Sample viewer

vx.netlux.org/Virus.DOS.Moran.2725

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:59.28235415Z	81	PC: 1342e \| Get current PSP
2018-12-17T22:42:59.286796433Z	224	PC: 1351d \| UNKNOWN!
2018-12-17T22:42:59.287587964Z	81	PC: 13536 \| Get current PSP
2018-12-17T22:42:59.2885106Z	53	PC: 13593 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:42:59.290314035Z	37	PC: 135a3 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-17T22:42:59.291823718Z	53	PC: 135a8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:59.293364636Z	37	PC: 135b8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:59.295219124Z	53	PC: 135bd \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:42:59.296410459Z	37	PC: 135cd \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-17T22:42:59.297478517Z	53	PC: 135d2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:42:59.298940948Z	37	PC: 135e2 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-17T22:42:59.300154538Z	81	PC: 13641 \| Get current PSP
2018-12-17T22:42:59.301285805Z	76	PC: 133f8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7725,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:26.835687206Z	81	PC: 1342e \| Get current PSP
2018-12-25T12:02:26.837575654Z	224	PC: 1351d \| UNKNOWN!
2018-12-25T12:02:26.838806586Z	81	PC: 13536 \| Get current PSP
2018-12-25T12:02:26.839768216Z	53	PC: 13593 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:02:26.842082036Z	37	PC: 135a3 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:02:26.84419687Z	53	PC: 135a8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:26.84633611Z	37	PC: 135b8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:26.85016034Z	53	PC: 135bd \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:02:26.8517921Z	37	PC: 135cd \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:02:26.853325351Z	53	PC: 135d2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:02:26.855722033Z	37	PC: 135e2 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:02:26.857361121Z	81	PC: 13641 \| Get current PSP
2018-12-25T12:02:26.858491966Z	76	PC: 133f8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7725,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T13:07:09.652551555Z	81	PC: 1342e \| Get current PSP
2018-12-25T13:07:09.654668522Z	224	PC: 1351d \| UNKNOWN!
2018-12-25T13:07:09.655961267Z	81	PC: 13536 \| Get current PSP
2018-12-25T13:07:09.657101608Z	53	PC: 13593 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T13:07:09.658680212Z	37	PC: 135a3 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T13:07:09.660308061Z	53	PC: 135a8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:09.661578627Z	37	PC: 135b8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T13:07:09.662888856Z	53	PC: 135bd \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T13:07:09.664784488Z	37	PC: 135cd \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T13:07:09.665757277Z	53	PC: 135d2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:07:09.669031791Z	37	PC: 135e2 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T13:07:09.670700888Z	81	PC: 13641 \| Get current PSP
2018-12-25T13:07:09.671644661Z	76	PC: 133f8 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":8,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7725,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:27.281484172Z	81	PC: 1342e \| Get current PSP
2018-12-25T12:02:27.283464121Z	224	PC: 1351d \| UNKNOWN!
2018-12-25T12:02:27.284333504Z	81	PC: 13536 \| Get current PSP
2018-12-25T12:02:27.285314601Z	53	PC: 13593 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:02:27.287648699Z	37	PC: 135a3 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:02:27.288801092Z	53	PC: 135a8 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:27.290006714Z	37	PC: 135b8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:02:27.291453597Z	53	PC: 135bd \| Get interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:02:27.293441812Z	37	PC: 135cd \| Set interrupt vector (Interrupt = '40' AKA 'Random block write')
2018-12-25T12:02:27.294632761Z	53	PC: 135d2 \| Get interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:02:27.295841838Z	37	PC: 135e2 \| Set interrupt vector (Interrupt = '9' AKA 'Display string')
2018-12-25T12:02:27.298500261Z	81	PC: 13641 \| Get current PSP
2018-12-25T12:02:27.299658225Z	76	PC: 133f8 \| Terminate with return code (Return code = '0')