Sample viewer

vx.netlux.org/Virus.DOS.Illusion.1326

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:04.786699904Z	48	PC: 12a63 \| Get DOS version
2018-12-17T22:32:04.788108754Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es
2018-12-17T22:32:04.790553852Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":5,"Month":7,"Year":1983,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5727,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:17.856225691Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:55:17.858542229Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5727,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:17.917754052Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:55:17.919152922Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:55:17.921828443Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5727,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:17.962162667Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:55:17.973113616Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:55:17.97525648Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":5,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5727,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:18.015130835Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:55:18.017592326Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es

{"DateBased":true,"Day":1,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5727,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:18.250503345Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:55:18.252863328Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:55:18.255378006Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":2,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5727,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:18.691219415Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:55:18.693420039Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es
2018-12-25T11:55:18.695861899Z	53	PC: 12a9e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":4,"Month":7,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5727,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:19.204340476Z	48	PC: 12a63 \| Get DOS version
2018-12-25T11:55:19.210459662Z	42	PC: 12a71 \| Get date 0x12a71: cmp dh, 7 0x12a74: jne 0x12a7e 0x12a76: cmp dl, 4 0x12a79: jne 0x12a7e 0x12a7b: jmp 0x12e37 0x12a7e: cmp al, 2 0x12a80: jne 0x12a97 0x12a82: cmp dl, 5 0x12a85: jne 0x12a97 0x12a87: jmp 0x12e37 0x12a8a: sub ax, 0x233e 0x12a8d: push sp 0x12a8e: push 0x5f45 0x12a91: push di 0x12a92: imul bx, word ptr [bp + si + 0x41], 0x4472 0x12a97: mov ax, 0x3621 0x12a9a: dec ah 0x12a9c: int 0x21 0x12a9e: mov word ptr cs:[bp + 0x1ac], bx 0x12aa3: mov word ptr cs:[bp + 0x1ae], es