Sample viewer

vx.netlux.org/Virus.DOS.Level3.4870

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:34:31.921519339Z 42 PC: 1398a | Get date 0x1398a: cmp dl, 7
0x1398d: jne 0x139a3
0x1398f: mov ah, 9
0x13991: mov dx, 0xff7
0x13994: int 0x21
0x13996: mov dx, 0x3cc
0x13999: in al, dx
0x1399a: and al, 0xfd
0x1399c: mov dl, 0xc2
0x1399e: out dx, al
0x1399f: mov ah, 0x4c
0x139a1: int 0x21
0x139a3: call 0x23905
0x139a6: mov ah, 0x62
0x139a8: int 0x21
0x139aa: push bx
0x139ab: xor ax, ax
0x139ad: mov ds, ax
0x139af: mov ds, word ptr [0x4fe]
0x139b3: cmp word ptr [0xe81], 0x4f43
2018-12-17T22:34:31.924637886Z 82 PC: 13922 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:34:31.925916346Z 98 PC: 139aa | Get current PSP
2018-12-17T22:34:31.927813984Z 82 PC: 9f612 | Get DOS internal pointers (SYSVARS)
2018-12-17T22:34:31.92953041Z 76 PC: 12ac5 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6184,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:47.713585702Z 42 PC: 1398a | Get date 0x1398a: cmp dl, 7
0x1398d: jne 0x139a3
0x1398f: mov ah, 9
0x13991: mov dx, 0xff7
0x13994: int 0x21
0x13996: mov dx, 0x3cc
0x13999: in al, dx
0x1399a: and al, 0xfd
0x1399c: mov dl, 0xc2
0x1399e: out dx, al
0x1399f: mov ah, 0x4c
0x139a1: int 0x21
0x139a3: call 0x23905
0x139a6: mov ah, 0x62
0x139a8: int 0x21
0x139aa: push bx
0x139ab: xor ax, ax
0x139ad: mov ds, ax
0x139af: mov ds, word ptr [0x4fe]
0x139b3: cmp word ptr [0xe81], 0x4f43
2018-12-25T11:58:47.7166687Z 82 PC: 13922 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:58:47.719172315Z 98 PC: 139aa | Get current PSP
2018-12-25T11:58:47.721688909Z 82 PC: 9f612 | Get DOS internal pointers (SYSVARS)
2018-12-25T11:58:47.723292394Z 76 PC: 12ac5 | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6184,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:58:47.775981579Z 42 PC: 1398a | Get date 0x1398a: cmp dl, 7
0x1398d: jne 0x139a3
0x1398f: mov ah, 9
0x13991: mov dx, 0xff7
0x13994: int 0x21
0x13996: mov dx, 0x3cc
0x13999: in al, dx
0x1399a: and al, 0xfd
0x1399c: mov dl, 0xc2
0x1399e: out dx, al
0x1399f: mov ah, 0x4c
0x139a1: int 0x21
0x139a3: call 0x23905
0x139a6: mov ah, 0x62
0x139a8: int 0x21
0x139aa: push bx
0x139ab: xor ax, ax
0x139ad: mov ds, ax
0x139af: mov ds, word ptr [0x4fe]
0x139b3: cmp word ptr [0xe81], 0x4f43
2018-12-25T11:58:47.779908803Z 9 PC: 13996 | Display string (String= '�^Y��u&�&����u�ZX�COMMAND������P��P���+I��������� �u�*�!��u� ���!���')
2018-12-25T11:58:47.788627103Z 76 PC: 139a3 | Terminate with return code (Return code = '101')