Sample viewer

vx.netlux.org/Virus.DOS.Sacrilege.1802

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:42.167844779Z	95	PC: 178bb \| Network redirection functions
2018-12-17T22:42:42.170437798Z	74	PC: 178dc \| Reallocate memory
2018-12-17T22:42:42.172521801Z	72	PC: 178e4 \| Allocate memory
2018-12-17T22:42:42.174759235Z	53	PC: 178fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:42.177131435Z	37	PC: 1791c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:42.179198133Z	42	PC: 1792f \| Get date 0x1792f: cmp dh, 3 0x17932: jne 0x17972 0x17934: cmp dl, 0x1c 0x17937: jne 0x17972 0x17939: mov ah, 0x2c 0x1793b: int 0x21 0x1793d: cmp ch, 0xa 0x17940: jb 0x17972 0x17942: cmp ch, 0xc 0x17945: ja 0x17972 0x17947: push cs 0x17948: push cs 0x17949: pop ds 0x1794a: pop es 0x1794b: mov si, 0x126 0x1794e: mov di, si 0x17950: mov cx, 0x296 0x17953: nop 0x17954: lodsb al, byte ptr [si] 0x17955: inc al
2018-12-17T22:42:42.182299901Z	9	PC: 12a86 \| Display string (Could not find end pointer)
2018-12-17T22:42:42.188677102Z	48	PC: 12a8f \| Get DOS version
2018-12-17T22:42:42.190168851Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-17T22:42:42.197051131Z	93	PC: 12afe \| File sharing functions
2018-12-17T22:42:42.205324059Z	9	PC: 12a86 \| Display string (String= 'Size change=0706h/01798d. ')
2018-12-17T22:42:42.209548012Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7637,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:06.873448413Z	95	PC: 178bb \| Network redirection functions
2018-12-25T12:02:06.875841218Z	74	PC: 178dc \| Reallocate memory
2018-12-25T12:02:06.877489657Z	72	PC: 178e4 \| Allocate memory
2018-12-25T12:02:06.879163069Z	53	PC: 178fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:06.881592875Z	37	PC: 1791c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:06.882858468Z	42	PC: 1792f \| Get date 0x1792f: cmp dh, 3 0x17932: jne 0x17972 0x17934: cmp dl, 0x1c 0x17937: jne 0x17972 0x17939: mov ah, 0x2c 0x1793b: int 0x21 0x1793d: cmp ch, 0xa 0x17940: jb 0x17972 0x17942: cmp ch, 0xc 0x17945: ja 0x17972 0x17947: push cs 0x17948: push cs 0x17949: pop ds 0x1794a: pop es 0x1794b: mov si, 0x126 0x1794e: mov di, si 0x17950: mov cx, 0x296 0x17953: nop 0x17954: lodsb al, byte ptr [si] 0x17955: inc al
2018-12-25T12:02:06.885281556Z	9	PC: 12a86 \| Display string (Could not find end pointer)
2018-12-25T12:02:06.892099152Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:02:06.893893722Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:02:06.901364716Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:02:06.903451636Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:02:06.908359527Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":28,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7637,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:08.170969828Z	95	PC: 178bb \| Network redirection functions
2018-12-25T12:02:08.173490367Z	74	PC: 178dc \| Reallocate memory
2018-12-25T12:02:08.174872186Z	72	PC: 178e4 \| Allocate memory
2018-12-25T12:02:08.176371005Z	53	PC: 178fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:08.178377659Z	37	PC: 1791c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:08.179896316Z	42	PC: 1792f \| Get date 0x1792f: cmp dh, 3 0x17932: jne 0x17972 0x17934: cmp dl, 0x1c 0x17937: jne 0x17972 0x17939: mov ah, 0x2c 0x1793b: int 0x21 0x1793d: cmp ch, 0xa 0x17940: jb 0x17972 0x17942: cmp ch, 0xc 0x17945: ja 0x17972 0x17947: push cs 0x17948: push cs 0x17949: pop ds 0x1794a: pop es 0x1794b: mov si, 0x126 0x1794e: mov di, si 0x17950: mov cx, 0x296 0x17953: nop 0x17954: lodsb al, byte ptr [si] 0x17955: inc al
2018-12-25T12:02:08.182327448Z	44	PC: 1793d \| Get time 0x1793d: cmp ch, 0xa 0x17940: jb 0x17972 0x17942: cmp ch, 0xc 0x17945: ja 0x17972 0x17947: push cs 0x17948: push cs 0x17949: pop ds 0x1794a: pop es 0x1794b: mov si, 0x126 0x1794e: mov di, si 0x17950: mov cx, 0x296 0x17953: nop 0x17954: lodsb al, byte ptr [si] 0x17955: inc al 0x17957: stosb byte ptr es:[di], al 0x17958: loop 0x17954 0x1795a: mov ah, 9 0x1795c: mov dx, 0x126 0x1795f: int 0x21 0x17961: mov ah, 0
2018-12-25T12:02:08.186725698Z	9	PC: 17961 \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7637,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:08.761206442Z	95	PC: 178bb \| Network redirection functions
2018-12-25T12:02:08.763026826Z	74	PC: 178dc \| Reallocate memory
2018-12-25T12:02:08.764153845Z	72	PC: 178e4 \| Allocate memory
2018-12-25T12:02:08.765406027Z	53	PC: 178fe \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:08.767024462Z	37	PC: 1791c \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:08.769577352Z	42	PC: 1792f \| Get date 0x1792f: cmp dh, 3 0x17932: jne 0x17972 0x17934: cmp dl, 0x1c 0x17937: jne 0x17972 0x17939: mov ah, 0x2c 0x1793b: int 0x21 0x1793d: cmp ch, 0xa 0x17940: jb 0x17972 0x17942: cmp ch, 0xc 0x17945: ja 0x17972 0x17947: push cs 0x17948: push cs 0x17949: pop ds 0x1794a: pop es 0x1794b: mov si, 0x126 0x1794e: mov di, si 0x17950: mov cx, 0x296 0x17953: nop 0x17954: lodsb al, byte ptr [si] 0x17955: inc al
2018-12-25T12:02:08.773173722Z	9	PC: 12a86 \| Display string (Could not find end pointer)
2018-12-25T12:02:08.778619528Z	48	PC: 12a8f \| Get DOS version
2018-12-25T12:02:08.779641989Z	61	PC: 12b5c \| Open file (Filename = '')
2018-12-25T12:02:08.784962307Z	93	PC: 12afe \| File sharing functions
2018-12-25T12:02:08.787051483Z	9	PC: 12a86 \| Display string (See above)
2018-12-25T12:02:08.791094044Z	76	PC: 12ae3 \| Terminate with return code (Return code = '1')