Sample viewer

vx.netlux.org/Virus.DOS.MTZ.Overkill.1385

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:55:04.963785802Z	48	PC: 12a62 \| Get DOS version
2018-12-17T21:55:04.964583557Z	24	PC: 12a74 \| Reserved
2018-12-17T21:55:04.966128023Z	88	PC: 12b7f \| case 0xGet or set allocation strateg:
2018-12-17T21:55:04.96953374Z	88	PC: 12b8d \| case 0xGet or set allocation strateg:
2018-12-17T21:55:04.970592568Z	74	PC: 12bcb \| Reallocate memory
2018-12-17T21:55:04.971639728Z	72	PC: 12bd3 \| Allocate memory
2018-12-17T21:55:04.973884624Z	42	PC: 12f45 \| Get date 0x12f45: jb 0x12f66 0x12f47: cmp dl, 0x1e 0x12f4a: jne 0x12f66 0x12f4c: mov ax, 0x2c00 0x12f4f: int 0x21 0x12f51: jb 0x12f66 0x12f53: and cl, 1 0x12f56: cmp cl, 1 0x12f59: jne 0x12f66 0x12f5b: mov ax, 0x900 0x12f5e: mov dx, 0x198 0x12f61: int 0x21 0x12f63: hlt 0x12f64: jmp 0x12f64 0x12f66: ret 0x12f67: mov di, 0x100 0x12f6a: mov si, word ptr [0x433] 0x12f6e: add si, 0x109 0x12f72: mov cx, 0x560 0x12f75: rep movsb byte ptr es:[di], byte ptr [si]

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":547,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:19.983828538Z	48	PC: 12a62 \| Get DOS version
2018-12-25T11:41:19.985767303Z	24	PC: 12a74 \| Reserved
2018-12-25T11:41:19.987593657Z	88	PC: 12b7f \| case 0xGet or set allocation strateg:
2018-12-25T11:41:19.98906327Z	88	PC: 12b8d \| case 0xGet or set allocation strateg:
2018-12-25T11:41:19.990750126Z	74	PC: 12bcb \| Reallocate memory
2018-12-25T11:41:19.996337636Z	72	PC: 12bd3 \| Allocate memory
2018-12-25T11:41:19.998506305Z	42	PC: 12f45 \| Get date 0x12f45: jb 0x12f66 0x12f47: cmp dl, 0x1e 0x12f4a: jne 0x12f66 0x12f4c: mov ax, 0x2c00 0x12f4f: int 0x21 0x12f51: jb 0x12f66 0x12f53: and cl, 1 0x12f56: cmp cl, 1 0x12f59: jne 0x12f66 0x12f5b: mov ax, 0x900 0x12f5e: mov dx, 0x198 0x12f61: int 0x21 0x12f63: hlt 0x12f64: jmp 0x12f64 0x12f66: ret 0x12f67: mov di, 0x100 0x12f6a: mov si, word ptr [0x433] 0x12f6e: add si, 0x109 0x12f72: mov cx, 0x560 0x12f75: rep movsb byte ptr es:[di], byte ptr [si]

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":547,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:20.062413882Z	48	PC: 12a62 \| Get DOS version
2018-12-25T11:41:20.064226541Z	24	PC: 12a74 \| Reserved
2018-12-25T11:41:20.065270206Z	88	PC: 12b7f \| case 0xGet or set allocation strateg:
2018-12-25T11:41:20.066368935Z	88	PC: 12b8d \| case 0xGet or set allocation strateg:
2018-12-25T11:41:20.068093775Z	74	PC: 12bcb \| Reallocate memory
2018-12-25T11:41:20.070555196Z	72	PC: 12bd3 \| Allocate memory
2018-12-25T11:41:20.07334234Z	42	PC: 12f45 \| Get date 0x12f45: jb 0x12f66 0x12f47: cmp dl, 0x1e 0x12f4a: jne 0x12f66 0x12f4c: mov ax, 0x2c00 0x12f4f: int 0x21 0x12f51: jb 0x12f66 0x12f53: and cl, 1 0x12f56: cmp cl, 1 0x12f59: jne 0x12f66 0x12f5b: mov ax, 0x900 0x12f5e: mov dx, 0x198 0x12f61: int 0x21 0x12f63: hlt 0x12f64: jmp 0x12f64 0x12f66: ret 0x12f67: mov di, 0x100 0x12f6a: mov si, word ptr [0x433] 0x12f6e: add si, 0x109 0x12f72: mov cx, 0x560 0x12f75: rep movsb byte ptr es:[di], byte ptr [si]
2018-12-25T11:41:20.077010898Z	44	PC: 12f51 \| Get time 0x12f51: jb 0x12f66 0x12f53: and cl, 1 0x12f56: cmp cl, 1 0x12f59: jne 0x12f66 0x12f5b: mov ax, 0x900 0x12f5e: mov dx, 0x198 0x12f61: int 0x21 0x12f63: hlt 0x12f64: jmp 0x12f64 0x12f66: ret 0x12f67: mov di, 0x100 0x12f6a: mov si, word ptr [0x433] 0x12f6e: add si, 0x109 0x12f72: mov cx, 0x560 0x12f75: rep movsb byte ptr es:[di], byte ptr [si] 0x12f77: mov di, 0x100 0x12f7a: mov cx, 0x560 0x12f7d: not byte ptr [di] 0x12f7f: inc di 0x12f80: loop 0x12f7d
2018-12-25T11:41:20.079175876Z	9	PC: 12f63 \| Display string (String= 'OverKill III Virus - By MTZ - From Italy - Are You ready (y/n) ? ')