Sample viewer

vx.netlux.org/Virus.DOS.Witcode.966

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:33.871609633Z	48	PC: 12c37 \| Get DOS version
2018-12-17T22:31:33.873481771Z	203	PC: 12c5e \| UNKNOWN!
2018-12-17T22:31:33.87542899Z	72	PC: 12c71 \| Allocate memory
2018-12-17T22:31:33.877399901Z	74	PC: 12c8d \| Reallocate memory
2018-12-17T22:31:33.878982888Z	72	PC: 12c9a \| Allocate memory
2018-12-17T22:31:33.881285889Z	82	PC: 12cb0 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:31:33.88307359Z	9	PC: 12a47 \| Display string (String= 'Sample 1000-byte .EXE file')
2018-12-17T22:31:33.886870716Z	42	PC: 9f76a \| Get date 0x9f76a: cmp dx, 0xc18 0x9f76e: jae 0x9f7a7 0x9f770: cmp al, 0 0x9f772: je 0x9f7b0 0x9f774: cmp al, 1 0x9f776: je 0x9f781 0x9f778: cmp al, 5 0x9f77a: jne 0x9f7c0 0x9f77c: cmp dl, 0xd 0x9f77f: je 0x9f78a 0x9f781: xor ah, ah 0x9f783: int 0x1a 0x9f785: and dl, 0x3f 0x9f788: jne 0x9f7c0 0x9f78a: mov al, 2 0x9f78c: mov cx, 1 0x9f78f: xor dx, dx 0x9f791: push cs 0x9f792: pop ds 0x9f793: lea bx, word ptr [0x3ce]
2018-12-17T22:31:33.895618096Z	76	PC: 12c28 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":26,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5637,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:02.406189186Z	48	PC: 12c37 \| Get DOS version
2018-12-25T11:55:02.40918071Z	203	PC: 12c5e \| UNKNOWN!
2018-12-25T11:55:02.410081719Z	72	PC: 12c71 \| Allocate memory
2018-12-25T11:55:02.413501308Z	74	PC: 12c8d \| Reallocate memory
2018-12-25T11:55:02.415215735Z	72	PC: 12c9a \| Allocate memory
2018-12-25T11:55:02.417206138Z	82	PC: 12cb0 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:55:02.418520172Z	9	PC: 12a47 \| Display string (String= 'Sample 1000-byte .EXE file')
2018-12-25T11:55:02.42233068Z	42	PC: 9f76a \| Get date 0x9f76a: cmp dx, 0xc18 0x9f76e: jae 0x9f7a7 0x9f770: cmp al, 0 0x9f772: je 0x9f7b0 0x9f774: cmp al, 1 0x9f776: je 0x9f781 0x9f778: cmp al, 5 0x9f77a: jne 0x9f7c0 0x9f77c: cmp dl, 0xd 0x9f77f: je 0x9f78a 0x9f781: xor ah, ah 0x9f783: int 0x1a 0x9f785: and dl, 0x3f 0x9f788: jne 0x9f7c0 0x9f78a: mov al, 2 0x9f78c: mov cx, 1 0x9f78f: xor dx, dx 0x9f791: push cs 0x9f792: pop ds 0x9f793: lea bx, word ptr [0x3ce]
2018-12-25T11:55:02.425233056Z	2	PC: 9f71c \| Character output (Char = '0d')
2018-12-25T11:55:02.427564002Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.431916905Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.435237397Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.438215504Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.441142902Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.444495971Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.447318113Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.451271235Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.465601779Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.469831358Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.472625043Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.476074622Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.478824221Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.481867685Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.485690912Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.489253381Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.492543038Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.495540004Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.499461173Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.503996549Z	76	PC: 12c28 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":28,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5637,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:02.60283014Z	48	PC: 12c37 \| Get DOS version
2018-12-25T11:55:02.604354323Z	203	PC: 12c5e \| UNKNOWN!
2018-12-25T11:55:02.605947303Z	72	PC: 12c71 \| Allocate memory
2018-12-25T11:55:02.607924658Z	74	PC: 12c8d \| Reallocate memory
2018-12-25T11:55:02.609561365Z	72	PC: 12c9a \| Allocate memory
2018-12-25T11:55:02.612477018Z	82	PC: 12cb0 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:55:02.614445633Z	9	PC: 12a47 \| Display string (String= 'Sample 1000-byte .EXE file')
2018-12-25T11:55:02.618575772Z	42	PC: 9f76a \| Get date 0x9f76a: cmp dx, 0xc18 0x9f76e: jae 0x9f7a7 0x9f770: cmp al, 0 0x9f772: je 0x9f7b0 0x9f774: cmp al, 1 0x9f776: je 0x9f781 0x9f778: cmp al, 5 0x9f77a: jne 0x9f7c0 0x9f77c: cmp dl, 0xd 0x9f77f: je 0x9f78a 0x9f781: xor ah, ah 0x9f783: int 0x1a 0x9f785: and dl, 0x3f 0x9f788: jne 0x9f7c0 0x9f78a: mov al, 2 0x9f78c: mov cx, 1 0x9f78f: xor dx, dx 0x9f791: push cs 0x9f792: pop ds 0x9f793: lea bx, word ptr [0x3ce]
2018-12-25T11:55:02.622497498Z	2	PC: 9f71c \| Character output (Char = '0d')
2018-12-25T11:55:02.625252364Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.629755341Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.632816257Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.636231141Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.638745592Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.64126068Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.6441318Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.646415842Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.64879813Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.662927738Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.665428607Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.667889904Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.671136822Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.674915871Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.677745596Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.681542879Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.684482775Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.687513893Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.691084348Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.696234957Z	76	PC: 12c28 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":29,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5637,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:02.880391941Z	48	PC: 12c37 \| Get DOS version
2018-12-25T11:55:02.884864487Z	203	PC: 12c5e \| UNKNOWN!
2018-12-25T11:55:02.885869328Z	72	PC: 12c71 \| Allocate memory
2018-12-25T11:55:02.887767038Z	74	PC: 12c8d \| Reallocate memory
2018-12-25T11:55:02.889873873Z	72	PC: 12c9a \| Allocate memory
2018-12-25T11:55:02.892327732Z	82	PC: 12cb0 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:55:02.89368132Z	9	PC: 12a47 \| Display string (String= 'Sample 1000-byte .EXE file')
2018-12-25T11:55:02.896964133Z	42	PC: 9f76a \| Get date 0x9f76a: cmp dx, 0xc18 0x9f76e: jae 0x9f7a7 0x9f770: cmp al, 0 0x9f772: je 0x9f7b0 0x9f774: cmp al, 1 0x9f776: je 0x9f781 0x9f778: cmp al, 5 0x9f77a: jne 0x9f7c0 0x9f77c: cmp dl, 0xd 0x9f77f: je 0x9f78a 0x9f781: xor ah, ah 0x9f783: int 0x1a 0x9f785: and dl, 0x3f 0x9f788: jne 0x9f7c0 0x9f78a: mov al, 2 0x9f78c: mov cx, 1 0x9f78f: xor dx, dx 0x9f791: push cs 0x9f792: pop ds 0x9f793: lea bx, word ptr [0x3ce]
2018-12-25T11:55:02.899706521Z	2	PC: 9f71c \| Character output (Char = '0d')
2018-12-25T11:55:02.901877822Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.905942375Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.910442143Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.913054745Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.91543249Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.931328148Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.933722303Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.935928138Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.938735709Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.942528684Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.944827516Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.947599035Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.950006801Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.952314932Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.95483462Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.957398367Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.961650514Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.964265898Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.966858142Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:02.971062825Z	76	PC: 12c28 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5637,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:03.158544337Z	48	PC: 12c37 \| Get DOS version
2018-12-25T11:55:03.161557735Z	203	PC: 12c5e \| UNKNOWN!
2018-12-25T11:55:03.162531591Z	72	PC: 12c71 \| Allocate memory
2018-12-25T11:55:03.165088665Z	74	PC: 12c8d \| Reallocate memory
2018-12-25T11:55:03.167701989Z	72	PC: 12c9a \| Allocate memory
2018-12-25T11:55:03.170111341Z	82	PC: 12cb0 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:55:03.172145288Z	9	PC: 12a47 \| Display string (String= 'Sample 1000-byte .EXE file')
2018-12-25T11:55:03.1763227Z	42	PC: 9f76a \| Get date 0x9f76a: cmp dx, 0xc18 0x9f76e: jae 0x9f7a7 0x9f770: cmp al, 0 0x9f772: je 0x9f7b0 0x9f774: cmp al, 1 0x9f776: je 0x9f781 0x9f778: cmp al, 5 0x9f77a: jne 0x9f7c0 0x9f77c: cmp dl, 0xd 0x9f77f: je 0x9f78a 0x9f781: xor ah, ah 0x9f783: int 0x1a 0x9f785: and dl, 0x3f 0x9f788: jne 0x9f7c0 0x9f78a: mov al, 2 0x9f78c: mov cx, 1 0x9f78f: xor dx, dx 0x9f791: push cs 0x9f792: pop ds 0x9f793: lea bx, word ptr [0x3ce]
2018-12-25T11:55:03.182247974Z	76	PC: 12c28 \| Terminate with return code (Return code = '36')

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5637,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:03.252781489Z	48	PC: 12c37 \| Get DOS version
2018-12-25T11:55:03.254484937Z	203	PC: 12c5e \| UNKNOWN!
2018-12-25T11:55:03.256241682Z	72	PC: 12c71 \| Allocate memory
2018-12-25T11:55:03.258146426Z	74	PC: 12c8d \| Reallocate memory
2018-12-25T11:55:03.270555831Z	72	PC: 12c9a \| Allocate memory
2018-12-25T11:55:03.274126715Z	82	PC: 12cb0 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:55:03.276059112Z	9	PC: 12a47 \| Display string (String= 'Sample 1000-byte .EXE file')
2018-12-25T11:55:03.279917414Z	42	PC: 9f76a \| Get date 0x9f76a: cmp dx, 0xc18 0x9f76e: jae 0x9f7a7 0x9f770: cmp al, 0 0x9f772: je 0x9f7b0 0x9f774: cmp al, 1 0x9f776: je 0x9f781 0x9f778: cmp al, 5 0x9f77a: jne 0x9f7c0 0x9f77c: cmp dl, 0xd 0x9f77f: je 0x9f78a 0x9f781: xor ah, ah 0x9f783: int 0x1a 0x9f785: and dl, 0x3f 0x9f788: jne 0x9f7c0 0x9f78a: mov al, 2 0x9f78c: mov cx, 1 0x9f78f: xor dx, dx 0x9f791: push cs 0x9f792: pop ds 0x9f793: lea bx, word ptr [0x3ce]
2018-12-25T11:55:03.283873902Z	2	PC: 9f71c \| Character output (Char = '0d')
2018-12-25T11:55:03.286399747Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.291521926Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.294943983Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.297299602Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.299630704Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.302563508Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.304981537Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.307344685Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.310073629Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.323442218Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.32643481Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.329410922Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.333533714Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.336126502Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.338965275Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.342799846Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.345899648Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.348557479Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.350623588Z	2	PC: 9f71c \| Character output (See above)
2018-12-25T11:55:03.354021782Z	76	PC: 12c28 \| Terminate with return code (Return code = '36')