Sample viewer

vx.netlux.org/Virus.DOS.LAVI.1470

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:44.110521442Z	42	PC: 12ee0 \| Get date 0x12ee0: mov cx, cx 0x12ee2: cmp dh, 0xb 0x12ee5: jne 0x12ef9 0x12ee7: cmp dl, 0x19 0x12eea: jne 0x12ef9 0x12eec: add ch, 0 0x12eef: mov cl, cl 0x12ef1: call 0x13082 0x12ef4: add dx, 0 0x12ef7: mov bh, bh 0x12ef9: mov bh, bh 0x12efb: add ax, 0 0x12efe: push cs 0x12eff: pop es 0x12f00: sub ah, 0 0x12f03: mov ch, ch 0x12f05: mov si, 0x148 0x12f08: cmp word ptr [bp + si + 1], 0x414c 0x12f0d: jne 0x12f22 0x12f0f: mov dx, dx
2018-12-17T22:43:44.113774904Z	185	PC: 12f17 \| UNKNOWN!
2018-12-17T22:43:44.115384256Z	74	PC: 12b8e \| Reallocate memory
2018-12-17T22:43:44.117078138Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:44.119847811Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:43:44.121249965Z	75	PC: 12c49 \| Execute program
2018-12-17T22:43:44.135604424Z	42	PC: 13740 \| Get date 0x13740: mov cx, cx 0x13742: cmp dh, 0xb 0x13745: jne 0x13759 0x13747: cmp dl, 0x19 0x1374a: jne 0x13759 0x1374c: add ch, 0 0x1374f: mov cl, cl 0x13751: call 0x138e2 0x13754: add dx, 0 0x13757: mov bh, bh 0x13759: mov bh, bh 0x1375b: add ax, 0 0x1375e: push cs 0x1375f: pop es 0x13760: sub ah, 0 0x13763: mov ch, ch 0x13765: mov si, 0x148 0x13768: cmp word ptr [bp + si + 1], 0x414c 0x1376d: jne 0x13782 0x1376f: mov dx, dx
2018-12-17T22:43:44.140532176Z	73	PC: 12c62 \| Release memory
2018-12-17T22:43:44.141961122Z	49	PC: 12c78 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7977,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:00.534418595Z	9	PC: 13066 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.558085555Z	42	PC: 12ee0 \| Get date 0x12ee0: mov cx, cx 0x12ee2: cmp dh, 0xb 0x12ee5: jne 0x12ef9 0x12ee7: cmp dl, 0x19 0x12eea: jne 0x12ef9 0x12eec: add ch, 0 0x12eef: mov cl, cl 0x12ef1: call 0x13082 0x12ef4: add dx, 0 0x12ef7: mov bh, bh 0x12ef9: mov bh, bh 0x12efb: add ax, 0 0x12efe: push cs 0x12eff: pop es 0x12f00: sub ah, 0 0x12f03: mov ch, ch 0x12f05: mov si, 0x148 0x12f08: cmp word ptr [bp + si + 1], 0x414c 0x12f0d: jne 0x12f22 0x12f0f: mov dx, dx
2018-12-25T12:03:00.559796342Z	185	PC: 12f17 \| UNKNOWN!
2018-12-25T12:03:00.560595469Z	74	PC: 12b8e \| Reallocate memory
2018-12-25T12:03:00.5617651Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.562896578Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.564028839Z	75	PC: 12c49 \| Execute program
2018-12-25T12:03:00.578408244Z	9	PC: 138c6 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.601543786Z	42	PC: 13740 \| Get date 0x13740: mov cx, cx 0x13742: cmp dh, 0xb 0x13745: jne 0x13759 0x13747: cmp dl, 0x19 0x1374a: jne 0x13759 0x1374c: add ch, 0 0x1374f: mov cl, cl 0x13751: call 0x138e2 0x13754: add dx, 0 0x13757: mov bh, bh 0x13759: mov bh, bh 0x1375b: add ax, 0 0x1375e: push cs 0x1375f: pop es 0x13760: sub ah, 0 0x13763: mov ch, ch 0x13765: mov si, 0x148 0x13768: cmp word ptr [bp + si + 1], 0x414c 0x1376d: jne 0x13782 0x1376f: mov dx, dx
2018-12-25T12:03:00.605473953Z	73	PC: 12c62 \| Release memory
2018-12-25T12:03:00.606641922Z	49	PC: 12c78 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7977,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:00.74046702Z	9	PC: 13066 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.766651496Z	42	PC: 12ee0 \| Get date 0x12ee0: mov cx, cx 0x12ee2: cmp dh, 0xb 0x12ee5: jne 0x12ef9 0x12ee7: cmp dl, 0x19 0x12eea: jne 0x12ef9 0x12eec: add ch, 0 0x12eef: mov cl, cl 0x12ef1: call 0x13082 0x12ef4: add dx, 0 0x12ef7: mov bh, bh 0x12ef9: mov bh, bh 0x12efb: add ax, 0 0x12efe: push cs 0x12eff: pop es 0x12f00: sub ah, 0 0x12f03: mov ch, ch 0x12f05: mov si, 0x148 0x12f08: cmp word ptr [bp + si + 1], 0x414c 0x12f0d: jne 0x12f22 0x12f0f: mov dx, dx
2018-12-25T12:03:00.768892314Z	185	PC: 12f17 \| UNKNOWN!
2018-12-25T12:03:00.77018083Z	74	PC: 12b8e \| Reallocate memory
2018-12-25T12:03:00.772584188Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.773774346Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.77507131Z	75	PC: 12c49 \| Execute program
2018-12-25T12:03:00.791333345Z	9	PC: 138c6 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.816750833Z	42	PC: 13740 \| Get date 0x13740: mov cx, cx 0x13742: cmp dh, 0xb 0x13745: jne 0x13759 0x13747: cmp dl, 0x19 0x1374a: jne 0x13759 0x1374c: add ch, 0 0x1374f: mov cl, cl 0x13751: call 0x138e2 0x13754: add dx, 0 0x13757: mov bh, bh 0x13759: mov bh, bh 0x1375b: add ax, 0 0x1375e: push cs 0x1375f: pop es 0x13760: sub ah, 0 0x13763: mov ch, ch 0x13765: mov si, 0x148 0x13768: cmp word ptr [bp + si + 1], 0x414c 0x1376d: jne 0x13782 0x1376f: mov dx, dx
2018-12-25T12:03:00.821081001Z	73	PC: 12c62 \| Release memory
2018-12-25T12:03:00.822875652Z	49	PC: 12c78 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7977,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:00.778659948Z	9	PC: 13066 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.804703962Z	42	PC: 12ee0 \| Get date 0x12ee0: mov cx, cx 0x12ee2: cmp dh, 0xb 0x12ee5: jne 0x12ef9 0x12ee7: cmp dl, 0x19 0x12eea: jne 0x12ef9 0x12eec: add ch, 0 0x12eef: mov cl, cl 0x12ef1: call 0x13082 0x12ef4: add dx, 0 0x12ef7: mov bh, bh 0x12ef9: mov bh, bh 0x12efb: add ax, 0 0x12efe: push cs 0x12eff: pop es 0x12f00: sub ah, 0 0x12f03: mov ch, ch 0x12f05: mov si, 0x148 0x12f08: cmp word ptr [bp + si + 1], 0x414c 0x12f0d: jne 0x12f22 0x12f0f: mov dx, dx
2018-12-25T12:03:00.807562768Z	185	PC: 12f17 \| UNKNOWN!
2018-12-25T12:03:00.809079181Z	74	PC: 12b8e \| Reallocate memory
2018-12-25T12:03:00.811835906Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.813414356Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.814938905Z	75	PC: 12c49 \| Execute program
2018-12-25T12:03:00.831246476Z	9	PC: 138c6 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.856338452Z	42	PC: 13740 \| Get date 0x13740: mov cx, cx 0x13742: cmp dh, 0xb 0x13745: jne 0x13759 0x13747: cmp dl, 0x19 0x1374a: jne 0x13759 0x1374c: add ch, 0 0x1374f: mov cl, cl 0x13751: call 0x138e2 0x13754: add dx, 0 0x13757: mov bh, bh 0x13759: mov bh, bh 0x1375b: add ax, 0 0x1375e: push cs 0x1375f: pop es 0x13760: sub ah, 0 0x13763: mov ch, ch 0x13765: mov si, 0x148 0x13768: cmp word ptr [bp + si + 1], 0x414c 0x1376d: jne 0x13782 0x1376f: mov dx, dx
2018-12-25T12:03:00.861310203Z	73	PC: 12c62 \| Release memory
2018-12-25T12:03:00.862928149Z	49	PC: 12c78 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7977,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:00.89084141Z	9	PC: 13066 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.917258885Z	42	PC: 12ee0 \| Get date 0x12ee0: mov cx, cx 0x12ee2: cmp dh, 0xb 0x12ee5: jne 0x12ef9 0x12ee7: cmp dl, 0x19 0x12eea: jne 0x12ef9 0x12eec: add ch, 0 0x12eef: mov cl, cl 0x12ef1: call 0x13082 0x12ef4: add dx, 0 0x12ef7: mov bh, bh 0x12ef9: mov bh, bh 0x12efb: add ax, 0 0x12efe: push cs 0x12eff: pop es 0x12f00: sub ah, 0 0x12f03: mov ch, ch 0x12f05: mov si, 0x148 0x12f08: cmp word ptr [bp + si + 1], 0x414c 0x12f0d: jne 0x12f22 0x12f0f: mov dx, dx
2018-12-25T12:03:00.919558237Z	185	PC: 12f17 \| UNKNOWN!
2018-12-25T12:03:00.920916865Z	74	PC: 12b8e \| Reallocate memory
2018-12-25T12:03:00.925089369Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.926537386Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:00.928001437Z	75	PC: 12c49 \| Execute program
2018-12-25T12:03:00.943191424Z	9	PC: 138c6 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:00.968390932Z	42	PC: 13740 \| Get date 0x13740: mov cx, cx 0x13742: cmp dh, 0xb 0x13745: jne 0x13759 0x13747: cmp dl, 0x19 0x1374a: jne 0x13759 0x1374c: add ch, 0 0x1374f: mov cl, cl 0x13751: call 0x138e2 0x13754: add dx, 0 0x13757: mov bh, bh 0x13759: mov bh, bh 0x1375b: add ax, 0 0x1375e: push cs 0x1375f: pop es 0x13760: sub ah, 0 0x13763: mov ch, ch 0x13765: mov si, 0x148 0x13768: cmp word ptr [bp + si + 1], 0x414c 0x1376d: jne 0x13782 0x1376f: mov dx, dx
2018-12-25T12:03:00.97256931Z	73	PC: 12c62 \| Release memory
2018-12-25T12:03:00.973994775Z	49	PC: 12c78 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7977,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:01.282762258Z	9	PC: 13066 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:01.311034636Z	42	PC: 12ee0 \| Get date 0x12ee0: mov cx, cx 0x12ee2: cmp dh, 0xb 0x12ee5: jne 0x12ef9 0x12ee7: cmp dl, 0x19 0x12eea: jne 0x12ef9 0x12eec: add ch, 0 0x12eef: mov cl, cl 0x12ef1: call 0x13082 0x12ef4: add dx, 0 0x12ef7: mov bh, bh 0x12ef9: mov bh, bh 0x12efb: add ax, 0 0x12efe: push cs 0x12eff: pop es 0x12f00: sub ah, 0 0x12f03: mov ch, ch 0x12f05: mov si, 0x148 0x12f08: cmp word ptr [bp + si + 1], 0x414c 0x12f0d: jne 0x12f22 0x12f0f: mov dx, dx
2018-12-25T12:03:01.314117262Z	185	PC: 12f17 \| UNKNOWN!
2018-12-25T12:03:01.315662242Z	74	PC: 12b8e \| Reallocate memory
2018-12-25T12:03:01.317308384Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:01.32045242Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:01.322187045Z	75	PC: 12c49 \| Execute program
2018-12-25T12:03:01.338793226Z	9	PC: 138c6 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:01.36914815Z	42	PC: 13740 \| Get date 0x13740: mov cx, cx 0x13742: cmp dh, 0xb 0x13745: jne 0x13759 0x13747: cmp dl, 0x19 0x1374a: jne 0x13759 0x1374c: add ch, 0 0x1374f: mov cl, cl 0x13751: call 0x138e2 0x13754: add dx, 0 0x13757: mov bh, bh 0x13759: mov bh, bh 0x1375b: add ax, 0 0x1375e: push cs 0x1375f: pop es 0x13760: sub ah, 0 0x13763: mov ch, ch 0x13765: mov si, 0x148 0x13768: cmp word ptr [bp + si + 1], 0x414c 0x1376d: jne 0x13782 0x1376f: mov dx, dx
2018-12-25T12:03:01.374043359Z	73	PC: 12c62 \| Release memory
2018-12-25T12:03:01.375904418Z	49	PC: 12c78 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')

{"DateBased":true,"Day":25,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7977,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:02.030539171Z	9	PC: 13066 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:02.055769911Z	42	PC: 12ee0 \| Get date 0x12ee0: mov cx, cx 0x12ee2: cmp dh, 0xb 0x12ee5: jne 0x12ef9 0x12ee7: cmp dl, 0x19 0x12eea: jne 0x12ef9 0x12eec: add ch, 0 0x12eef: mov cl, cl 0x12ef1: call 0x13082 0x12ef4: add dx, 0 0x12ef7: mov bh, bh 0x12ef9: mov bh, bh 0x12efb: add ax, 0 0x12efe: push cs 0x12eff: pop es 0x12f00: sub ah, 0 0x12f03: mov ch, ch 0x12f05: mov si, 0x148 0x12f08: cmp word ptr [bp + si + 1], 0x414c 0x12f0d: jne 0x12f22 0x12f0f: mov dx, dx
2018-12-25T12:03:02.05872499Z	185	PC: 12f17 \| UNKNOWN!
2018-12-25T12:03:02.060216857Z	74	PC: 12b8e \| Reallocate memory
2018-12-25T12:03:02.062211607Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:02.064157453Z	37	PC: 12bbb \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:02.067168404Z	75	PC: 12c49 \| Execute program
2018-12-25T12:03:02.081830451Z	9	PC: 138c6 \| Display string (String= ' Yp��PRN kp��9CLOCK')
2018-12-25T12:03:02.106553498Z	42	PC: 13740 \| Get date 0x13740: mov cx, cx 0x13742: cmp dh, 0xb 0x13745: jne 0x13759 0x13747: cmp dl, 0x19 0x1374a: jne 0x13759 0x1374c: add ch, 0 0x1374f: mov cl, cl 0x13751: call 0x138e2 0x13754: add dx, 0 0x13757: mov bh, bh 0x13759: mov bh, bh 0x1375b: add ax, 0 0x1375e: push cs 0x1375f: pop es 0x13760: sub ah, 0 0x13763: mov ch, ch 0x13765: mov si, 0x148 0x13768: cmp word ptr [bp + si + 1], 0x414c 0x1376d: jne 0x13782 0x1376f: mov dx, dx
2018-12-25T12:03:02.111819391Z	73	PC: 12c62 \| Release memory
2018-12-25T12:03:02.112936114Z	49	PC: 12c78 \| Terminate and stay resident (Return code = '1' \| Memory size = '128')