Sample viewer

vx.netlux.org/Virus.DOS.Gdog.Baron.2000.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:32:40.301068008Z 77 PC: 12a50 | Get program return code
2018-12-17T22:32:40.303077172Z 82 PC: 12a77 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:32:40.311887184Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:40.313560428Z 74 PC: 12aa6 | Reallocate memory
2018-12-17T22:32:40.316058871Z 72 PC: 12aac | Allocate memory
2018-12-17T22:32:40.318537914Z 37 PC: 12ad0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:32:40.31989016Z 42 PC: 12ad8 | Get date 0x12ad8: cmp dx, 0x80a
0x12adc: jne 0x12b3d
0x12ade: mov ax, 0xa000
0x12ae1: mov es, ax
0x12ae3: mov ax, 0x13
0x12ae6: int 0x10
0x12ae8: mov di, 0x58c
0x12aeb: mov cx, 0xc4
0x12aee: push cx
0x12aef: mov cx, 0x14
0x12af2: mov byte ptr es:[di], al
0x12af5: inc di
0x12af6: loop 0x12af2
0x12af8: add di, 0x12c
0x12afc: pop cx
0x12afd: loop 0x12aee
0x12aff: mov di, 0xbbc6
0x12b02: mov cx, 0x12
0x12b05: push cx
0x12b06: mov cx, 0xa0

{"DateBased":true,"Day":10,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5840,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:32.327807629Z 77 PC: 12a50 | Get program return code
2018-12-25T11:55:32.329302769Z 82 PC: 12a77 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:55:32.330419253Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:32.331570353Z 74 PC: 12aa6 | Reallocate memory
2018-12-25T11:55:32.333483934Z 72 PC: 12aac | Allocate memory
2018-12-25T11:55:32.33503714Z 37 PC: 12ad0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:32.336252931Z 42 PC: 12ad8 | Get date 0x12ad8: cmp dx, 0x80a
0x12adc: jne 0x12b3d
0x12ade: mov ax, 0xa000
0x12ae1: mov es, ax
0x12ae3: mov ax, 0x13
0x12ae6: int 0x10
0x12ae8: mov di, 0x58c
0x12aeb: mov cx, 0xc4
0x12aee: push cx
0x12aef: mov cx, 0x14
0x12af2: mov byte ptr es:[di], al
0x12af5: inc di
0x12af6: loop 0x12af2
0x12af8: add di, 0x12c
0x12afc: pop cx
0x12afd: loop 0x12aee
0x12aff: mov di, 0xbbc6
0x12b02: mov cx, 0x12
0x12b05: push cx
0x12b06: mov cx, 0xa0
2018-12-25T11:55:32.345575162Z 9 PC: 12b1e | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":5840,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:55:32.726459667Z 77 PC: 12a50 | Get program return code
2018-12-25T11:55:32.728507577Z 82 PC: 12a77 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:55:32.729937755Z 53 PC: 12a81 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:32.731486536Z 74 PC: 12aa6 | Reallocate memory
2018-12-25T11:55:32.734153579Z 72 PC: 12aac | Allocate memory
2018-12-25T11:55:32.736501387Z 37 PC: 12ad0 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:55:32.738339968Z 42 PC: 12ad8 | Get date 0x12ad8: cmp dx, 0x80a
0x12adc: jne 0x12b3d
0x12ade: mov ax, 0xa000
0x12ae1: mov es, ax
0x12ae3: mov ax, 0x13
0x12ae6: int 0x10
0x12ae8: mov di, 0x58c
0x12aeb: mov cx, 0xc4
0x12aee: push cx
0x12aef: mov cx, 0x14
0x12af2: mov byte ptr es:[di], al
0x12af5: inc di
0x12af6: loop 0x12af2
0x12af8: add di, 0x12c
0x12afc: pop cx
0x12afd: loop 0x12aee
0x12aff: mov di, 0xbbc6
0x12b02: mov cx, 0x12
0x12b05: push cx
0x12b06: mov cx, 0xa0