 1698d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:40.621244689Z 48 PC: 135e1 | Get DOS version
2018-12-25T11:53:40.622486633Z 9 PC: 135ed | Display string (String= ' Versi�n incorrecta de DOS ')
2018-12-25T11:53:40.628013005Z 76 PC: 13f73 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":24,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5078,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:53:40.884817068Z 84 PC: 169a7 | Get verify flag
2018-12-25T11:53:40.886527972Z 42 PC: 169af | Get date 0x169af: cmp dx, 0x118
0x169b3: jne 0x169c1
0x169b5: call 0x268b3
0x169b8: add si, 0x604
0x169bc: call 0x268db
0x169bf: jmp 0x169bf
0x169c1: call 0x268e7
0x169c4: call 0x26953
0x169c7: call 0x26974
0x169ca: pop es
0x169cb: pop ds
0x169cc: mov ax, 0x1294
0x169cf: cli
0x169d0: mov ss, ax
0x169d2: mov sp, 0xfffe
0x169d5: sti
0x169d6: cmp word ptr cs:[si + 0x634], 0x5a4d
0x169dd: je 0x169eb
0x169df: add si, 0x634
0x169e3: mov di, 0x100