Sample viewer

vx.netlux.org/Virus.DOS.Alicia.d

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:32:10.169391247Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13ec1 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d7e 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-17T22:32:10.171739529Z	19	PC: 12a73 \| Delete file
2018-12-17T22:32:10.173354162Z	42	PC: 13d84 \| Get date 0x13d84: mov word ptr cs:[bp + 0x13c6], cx 0x13d89: mov word ptr cs:[bp + 0x174e], cx 0x13d8e: mov ah, 0x2c 0x13d90: int 0x21 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa
2018-12-17T22:32:10.175705954Z	44	PC: 13d92 \| Get time 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa 0x13dc4: rcl ch, 1 0x13dc6: and ch, 7 0x13dc9: call 0x23a0b 0x13dcc: mov byte ptr cs:[bp + 0x13ce], ch
2018-12-17T22:32:10.178520591Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:10.181141385Z	98	PC: 12a91 \| Get current PSP
2018-12-17T22:32:10.182224887Z	74	PC: 12b9f \| Reallocate memory
2018-12-17T22:32:10.184096434Z	74	PC: 12ba5 \| Reallocate memory
2018-12-17T22:32:10.186474711Z	72	PC: 12bac \| Allocate memory
2018-12-17T22:32:10.18856066Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:19.652800512Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13ec1 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d7e 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T11:55:19.655875937Z	19	PC: 12a73 \| Delete file
2018-12-25T11:55:19.657366441Z	42	PC: 13d84 \| Get date 0x13d84: mov word ptr cs:[bp + 0x13c6], cx 0x13d89: mov word ptr cs:[bp + 0x174e], cx 0x13d8e: mov ah, 0x2c 0x13d90: int 0x21 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa
2018-12-25T11:55:19.659814705Z	44	PC: 13d92 \| Get time 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa 0x13dc4: rcl ch, 1 0x13dc6: and ch, 7 0x13dc9: call 0x23a0b 0x13dcc: mov byte ptr cs:[bp + 0x13ce], ch
2018-12-25T11:55:19.662842268Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:19.664663212Z	98	PC: 12a91 \| Get current PSP
2018-12-25T11:55:19.665861968Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T11:55:19.667940062Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T11:55:19.669846755Z	72	PC: 12bac \| Allocate memory
2018-12-25T11:55:19.671328734Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:19.879318027Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13ec1 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d7e 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T11:55:19.88204297Z	19	PC: 12a73 \| Delete file
2018-12-25T11:55:19.883782613Z	42	PC: 13d84 \| Get date 0x13d84: mov word ptr cs:[bp + 0x13c6], cx 0x13d89: mov word ptr cs:[bp + 0x174e], cx 0x13d8e: mov ah, 0x2c 0x13d90: int 0x21 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa
2018-12-25T11:55:19.885867861Z	44	PC: 13d92 \| Get time 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa 0x13dc4: rcl ch, 1 0x13dc6: and ch, 7 0x13dc9: call 0x23a0b 0x13dcc: mov byte ptr cs:[bp + 0x13ce], ch
2018-12-25T11:55:19.888640414Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:19.889871644Z	98	PC: 12a91 \| Get current PSP
2018-12-25T11:55:19.890680665Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T11:55:19.892329996Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T11:55:19.894159262Z	72	PC: 12bac \| Allocate memory
2018-12-25T11:55:19.896335593Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":24,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5753,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:55:19.900129804Z	42	PC: 12a5f \| Get date 0x12a5f: cmp dh, 5 0x12a62: jne 0x12a6c 0x12a64: cmp dl, 0x18 0x12a67: jne 0x12a6c 0x12a69: call 0x13ec1 0x12a6c: xor cx, cx 0x12a6e: mov ax, 0x1369 0x12a71: int 0x21 0x12a73: cmp cx, 0x6969 0x12a77: jne 0x12a7b 0x12a79: jmp 0x12a4d 0x12a7b: call 0x13d7e 0x12a7e: mov ax, 0x3521 0x12a81: int 0x21 0x12a83: mov word ptr cs:[bp + 0x1b3], es 0x12a88: mov word ptr cs:[bp + 0x1b1], bx 0x12a8d: mov ah, 0x62 0x12a8f: int 0x21 0x12a91: push bx 0x12a92: push bx
2018-12-25T11:55:19.93252205Z	19	PC: 12a73 \| Delete file
2018-12-25T11:55:19.935628802Z	42	PC: 13d84 \| Get date 0x13d84: mov word ptr cs:[bp + 0x13c6], cx 0x13d89: mov word ptr cs:[bp + 0x174e], cx 0x13d8e: mov ah, 0x2c 0x13d90: int 0x21 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa
2018-12-25T11:55:19.938372314Z	44	PC: 13d92 \| Get time 0x13d92: mov word ptr cs:[bp + 0x1748], dx 0x13d97: mov ch, dh 0x13d99: mov cl, dh 0x13d9b: and ch, 3 0x13d9e: add ch, 4 0x13da1: call 0x239f9 0x13da4: mov byte ptr cs:[bp + 0x13cc], ch 0x13da9: mov ch, dh 0x13dab: xor ch, 0x87 0x13dae: rcr ch, 2 0x13db1: and ch, 7 0x13db4: call 0x23a0b 0x13db7: mov byte ptr cs:[bp + 0x13cf], ch 0x13dbc: mov ch, dh 0x13dbe: xor ch, 0x1e 0x13dc1: add ch, 0xaa 0x13dc4: rcl ch, 1 0x13dc6: and ch, 7 0x13dc9: call 0x23a0b 0x13dcc: mov byte ptr cs:[bp + 0x13ce], ch
2018-12-25T11:55:19.941310819Z	53	PC: 12a83 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:19.944051132Z	98	PC: 12a91 \| Get current PSP
2018-12-25T11:55:19.945234021Z	74	PC: 12b9f \| Reallocate memory
2018-12-25T11:55:19.947353002Z	74	PC: 12ba5 \| Reallocate memory
2018-12-25T11:55:19.950301338Z	72	PC: 12bac \| Allocate memory
2018-12-25T11:55:19.952476223Z	37	PC: 12ad3 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')