Sample viewer

vx.netlux.org/Virus.DOS.DR&ET.1710.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:20.638930751Z	42	PC: 151ec \| Get date 0x151ec: cmp dl, 0xd 0x151ef: jne 0x151fc 0x151f1: mov ax, word ptr [0x46c] 0x151f4: and ax, 0x3f 0x151f7: cmp ax, 0x3f 0x151fa: je 0x151d0 0x151fc: push cs 0x151fd: pop ds 0x151fe: push cs 0x151ff: pop es 0x15200: cld 0x15201: cmp byte ptr cs:[bp + 0x6a0], 1 0x15207: je 0x1521d 0x15209: mov word ptr cs:[bp + 0x175], cs 0x1520e: mov si, 0x6ab 0x15211: add si, bp 0x15213: mov di, 0x100 0x15216: mov cx, 3 0x15219: rep movsb byte ptr es:[di], byte ptr [si] 0x1521b: jmp 0x15226
2018-12-17T22:42:20.641700393Z	48	PC: 1522d \| Get DOS version
2018-12-17T22:42:20.643270084Z	72	PC: 1523a \| Allocate memory
2018-12-17T22:42:20.645144234Z	74	PC: 1524f \| Reallocate memory
2018-12-17T22:42:20.647563825Z	72	PC: 15258 \| Allocate memory
2018-12-17T22:42:20.649377132Z	53	PC: 15281 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:42:20.650570714Z	53	PC: 1528e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:20.6517368Z	82	PC: 1529a \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:42:20.653305876Z	37	PC: 152bf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:20.655873384Z	76	PC: 15150 \| Terminate with return code (Return code = '33')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7507,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:48.015461908Z	42	PC: 151ec \| Get date 0x151ec: cmp dl, 0xd 0x151ef: jne 0x151fc 0x151f1: mov ax, word ptr [0x46c] 0x151f4: and ax, 0x3f 0x151f7: cmp ax, 0x3f 0x151fa: je 0x151d0 0x151fc: push cs 0x151fd: pop ds 0x151fe: push cs 0x151ff: pop es 0x15200: cld 0x15201: cmp byte ptr cs:[bp + 0x6a0], 1 0x15207: je 0x1521d 0x15209: mov word ptr cs:[bp + 0x175], cs 0x1520e: mov si, 0x6ab 0x15211: add si, bp 0x15213: mov di, 0x100 0x15216: mov cx, 3 0x15219: rep movsb byte ptr es:[di], byte ptr [si] 0x1521b: jmp 0x15226
2018-12-25T12:01:48.019180661Z	48	PC: 1522d \| Get DOS version
2018-12-25T12:01:48.02045259Z	72	PC: 1523a \| Allocate memory
2018-12-25T12:01:48.022217713Z	74	PC: 1524f \| Reallocate memory
2018-12-25T12:01:48.023901036Z	72	PC: 15258 \| Allocate memory
2018-12-25T12:01:48.025704853Z	53	PC: 15281 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:48.026855734Z	53	PC: 1528e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.028101293Z	82	PC: 1529a \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:48.029687475Z	37	PC: 152bf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.032506606Z	76	PC: 15150 \| Terminate with return code (Return code = '33')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7507,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:48.029130623Z	42	PC: 151ec \| Get date 0x151ec: cmp dl, 0xd 0x151ef: jne 0x151fc 0x151f1: mov ax, word ptr [0x46c] 0x151f4: and ax, 0x3f 0x151f7: cmp ax, 0x3f 0x151fa: je 0x151d0 0x151fc: push cs 0x151fd: pop ds 0x151fe: push cs 0x151ff: pop es 0x15200: cld 0x15201: cmp byte ptr cs:[bp + 0x6a0], 1 0x15207: je 0x1521d 0x15209: mov word ptr cs:[bp + 0x175], cs 0x1520e: mov si, 0x6ab 0x15211: add si, bp 0x15213: mov di, 0x100 0x15216: mov cx, 3 0x15219: rep movsb byte ptr es:[di], byte ptr [si] 0x1521b: jmp 0x15226
2018-12-25T12:01:48.032116525Z	48	PC: 1522d \| Get DOS version
2018-12-25T12:01:48.033552298Z	72	PC: 1523a \| Allocate memory
2018-12-25T12:01:48.035504605Z	74	PC: 1524f \| Reallocate memory
2018-12-25T12:01:48.037752625Z	72	PC: 15258 \| Allocate memory
2018-12-25T12:01:48.039857372Z	53	PC: 15281 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:48.041417909Z	53	PC: 1528e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.04455114Z	82	PC: 1529a \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:48.046066221Z	37	PC: 152bf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.048785123Z	76	PC: 15150 \| Terminate with return code (Return code = '33')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7507,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:48.381208895Z	42	PC: 151ec \| Get date 0x151ec: cmp dl, 0xd 0x151ef: jne 0x151fc 0x151f1: mov ax, word ptr [0x46c] 0x151f4: and ax, 0x3f 0x151f7: cmp ax, 0x3f 0x151fa: je 0x151d0 0x151fc: push cs 0x151fd: pop ds 0x151fe: push cs 0x151ff: pop es 0x15200: cld 0x15201: cmp byte ptr cs:[bp + 0x6a0], 1 0x15207: je 0x1521d 0x15209: mov word ptr cs:[bp + 0x175], cs 0x1520e: mov si, 0x6ab 0x15211: add si, bp 0x15213: mov di, 0x100 0x15216: mov cx, 3 0x15219: rep movsb byte ptr es:[di], byte ptr [si] 0x1521b: jmp 0x15226
2018-12-25T12:01:48.38403464Z	48	PC: 1522d \| Get DOS version
2018-12-25T12:01:48.385173523Z	72	PC: 1523a \| Allocate memory
2018-12-25T12:01:48.38689359Z	74	PC: 1524f \| Reallocate memory
2018-12-25T12:01:48.389413074Z	72	PC: 15258 \| Allocate memory
2018-12-25T12:01:48.391125868Z	53	PC: 15281 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:48.392215925Z	53	PC: 1528e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.393613216Z	82	PC: 1529a \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:48.394926803Z	37	PC: 152bf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.397238041Z	76	PC: 15150 \| Terminate with return code (Return code = '33')

{"DateBased":true,"Day":13,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7507,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:48.453493464Z	42	PC: 151ec \| Get date 0x151ec: cmp dl, 0xd 0x151ef: jne 0x151fc 0x151f1: mov ax, word ptr [0x46c] 0x151f4: and ax, 0x3f 0x151f7: cmp ax, 0x3f 0x151fa: je 0x151d0 0x151fc: push cs 0x151fd: pop ds 0x151fe: push cs 0x151ff: pop es 0x15200: cld 0x15201: cmp byte ptr cs:[bp + 0x6a0], 1 0x15207: je 0x1521d 0x15209: mov word ptr cs:[bp + 0x175], cs 0x1520e: mov si, 0x6ab 0x15211: add si, bp 0x15213: mov di, 0x100 0x15216: mov cx, 3 0x15219: rep movsb byte ptr es:[di], byte ptr [si] 0x1521b: jmp 0x15226
2018-12-25T12:01:48.456939632Z	48	PC: 1522d \| Get DOS version
2018-12-25T12:01:48.458323586Z	72	PC: 1523a \| Allocate memory
2018-12-25T12:01:48.460177655Z	74	PC: 1524f \| Reallocate memory
2018-12-25T12:01:48.462183794Z	72	PC: 15258 \| Allocate memory
2018-12-25T12:01:48.464098255Z	53	PC: 15281 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:01:48.466950886Z	53	PC: 1528e \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.468646109Z	82	PC: 1529a \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:01:48.469975903Z	37	PC: 152bf \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:48.471718537Z	76	PC: 15150 \| Terminate with return code (Return code = '33')