Sample viewer

vx.netlux.org/Virus.DOS.Gvirus.653

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:35:52.3910676Z	11	PC: 9f8b7 \| Get input status
2018-12-17T22:35:52.39376524Z	53	PC: 9f90c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:52.395343666Z	37	PC: 9f920 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:35:52.398138904Z	25	PC: 9f997 \| Get default drive
2018-12-17T22:35:52.401298326Z	67	PC: 9f9ce \| Get or set file attributes
2018-12-17T22:35:52.408384216Z	67	PC: 9f9d8 \| Get or set file attributes
2018-12-17T22:35:52.414918203Z	61	PC: 9f9dd \| Open file (Filename = '')
2018-12-17T22:35:52.421776539Z	87	PC: 9fa74 \| Get or set file date and time
2018-12-17T22:35:52.424556722Z	62	PC: 9fa79 \| Close file
2018-12-17T22:35:52.426419794Z	67	PC: 9fa81 \| Get or set file attributes
2018-12-17T22:35:52.43287575Z	11	PC: 9f938 \| Get input status
2018-12-17T22:35:52.437215633Z	42	PC: 9f8c0 \| Get date 0x9f8c0: cmp cx, word ptr [0x59] 0x9f8c4: jb 0x9f8d5 0x9f8c6: cmp dx, word ptr [0x5b] 0x9f8ca: jb 0x9f8d5 0x9f8cc: push cs 0x9f8cd: pop ds 0x9f8ce: mov dx, 0xf 0x9f8d1: mov ah, 9 0x9f8d3: int 0x21 0x9f8d5: mov ax, word ptr cs:[0x3c] 0x9f8d9: mov ds, ax 0x9f8db: mov es, ax 0x9f8dd: mov ax, word ptr cs:[0x36] 0x9f8e1: ljmp ptr cs:[0x3a] 0x9f8e6: mov ax, word ptr cs:[0x3c] 0x9f8ea: dec ax 0x9f8eb: mov ds, ax 0x9f8ed: cmp byte ptr [0], 0x5a 0x9f8f2: je 0x9f8fd 0x9f8f4: cmp byte ptr [0], 4
2018-12-17T22:35:52.439974605Z	9	PC: 9f8d5 \| Display string (Could not find end pointer)
2018-12-17T22:35:52.445843484Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6475,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:29.026055238Z	11	PC: 9f8b7 \| Get input status
2018-12-25T11:59:29.029148887Z	53	PC: 9f90c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:29.030787777Z	37	PC: 9f920 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:29.03208729Z	25	PC: 9f997 \| Get default drive
2018-12-25T11:59:29.035151012Z	67	PC: 9f9ce \| Get or set file attributes
2018-12-25T11:59:29.042108894Z	67	PC: 9f9d8 \| Get or set file attributes
2018-12-25T11:59:29.048543756Z	61	PC: 9f9dd \| Open file (Filename = '')
2018-12-25T11:59:29.081158275Z	87	PC: 9fa74 \| Get or set file date and time
2018-12-25T11:59:29.083544328Z	62	PC: 9fa79 \| Close file
2018-12-25T11:59:29.085480455Z	67	PC: 9fa81 \| Get or set file attributes
2018-12-25T11:59:29.091899339Z	11	PC: 9f938 \| Get input status
2018-12-25T11:59:29.095205525Z	42	PC: 9f8c0 \| Get date 0x9f8c0: cmp cx, word ptr [0x59] 0x9f8c4: jb 0x9f8d5 0x9f8c6: cmp dx, word ptr [0x5b] 0x9f8ca: jb 0x9f8d5 0x9f8cc: push cs 0x9f8cd: pop ds 0x9f8ce: mov dx, 0xf 0x9f8d1: mov ah, 9 0x9f8d3: int 0x21 0x9f8d5: mov ax, word ptr cs:[0x3c] 0x9f8d9: mov ds, ax 0x9f8db: mov es, ax 0x9f8dd: mov ax, word ptr cs:[0x36] 0x9f8e1: ljmp ptr cs:[0x3a] 0x9f8e6: mov ax, word ptr cs:[0x3c] 0x9f8ea: dec ax 0x9f8eb: mov ds, ax 0x9f8ed: cmp byte ptr [0], 0x5a 0x9f8f2: je 0x9f8fd 0x9f8f4: cmp byte ptr [0], 4
2018-12-25T11:59:29.097711407Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6475,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:59:29.239679865Z	11	PC: 9f8b7 \| Get input status
2018-12-25T11:59:29.242934286Z	53	PC: 9f90c \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:29.244142865Z	37	PC: 9f920 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:59:29.24547363Z	25	PC: 9f997 \| Get default drive
2018-12-25T11:59:29.248832925Z	67	PC: 9f9ce \| Get or set file attributes
2018-12-25T11:59:29.257990486Z	67	PC: 9f9d8 \| Get or set file attributes
2018-12-25T11:59:29.264793984Z	61	PC: 9f9dd \| Open file (Filename = '')
2018-12-25T11:59:29.270022412Z	87	PC: 9fa74 \| Get or set file date and time
2018-12-25T11:59:29.275276286Z	62	PC: 9fa79 \| Close file
2018-12-25T11:59:29.277085021Z	67	PC: 9fa81 \| Get or set file attributes
2018-12-25T11:59:29.283714898Z	11	PC: 9f938 \| Get input status
2018-12-25T11:59:29.287609896Z	42	PC: 9f8c0 \| Get date 0x9f8c0: cmp cx, word ptr [0x59] 0x9f8c4: jb 0x9f8d5 0x9f8c6: cmp dx, word ptr [0x5b] 0x9f8ca: jb 0x9f8d5 0x9f8cc: push cs 0x9f8cd: pop ds 0x9f8ce: mov dx, 0xf 0x9f8d1: mov ah, 9 0x9f8d3: int 0x21 0x9f8d5: mov ax, word ptr cs:[0x3c] 0x9f8d9: mov ds, ax 0x9f8db: mov es, ax 0x9f8dd: mov ax, word ptr cs:[0x36] 0x9f8e1: ljmp ptr cs:[0x3a] 0x9f8e6: mov ax, word ptr cs:[0x3c] 0x9f8ea: dec ax 0x9f8eb: mov ds, ax 0x9f8ed: cmp byte ptr [0], 0x5a 0x9f8f2: je 0x9f8fd 0x9f8f4: cmp byte ptr [0], 4
2018-12-25T11:59:29.290459244Z	76	PC: 12a45 \| Terminate with return code (Return code = '76')