Sample viewer

vx.netlux.org/Virus.DOS.Fellow.1019

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:56:25.793791652Z 208 PC: 12e05 | UNKNOWN!
2018-12-17T21:56:25.797173762Z 74 PC: 12aba | Reallocate memory
2018-12-17T21:56:25.798923455Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:25.800441703Z 37 PC: 12ae3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:25.803297681Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dh, 9
0x12aea: jne 0x12af2
0x12aec: or byte ptr cs:[0x1a], 1
0x12af2: cli
0x12af3: mov es, word ptr [0x1b]
0x12af7: xor di, di
0x12af9: mov cx, 0xffff
0x12afc: mov al, 0
0x12afe: cld
0x12aff: repne scasb al, byte ptr es:[di]
0x12b01: cmp byte ptr es:[di], al
0x12b04: jne 0x12aff
0x12b06: mov dx, di
0x12b08: add dx, 3
0x12b0b: push es
0x12b0c: pop ds
0x12b0d: mov bx, cs
0x12b0f: mov ss, bx
0x12b11: mov es, bx
0x12b13: mov sp, 0x44b
2018-12-17T21:56:25.80609006Z 75 PC: 12b23 | Execute program
2018-12-17T21:56:25.821339716Z 73 PC: 12b2d | Release memory
2018-12-17T21:56:25.824810998Z 49 PC: 12b35 | Terminate and stay resident (Return code = '0' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":703,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:26.793070053Z 208 PC: 12e05 | UNKNOWN!
2018-12-25T11:41:26.795191326Z 74 PC: 12aba | Reallocate memory
2018-12-25T11:41:26.796639003Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:26.797817079Z 37 PC: 12ae3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:26.799563793Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dh, 9
0x12aea: jne 0x12af2
0x12aec: or byte ptr cs:[0x1a], 1
0x12af2: cli
0x12af3: mov es, word ptr [0x1b]
0x12af7: xor di, di
0x12af9: mov cx, 0xffff
0x12afc: mov al, 0
0x12afe: cld
0x12aff: repne scasb al, byte ptr es:[di]
0x12b01: cmp byte ptr es:[di], al
0x12b04: jne 0x12aff
0x12b06: mov dx, di
0x12b08: add dx, 3
0x12b0b: push es
0x12b0c: pop ds
0x12b0d: mov bx, cs
0x12b0f: mov ss, bx
0x12b11: mov es, bx
0x12b13: mov sp, 0x44b
2018-12-25T11:41:26.801909412Z 75 PC: 12b23 | Execute program
2018-12-25T11:41:26.812818754Z 73 PC: 12b2d | Release memory
2018-12-25T11:41:26.82032842Z 49 PC: 12b35 | Terminate and stay resident (Return code = '0' | Memory size = '128')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":703,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:27.34332906Z 208 PC: 12e05 | UNKNOWN!
2018-12-25T11:41:27.344779198Z 74 PC: 12aba | Reallocate memory
2018-12-25T11:41:27.34666965Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:27.347932174Z 37 PC: 12ae3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:27.349166928Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dh, 9
0x12aea: jne 0x12af2
0x12aec: or byte ptr cs:[0x1a], 1
0x12af2: cli
0x12af3: mov es, word ptr [0x1b]
0x12af7: xor di, di
0x12af9: mov cx, 0xffff
0x12afc: mov al, 0
0x12afe: cld
0x12aff: repne scasb al, byte ptr es:[di]
0x12b01: cmp byte ptr es:[di], al
0x12b04: jne 0x12aff
0x12b06: mov dx, di
0x12b08: add dx, 3
0x12b0b: push es
0x12b0c: pop ds
0x12b0d: mov bx, cs
0x12b0f: mov ss, bx
0x12b11: mov es, bx
0x12b13: mov sp, 0x44b
2018-12-25T11:41:27.352043421Z 75 PC: 12b23 | Execute program
2018-12-25T11:41:27.374676143Z 73 PC: 12b2d | Release memory
2018-12-25T11:41:27.376172215Z 49 PC: 12b35 | Terminate and stay resident (Return code = '0' | Memory size = '128')