Sample viewer

vx.netlux.org/Virus.DOS.Mich_II.924

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:15.366309804Z	42	PC: 12d7a \| Get date 0x12d7a: mov ah, 3 0x12d7c: mov al, 6 0x12d7e: cmp dx, ax 0x12d80: je 0x12d83 0x12d82: ret 0x12d83: mov si, 0x105 0x12d86: cld 0x12d87: lodsb al, byte ptr [si] 0x12d88: cmp al, 0 0x12d8a: je 0x12d92 0x12d8c: mov ah, 0xe 0x12d8e: int 0x10 0x12d90: jmp 0x12d87 0x12d92: int 5 0x12d94: jmp 0x12d92 0x12d96: push cs 0x12d97: pop es 0x12d98: mov di, 0xfe01 0x12d9b: push di 0x12d9c: mov si, 0x1d6
2018-12-17T22:35:15.369088285Z	74	PC: 12b28 \| Reallocate memory
2018-12-17T22:35:15.374213888Z	88	PC: 12b2d \| case 0xGet or set allocation strateg:
2018-12-17T22:35:15.375901623Z	88	PC: 12b36 \| case 0xGet or set allocation strateg:
2018-12-17T22:35:15.377606721Z	72	PC: 12b3d \| Allocate memory
2018-12-17T22:35:15.380270907Z	73	PC: 12b46 \| Release memory
2018-12-17T22:35:15.382101831Z	88	PC: 12b4e \| case 0xGet or set allocation strateg:
2018-12-17T22:35:15.383765401Z	53	PC: 12b53 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:35:15.385841715Z	53	PC: 12b60 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:15.387841576Z	37	PC: 12b72 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:35:15.389329506Z	37	PC: 12ddb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:15.393402335Z	9	PC: 12ddb \| Display string (String= 'Bad command or file name ')
2018-12-17T22:35:15.408015411Z	49	PC: 12b8d \| Terminate and stay resident (Return code = '0' \| Memory size = '90')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6347,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:10.325815833Z	42	PC: 12d7a \| Get date 0x12d7a: mov ah, 3 0x12d7c: mov al, 6 0x12d7e: cmp dx, ax 0x12d80: je 0x12d83 0x12d82: ret 0x12d83: mov si, 0x105 0x12d86: cld 0x12d87: lodsb al, byte ptr [si] 0x12d88: cmp al, 0 0x12d8a: je 0x12d92 0x12d8c: mov ah, 0xe 0x12d8e: int 0x10 0x12d90: jmp 0x12d87 0x12d92: int 5 0x12d94: jmp 0x12d92 0x12d96: push cs 0x12d97: pop es 0x12d98: mov di, 0xfe01 0x12d9b: push di 0x12d9c: mov si, 0x1d6
2018-12-25T11:59:10.328771071Z	74	PC: 12b28 \| Reallocate memory
2018-12-25T11:59:10.330252952Z	88	PC: 12b2d \| case 0xGet or set allocation strateg:
2018-12-25T11:59:10.331597134Z	88	PC: 12b36 \| case 0xGet or set allocation strateg:
2018-12-25T11:59:10.333445343Z	72	PC: 12b3d \| Allocate memory
2018-12-25T11:59:10.335441746Z	73	PC: 12b46 \| Release memory
2018-12-25T11:59:10.336898553Z	88	PC: 12b4e \| case 0xGet or set allocation strateg:
2018-12-25T11:59:10.338194211Z	53	PC: 12b53 \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:59:10.339699549Z	53	PC: 12b60 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:10.340850719Z	37	PC: 12b72 \| Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T11:59:10.341932167Z	37	PC: 12ddb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:10.343586005Z	9	PC: 12ddb \| Display string (See above)
2018-12-25T11:59:10.346345663Z	49	PC: 12b8d \| Terminate and stay resident (Return code = '0' \| Memory size = '90')

{"DateBased":true,"Day":6,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6347,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:10.495495854Z	42	PC: 12d7a \| Get date 0x12d7a: mov ah, 3 0x12d7c: mov al, 6 0x12d7e: cmp dx, ax 0x12d80: je 0x12d83 0x12d82: ret 0x12d83: mov si, 0x105 0x12d86: cld 0x12d87: lodsb al, byte ptr [si] 0x12d88: cmp al, 0 0x12d8a: je 0x12d92 0x12d8c: mov ah, 0xe 0x12d8e: int 0x10 0x12d90: jmp 0x12d87 0x12d92: int 5 0x12d94: jmp 0x12d92 0x12d96: push cs 0x12d97: pop es 0x12d98: mov di, 0xfe01 0x12d9b: push di 0x12d9c: mov si, 0x1d6