Sample viewer

vx.netlux.org/Virus.DOS.NeverMind.838

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:00.492923496Z 53 PC: 151c9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:00.494532999Z 37 PC: 151d9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:34:00.49555709Z 42 PC: 151dd | Get date 0x151dd: cmp dl, 1
0x151e0: je 0x151e5
0x151e2: jmp 0x15215
0x151e4: nop
0x151e5: mov ax, cs
0x151e7: mov ds, ax
0x151e9: mov dx, 0x336
0x151ec: add dx, bp
0x151ee: mov ax, 0x3d00
0x151f1: int 0x21
0x151f3: jb 0x151fb
0x151f5: mov bx, ax
0x151f7: mov ah, 0x3e
0x151f9: jmp 0x15215
0x151fb: mov ah, 0x3c
0x151fd: xor cx, cx
0x151ff: int 0x21
0x15201: jb 0x15215
0x15203: mov bx, ax
0x15205: mov ah, 0x40
2018-12-17T22:34:00.497613098Z 9 PC: 12a4c | Display string (String= 'This program exists to become infected - COM version. ')
2018-12-17T22:34:00.502084752Z 76 PC: 12a51 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6083,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:27.166638019Z 53 PC: 151c9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:27.16858311Z 37 PC: 151d9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:27.169538215Z 42 PC: 151dd | Get date 0x151dd: cmp dl, 1
0x151e0: je 0x151e5
0x151e2: jmp 0x15215
0x151e4: nop
0x151e5: mov ax, cs
0x151e7: mov ds, ax
0x151e9: mov dx, 0x336
0x151ec: add dx, bp
0x151ee: mov ax, 0x3d00
0x151f1: int 0x21
0x151f3: jb 0x151fb
0x151f5: mov bx, ax
0x151f7: mov ah, 0x3e
0x151f9: jmp 0x15215
0x151fb: mov ah, 0x3c
0x151fd: xor cx, cx
0x151ff: int 0x21
0x15201: jb 0x15215
0x15203: mov bx, ax
0x15205: mov ah, 0x40
2018-12-25T11:58:27.171577793Z 61 PC: 151f3 | Open file (Filename = '���>8')
2018-12-25T11:58:27.17774429Z 60 PC: 15201 | Create or truncate file
2018-12-25T11:58:27.507813337Z 64 PC: 15211 | Write file or device (Write 157 bytes on handle 5)
2018-12-25T11:58:27.516832145Z 62 PC: 15215 | Close file
2018-12-25T11:58:27.524389406Z 9 PC: 12a4c | Display string (String= 'This program exists to become infected - COM version. ')
2018-12-25T11:58:27.529770781Z 76 PC: 12a51 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6083,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:27.291283029Z 53 PC: 151c9 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:27.293747753Z 37 PC: 151d9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:58:27.295048956Z 42 PC: 151dd | Get date 0x151dd: cmp dl, 1
0x151e0: je 0x151e5
0x151e2: jmp 0x15215
0x151e4: nop
0x151e5: mov ax, cs
0x151e7: mov ds, ax
0x151e9: mov dx, 0x336
0x151ec: add dx, bp
0x151ee: mov ax, 0x3d00
0x151f1: int 0x21
0x151f3: jb 0x151fb
0x151f5: mov bx, ax
0x151f7: mov ah, 0x3e
0x151f9: jmp 0x15215
0x151fb: mov ah, 0x3c
0x151fd: xor cx, cx
0x151ff: int 0x21
0x15201: jb 0x15215
0x15203: mov bx, ax
0x15205: mov ah, 0x40
2018-12-25T11:58:27.297471471Z 9 PC: 12a4c | Display string (String= 'This program exists to become infected - COM version. ')
2018-12-25T11:58:27.3049832Z 76 PC: 12a51 | Terminate with return code (Return code = '1')