Sample viewer

vx.netlux.org/Virus.DOS.Selectron.1800

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:35:39.572995633Z 42 PC: 17c86 | Get date 0x17c86: mov ah, dl
0x17c88: cmp ax, 0xd05
0x17c8b: jne 0x17c90
0x17c8d: jmp 0x17db0
0x17c90: mov di, 0x80
0x17c93: xor ch, ch
0x17c95: mov cl, byte ptr [di]
0x17c97: inc di
0x17c98: mov al, 0x20
0x17c9a: cld
0x17c9b: repe scasb al, byte ptr es:[di]
0x17c9d: dec di
0x17c9e: push di
0x17c9f: lea si, word ptr [bp + 0x541]
0x17ca3: mov cl, 5
0x17ca5: repe cmpsb byte ptr [si], byte ptr es:[di]
0x17ca7: pop di
0x17ca8: je 0x17cb7
0x17caa: lea si, word ptr [bp + 0x546]
0x17cae: mov cl, 5
2018-12-17T22:35:39.576387224Z 254 PC: 17d11 | UNKNOWN!
2018-12-17T22:35:39.577693253Z 48 PC: 17d1a | Get DOS version
2018-12-17T22:35:39.579413399Z 37 PC: 17cd5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:39.581604659Z 53 PC: 17cda | Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:35:39.583660434Z 37 PC: 17ce9 | Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-17T22:35:39.590120299Z 48 PC: 18097 | Get DOS version
2018-12-17T22:35:39.592347226Z 37 PC: 182f6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-17T22:35:39.606901732Z 37 PC: 1832a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:35:39.60834033Z 37 PC: 182c4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6432,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:19.480572365Z 42 PC: 17c86 | Get date 0x17c86: mov ah, dl
0x17c88: cmp ax, 0xd05
0x17c8b: jne 0x17c90
0x17c8d: jmp 0x17db0
0x17c90: mov di, 0x80
0x17c93: xor ch, ch
0x17c95: mov cl, byte ptr [di]
0x17c97: inc di
0x17c98: mov al, 0x20
0x17c9a: cld
0x17c9b: repe scasb al, byte ptr es:[di]
0x17c9d: dec di
0x17c9e: push di
0x17c9f: lea si, word ptr [bp + 0x541]
0x17ca3: mov cl, 5
0x17ca5: repe cmpsb byte ptr [si], byte ptr es:[di]
0x17ca7: pop di
0x17ca8: je 0x17cb7
0x17caa: lea si, word ptr [bp + 0x546]
0x17cae: mov cl, 5
2018-12-25T11:59:19.483212202Z 254 PC: 17d11 | UNKNOWN!
2018-12-25T11:59:19.483875213Z 48 PC: 17d1a | Get DOS version
2018-12-25T11:59:19.484988877Z 37 PC: 17cd5 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:19.486509854Z 53 PC: 17cda | Get interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T11:59:19.487653312Z 37 PC: 17ce9 | Set interrupt vector (Interrupt = '23' AKA 'Rename file')
2018-12-25T11:59:19.493413209Z 48 PC: 18097 | Get DOS version
2018-12-25T11:59:19.49557581Z 37 PC: 182f6 | Set interrupt vector (Interrupt = '27' AKA 'Get allocation info for default drive')
2018-12-25T11:59:19.497554069Z 37 PC: 1832a | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:59:19.499562812Z 37 PC: 182c4 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')

{"DateBased":true,"Day":13,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6432,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:59:19.310772093Z 42 PC: 17c86 | Get date 0x17c86: mov ah, dl
0x17c88: cmp ax, 0xd05
0x17c8b: jne 0x17c90
0x17c8d: jmp 0x17db0
0x17c90: mov di, 0x80
0x17c93: xor ch, ch
0x17c95: mov cl, byte ptr [di]
0x17c97: inc di
0x17c98: mov al, 0x20
0x17c9a: cld
0x17c9b: repe scasb al, byte ptr es:[di]
0x17c9d: dec di
0x17c9e: push di
0x17c9f: lea si, word ptr [bp + 0x541]
0x17ca3: mov cl, 5
0x17ca5: repe cmpsb byte ptr [si], byte ptr es:[di]
0x17ca7: pop di
0x17ca8: je 0x17cb7
0x17caa: lea si, word ptr [bp + 0x546]
0x17cae: mov cl, 5