Sample viewer

vx.netlux.org/Virus.DOS.DR&ET.1710.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:31:54.442489802Z 42 PC: 130ac | Get date 0x130ac: cmp dl, 0xd
0x130af: jne 0x130bc
0x130b1: mov ax, word ptr [0x46c]
0x130b4: and ax, 0x3f
0x130b7: cmp ax, 0x3f
0x130ba: je 0x13090
0x130bc: push cs
0x130bd: pop ds
0x130be: push cs
0x130bf: pop es
0x130c0: cld
0x130c1: cmp byte ptr cs:[bp + 0x6a0], 1
0x130c7: je 0x130dd
0x130c9: mov word ptr cs:[bp + 0x175], cs
0x130ce: mov si, 0x6ab
0x130d1: add si, bp
0x130d3: mov di, 0x100
0x130d6: mov cx, 0x9c03
0x130d9: add byte ptr [bx + di], al
0x130db: adc ax, word ptr [bp + 4]
2018-12-17T22:31:54.445151238Z 48 PC: 130ed | Get DOS version
2018-12-17T22:31:54.446253354Z 72 PC: 130fa | Allocate memory
2018-12-17T22:31:54.447865746Z 74 PC: 1310f | Reallocate memory
2018-12-17T22:31:55.17031288Z 82 PC: 1a060 | Get DOS internal pointers (SYSVARS)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5699,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:16.001463425Z 42 PC: 130ac | Get date 0x130ac: cmp dl, 0xd
0x130af: jne 0x130bc
0x130b1: mov ax, word ptr [0x46c]
0x130b4: and ax, 0x3f
0x130b7: cmp ax, 0x3f
0x130ba: je 0x13090
0x130bc: push cs
0x130bd: pop ds
0x130be: push cs
0x130bf: pop es
0x130c0: cld
0x130c1: cmp byte ptr cs:[bp + 0x6a0], 1
0x130c7: je 0x130dd
0x130c9: mov word ptr cs:[bp + 0x175], cs
0x130ce: mov si, 0x6ab
0x130d1: add si, bp
0x130d3: mov di, 0x100
0x130d6: mov cx, 0x9c03
0x130d9: add byte ptr [bx + di], al
0x130db: adc ax, word ptr [bp + 4]
2018-12-25T11:55:16.004689817Z 48 PC: 130ed | Get DOS version
2018-12-25T11:55:16.00695529Z 72 PC: 130fa | Allocate memory
2018-12-25T11:55:16.008960968Z 74 PC: 1310f | Reallocate memory

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5699,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:16.382366339Z 42 PC: 130ac | Get date 0x130ac: cmp dl, 0xd
0x130af: jne 0x130bc
0x130b1: mov ax, word ptr [0x46c]
0x130b4: and ax, 0x3f
0x130b7: cmp ax, 0x3f
0x130ba: je 0x13090
0x130bc: push cs
0x130bd: pop ds
0x130be: push cs
0x130bf: pop es
0x130c0: cld
0x130c1: cmp byte ptr cs:[bp + 0x6a0], 1
0x130c7: je 0x130dd
0x130c9: mov word ptr cs:[bp + 0x175], cs
0x130ce: mov si, 0x6ab
0x130d1: add si, bp
0x130d3: mov di, 0x100
0x130d6: mov cx, 0x9c03
0x130d9: add byte ptr [bx + di], al
0x130db: adc ax, word ptr [bp + 4]
2018-12-25T11:55:16.385871051Z 48 PC: 130ed | Get DOS version
2018-12-25T11:55:16.387443791Z 72 PC: 130fa | Allocate memory
2018-12-25T11:55:16.3893851Z 74 PC: 1310f | Reallocate memory