Sample viewer

vx.netlux.org/Virus.DOS.BigMouse.900.a

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:31.167196327Z 42 PC: 9f89d | Get date 0x9f89d: cmp dx, 0xb17
0x9f8a1: jne 0x9f8b0
0x9f8a3: mov ah, 9
0x9f8a5: mov dx, 0x40e
0x9f8a8: add dx, si
0x9f8aa: int 0x21
0x9f8ac: mov ah, 8
0x9f8ae: int 0x21
0x9f8b0: cld
0x9f8b1: mov bx, es
0x9f8b3: mov cx, bx
0x9f8b5: add bx, 0x10
0x9f8b8: add word ptr [si + 0x3f1], bx
0x9f8bc: add bx, word ptr [si + 0x3f3]
0x9f8c0: pop ax
0x9f8c1: cli
0x9f8c2: mov ss, bx
0x9f8c4: mov sp, word ptr [si + 0x3f5]
0x9f8c8: sti
0x9f8c9: mov ds, cx

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7580,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:54.316998212Z 42 PC: 9f89d | Get date 0x9f89d: cmp dx, 0xb17
0x9f8a1: jne 0x9f8b0
0x9f8a3: mov ah, 9
0x9f8a5: mov dx, 0x40e
0x9f8a8: add dx, si
0x9f8aa: int 0x21
0x9f8ac: mov ah, 8
0x9f8ae: int 0x21
0x9f8b0: cld
0x9f8b1: mov bx, es
0x9f8b3: mov cx, bx
0x9f8b5: add bx, 0x10
0x9f8b8: add word ptr [si + 0x3f1], bx
0x9f8bc: add bx, word ptr [si + 0x3f3]
0x9f8c0: pop ax
0x9f8c1: cli
0x9f8c2: mov ss, bx
0x9f8c4: mov sp, word ptr [si + 0x3f5]
0x9f8c8: sti
0x9f8c9: mov ds, cx

{"DateBased":true,"Day":23,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7580,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:01:54.743399539Z 42 PC: 9f89d | Get date 0x9f89d: cmp dx, 0xb17
0x9f8a1: jne 0x9f8b0
0x9f8a3: mov ah, 9
0x9f8a5: mov dx, 0x40e
0x9f8a8: add dx, si
0x9f8aa: int 0x21
0x9f8ac: mov ah, 8
0x9f8ae: int 0x21
0x9f8b0: cld
0x9f8b1: mov bx, es
0x9f8b3: mov cx, bx
0x9f8b5: add bx, 0x10
0x9f8b8: add word ptr [si + 0x3f1], bx
0x9f8bc: add bx, word ptr [si + 0x3f3]
0x9f8c0: pop ax
0x9f8c1: cli
0x9f8c2: mov ss, bx
0x9f8c4: mov sp, word ptr [si + 0x3f5]
0x9f8c8: sti
0x9f8c9: mov ds, cx
2018-12-25T12:01:54.746588248Z 9 PC: 9f8ac | Display string (String= '����@�!r �A��>�4�!.�0.�>2���V�!WZ�CY�!�D:\~������SCANCLEAVIRSF-PRCPAVG+A= Press a key to go on ')
2018-12-25T12:01:54.752572317Z 8 PC: 9f8b0 | Console input without echo