Sample viewer

vx.netlux.org/Virus.DOS.Hero.394

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:40:26.661063482Z 255 PC: 1302a | UNKNOWN!
2018-12-17T22:40:26.662556916Z 53 PC: 13039 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:26.664160849Z 37 PC: 1305d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:26.665716961Z 42 PC: 13152 | Get date 0x13152: cmp dl, 1
0x13155: jne 0x13172
0x13157: push cs
0x13158: pop ds
0x13159: mov ah, 9
0x1315b: mov dx, 0x36d
0x1315e: add dx, si
0x13160: mov si, dx
0x13162: mov cx, 0x19
0x13165: add byte ptr [si], cl
0x13167: not byte ptr [si]
0x13169: inc si
0x1316a: loop 0x13165
0x1316c: int 0x21
0x1316e: mov ah, 7
0x13170: int 0x21
0x13172: pop es
0x13173: pop ds
0x13174: lcall 0x12ee:0x123
0x13179: add byte ptr [bx + si], al
2018-12-17T22:40:26.668257313Z 76 PC: 13007 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6988,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:47.51943934Z 255 PC: 1302a | UNKNOWN!
2018-12-25T12:00:47.521190931Z 53 PC: 13039 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:47.522354087Z 37 PC: 1305d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:47.523401961Z 42 PC: 13152 | Get date 0x13152: cmp dl, 1
0x13155: jne 0x13172
0x13157: push cs
0x13158: pop ds
0x13159: mov ah, 9
0x1315b: mov dx, 0x36d
0x1315e: add dx, si
0x13160: mov si, dx
0x13162: mov cx, 0x19
0x13165: add byte ptr [si], cl
0x13167: not byte ptr [si]
0x13169: inc si
0x1316a: loop 0x13165
0x1316c: int 0x21
0x1316e: mov ah, 7
0x13170: int 0x21
0x13172: pop es
0x13173: pop ds
0x13174: lcall 0x12ee:0x123
0x13179: add byte ptr [bx + si], al
2018-12-25T12:00:47.525771407Z 9 PC: 1316e | Display string (Could not find end pointer)
2018-12-25T12:00:47.551595434Z 7 PC: 13172 | Direct console input without echo

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6988,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:47.734931509Z 255 PC: 1302a | UNKNOWN!
2018-12-25T12:00:47.736299432Z 53 PC: 13039 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:47.737565569Z 37 PC: 1305d | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:47.738792117Z 42 PC: 13152 | Get date 0x13152: cmp dl, 1
0x13155: jne 0x13172
0x13157: push cs
0x13158: pop ds
0x13159: mov ah, 9
0x1315b: mov dx, 0x36d
0x1315e: add dx, si
0x13160: mov si, dx
0x13162: mov cx, 0x19
0x13165: add byte ptr [si], cl
0x13167: not byte ptr [si]
0x13169: inc si
0x1316a: loop 0x13165
0x1316c: int 0x21
0x1316e: mov ah, 7
0x13170: int 0x21
0x13172: pop es
0x13173: pop ds
0x13174: lcall 0x12ee:0x123
0x13179: add byte ptr [bx + si], al
2018-12-25T12:00:47.741911009Z 76 PC: 13007 | Terminate with return code (Return code = '3')