Sample viewer

vx.netlux.org/Virus.DOS.3tunes.1784

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:31:53.593295854Z	254	PC: 15a67 \| UNKNOWN!
2018-12-17T22:31:53.594632963Z	53	PC: 15afc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:53.59556623Z	53	PC: 15b29 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:53.596449878Z	37	PC: 15b35 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:53.597842045Z	48	PC: 15b46 \| Get DOS version
2018-12-17T22:31:53.598772543Z	37	PC: 15b59 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:31:53.599640215Z	37	PC: 15b1f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:31:53.601065056Z	42	PC: 15aaf \| Get date 0x15aaf: cmp dh, 6 0x15ab2: jne 0x15ae8 0x15ab4: mov ah, 0x2c 0x15ab6: int 0x21 0x15ab8: add cl, ch 0x15aba: and cl, 3 0x15abd: xor ch, ch 0x15abf: cmp cx, 3 0x15ac2: je 0x15ae8 0x15ac4: mov bx, 0x3a 0x15ac7: add bx, cx 0x15ac9: add bx, cx 0x15acb: mov ax, word ptr [bx] 0x15acd: mov word ptr [0x38], ax 0x15ad0: mov word ptr [0x35], 0 0x15ad6: mov byte ptr [0x37], 0 0x15adb: mov byte ptr [0x34], 0 0x15ae0: mov ax, 0x251c 0x15ae3: mov dx, 0x24e 0x15ae6: int 0x21
2018-12-17T22:31:53.602603857Z	48	PC: 132ae \| Get DOS version
2018-12-17T22:31:53.603590443Z	74	PC: 132ae \| Reallocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:15.642698808Z	254	PC: 15a67 \| UNKNOWN!
2018-12-25T11:55:15.644637165Z	53	PC: 15afc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:15.645953993Z	53	PC: 15b29 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:55:15.647199103Z	37	PC: 15b35 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:55:15.649074647Z	48	PC: 15b46 \| Get DOS version
2018-12-25T11:55:15.650224637Z	37	PC: 15b59 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:55:15.651075735Z	37	PC: 15b1f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:15.652488907Z	42	PC: 15aaf \| Get date 0x15aaf: cmp dh, 6 0x15ab2: jne 0x15ae8 0x15ab4: mov ah, 0x2c 0x15ab6: int 0x21 0x15ab8: add cl, ch 0x15aba: and cl, 3 0x15abd: xor ch, ch 0x15abf: cmp cx, 3 0x15ac2: je 0x15ae8 0x15ac4: mov bx, 0x3a 0x15ac7: add bx, cx 0x15ac9: add bx, cx 0x15acb: mov ax, word ptr [bx] 0x15acd: mov word ptr [0x38], ax 0x15ad0: mov word ptr [0x35], 0 0x15ad6: mov byte ptr [0x37], 0 0x15adb: mov byte ptr [0x34], 0 0x15ae0: mov ax, 0x251c 0x15ae3: mov dx, 0x24e 0x15ae6: int 0x21
2018-12-25T11:55:15.654339246Z	48	PC: 132ae \| Get DOS version
2018-12-25T11:55:15.655462285Z	74	PC: 132ae \| Reallocate memory (See above)

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5696,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:15.78223897Z	254	PC: 15a67 \| UNKNOWN!
2018-12-25T11:55:15.784649265Z	53	PC: 15afc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:15.786402886Z	53	PC: 15b29 \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:55:15.788133782Z	37	PC: 15b35 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:55:15.790448713Z	48	PC: 15b46 \| Get DOS version
2018-12-25T11:55:15.792412027Z	37	PC: 15b59 \| Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T11:55:15.794063282Z	37	PC: 15b1f \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:15.796094791Z	42	PC: 15aaf \| Get date 0x15aaf: cmp dh, 6 0x15ab2: jne 0x15ae8 0x15ab4: mov ah, 0x2c 0x15ab6: int 0x21 0x15ab8: add cl, ch 0x15aba: and cl, 3 0x15abd: xor ch, ch 0x15abf: cmp cx, 3 0x15ac2: je 0x15ae8 0x15ac4: mov bx, 0x3a 0x15ac7: add bx, cx 0x15ac9: add bx, cx 0x15acb: mov ax, word ptr [bx] 0x15acd: mov word ptr [0x38], ax 0x15ad0: mov word ptr [0x35], 0 0x15ad6: mov byte ptr [0x37], 0 0x15adb: mov byte ptr [0x34], 0 0x15ae0: mov ax, 0x251c 0x15ae3: mov dx, 0x24e 0x15ae6: int 0x21
2018-12-25T11:55:15.800586809Z	44	PC: 15ab8 \| Get time 0x15ab8: add cl, ch 0x15aba: and cl, 3 0x15abd: xor ch, ch 0x15abf: cmp cx, 3 0x15ac2: je 0x15ae8 0x15ac4: mov bx, 0x3a 0x15ac7: add bx, cx 0x15ac9: add bx, cx 0x15acb: mov ax, word ptr [bx] 0x15acd: mov word ptr [0x38], ax 0x15ad0: mov word ptr [0x35], 0 0x15ad6: mov byte ptr [0x37], 0 0x15adb: mov byte ptr [0x34], 0 0x15ae0: mov ax, 0x251c 0x15ae3: mov dx, 0x24e 0x15ae6: int 0x21 0x15ae8: pop es 0x15ae9: pop ax 0x15aea: push es 0x15aeb: pop ds
2018-12-25T11:55:15.804792315Z	37	PC: 15ae8 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T11:55:15.806557283Z	48	PC: 132ae \| Get DOS version
2018-12-25T11:55:15.809381624Z	74	PC: 132ae \| Reallocate memory (See above)