Sample viewer

vx.netlux.org/Virus.DOS.WeihNacht.1111

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:33:31.863963143Z	42	PC: 12be5 \| Get date 0x12be5: cmp dx, 0xc18 0x12be9: jl 0x12bee 0x12beb: jmp 0x12cc1 0x12bee: mov ax, cs 0x12bf0: mov word ptr cs:[0x28], ax 0x12bf4: mov word ptr cs:[0x2c], ax 0x12bf8: mov word ptr cs:[0x30], ax 0x12bfc: mov ah, 0x51 0x12bfe: int 0x21 0x12c00: mov es, bx 0x12c02: mov es, word ptr es:[0x2c] 0x12c07: mov word ptr cs:[0x24], es 0x12c0c: xor di, di 0x12c0e: mov cx, 0x7fff 0x12c11: mov al, 0 0x12c13: cmp byte ptr es:[di], 0x43 0x12c17: je 0x12c1d 0x12c19: repne scasb al, byte ptr es:[di] 0x12c1b: jmp 0x12c13 0x12c1d: mov dx, cs
2018-12-17T22:33:31.866101814Z	81	PC: 12c00 \| Get current PSP
2018-12-17T22:33:31.867125252Z	74	PC: 12c8c \| Reallocate memory
2018-12-17T22:33:31.868456864Z	75	PC: 12ca7 \| Execute program
2018-12-17T22:33:31.886892407Z	80	PC: 14859 \| Set current PSP
2018-12-17T22:33:31.88906538Z	48	PC: 1485e \| Get DOS version
2018-12-17T22:33:31.891159522Z	99	PC: 1b040 \| Get DBCS lead byte table pointer
2018-12-17T22:33:31.895624022Z	101	PC: 148e4 \| Get extended country info
2018-12-17T22:33:31.898079397Z	99	PC: 148ea \| Get DBCS lead byte table pointer
2018-12-17T22:33:31.900371197Z	74	PC: 1494c \| Reallocate memory
2018-12-17T22:33:31.903760677Z	25	PC: 14983 \| Get default drive
2018-12-17T22:33:31.905060822Z	37	PC: 14443 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:33:31.906177362Z	37	PC: 1444a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:33:31.908015225Z	37	PC: 14451 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:33:31.911328348Z	74	PC: 135ec \| Reallocate memory
2018-12-17T22:33:31.912534051Z	72	PC: 1362d \| Allocate memory
2018-12-17T22:33:31.915061168Z	72	PC: 13665 \| Allocate memory
2018-12-17T22:33:31.916598699Z	72	PC: 1366d \| Allocate memory

{"DateBased":true,"Day":24,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6002,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:14.963784667Z	42	PC: 12be5 \| Get date 0x12be5: cmp dx, 0xc18 0x12be9: jl 0x12bee 0x12beb: jmp 0x12cc1 0x12bee: mov ax, cs 0x12bf0: mov word ptr cs:[0x28], ax 0x12bf4: mov word ptr cs:[0x2c], ax 0x12bf8: mov word ptr cs:[0x30], ax 0x12bfc: mov ah, 0x51 0x12bfe: int 0x21 0x12c00: mov es, bx 0x12c02: mov es, word ptr es:[0x2c] 0x12c07: mov word ptr cs:[0x24], es 0x12c0c: xor di, di 0x12c0e: mov cx, 0x7fff 0x12c11: mov al, 0 0x12c13: cmp byte ptr es:[di], 0x43 0x12c17: je 0x12c1d 0x12c19: repne scasb al, byte ptr es:[di] 0x12c1b: jmp 0x12c13 0x12c1d: mov dx, cs

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6002,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:58:15.286794169Z	42	PC: 12be5 \| Get date 0x12be5: cmp dx, 0xc18 0x12be9: jl 0x12bee 0x12beb: jmp 0x12cc1 0x12bee: mov ax, cs 0x12bf0: mov word ptr cs:[0x28], ax 0x12bf4: mov word ptr cs:[0x2c], ax 0x12bf8: mov word ptr cs:[0x30], ax 0x12bfc: mov ah, 0x51 0x12bfe: int 0x21 0x12c00: mov es, bx 0x12c02: mov es, word ptr es:[0x2c] 0x12c07: mov word ptr cs:[0x24], es 0x12c0c: xor di, di 0x12c0e: mov cx, 0x7fff 0x12c11: mov al, 0 0x12c13: cmp byte ptr es:[di], 0x43 0x12c17: je 0x12c1d 0x12c19: repne scasb al, byte ptr es:[di] 0x12c1b: jmp 0x12c13 0x12c1d: mov dx, cs
2018-12-25T11:58:15.289620043Z	81	PC: 12c00 \| Get current PSP
2018-12-25T11:58:15.290858276Z	74	PC: 12c8c \| Reallocate memory
2018-12-25T11:58:15.292496553Z	75	PC: 12ca7 \| Execute program
2018-12-25T11:58:15.313750273Z	80	PC: 14859 \| Set current PSP
2018-12-25T11:58:15.314642488Z	48	PC: 1485e \| Get DOS version
2018-12-25T11:58:15.316070365Z	99	PC: 1b040 \| Get DBCS lead byte table pointer
2018-12-25T11:58:15.320384821Z	101	PC: 148e4 \| Get extended country info
2018-12-25T11:58:15.322345236Z	99	PC: 148ea \| Get DBCS lead byte table pointer
2018-12-25T11:58:15.323585991Z	74	PC: 1494c \| Reallocate memory
2018-12-25T11:58:15.325351547Z	25	PC: 14983 \| Get default drive
2018-12-25T11:58:15.326399745Z	37	PC: 14443 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:58:15.327390642Z	37	PC: 1444a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:58:15.329572148Z	37	PC: 14451 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:58:15.333648946Z	74	PC: 135ec \| Reallocate memory
2018-12-25T11:58:15.335042309Z	72	PC: 1362d \| Allocate memory
2018-12-25T11:58:15.337097259Z	72	PC: 13665 \| Allocate memory
2018-12-25T11:58:15.338826163Z	72	PC: 1366d \| Allocate memory