Sample viewer

vx.netlux.org/Virus.DOS.Sauron.1088

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:44.235423032Z	48	PC: 1523d \| Get DOS version
2018-12-17T22:43:44.237813172Z	42	PC: 12d7a \| Get date 0x12d7a: cmp dh, 3 0x12d7d: jne 0x12dcb 0x12d7f: jmp 0x12d9a 0x12d81: nop 0x12d82: xchg ax, bx 0x12d83: mov al, byte ptr [0xafb3] 0x12d86: stosw word ptr es:[di], ax 0x12d87: test ax, 0xa25a 0x12d8a: stosw word ptr es:[di], ax 0x12d8b: push di 0x12d8c: movsb byte ptr es:[di], byte ptr [si] 0x12d8d: movsb byte ptr es:[di], byte ptr [si] 0x12d8e: test al, 0x53 0x12d90: xchg ax, si 0x12d91: xchg ax, si 0x12d92: xchg ax, cx 0x12d93: xchg ax, bx 0x12d94: pop sp 0x12d95: xor al, 0x33 0x12d97: xor dh, byte ptr [bx + di]
2018-12-17T22:43:44.240082474Z	74	PC: 12dde \| Reallocate memory
2018-12-17T22:43:44.241495638Z	48	PC: 12de2 \| Get DOS version
2018-12-17T22:43:44.243416295Z	75	PC: 12e67 \| Execute program
2018-12-17T22:43:44.260738409Z	9	PC: 1554a \| Display string (Could not find end pointer)
2018-12-17T22:43:44.265099079Z	76	PC: 15550 \| Terminate with return code (Return code = '0')
2018-12-17T22:43:44.268547816Z	73	PC: 12e72 \| Release memory
2018-12-17T22:43:44.271175892Z	49	PC: 12e80 \| Terminate and stay resident (Return code = '0' \| Memory size = '90')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7978,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:02.38063079Z	48	PC: 1523d \| Get DOS version
2018-12-25T12:03:02.391393143Z	42	PC: 12d7a \| Get date 0x12d7a: cmp dh, 3 0x12d7d: jne 0x12dcb 0x12d7f: jmp 0x12d9a 0x12d81: nop 0x12d82: xchg ax, bx 0x12d83: mov al, byte ptr [0xafb3] 0x12d86: stosw word ptr es:[di], ax 0x12d87: test ax, 0xa25a 0x12d8a: stosw word ptr es:[di], ax 0x12d8b: push di 0x12d8c: movsb byte ptr es:[di], byte ptr [si] 0x12d8d: movsb byte ptr es:[di], byte ptr [si] 0x12d8e: test al, 0x53 0x12d90: xchg ax, si 0x12d91: xchg ax, si 0x12d92: xchg ax, cx 0x12d93: xchg ax, bx 0x12d94: pop sp 0x12d95: xor al, 0x33 0x12d97: xor dh, byte ptr [bx + di]
2018-12-25T12:03:02.3934296Z	74	PC: 12dde \| Reallocate memory
2018-12-25T12:03:02.394624729Z	48	PC: 12de2 \| Get DOS version
2018-12-25T12:03:02.395994725Z	75	PC: 12e67 \| Execute program
2018-12-25T12:03:02.410799467Z	9	PC: 1554a \| Display string (Could not find end pointer)
2018-12-25T12:03:02.41612432Z	76	PC: 15550 \| Terminate with return code (Return code = '0')
2018-12-25T12:03:02.419433352Z	73	PC: 12e72 \| Release memory
2018-12-25T12:03:02.4209554Z	49	PC: 12e80 \| Terminate and stay resident (Return code = '0' \| Memory size = '90')

{"DateBased":true,"Day":1,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":7978,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:02.458553388Z	48	PC: 1523d \| Get DOS version
2018-12-25T12:03:02.4600514Z	42	PC: 12d7a \| Get date 0x12d7a: cmp dh, 3 0x12d7d: jne 0x12dcb 0x12d7f: jmp 0x12d9a 0x12d81: nop 0x12d82: xchg ax, bx 0x12d83: mov al, byte ptr [0xafb3] 0x12d86: stosw word ptr es:[di], ax 0x12d87: test ax, 0xa25a 0x12d8a: stosw word ptr es:[di], ax 0x12d8b: push di 0x12d8c: movsb byte ptr es:[di], byte ptr [si] 0x12d8d: movsb byte ptr es:[di], byte ptr [si] 0x12d8e: test al, 0x53 0x12d90: xchg ax, si 0x12d91: xchg ax, si 0x12d92: xchg ax, cx 0x12d93: xchg ax, bx 0x12d94: pop sp 0x12d95: xor al, 0x33 0x12d97: xor dh, byte ptr [bx + di]
2018-12-25T12:03:02.462714578Z	2	PC: 12dae \| Character output (Char = '53')
2018-12-25T12:03:02.465276898Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.467550668Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.468928225Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.470364259Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.472221659Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.474182011Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.475829093Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.477422307Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.479312743Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.481238976Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.483365776Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.486205537Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.488617523Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.491469415Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.510804811Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.512606059Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.514969626Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.526014682Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.52804367Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.529881361Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.532213444Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.534013995Z	2	PC: 12dae \| Character output (See above)
2018-12-25T12:03:02.535700323Z	2	PC: 12dae \| Character output (See above)