Sample viewer

vx.netlux.org/Virus.DOS.BetaBoys.615

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T21:57:16.995778255Z 44 PC: 901a0 | Get time 0x901a0: cmp ch, 0
0x901a3: je 0x901b5
0x901a5: popf
0x901a6: pop es
0x901a7: pop ds
0x901a8: pop ax
0x901a9: pop bx
0x901aa: pop dx
0x901ab: pop cx
0x901ac: ljmp ptr cs:[0x364]
0x901b1: dec dx
0x901b2: add byte ptr [bx + si - 0x4533], dl
0x901b6: aam 3
0x901b8: mov ax, 0xd
0x901bb: out dx, ax
0x901bc: mov dx, 0x3d5
0x901bf: mov cx, 0x258
0x901c2: mov ax, 0x7d0
0x901c5: inc ax
0x901c6: push cx

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":794,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:53.971434184Z 44 PC: 901a0 | Get time 0x901a0: cmp ch, 0
0x901a3: je 0x901b5
0x901a5: popf
0x901a6: pop es
0x901a7: pop ds
0x901a8: pop ax
0x901a9: pop bx
0x901aa: pop dx
0x901ab: pop cx
0x901ac: ljmp ptr cs:[0x364]
0x901b1: dec dx
0x901b2: add byte ptr [bx + si - 0x4533], dl
0x901b6: aam 3
0x901b8: mov ax, 0xd
0x901bb: out dx, ax
0x901bc: mov dx, 0x3d5
0x901bf: mov cx, 0x258
0x901c2: mov ax, 0x7d0
0x901c5: inc ax
0x901c6: push cx

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":1,"Min":0,"Second":0,"TimeBased":true,"OriginalID":794,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T11:41:53.947270025Z 44 PC: 901a0 | Get time 0x901a0: cmp ch, 0
0x901a3: je 0x901b5
0x901a5: popf
0x901a6: pop es
0x901a7: pop ds
0x901a8: pop ax
0x901a9: pop bx
0x901aa: pop dx
0x901ab: pop cx
0x901ac: ljmp ptr cs:[0x364]
0x901b1: dec dx
0x901b2: add byte ptr [bx + si - 0x4533], dl
0x901b6: aam 3
0x901b8: mov ax, 0xd
0x901bb: out dx, ax
0x901bc: mov dx, 0x3d5
0x901bf: mov cx, 0x258
0x901c2: mov ax, 0x7d0
0x901c5: inc ax
0x901c6: push cx
2018-12-25T11:41:53.956055343Z 77 PC: 11fe0 | Get program return code
2018-12-25T11:41:53.957139531Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.958657269Z 72 PC: 12174 | Allocate memory
2018-12-25T11:41:53.960380354Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.962210084Z 72 PC: 1218d | Allocate memory
2018-12-25T11:41:53.963571505Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.965490969Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T11:41:53.966843793Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.969084221Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T11:41:53.970547463Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.973937388Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T11:41:53.975489691Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.978295252Z 62 PC: 122ab | Close file
2018-12-25T11:41:53.980679974Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.983552315Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:53.98510578Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:53.996283109Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:53.998237759Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.002690974Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.006355356Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.009493001Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.011546712Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.014268457Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.01692972Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.019259887Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.020854181Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.023831124Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.027955062Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.031419221Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.034098479Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.036458111Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.038213087Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.040895248Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.042939804Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.045269913Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.047203852Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.04992685Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.052003193Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.054638549Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.056629157Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.059436481Z 62 PC: 122ab | Close file (See above)
2018-12-25T11:41:54.062891097Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.067241301Z 99 PC: 9a5d7 | Get DBCS lead byte table pointer
2018-12-25T11:41:54.069138163Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.07186434Z 56 PC: 94df9 | Get or set country info
2018-12-25T11:41:54.075274785Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.078000859Z 64 PC: 9a848 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T11:41:54.084117814Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.087100078Z 25 PC: 94e62 | Get default drive
2018-12-25T11:41:54.089003568Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.091513485Z 71 PC: 970dd | Get current directory
2018-12-25T11:41:54.096431091Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.098882798Z 64 PC: 9a848 | Write file or device (See above)
2018-12-25T11:41:54.102512579Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.10517219Z 2 PC: 970b2 | Character output (Char = '3e')
2018-12-25T11:41:54.108128385Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.110613191Z 93 PC: 94f20 | File sharing functions
2018-12-25T11:41:54.11265894Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.115970418Z 93 PC: 94f27 | File sharing functions
2018-12-25T11:41:54.118194705Z 44 PC: 901a0 | Get time (See above)
2018-12-25T11:41:54.120848925Z 10 PC: 94f39 | Buffered keyboard input