Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Mem.1203

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:08.749264761Z	48	PC: 1517f \| Get DOS version
2018-12-17T22:42:08.751144367Z	42	PC: 15345 \| Get date 0x15345: add dl, 5 0x15348: cmp dh, dl 0x1534a: jne 0x15376 0x1534c: cmp al, 4 0x1534e: jb 0x15376 0x15350: cmp cx, 0x7cb 0x15354: jb 0x15376 0x15356: mov ah, 0x2c 0x15358: int 0x21 0x1535a: and dh, 7 0x1535d: jne 0x15376 0x1535f: call 0x15377 0x15362: mov ah, 9 0x15364: lea dx, word ptr [bp + 0x3ae] 0x15368: int 0x21 0x1536a: mov ax, 2 0x1536d: mov cx, 0xa 0x15370: cli 0x15371: cdq 0x15372: int 0x26
2018-12-17T22:42:08.755287163Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T22:42:08.75810689Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T22:42:08.771821846Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7457,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:45.659814467Z	48	PC: 1517f \| Get DOS version
2018-12-25T12:01:45.661651901Z	42	PC: 15345 \| Get date 0x15345: add dl, 5 0x15348: cmp dh, dl 0x1534a: jne 0x15376 0x1534c: cmp al, 4 0x1534e: jb 0x15376 0x15350: cmp cx, 0x7cb 0x15354: jb 0x15376 0x15356: mov ah, 0x2c 0x15358: int 0x21 0x1535a: and dh, 7 0x1535d: jne 0x15376 0x1535f: call 0x15377 0x15362: mov ah, 9 0x15364: lea dx, word ptr [bp + 0x3ae] 0x15368: int 0x21 0x1536a: mov ax, 2 0x1536d: mov cx, 0xa 0x15370: cli 0x15371: cdq 0x15372: int 0x26
2018-12-25T12:01:45.665436189Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:01:45.667708263Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:01:45.680074876Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7457,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:45.652038588Z	48	PC: 1517f \| Get DOS version
2018-12-25T12:01:45.653951769Z	42	PC: 15345 \| Get date 0x15345: add dl, 5 0x15348: cmp dh, dl 0x1534a: jne 0x15376 0x1534c: cmp al, 4 0x1534e: jb 0x15376 0x15350: cmp cx, 0x7cb 0x15354: jb 0x15376 0x15356: mov ah, 0x2c 0x15358: int 0x21 0x1535a: and dh, 7 0x1535d: jne 0x15376 0x1535f: call 0x15377 0x15362: mov ah, 9 0x15364: lea dx, word ptr [bp + 0x3ae] 0x15368: int 0x21 0x1536a: mov ax, 2 0x1536d: mov cx, 0xa 0x15370: cli 0x15371: cdq 0x15372: int 0x26
2018-12-25T12:01:45.658779233Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:01:45.672836117Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:01:45.684839054Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7457,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:46.105011516Z	48	PC: 1517f \| Get DOS version
2018-12-25T12:01:46.107331296Z	42	PC: 15345 \| Get date 0x15345: add dl, 5 0x15348: cmp dh, dl 0x1534a: jne 0x15376 0x1534c: cmp al, 4 0x1534e: jb 0x15376 0x15350: cmp cx, 0x7cb 0x15354: jb 0x15376 0x15356: mov ah, 0x2c 0x15358: int 0x21 0x1535a: and dh, 7 0x1535d: jne 0x15376 0x1535f: call 0x15377 0x15362: mov ah, 9 0x15364: lea dx, word ptr [bp + 0x3ae] 0x15368: int 0x21 0x1536a: mov ax, 2 0x1536d: mov cx, 0xa 0x15370: cli 0x15371: cdq 0x15372: int 0x26
2018-12-25T12:01:46.111249934Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:01:46.113194639Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:01:46.127412844Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7457,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:46.1360417Z	48	PC: 1517f \| Get DOS version
2018-12-25T12:01:46.137479262Z	42	PC: 15345 \| Get date 0x15345: add dl, 5 0x15348: cmp dh, dl 0x1534a: jne 0x15376 0x1534c: cmp al, 4 0x1534e: jb 0x15376 0x15350: cmp cx, 0x7cb 0x15354: jb 0x15376 0x15356: mov ah, 0x2c 0x15358: int 0x21 0x1535a: and dh, 7 0x1535d: jne 0x15376 0x1535f: call 0x15377 0x15362: mov ah, 9 0x15364: lea dx, word ptr [bp + 0x3ae] 0x15368: int 0x21 0x1536a: mov ax, 2 0x1536d: mov cx, 0xa 0x15370: cli 0x15371: cdq 0x15372: int 0x26
2018-12-25T12:01:46.140393735Z	44	PC: 1535a \| Get time 0x1535a: and dh, 7 0x1535d: jne 0x15376 0x1535f: call 0x15377 0x15362: mov ah, 9 0x15364: lea dx, word ptr [bp + 0x3ae] 0x15368: int 0x21 0x1536a: mov ax, 2 0x1536d: mov cx, 0xa 0x15370: cli 0x15371: cdq 0x15372: int 0x26 0x15374: cli 0x15375: hlt 0x15376: ret 0x15377: push si 0x15378: push di 0x15379: push bp 0x1537a: call 0x1537d 0x1537d: pop di 0x1537e: sub di, 0x22d
2018-12-25T12:01:46.144699239Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:01:46.146611113Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:01:46.158672971Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')