Sample viewer

vx.netlux.org/Virus.DOS.XPEH.5488

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:40:18.944584168Z	48	PC: 13957 \| Get DOS version
2018-12-17T22:40:18.957586061Z	42	PC: 13588 \| Get date 0x13588: cmp cx, word ptr [bp + 4] 0x1358b: jb 0x13595 0x1358d: cmp dh, byte ptr [bp + 6] 0x13590: jb 0x13595 0x13592: clc 0x13593: jmp 0x13596 0x13595: stc 0x13596: pop dx 0x13597: pop cx 0x13598: pop ax 0x13599: pop bp 0x1359a: ret 4 0x1359d: push ax 0x1359e: push cx 0x1359f: push di 0x135a0: push es 0x135a1: cld 0x135a2: mov di, word ptr cs:[0x86] 0x135a7: add di, 0x1f 0x135aa: mov ax, word ptr cs:[0x84]
2018-12-17T22:40:18.959977795Z	193	PC: 13985 \| UNKNOWN!
2018-12-17T22:40:18.965871479Z	37	PC: 13b28 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:40:18.96815792Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6959,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:46.167501502Z	48	PC: 13957 \| Get DOS version
2018-12-25T12:00:46.171071829Z	42	PC: 13588 \| Get date 0x13588: cmp cx, word ptr [bp + 4] 0x1358b: jb 0x13595 0x1358d: cmp dh, byte ptr [bp + 6] 0x13590: jb 0x13595 0x13592: clc 0x13593: jmp 0x13596 0x13595: stc 0x13596: pop dx 0x13597: pop cx 0x13598: pop ax 0x13599: pop bp 0x1359a: ret 4 0x1359d: push ax 0x1359e: push cx 0x1359f: push di 0x135a0: push es 0x135a1: cld 0x135a2: mov di, word ptr cs:[0x86] 0x135a7: add di, 0x1f 0x135aa: mov ax, word ptr cs:[0x84]
2018-12-25T12:00:46.182858828Z	193	PC: 13985 \| UNKNOWN!
2018-12-25T12:00:46.188545841Z	37	PC: 13b28 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:00:46.190558205Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6959,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:46.293443208Z	48	PC: 13957 \| Get DOS version
2018-12-25T12:00:46.29666784Z	42	PC: 13588 \| Get date 0x13588: cmp cx, word ptr [bp + 4] 0x1358b: jb 0x13595 0x1358d: cmp dh, byte ptr [bp + 6] 0x13590: jb 0x13595 0x13592: clc 0x13593: jmp 0x13596 0x13595: stc 0x13596: pop dx 0x13597: pop cx 0x13598: pop ax 0x13599: pop bp 0x1359a: ret 4 0x1359d: push ax 0x1359e: push cx 0x1359f: push di 0x135a0: push es 0x135a1: cld 0x135a2: mov di, word ptr cs:[0x86] 0x135a7: add di, 0x1f 0x135aa: mov ax, word ptr cs:[0x84]
2018-12-25T12:00:46.299920187Z	193	PC: 13985 \| UNKNOWN!
2018-12-25T12:00:46.306295786Z	37	PC: 13b28 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:00:46.308540862Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6959,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:46.77283284Z	48	PC: 13957 \| Get DOS version
2018-12-25T12:00:46.777764743Z	42	PC: 13588 \| Get date 0x13588: cmp cx, word ptr [bp + 4] 0x1358b: jb 0x13595 0x1358d: cmp dh, byte ptr [bp + 6] 0x13590: jb 0x13595 0x13592: clc 0x13593: jmp 0x13596 0x13595: stc 0x13596: pop dx 0x13597: pop cx 0x13598: pop ax 0x13599: pop bp 0x1359a: ret 4 0x1359d: push ax 0x1359e: push cx 0x1359f: push di 0x135a0: push es 0x135a1: cld 0x135a2: mov di, word ptr cs:[0x86] 0x135a7: add di, 0x1f 0x135aa: mov ax, word ptr cs:[0x84]
2018-12-25T12:00:46.78014571Z	193	PC: 13985 \| UNKNOWN!
2018-12-25T12:00:46.78474407Z	37	PC: 13b28 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:00:46.787216723Z	9	PC: 12e26 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')