Sample viewer

vx.netlux.org/Virus.DOS.NightFall.4518

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:42:59.651219504Z	53	PC: 15354 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T22:42:59.653380563Z	53	PC: 15354 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:42:59.657034295Z	53	PC: 15354 \| Get interrupt vector (Interrupt = '42' AKA 'Get date')
2018-12-17T22:42:59.662788853Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:59.664323105Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:59.667148922Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:59.668646324Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:59.670844663Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:59.674756731Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-17T22:42:59.677244082Z	98	PC: 15293 \| Get current PSP
2018-12-17T22:42:59.679316204Z	74	PC: 1529c \| Reallocate memory
2018-12-17T22:42:59.68245Z	74	PC: 152a9 \| Reallocate memory
2018-12-17T22:42:59.684286419Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcc 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 0xb 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4cf], al 0x152e5: mov cx, 0x11a6 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x20b 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-17T22:42:59.68709812Z	82	PC: 9ebee \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:42:59.690529495Z	98	PC: 151c7 \| Get current PSP
2018-12-17T22:42:59.69183662Z	76	PC: 15150 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:27.659742907Z	53	PC: 15354 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:02:27.662219431Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:27.663435914Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:27.664652846Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:27.666212387Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:27.667207589Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:27.668233364Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:27.672842369Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:27.674809962Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:27.676331613Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:02:27.678715956Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:02:27.680548737Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:02:27.682205219Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcc 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 0xb 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4cf], al 0x152e5: mov cx, 0x11a6 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x20b 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:02:27.686492799Z	82	PC: 9ebee \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:02:27.687819118Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:02:27.68869879Z	76	PC: 15150 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":11,"Year":1996,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:28.583152518Z	53	PC: 15354 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:02:28.585134856Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:28.586826312Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:28.588517905Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.590808097Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.592814349Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.594787718Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.597061079Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.598796441Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.600277838Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:02:28.601433937Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:02:28.608227759Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:02:28.610814791Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcc 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 0xb 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4cf], al 0x152e5: mov cx, 0x11a6 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x20b 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:02:28.6131546Z	82	PC: 9ebee \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:02:28.614979742Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:02:28.616559702Z	76	PC: 15150 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:28.658449262Z	53	PC: 15354 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:02:28.660675726Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:28.661769388Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:28.662885586Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.664475936Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.66636543Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.667753553Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.669904694Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.672300113Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:28.673724648Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:02:28.674785237Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:02:28.677089128Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:02:28.678471098Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcc 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 0xb 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4cf], al 0x152e5: mov cx, 0x11a6 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x20b 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:02:28.680663813Z	82	PC: 9ebee \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:02:28.682779251Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:02:28.683691252Z	76	PC: 15150 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7729,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:29.737996836Z	53	PC: 15354 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:02:29.742134117Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:29.743677661Z	53	PC: 15354 \| Get interrupt vector (See above)
2018-12-25T12:02:29.745338652Z	88	PC: 15227 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:29.746781369Z	88	PC: 15232 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:29.74896383Z	88	PC: 15237 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:29.750737362Z	88	PC: 15241 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:29.752957621Z	88	PC: 15281 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:29.75548267Z	88	PC: 15285 \| case 0xGet or set allocation strateg:
2018-12-25T12:02:29.757050553Z	98	PC: 15293 \| Get current PSP
2018-12-25T12:02:29.758527293Z	74	PC: 1529c \| Reallocate memory
2018-12-25T12:02:29.760993355Z	74	PC: 152a9 \| Reallocate memory
2018-12-25T12:02:29.762662943Z	42	PC: 152d1 \| Get date 0x152d1: mov al, 0xc3 0x152d3: cmp cl, 0xcc 0x152d6: jb 0x152e1 0x152d8: ja 0x152df 0x152da: cmp dh, 0xb 0x152dd: jb 0x152e1 0x152df: mov al, 0x90 0x152e1: mov byte ptr [si + 0x4cf], al 0x152e5: mov cx, 0x11a6 0x152e8: push cs 0x152e9: lea ax, word ptr [si + 0x73] 0x152ec: push ax 0x152ed: push es 0x152ee: push 0x20b 0x152f1: rep movsb byte ptr es:[di], byte ptr [si] 0x152f3: retf 0x152f4: push si 0x152f5: mov ds, di 0x152f7: cmp byte ptr [0x4e0], 0xea 0x152fc: jne 0x1530d
2018-12-25T12:02:29.765190425Z	82	PC: 9ebee \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:02:29.767505702Z	98	PC: 151c7 \| Get current PSP
2018-12-25T12:02:29.768505348Z	76	PC: 15150 \| Terminate with return code (Return code = '0')