Sample viewer

vx.netlux.org/Virus.DOS.VLAD.MonAmi.1098

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:56:46.045224337Z	74	PC: 12a53 \| Reallocate memory
2018-12-17T21:56:46.046778877Z	44	PC: 9f2e2 \| Get time 0x9f2e2: call 0x9f36b 0x9f2e5: mov ax, 0x3521 0x9f2e8: int 0x21 0x9f2ea: push cs 0x9f2eb: pop ds 0x9f2ec: mov si, 0xdf 0x9f2ef: mov word ptr [si + 0x60], bx 0x9f2f2: mov word ptr [si + 0x62], es 0x9f2f5: pop es 0x9f2f6: pop bx 0x9f2f7: xchg dx, si 0x9f2f9: mov ah, 0x25 0x9f2fb: int 0x21 0x9f2fd: dec bx 0x9f2fe: jne 0x9f302 0x9f300: jmp 0x9f367 0x9f302: mov ah, 0x4a 0x9f304: int 0x21 0x9f306: mov ax, cs 0x9f308: dec ax
2018-12-17T21:56:46.04903919Z	53	PC: 9f2ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:46.050061669Z	37	PC: 9f2fd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:56:46.051111361Z	74	PC: 9f306 \| Reallocate memory
2018-12-17T21:56:46.053190454Z	42	PC: 9f317 \| Get date 0x9f317: cmp dl, 3 0x9f31a: jne 0x9f367 0x9f31c: mov bx, 0x90 0x9f31f: mov dl, byte ptr [bx] 0x9f321: xor dl, 0x4d 0x9f324: cmp dl, 0 0x9f327: je 0x9f35c 0x9f329: mov ah, 6 0x9f32b: int 0x21 0x9f32d: inc bx 0x9f32e: jmp 0x9f31f 0x9f330: push ss 0x9f331: insw word ptr es:[di], dx 0x9f332: mov eax, dr7 0x9f335: sub byte ptr [di + 0x1e], ch 0x9f338: sub al, 0x29 0x9f33a: insw word ptr es:[di], dx 0x9f33b: cmp di, word ptr [si + 0x63] 0x9f33e: jl 0x9f2ec 0x9f340: insw word ptr es:[di], dx

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":734,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:44.37908739Z	74	PC: 12a53 \| Reallocate memory
2018-12-25T11:41:44.381212864Z	44	PC: 9f2e2 \| Get time 0x9f2e2: call 0x9f36b 0x9f2e5: mov ax, 0x3521 0x9f2e8: int 0x21 0x9f2ea: push cs 0x9f2eb: pop ds 0x9f2ec: mov si, 0xdf 0x9f2ef: mov word ptr [si + 0x60], bx 0x9f2f2: mov word ptr [si + 0x62], es 0x9f2f5: pop es 0x9f2f6: pop bx 0x9f2f7: xchg dx, si 0x9f2f9: mov ah, 0x25 0x9f2fb: int 0x21 0x9f2fd: dec bx 0x9f2fe: jne 0x9f302 0x9f300: jmp 0x9f367 0x9f302: mov ah, 0x4a 0x9f304: int 0x21 0x9f306: mov ax, cs 0x9f308: dec ax
2018-12-25T11:41:44.383353395Z	53	PC: 9f2ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:44.384478931Z	37	PC: 9f2fd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:44.386668275Z	74	PC: 9f306 \| Reallocate memory
2018-12-25T11:41:44.388343771Z	42	PC: 9f317 \| Get date 0x9f317: cmp dl, 3 0x9f31a: jne 0x9f367 0x9f31c: mov bx, 0x90 0x9f31f: mov dl, byte ptr [bx] 0x9f321: xor dl, 0x4d 0x9f324: cmp dl, 0 0x9f327: je 0x9f35c 0x9f329: mov ah, 6 0x9f32b: int 0x21 0x9f32d: inc bx 0x9f32e: jmp 0x9f31f 0x9f330: push ss 0x9f331: insw word ptr es:[di], dx 0x9f332: mov eax, dr7 0x9f335: sub byte ptr [di + 0x1e], ch 0x9f338: sub al, 0x29 0x9f33a: insw word ptr es:[di], dx 0x9f33b: cmp di, word ptr [si + 0x63] 0x9f33e: jl 0x9f2ec 0x9f340: insw word ptr es:[di], dx
2018-12-25T11:41:44.390424584Z	6	PC: 9f32d \| Direct console I/O
2018-12-25T11:41:44.393268916Z	6	PC: 9f32d \| Direct console I/O (See above)
2018-12-25T11:41:44.395407716Z	6	PC: 9f32d \| Direct console I/O (See above)
2018-12-25T11:41:44.397472764Z	44	PC: 9f6e9 \| Get time 0x9f6e9: ret 0x9f6ea: add byte ptr [bx + si], al 0x9f6ec: add byte ptr [bx + si], al 0x9f6ee: add byte ptr [bx + si], al 0x9f6f0: add byte ptr [bx + si], al 0x9f6f2: add byte ptr [bx + si], al 0x9f6f4: add byte ptr [bx + di], al 0x9f6f6: add byte ptr [bx + si], al 0x9f6f8: add byte ptr [si + 0x65], dh 0x9f6fb: jae 0x9f771 0x9f6fd: arpl word ptr cs:[bx + 0x6d], bp 0x9f701: add byte ptr [bx + si], al 0x9f703: add byte ptr [bx + si], al 0x9f705: add byte ptr [bx + si], al 0x9f707: add byte ptr [bx + si], al 0x9f709: add byte ptr [bx + si], al 0x9f70b: add byte ptr [bx + si], al 0x9f70d: add byte ptr [bx + si], al 0x9f70f: add byte ptr [bx + si], al 0x9f711: add byte ptr [bx + si], al

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":734,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:46.208559581Z	74	PC: 12a53 \| Reallocate memory
2018-12-25T11:41:46.210731462Z	44	PC: 9f2e2 \| Get time 0x9f2e2: call 0x9f36b 0x9f2e5: mov ax, 0x3521 0x9f2e8: int 0x21 0x9f2ea: push cs 0x9f2eb: pop ds 0x9f2ec: mov si, 0xdf 0x9f2ef: mov word ptr [si + 0x60], bx 0x9f2f2: mov word ptr [si + 0x62], es 0x9f2f5: pop es 0x9f2f6: pop bx 0x9f2f7: xchg dx, si 0x9f2f9: mov ah, 0x25 0x9f2fb: int 0x21 0x9f2fd: dec bx 0x9f2fe: jne 0x9f302 0x9f300: jmp 0x9f367 0x9f302: mov ah, 0x4a 0x9f304: int 0x21 0x9f306: mov ax, cs 0x9f308: dec ax
2018-12-25T11:41:46.213021687Z	53	PC: 9f2ea \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:46.214169817Z	37	PC: 9f2fd \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:41:46.215863902Z	74	PC: 9f306 \| Reallocate memory
2018-12-25T11:41:46.21819465Z	42	PC: 9f317 \| Get date 0x9f317: cmp dl, 3 0x9f31a: jne 0x9f367 0x9f31c: mov bx, 0x90 0x9f31f: mov dl, byte ptr [bx] 0x9f321: xor dl, 0x4d 0x9f324: cmp dl, 0 0x9f327: je 0x9f35c 0x9f329: mov ah, 6 0x9f32b: int 0x21 0x9f32d: inc bx 0x9f32e: jmp 0x9f31f 0x9f330: push ss 0x9f331: insw word ptr es:[di], dx 0x9f332: mov eax, dr7 0x9f335: sub byte ptr [di + 0x1e], ch 0x9f338: sub al, 0x29 0x9f33a: insw word ptr es:[di], dx 0x9f33b: cmp di, word ptr [si + 0x63] 0x9f33e: jl 0x9f2ec 0x9f340: insw word ptr es:[di], dx