Sample viewer

vx.netlux.org/Virus.DOS.SillyRC.328

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:55:49.81012679Z	37	PC: 1478d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:49.811776953Z	42	PC: 14791 \| Get date 0x14791: cmp dl, 0xd 0x14794: jne 0x14798 0x14796: int 0x18 0x14798: pop ds 0x14799: pop es 0x1479a: popaw 0x1479b: push 0x100 0x1479e: ret 0x1479f: pushf 0x147a0: lcall ptr cs:[0x341] 0x147a5: ret 0x147a6: push di 0x147a7: mov di, 0x257 0x147aa: call di 0x147ac: pushaw 0x147ad: pushf 0x147ae: push es 0x147af: push bx 0x147b0: mov ah, 0x2f 0x147b2: call di
2018-12-17T21:55:49.816299913Z	75	PC: 12aea \| Execute program
2018-12-17T21:55:49.818098216Z	74	PC: 12af5 \| Reallocate memory
2018-12-17T21:55:49.82066692Z	74	PC: 12afd \| Reallocate memory
2018-12-17T21:55:49.822910117Z	72	PC: 12b04 \| Allocate memory
2018-12-17T21:55:49.825098184Z	53	PC: 12b0e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:49.836236788Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:55:49.837498897Z	87	PC: 12bcd \| Get or set file date and time
2018-12-17T21:55:49.839119914Z	63	PC: 12be3 \| Read file or device (Read 4 bytes on handle 9520)
2018-12-17T21:55:49.840682354Z	66	PC: 12bfd \| Move file pointer
2018-12-17T21:55:49.842875479Z	64	PC: 12c1b \| Write file or device (Write 385 bytes on handle 9520)
2018-12-17T21:55:49.844476027Z	66	PC: 12c23 \| Move file pointer
2018-12-17T21:55:49.846115424Z	64	PC: 12c2d \| Write file or device (Write 4 bytes on handle 9520)
2018-12-17T21:55:49.848249524Z	87	PC: 12c3c \| Get or set file date and time
2018-12-17T21:55:49.849765374Z	62	PC: 12c40 \| Close file
2018-12-17T21:55:49.851282161Z	67	PC: 12c4c \| Get or set file attributes

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":631,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:23.875847761Z	37	PC: 1478d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:23.877525898Z	42	PC: 14791 \| Get date 0x14791: cmp dl, 0xd 0x14794: jne 0x14798 0x14796: int 0x18 0x14798: pop ds 0x14799: pop es 0x1479a: popaw 0x1479b: push 0x100 0x1479e: ret 0x1479f: pushf 0x147a0: lcall ptr cs:[0x341] 0x147a5: ret 0x147a6: push di 0x147a7: mov di, 0x257 0x147aa: call di 0x147ac: pushaw 0x147ad: pushf 0x147ae: push es 0x147af: push bx 0x147b0: mov ah, 0x2f 0x147b2: call di
2018-12-25T11:41:23.881778235Z	75	PC: 12aea \| Execute program
2018-12-25T11:41:23.883150654Z	74	PC: 12af5 \| Reallocate memory
2018-12-25T11:41:23.886760296Z	74	PC: 12afd \| Reallocate memory
2018-12-25T11:41:23.888028943Z	72	PC: 12b04 \| Allocate memory
2018-12-25T11:41:23.88959661Z	53	PC: 12b0e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:23.89274745Z	37	PC: 12b3a \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:23.894214003Z	87	PC: 12bcd \| Get or set file date and time
2018-12-25T11:41:23.895716835Z	63	PC: 12be3 \| Read file or device (Read 4 bytes on handle 9520)
2018-12-25T11:41:23.897366262Z	66	PC: 12bfd \| Move file pointer
2018-12-25T11:41:23.899297508Z	64	PC: 12c1b \| Write file or device (Write 385 bytes on handle 9520)
2018-12-25T11:41:23.900765093Z	66	PC: 12c23 \| Move file pointer
2018-12-25T11:41:23.902288141Z	64	PC: 12c2d \| Write file or device (Write 4 bytes on handle 9520)
2018-12-25T11:41:23.904391594Z	87	PC: 12c3c \| Get or set file date and time
2018-12-25T11:41:23.905937689Z	62	PC: 12c40 \| Close file
2018-12-25T11:41:23.907450644Z	67	PC: 12c4c \| Get or set file attributes

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":631,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:23.877480319Z	37	PC: 1478d \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:23.878860303Z	42	PC: 14791 \| Get date 0x14791: cmp dl, 0xd 0x14794: jne 0x14798 0x14796: int 0x18 0x14798: pop ds 0x14799: pop es 0x1479a: popaw 0x1479b: push 0x100 0x1479e: ret 0x1479f: pushf 0x147a0: lcall ptr cs:[0x341] 0x147a5: ret 0x147a6: push di 0x147a7: mov di, 0x257 0x147aa: call di 0x147ac: pushaw 0x147ad: pushf 0x147ae: push es 0x147af: push bx 0x147b0: mov ah, 0x2f 0x147b2: call di