Sample viewer

vx.netlux.org/Virus.DOS.Europe.424

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:40:29.096872422Z 75 PC: 138c9 | Execute program
2018-12-17T22:40:29.100633176Z 80 PC: 12b55 | Set current PSP
2018-12-17T22:40:29.102246997Z 53 PC: 12b6d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:29.10380894Z 37 PC: 12b82 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:40:29.105332602Z 42 PC: 12b86 | Get date 0x12b86: cmp cx, 0x7c8
0x12b8a: je 0x12b9a
0x12b8c: mov si, 0x130
0x12b8f: mov di, 0x100
0x12b92: pop es
0x12b93: push es
0x12b94: push di
0x12b95: movsw word ptr es:[di], word ptr [si]
0x12b96: movsw word ptr es:[di], word ptr [si]
0x12b97: push es
0x12b98: pop ds
0x12b99: retf
0x12b9a: mov ax, 1
0x12b9d: int 0x10
0x12b9f: mov si, 0x27c
0x12ba2: mov cx, 0x12
0x12ba5: lodsb al, byte ptr [si]
0x12ba6: mov bx, 0x18f
0x12ba9: mov ah, 0xe
0x12bab: xor al, 0xaa
2018-12-17T22:40:29.109125186Z 9 PC: 131a3 | Display string (String= 'AME FAT12 ��p�@h  (�h� �����NO NAME FAT12  p�PPPP�7PN p} pFAT12 FAT16 NO NAME 0�� ')
2018-12-17T22:40:29.111847158Z 0 PC: 1318d | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:48.332920217Z 75 PC: 138c9 | Execute program
2018-12-25T12:00:48.335760987Z 80 PC: 12b55 | Set current PSP
2018-12-25T12:00:48.336643826Z 53 PC: 12b6d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:48.337615023Z 37 PC: 12b82 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:48.344337458Z 42 PC: 12b86 | Get date 0x12b86: cmp cx, 0x7c8
0x12b8a: je 0x12b9a
0x12b8c: mov si, 0x130
0x12b8f: mov di, 0x100
0x12b92: pop es
0x12b93: push es
0x12b94: push di
0x12b95: movsw word ptr es:[di], word ptr [si]
0x12b96: movsw word ptr es:[di], word ptr [si]
0x12b97: push es
0x12b98: pop ds
0x12b99: retf
0x12b9a: mov ax, 1
0x12b9d: int 0x10
0x12b9f: mov si, 0x27c
0x12ba2: mov cx, 0x12
0x12ba5: lodsb al, byte ptr [si]
0x12ba6: mov bx, 0x18f
0x12ba9: mov ah, 0xe
0x12bab: xor al, 0xaa
2018-12-25T12:00:48.347150354Z 9 PC: 131a3 | Display string (String= 'AME FAT12 ��p�@h  (�h� �����NO NAME FAT12  p�PPPPPN p} pFAT12 FAT16 NO NAME 0�� ')
2018-12-25T12:00:48.34930443Z 0 PC: 1318d | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1992,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":6999,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:48.580165698Z 75 PC: 138c9 | Execute program
2018-12-25T12:00:48.583084786Z 80 PC: 12b55 | Set current PSP
2018-12-25T12:00:48.583833668Z 53 PC: 12b6d | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:48.584826205Z 37 PC: 12b82 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:00:48.58584436Z 42 PC: 12b86 | Get date 0x12b86: cmp cx, 0x7c8
0x12b8a: je 0x12b9a
0x12b8c: mov si, 0x130
0x12b8f: mov di, 0x100
0x12b92: pop es
0x12b93: push es
0x12b94: push di
0x12b95: movsw word ptr es:[di], word ptr [si]
0x12b96: movsw word ptr es:[di], word ptr [si]
0x12b97: push es
0x12b98: pop ds
0x12b99: retf
0x12b9a: mov ax, 1
0x12b9d: int 0x10
0x12b9f: mov si, 0x27c
0x12ba2: mov cx, 0x12
0x12ba5: lodsb al, byte ptr [si]
0x12ba6: mov bx, 0x18f
0x12ba9: mov ah, 0xe
0x12bab: xor al, 0xaa