Sample viewer

vx.netlux.org/Virus.DOS.Tourofduty.1601

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:28:54.147776481Z	61	PC: 12fd3 \| Open file (Filename = 'º')
2018-12-17T22:28:54.154616915Z	42	PC: 12fe8 \| Get date 0x12fe8: cmp cx, 0x7d0 0x12fec: jne 0x12ffa 0x12fee: cmp dx, 0x101 0x12ff2: jne 0x12ffa 0x12ff4: mov byte ptr cs:[bp + 0x5bb], 1 0x12ffa: ret 0x12ffb: add byte ptr [si + 0x76], bl 0x12ffe: js 0x1302e 0x13000: jo 0x13075 0x13002: add byte ptr [bx + di + 0x4e], ah 0x13005: push sp 0x13006: imul bp, word ptr [di], 0x6956 0x1300a: push dx 0x1300b: inc sp 0x1300d: inc cx 0x1300e: push sp 0x1300f: add byte ptr [bp + di + 0x48], ah 0x13012: dec bx 0x13013: dec sp 0x13014: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-17T22:28:54.156976758Z	192	PC: 12a56 \| UNKNOWN!
2018-12-17T22:28:54.158017211Z	74	PC: 12ab6 \| Reallocate memory
2018-12-17T22:28:54.160773176Z	74	PC: 12abe \| Reallocate memory
2018-12-17T22:28:54.162537766Z	72	PC: 12ac5 \| Allocate memory
2018-12-17T22:28:54.164407454Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:28:54.166108641Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5159,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:48.370410344Z	61	PC: 12fd3 \| Open file (Filename = 'º')
2018-12-25T11:53:48.377395559Z	42	PC: 12fe8 \| Get date 0x12fe8: cmp cx, 0x7d0 0x12fec: jne 0x12ffa 0x12fee: cmp dx, 0x101 0x12ff2: jne 0x12ffa 0x12ff4: mov byte ptr cs:[bp + 0x5bb], 1 0x12ffa: ret 0x12ffb: add byte ptr [si + 0x76], bl 0x12ffe: js 0x1302e 0x13000: jo 0x13075 0x13002: add byte ptr [bx + di + 0x4e], ah 0x13005: push sp 0x13006: imul bp, word ptr [di], 0x6956 0x1300a: push dx 0x1300b: inc sp 0x1300d: inc cx 0x1300e: push sp 0x1300f: add byte ptr [bp + di + 0x48], ah 0x13012: dec bx 0x13013: dec sp 0x13014: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T11:53:48.380679541Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T11:53:48.381429922Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T11:53:48.383196284Z	74	PC: 12abe \| Reallocate memory
2018-12-25T11:53:48.3853577Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T11:53:48.387357412Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:48.388660998Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5159,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:48.674541859Z	61	PC: 12fd3 \| Open file (Filename = 'º')
2018-12-25T11:53:48.683365939Z	42	PC: 12fe8 \| Get date 0x12fe8: cmp cx, 0x7d0 0x12fec: jne 0x12ffa 0x12fee: cmp dx, 0x101 0x12ff2: jne 0x12ffa 0x12ff4: mov byte ptr cs:[bp + 0x5bb], 1 0x12ffa: ret 0x12ffb: add byte ptr [si + 0x76], bl 0x12ffe: js 0x1302e 0x13000: jo 0x13075 0x13002: add byte ptr [bx + di + 0x4e], ah 0x13005: push sp 0x13006: imul bp, word ptr [di], 0x6956 0x1300a: push dx 0x1300b: inc sp 0x1300d: inc cx 0x1300e: push sp 0x1300f: add byte ptr [bp + di + 0x48], ah 0x13012: dec bx 0x13013: dec sp 0x13014: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T11:53:48.685583388Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T11:53:48.686319413Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T11:53:48.694718787Z	74	PC: 12abe \| Reallocate memory
2018-12-25T11:53:48.697063717Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T11:53:48.698923879Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:48.700393081Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:48.702512682Z	53	PC: 12b02 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:53:48.704205916Z	37	PC: 12b12 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5159,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:48.988480104Z	61	PC: 12fd3 \| Open file (Filename = 'º')
2018-12-25T11:53:48.995209485Z	42	PC: 12fe8 \| Get date 0x12fe8: cmp cx, 0x7d0 0x12fec: jne 0x12ffa 0x12fee: cmp dx, 0x101 0x12ff2: jne 0x12ffa 0x12ff4: mov byte ptr cs:[bp + 0x5bb], 1 0x12ffa: ret 0x12ffb: add byte ptr [si + 0x76], bl 0x12ffe: js 0x1302e 0x13000: jo 0x13075 0x13002: add byte ptr [bx + di + 0x4e], ah 0x13005: push sp 0x13006: imul bp, word ptr [di], 0x6956 0x1300a: push dx 0x1300b: inc sp 0x1300d: inc cx 0x1300e: push sp 0x1300f: add byte ptr [bp + di + 0x48], ah 0x13012: dec bx 0x13013: dec sp 0x13014: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T11:53:48.997688938Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T11:53:48.998571558Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T11:53:49.001039299Z	74	PC: 12abe \| Reallocate memory
2018-12-25T11:53:49.002655915Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T11:53:49.004481906Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:49.006553609Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5159,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:49.523669395Z	61	PC: 12fd3 \| Open file (Filename = 'º')
2018-12-25T11:53:49.530777076Z	42	PC: 12fe8 \| Get date 0x12fe8: cmp cx, 0x7d0 0x12fec: jne 0x12ffa 0x12fee: cmp dx, 0x101 0x12ff2: jne 0x12ffa 0x12ff4: mov byte ptr cs:[bp + 0x5bb], 1 0x12ffa: ret 0x12ffb: add byte ptr [si + 0x76], bl 0x12ffe: js 0x1302e 0x13000: jo 0x13075 0x13002: add byte ptr [bx + di + 0x4e], ah 0x13005: push sp 0x13006: imul bp, word ptr [di], 0x6956 0x1300a: push dx 0x1300b: inc sp 0x1300d: inc cx 0x1300e: push sp 0x1300f: add byte ptr [bp + di + 0x48], ah 0x13012: dec bx 0x13013: dec sp 0x13014: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T11:53:49.533931066Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T11:53:49.53542479Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T11:53:49.537711425Z	74	PC: 12abe \| Reallocate memory
2018-12-25T11:53:49.540092283Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T11:53:49.54217024Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:49.543954538Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5159,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:50.147099995Z	61	PC: 12fd3 \| Open file (Filename = 'º')
2018-12-25T11:53:50.155519117Z	42	PC: 12fe8 \| Get date 0x12fe8: cmp cx, 0x7d0 0x12fec: jne 0x12ffa 0x12fee: cmp dx, 0x101 0x12ff2: jne 0x12ffa 0x12ff4: mov byte ptr cs:[bp + 0x5bb], 1 0x12ffa: ret 0x12ffb: add byte ptr [si + 0x76], bl 0x12ffe: js 0x1302e 0x13000: jo 0x13075 0x13002: add byte ptr [bx + di + 0x4e], ah 0x13005: push sp 0x13006: imul bp, word ptr [di], 0x6956 0x1300a: push dx 0x1300b: inc sp 0x1300d: inc cx 0x1300e: push sp 0x1300f: add byte ptr [bp + di + 0x48], ah 0x13012: dec bx 0x13013: dec sp 0x13014: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T11:53:50.158316071Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T11:53:50.159087941Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T11:53:50.160802772Z	74	PC: 12abe \| Reallocate memory
2018-12-25T11:53:50.163501772Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T11:53:50.166487767Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:50.168072556Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:50.170516833Z	53	PC: 12b02 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:53:50.172219938Z	37	PC: 12b12 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5159,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:53:50.346337661Z	61	PC: 12fd3 \| Open file (Filename = 'º')
2018-12-25T11:53:50.351979474Z	42	PC: 12fe8 \| Get date 0x12fe8: cmp cx, 0x7d0 0x12fec: jne 0x12ffa 0x12fee: cmp dx, 0x101 0x12ff2: jne 0x12ffa 0x12ff4: mov byte ptr cs:[bp + 0x5bb], 1 0x12ffa: ret 0x12ffb: add byte ptr [si + 0x76], bl 0x12ffe: js 0x1302e 0x13000: jo 0x13075 0x13002: add byte ptr [bx + di + 0x4e], ah 0x13005: push sp 0x13006: imul bp, word ptr [di], 0x6956 0x1300a: push dx 0x1300b: inc sp 0x1300d: inc cx 0x1300e: push sp 0x1300f: add byte ptr [bp + di + 0x48], ah 0x13012: dec bx 0x13013: dec sp 0x13014: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T11:53:50.354054967Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T11:53:50.355052069Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T11:53:50.357358248Z	74	PC: 12abe \| Reallocate memory
2018-12-25T11:53:50.358837558Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T11:53:50.360424171Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:53:50.362191958Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')