Sample viewer

vx.netlux.org/Virus.DOS.Parde.1147

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:30:56.30261915Z	25	PC: 14f6e \| Get default drive
2018-12-17T22:30:56.305125533Z	14	PC: 14f78 \| Set default drive (Drive = 'C')
2018-12-17T22:30:56.307022899Z	71	PC: 14f81 \| Get current directory
2018-12-17T22:30:56.309897238Z	59	PC: 14f89 \| Change current directory
2018-12-17T22:30:56.324216289Z	26	PC: 14f91 \| Set disk transfer address
2018-12-17T22:30:56.335098477Z	71	PC: 14f9a \| Get current directory
2018-12-17T22:30:56.338405309Z	53	PC: 14f9f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:56.340983572Z	37	PC: 14fb0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:56.343054739Z	78	PC: 14fbb \| Find first file
2018-12-17T22:30:56.344994638Z	59	PC: 14fc8 \| Change current directory
2018-12-17T22:30:56.349547236Z	42	PC: 1507a \| Get date 0x1507a: cmp dl, 0x1e 0x1507d: je 0x15082 0x1507f: jmp 0x150cc 0x15081: nop 0x15082: mov ah, 0x4e 0x15084: mov cx, 7 0x15087: lea dx, word ptr [bp + 0x50b] 0x1508b: int 0x21 0x1508d: jae 0x15092 0x1508f: jmp 0x150af 0x15091: nop 0x15092: mov ax, 0x3d02 0x15095: lea dx, word ptr [bp + 0x561] 0x15099: int 0x21 0x1509b: xchg ax, bx 0x1509c: mov ah, 0x40 0x1509e: mov cx, 0x71 0x150a1: lea dx, word ptr [bp + 0x2b8] 0x150a5: int 0x21 0x150a7: mov ah, 0x3e
2018-12-17T22:30:56.352728479Z	59	PC: 150d4 \| Change current directory
2018-12-17T22:30:56.354905642Z	37	PC: 150dd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:30:56.356351118Z	26	PC: 150e5 \| Set disk transfer address
2018-12-17T22:30:56.363435878Z	9	PC: 12a7c \| Display string (Could not find end pointer)
2018-12-17T22:30:56.368613982Z	76	PC: 12a81 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5531,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:43.265792263Z	25	PC: 14f6e \| Get default drive
2018-12-25T11:54:43.267565385Z	14	PC: 14f78 \| Set default drive (Drive = 'C')
2018-12-25T11:54:43.268812334Z	71	PC: 14f81 \| Get current directory
2018-12-25T11:54:43.271095206Z	59	PC: 14f89 \| Change current directory
2018-12-25T11:54:43.281556594Z	26	PC: 14f91 \| Set disk transfer address
2018-12-25T11:54:43.282746775Z	71	PC: 14f9a \| Get current directory
2018-12-25T11:54:43.285509118Z	53	PC: 14f9f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:43.287095661Z	37	PC: 14fb0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:43.288615734Z	78	PC: 14fbb \| Find first file
2018-12-25T11:54:43.290174046Z	59	PC: 14fc8 \| Change current directory
2018-12-25T11:54:43.301594621Z	42	PC: 1507a \| Get date 0x1507a: cmp dl, 0x1e 0x1507d: je 0x15082 0x1507f: jmp 0x150cc 0x15081: nop 0x15082: mov ah, 0x4e 0x15084: mov cx, 7 0x15087: lea dx, word ptr [bp + 0x50b] 0x1508b: int 0x21 0x1508d: jae 0x15092 0x1508f: jmp 0x150af 0x15091: nop 0x15092: mov ax, 0x3d02 0x15095: lea dx, word ptr [bp + 0x561] 0x15099: int 0x21 0x1509b: xchg ax, bx 0x1509c: mov ah, 0x40 0x1509e: mov cx, 0x71 0x150a1: lea dx, word ptr [bp + 0x2b8] 0x150a5: int 0x21 0x150a7: mov ah, 0x3e
2018-12-25T11:54:43.306991507Z	59	PC: 150d4 \| Change current directory
2018-12-25T11:54:43.308612083Z	37	PC: 150dd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:43.309582289Z	26	PC: 150e5 \| Set disk transfer address
2018-12-25T11:54:43.31178789Z	9	PC: 12a7c \| Display string (Could not find end pointer)
2018-12-25T11:54:43.316067728Z	76	PC: 12a81 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":30,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5531,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:54:43.322065507Z	25	PC: 14f6e \| Get default drive
2018-12-25T11:54:43.324024879Z	14	PC: 14f78 \| Set default drive (Drive = 'C')
2018-12-25T11:54:43.325563222Z	71	PC: 14f81 \| Get current directory
2018-12-25T11:54:43.328225246Z	59	PC: 14f89 \| Change current directory
2018-12-25T11:54:43.339709868Z	26	PC: 14f91 \| Set disk transfer address
2018-12-25T11:54:43.341573803Z	71	PC: 14f9a \| Get current directory
2018-12-25T11:54:43.344340025Z	53	PC: 14f9f \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:43.346348185Z	37	PC: 14fb0 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:43.34799742Z	78	PC: 14fbb \| Find first file
2018-12-25T11:54:43.349946993Z	59	PC: 14fc8 \| Change current directory
2018-12-25T11:54:43.353816795Z	42	PC: 1507a \| Get date 0x1507a: cmp dl, 0x1e 0x1507d: je 0x15082 0x1507f: jmp 0x150cc 0x15081: nop 0x15082: mov ah, 0x4e 0x15084: mov cx, 7 0x15087: lea dx, word ptr [bp + 0x50b] 0x1508b: int 0x21 0x1508d: jae 0x15092 0x1508f: jmp 0x150af 0x15091: nop 0x15092: mov ax, 0x3d02 0x15095: lea dx, word ptr [bp + 0x561] 0x15099: int 0x21 0x1509b: xchg ax, bx 0x1509c: mov ah, 0x40 0x1509e: mov cx, 0x71 0x150a1: lea dx, word ptr [bp + 0x2b8] 0x150a5: int 0x21 0x150a7: mov ah, 0x3e
2018-12-25T11:54:43.360562202Z	78	PC: 1508d \| Find first file
2018-12-25T11:54:43.366541553Z	9	PC: 150b7 \| Display string (Could not find end pointer)
2018-12-25T11:54:43.383543093Z	59	PC: 150d4 \| Change current directory
2018-12-25T11:54:43.386158829Z	37	PC: 150dd \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:54:43.387263222Z	26	PC: 150e5 \| Set disk transfer address
2018-12-25T11:54:43.388262063Z	9	PC: 12a7c \| Display string (Could not find end pointer)
2018-12-25T11:54:43.394712571Z	76	PC: 12a81 \| Terminate with return code (Return code = '0')