Sample viewer

vx.netlux.org/Virus.DOS.Ball.2245

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:42:44.023238249Z 26 PC: 12b52 | Set disk transfer address
2018-12-17T22:42:44.025190346Z 42 PC: 12a69 | Get date 0x12a69: cmp dh, 6
0x12a6c: jne 0x12a71
0x12a6e: call 0x12b5b
0x12a71: mov ah, 0x4e
0x12a73: lea dx, word ptr [bp + 0x9ad]
0x12a77: mov cx, 0x3f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x132ec
0x12a81: lea dx, word ptr [bp + 0x9e9]
0x12a85: mov bx, dx
0x12a87: cmp byte ptr [bx], 0x2e
0x12a8a: je 0x12a8f
0x12a8c: inc bx
0x12a8d: loop 0x12a87
0x12a8f: cmp byte ptr [bx + 3], 0x4d
0x12a93: jne 0x12a7e
0x12a95: cmp byte ptr [bx + 1], 0x43
0x12a99: jne 0x12a7e
0x12a9b: cmp byte ptr [bx + 2], 0x4f
2018-12-17T22:42:44.027690201Z 78 PC: 12a7c | Find first file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7646,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:09.252675451Z 26 PC: 12b52 | Set disk transfer address
2018-12-25T12:02:09.254967799Z 42 PC: 12a69 | Get date 0x12a69: cmp dh, 6
0x12a6c: jne 0x12a71
0x12a6e: call 0x12b5b
0x12a71: mov ah, 0x4e
0x12a73: lea dx, word ptr [bp + 0x9ad]
0x12a77: mov cx, 0x3f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x132ec
0x12a81: lea dx, word ptr [bp + 0x9e9]
0x12a85: mov bx, dx
0x12a87: cmp byte ptr [bx], 0x2e
0x12a8a: je 0x12a8f
0x12a8c: inc bx
0x12a8d: loop 0x12a87
0x12a8f: cmp byte ptr [bx + 3], 0x4d
0x12a93: jne 0x12a7e
0x12a95: cmp byte ptr [bx + 1], 0x43
0x12a99: jne 0x12a7e
0x12a9b: cmp byte ptr [bx + 2], 0x4f
2018-12-25T12:02:09.25738807Z 78 PC: 12a7c | Find first file

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7646,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:02:09.467756222Z 26 PC: 12b52 | Set disk transfer address
2018-12-25T12:02:09.469124599Z 42 PC: 12a69 | Get date 0x12a69: cmp dh, 6
0x12a6c: jne 0x12a71
0x12a6e: call 0x12b5b
0x12a71: mov ah, 0x4e
0x12a73: lea dx, word ptr [bp + 0x9ad]
0x12a77: mov cx, 0x3f
0x12a7a: int 0x21
0x12a7c: jae 0x12a81
0x12a7e: jmp 0x132ec
0x12a81: lea dx, word ptr [bp + 0x9e9]
0x12a85: mov bx, dx
0x12a87: cmp byte ptr [bx], 0x2e
0x12a8a: je 0x12a8f
0x12a8c: inc bx
0x12a8d: loop 0x12a87
0x12a8f: cmp byte ptr [bx + 3], 0x4d
0x12a93: jne 0x12a7e
0x12a95: cmp byte ptr [bx + 1], 0x43
0x12a99: jne 0x12a7e
0x12a9b: cmp byte ptr [bx + 2], 0x4f
2018-12-25T12:02:09.474643979Z 9 PC: 12c18 | Display string (Could not find end pointer)
2018-12-25T12:02:09.490583555Z 9 PC: 12c18 | Display string (See above)
2018-12-25T12:02:09.495642967Z 9 PC: 12c18 | Display string (See above)
2018-12-25T12:02:09.500287627Z 9 PC: 12c18 | Display string (See above)
2018-12-25T12:02:09.504884824Z 9 PC: 12c18 | Display string (See above)
2018-12-25T12:02:09.518432966Z 9 PC: 12c18 | Display string (See above)
2018-12-25T12:02:09.523160756Z 9 PC: 12c18 | Display string (See above)
2018-12-25T12:02:09.528520666Z 9 PC: 12c18 | Display string (See above)
2018-12-25T12:02:09.533491075Z 76 PC: 12c14 | Terminate with return code (Return code = '36')