Sample viewer

vx.netlux.org/Virus.DOS.MTZ.Pink.5081

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:57:18.321433524Z	48	PC: 140a4 \| Get DOS version
2018-12-17T21:57:18.323487124Z	48	PC: 140ae \| Get DOS version
2018-12-17T21:57:18.325355647Z	88	PC: 15254 \| case 0xGet or set allocation strateg:
2018-12-17T21:57:18.326931922Z	88	PC: 15262 \| case 0xGet or set allocation strateg:
2018-12-17T21:57:18.329466466Z	74	PC: 152ae \| Reallocate memory
2018-12-17T21:57:18.331300247Z	72	PC: 152b6 \| Allocate memory
2018-12-17T21:57:18.333237286Z	82	PC: 143f8 \| Get DOS internal pointers (SYSVARS)
2018-12-17T21:57:18.335973736Z	42	PC: 14141 \| Get date 0x14141: cmp dh, 0xc 0x14144: jne 0x14153 0x14146: cmp dl, 0x1f 0x14149: jne 0x14153 0x1414b: lea dx, word ptr [bp + 0x91] 0x1414f: mov ah, 9 0x14151: int 0x21 0x14153: mov bx, word ptr cs:[bp + 0x399] 0x14158: mov cx, word ptr cs:[bp + 0x1125] 0x1415d: mov dx, word ptr cs:[bp + 0x1123] 0x14162: mov si, word ptr cs:[bp + 0x1121] 0x14167: mov di, word ptr cs:[bp + 0x111f] 0x1416c: mov ax, bx 0x1416e: add ax, 0x10 0x14171: add ax, cx 0x14173: mov sp, dx 0x14175: mov ss, ax 0x14177: mov ax, bx 0x14179: add ax, 0x10 0x1417c: add ax, si
2018-12-17T21:57:18.338839019Z	76	PC: 12aa4 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":799,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:54.027491593Z	48	PC: 140a4 \| Get DOS version
2018-12-25T11:41:54.029431499Z	48	PC: 140ae \| Get DOS version
2018-12-25T11:41:54.030936853Z	88	PC: 15254 \| case 0xGet or set allocation strateg:
2018-12-25T11:41:54.032027241Z	88	PC: 15262 \| case 0xGet or set allocation strateg:
2018-12-25T11:41:54.034119659Z	74	PC: 152ae \| Reallocate memory
2018-12-25T11:41:54.035586193Z	72	PC: 152b6 \| Allocate memory
2018-12-25T11:41:54.037756506Z	82	PC: 143f8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:41:54.040572326Z	42	PC: 14141 \| Get date 0x14141: cmp dh, 0xc 0x14144: jne 0x14153 0x14146: cmp dl, 0x1f 0x14149: jne 0x14153 0x1414b: lea dx, word ptr [bp + 0x91] 0x1414f: mov ah, 9 0x14151: int 0x21 0x14153: mov bx, word ptr cs:[bp + 0x399] 0x14158: mov cx, word ptr cs:[bp + 0x1125] 0x1415d: mov dx, word ptr cs:[bp + 0x1123] 0x14162: mov si, word ptr cs:[bp + 0x1121] 0x14167: mov di, word ptr cs:[bp + 0x111f] 0x1416c: mov ax, bx 0x1416e: add ax, 0x10 0x14171: add ax, cx 0x14173: mov sp, dx 0x14175: mov ss, ax 0x14177: mov ax, bx 0x14179: add ax, 0x10 0x1417c: add ax, si
2018-12-25T11:41:54.043047789Z	76	PC: 12aa4 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":799,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:54.027532757Z	48	PC: 140a4 \| Get DOS version
2018-12-25T11:41:54.029013485Z	48	PC: 140ae \| Get DOS version
2018-12-25T11:41:54.030992383Z	88	PC: 15254 \| case 0xGet or set allocation strateg:
2018-12-25T11:41:54.032711939Z	88	PC: 15262 \| case 0xGet or set allocation strateg:
2018-12-25T11:41:54.034665291Z	74	PC: 152ae \| Reallocate memory
2018-12-25T11:41:54.043029008Z	72	PC: 152b6 \| Allocate memory
2018-12-25T11:41:54.045342587Z	82	PC: 143f8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:41:54.047900312Z	42	PC: 14141 \| Get date 0x14141: cmp dh, 0xc 0x14144: jne 0x14153 0x14146: cmp dl, 0x1f 0x14149: jne 0x14153 0x1414b: lea dx, word ptr [bp + 0x91] 0x1414f: mov ah, 9 0x14151: int 0x21 0x14153: mov bx, word ptr cs:[bp + 0x399] 0x14158: mov cx, word ptr cs:[bp + 0x1125] 0x1415d: mov dx, word ptr cs:[bp + 0x1123] 0x14162: mov si, word ptr cs:[bp + 0x1121] 0x14167: mov di, word ptr cs:[bp + 0x111f] 0x1416c: mov ax, bx 0x1416e: add ax, 0x10 0x14171: add ax, cx 0x14173: mov sp, dx 0x14175: mov ss, ax 0x14177: mov ax, bx 0x14179: add ax, 0x10 0x1417c: add ax, si
2018-12-25T11:41:54.050991Z	76	PC: 12aa4 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":31,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":799,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:41:54.17142084Z	48	PC: 140a4 \| Get DOS version
2018-12-25T11:41:54.173212557Z	48	PC: 140ae \| Get DOS version
2018-12-25T11:41:54.175074706Z	88	PC: 15254 \| case 0xGet or set allocation strateg:
2018-12-25T11:41:54.176767989Z	88	PC: 15262 \| case 0xGet or set allocation strateg:
2018-12-25T11:41:54.178663322Z	74	PC: 152ae \| Reallocate memory
2018-12-25T11:41:54.180758599Z	72	PC: 152b6 \| Allocate memory
2018-12-25T11:41:54.182981381Z	82	PC: 143f8 \| Get DOS internal pointers (SYSVARS)
2018-12-25T11:41:54.185973554Z	42	PC: 14141 \| Get date 0x14141: cmp dh, 0xc 0x14144: jne 0x14153 0x14146: cmp dl, 0x1f 0x14149: jne 0x14153 0x1414b: lea dx, word ptr [bp + 0x91] 0x1414f: mov ah, 9 0x14151: int 0x21 0x14153: mov bx, word ptr cs:[bp + 0x399] 0x14158: mov cx, word ptr cs:[bp + 0x1125] 0x1415d: mov dx, word ptr cs:[bp + 0x1123] 0x14162: mov si, word ptr cs:[bp + 0x1121] 0x14167: mov di, word ptr cs:[bp + 0x111f] 0x1416c: mov ax, bx 0x1416e: add ax, 0x10 0x14171: add ax, cx 0x14173: mov sp, dx 0x14175: mov ss, ax 0x14177: mov ax, bx 0x14179: add ax, 0x10 0x1417c: add ax, si
2018-12-25T11:41:54.189534197Z	9	PC: 14153 \| Display string (Could not find end pointer)
2018-12-25T11:41:54.196314598Z	76	PC: 12aa4 \| Terminate with return code (Return code = '0')