Sample viewer

vx.netlux.org/Virus.DOS.Triadi.3998

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:33.928320313Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:33.933233095Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:33.935408976Z	74	PC: 12b2f \| Reallocate memory
2018-12-17T22:42:33.937295194Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:33.939527251Z	75	PC: 12b97 \| Execute program
2018-12-17T22:42:33.955014163Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:33.95677246Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-17T22:42:33.967465747Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-17T22:42:33.970669346Z	73	PC: 12ba2 \| Release memory
2018-12-17T22:42:33.972429214Z	77	PC: 12bb1 \| Get program return code
2018-12-17T22:42:33.974075563Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:57.896931479Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.898763799Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.900616956Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:57.902213158Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.904704922Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:57.923195532Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.924416756Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:57.934716741Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:57.938433785Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:57.939674218Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:57.940825184Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:57.92881036Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.948129371Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.950451154Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:57.952383151Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.953963451Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:57.970779837Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:57.972348888Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:57.983628126Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:57.987330053Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:57.988967346Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:57.99349341Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":12,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:58.019073427Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.02166133Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.023725077Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:58.02534775Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.029434941Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:58.051031565Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.05246709Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:58.062110753Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:58.065574814Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:58.0670775Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:58.068489648Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":19,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:58.084897869Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.087432809Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.08957156Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:58.091390613Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.09369281Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:58.10993352Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.111634989Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:58.122961497Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:58.127171982Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:58.12906371Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:58.130787022Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":19,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:58.465919305Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.467502745Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.468782527Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:58.469998069Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.471666816Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:58.481074815Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.482158172Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:58.487666398Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:58.490989862Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:58.492602104Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:58.495035624Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":19,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:58.830558673Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.832458501Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.834231888Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:58.836003645Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.848671141Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:58.863592177Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:58.86484194Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:58.874643654Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:58.877571601Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:58.878799224Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:58.880766124Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:59.338938055Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.340775107Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.343426062Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:59.345673895Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.34749821Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:59.370461236Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.372235391Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:59.383604408Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:59.387994813Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:59.389633504Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:59.391110971Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:01:59.658086218Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.661980884Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.66464915Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:01:59.666892547Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.66887641Z	75	PC: 12b97 \| Execute program
2018-12-25T12:01:59.686413355Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:01:59.688316697Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:01:59.69978333Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:01:59.705035618Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:01:59.706952006Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:01:59.708744783Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":7598,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:00.337020385Z	53	PC: 13621 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:00.339294486Z	53	PC: 13694 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:00.341579461Z	74	PC: 12b2f \| Reallocate memory
2018-12-25T12:02:00.34324872Z	37	PC: 12b52 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:00.345402223Z	75	PC: 12b97 \| Execute program
2018-12-25T12:02:00.361226203Z	53	PC: 14721 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:00.362527262Z	9	PC: 13c15 \| Display string (String= ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ')
2018-12-25T12:02:00.372568004Z	76	PC: 13c1a \| Terminate with return code (Return code = '0')
2018-12-25T12:02:00.375508038Z	73	PC: 12ba2 \| Release memory
2018-12-25T12:02:00.376854039Z	77	PC: 12bb1 \| Get program return code
2018-12-25T12:02:00.379755652Z	49	PC: 12bba \| Terminate and stay resident (Return code = '0' \| Memory size = '266')