Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Mem.1201

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:30.497266735Z	48	PC: 1517d \| Get DOS version
2018-12-17T22:43:30.49883417Z	42	PC: 15343 \| Get date 0x15343: add dl, 5 0x15346: cmp dh, dl 0x15348: jne 0x15374 0x1534a: cmp al, 4 0x1534c: jb 0x15374 0x1534e: cmp cx, 0x7cb 0x15352: jb 0x15374 0x15354: mov ah, 0x2c 0x15356: int 0x21 0x15358: and dh, 7 0x1535b: jne 0x15374 0x1535d: call 0x15375 0x15360: mov ah, 9 0x15362: lea dx, word ptr [bp + 0x3ac] 0x15366: int 0x21 0x15368: mov ax, 2 0x1536b: mov cx, 0xa 0x1536e: cli 0x1536f: cdq 0x15370: int 0x26
2018-12-17T22:43:30.501518658Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T22:43:30.502990884Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T22:43:30.520003028Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7912,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:54.624927813Z	48	PC: 1517d \| Get DOS version
2018-12-25T12:02:54.627433358Z	42	PC: 15343 \| Get date 0x15343: add dl, 5 0x15346: cmp dh, dl 0x15348: jne 0x15374 0x1534a: cmp al, 4 0x1534c: jb 0x15374 0x1534e: cmp cx, 0x7cb 0x15352: jb 0x15374 0x15354: mov ah, 0x2c 0x15356: int 0x21 0x15358: and dh, 7 0x1535b: jne 0x15374 0x1535d: call 0x15375 0x15360: mov ah, 9 0x15362: lea dx, word ptr [bp + 0x3ac] 0x15366: int 0x21 0x15368: mov ax, 2 0x1536b: mov cx, 0xa 0x1536e: cli 0x1536f: cdq 0x15370: int 0x26
2018-12-25T12:02:54.631369357Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:02:54.6332489Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:02:54.644112666Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7912,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:54.777994019Z	48	PC: 1517d \| Get DOS version
2018-12-25T12:02:54.780042038Z	42	PC: 15343 \| Get date 0x15343: add dl, 5 0x15346: cmp dh, dl 0x15348: jne 0x15374 0x1534a: cmp al, 4 0x1534c: jb 0x15374 0x1534e: cmp cx, 0x7cb 0x15352: jb 0x15374 0x15354: mov ah, 0x2c 0x15356: int 0x21 0x15358: and dh, 7 0x1535b: jne 0x15374 0x1535d: call 0x15375 0x15360: mov ah, 9 0x15362: lea dx, word ptr [bp + 0x3ac] 0x15366: int 0x21 0x15368: mov ax, 2 0x1536b: mov cx, 0xa 0x1536e: cli 0x1536f: cdq 0x15370: int 0x26
2018-12-25T12:02:54.78407799Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:02:54.786021509Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:02:54.798214508Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7912,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:55.228948215Z	48	PC: 1517d \| Get DOS version
2018-12-25T12:02:55.231499824Z	42	PC: 15343 \| Get date 0x15343: add dl, 5 0x15346: cmp dh, dl 0x15348: jne 0x15374 0x1534a: cmp al, 4 0x1534c: jb 0x15374 0x1534e: cmp cx, 0x7cb 0x15352: jb 0x15374 0x15354: mov ah, 0x2c 0x15356: int 0x21 0x15358: and dh, 7 0x1535b: jne 0x15374 0x1535d: call 0x15375 0x15360: mov ah, 9 0x15362: lea dx, word ptr [bp + 0x3ac] 0x15366: int 0x21 0x15368: mov ax, 2 0x1536b: mov cx, 0xa 0x1536e: cli 0x1536f: cdq 0x15370: int 0x26
2018-12-25T12:02:55.235625912Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:02:55.237615014Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:02:55.24914447Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7912,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:02:55.56894903Z	48	PC: 1517d \| Get DOS version
2018-12-25T12:02:55.571031661Z	42	PC: 15343 \| Get date 0x15343: add dl, 5 0x15346: cmp dh, dl 0x15348: jne 0x15374 0x1534a: cmp al, 4 0x1534c: jb 0x15374 0x1534e: cmp cx, 0x7cb 0x15352: jb 0x15374 0x15354: mov ah, 0x2c 0x15356: int 0x21 0x15358: and dh, 7 0x1535b: jne 0x15374 0x1535d: call 0x15375 0x15360: mov ah, 9 0x15362: lea dx, word ptr [bp + 0x3ac] 0x15366: int 0x21 0x15368: mov ax, 2 0x1536b: mov cx, 0xa 0x1536e: cli 0x1536f: cdq 0x15370: int 0x26
2018-12-25T12:02:55.573201844Z	44	PC: 15358 \| Get time 0x15358: and dh, 7 0x1535b: jne 0x15374 0x1535d: call 0x15375 0x15360: mov ah, 9 0x15362: lea dx, word ptr [bp + 0x3ac] 0x15366: int 0x21 0x15368: mov ax, 2 0x1536b: mov cx, 0xa 0x1536e: cli 0x1536f: cdq 0x15370: int 0x26 0x15372: cli 0x15373: hlt 0x15374: ret 0x15375: push si 0x15376: push di 0x15377: push bp 0x15378: call 0x1537b 0x1537b: pop di 0x1537c: sub di, 0x22b
2018-12-25T12:02:55.577190825Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:02:55.580017613Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:02:55.590898239Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')