Sample viewer

vx.netlux.org/Virus.DOS.Trance.1721

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:41:20.922141437Z	48	PC: 13de3 \| Get DOS version
2018-12-17T22:41:20.924665187Z	42	PC: 13e67 \| Get date 0x13e67: cmp al, 1 0x13e69: jne 0x13e80 0x13e6b: cmp dl, 1 0x13e6e: jne 0x13e80 0x13e70: lea bx, word ptr [0x70a] 0x13e74: sub ax, ax 0x13e76: mov ds, ax 0x13e78: mov di, 0x70 0x13e7b: mov word ptr [di + 2], es 0x13e7e: mov word ptr [di], bx 0x13e80: sub byte ptr [0x413], 4 0x13e85: push cs 0x13e86: pop ds 0x13e87: push ds 0x13e88: pop es 0x13e89: cld 0x13e8a: lea si, word ptr [bp + 0x1e6] 0x13e8e: mov di, 0x100 0x13e91: movsw word ptr es:[di], word ptr [si] 0x13e92: movsb byte ptr es:[di], byte ptr [si]
2018-12-17T22:41:20.927348397Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7188,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:58.206901467Z	48	PC: 13de3 \| Get DOS version
2018-12-25T12:00:58.208898406Z	42	PC: 13e67 \| Get date 0x13e67: cmp al, 1 0x13e69: jne 0x13e80 0x13e6b: cmp dl, 1 0x13e6e: jne 0x13e80 0x13e70: lea bx, word ptr [0x70a] 0x13e74: sub ax, ax 0x13e76: mov ds, ax 0x13e78: mov di, 0x70 0x13e7b: mov word ptr [di + 2], es 0x13e7e: mov word ptr [di], bx 0x13e80: sub byte ptr [0x413], 4 0x13e85: push cs 0x13e86: pop ds 0x13e87: push ds 0x13e88: pop es 0x13e89: cld 0x13e8a: lea si, word ptr [bp + 0x1e6] 0x13e8e: mov di, 0x100 0x13e91: movsw word ptr es:[di], word ptr [si] 0x13e92: movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:00:58.211314117Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7188,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:58.367478392Z	48	PC: 13de3 \| Get DOS version
2018-12-25T12:00:58.370148506Z	42	PC: 13e67 \| Get date 0x13e67: cmp al, 1 0x13e69: jne 0x13e80 0x13e6b: cmp dl, 1 0x13e6e: jne 0x13e80 0x13e70: lea bx, word ptr [0x70a] 0x13e74: sub ax, ax 0x13e76: mov ds, ax 0x13e78: mov di, 0x70 0x13e7b: mov word ptr [di + 2], es 0x13e7e: mov word ptr [di], bx 0x13e80: sub byte ptr [0x413], 4 0x13e85: push cs 0x13e86: pop ds 0x13e87: push ds 0x13e88: pop es 0x13e89: cld 0x13e8a: lea si, word ptr [bp + 0x1e6] 0x13e8e: mov di, 0x100 0x13e91: movsw word ptr es:[di], word ptr [si] 0x13e92: movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:00:58.37273231Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7188,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:00:58.400230279Z	48	PC: 13de3 \| Get DOS version
2018-12-25T12:00:58.405150915Z	42	PC: 13e67 \| Get date 0x13e67: cmp al, 1 0x13e69: jne 0x13e80 0x13e6b: cmp dl, 1 0x13e6e: jne 0x13e80 0x13e70: lea bx, word ptr [0x70a] 0x13e74: sub ax, ax 0x13e76: mov ds, ax 0x13e78: mov di, 0x70 0x13e7b: mov word ptr [di + 2], es 0x13e7e: mov word ptr [di], bx 0x13e80: sub byte ptr [0x413], 4 0x13e85: push cs 0x13e86: pop ds 0x13e87: push ds 0x13e88: pop es 0x13e89: cld 0x13e8a: lea si, word ptr [bp + 0x1e6] 0x13e8e: mov di, 0x100 0x13e91: movsw word ptr es:[di], word ptr [si] 0x13e92: movsb byte ptr es:[di], byte ptr [si]
2018-12-25T12:00:58.407777185Z	9	PC: 13dc6 \| Display string (String= 'CDEFG-This is a 5000 byte COM test, 1994 ')