Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Mem.1217

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:49.778175791Z	48	PC: 1518c \| Get DOS version
2018-12-17T22:43:49.780035925Z	42	PC: 15352 \| Get date 0x15352: add dl, 5 0x15355: cmp dh, dl 0x15357: jne 0x15383 0x15359: cmp al, 4 0x1535b: jb 0x15383 0x1535d: cmp cx, 0x7cb 0x15361: jb 0x15383 0x15363: mov ah, 0x2c 0x15365: int 0x21 0x15367: and dh, 7 0x1536a: jne 0x15383 0x1536c: call 0x15384 0x1536f: mov ah, 9 0x15371: lea dx, word ptr [bp + 0x3bb] 0x15375: int 0x21 0x15377: mov ax, 2 0x1537a: mov cx, 0xa 0x1537d: cli 0x1537e: cdq 0x1537f: int 0x26
2018-12-17T22:43:49.786439702Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T22:43:49.78892529Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T22:43:49.801065101Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8009,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:07.085021657Z	48	PC: 1518c \| Get DOS version
2018-12-25T12:03:07.088227247Z	42	PC: 15352 \| Get date 0x15352: add dl, 5 0x15355: cmp dh, dl 0x15357: jne 0x15383 0x15359: cmp al, 4 0x1535b: jb 0x15383 0x1535d: cmp cx, 0x7cb 0x15361: jb 0x15383 0x15363: mov ah, 0x2c 0x15365: int 0x21 0x15367: and dh, 7 0x1536a: jne 0x15383 0x1536c: call 0x15384 0x1536f: mov ah, 9 0x15371: lea dx, word ptr [bp + 0x3bb] 0x15375: int 0x21 0x15377: mov ax, 2 0x1537a: mov cx, 0xa 0x1537d: cli 0x1537e: cdq 0x1537f: int 0x26
2018-12-25T12:03:07.093946629Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:03:07.096386618Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:03:07.118452324Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8009,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:07.618012159Z	48	PC: 1518c \| Get DOS version
2018-12-25T12:03:07.620762562Z	42	PC: 15352 \| Get date 0x15352: add dl, 5 0x15355: cmp dh, dl 0x15357: jne 0x15383 0x15359: cmp al, 4 0x1535b: jb 0x15383 0x1535d: cmp cx, 0x7cb 0x15361: jb 0x15383 0x15363: mov ah, 0x2c 0x15365: int 0x21 0x15367: and dh, 7 0x1536a: jne 0x15383 0x1536c: call 0x15384 0x1536f: mov ah, 9 0x15371: lea dx, word ptr [bp + 0x3bb] 0x15375: int 0x21 0x15377: mov ax, 2 0x1537a: mov cx, 0xa 0x1537d: cli 0x1537e: cdq 0x1537f: int 0x26
2018-12-25T12:03:07.625844512Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:03:07.628554882Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:03:07.641283087Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8009,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:07.871506594Z	48	PC: 1518c \| Get DOS version
2018-12-25T12:03:07.873169531Z	42	PC: 15352 \| Get date 0x15352: add dl, 5 0x15355: cmp dh, dl 0x15357: jne 0x15383 0x15359: cmp al, 4 0x1535b: jb 0x15383 0x1535d: cmp cx, 0x7cb 0x15361: jb 0x15383 0x15363: mov ah, 0x2c 0x15365: int 0x21 0x15367: and dh, 7 0x1536a: jne 0x15383 0x1536c: call 0x15384 0x1536f: mov ah, 9 0x15371: lea dx, word ptr [bp + 0x3bb] 0x15375: int 0x21 0x15377: mov ax, 2 0x1537a: mov cx, 0xa 0x1537d: cli 0x1537e: cdq 0x1537f: int 0x26
2018-12-25T12:03:07.877131508Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:03:07.879345009Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:03:07.890747015Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8009,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:08.021538496Z	48	PC: 1518c \| Get DOS version
2018-12-25T12:03:08.023619681Z	42	PC: 15352 \| Get date 0x15352: add dl, 5 0x15355: cmp dh, dl 0x15357: jne 0x15383 0x15359: cmp al, 4 0x1535b: jb 0x15383 0x1535d: cmp cx, 0x7cb 0x15361: jb 0x15383 0x15363: mov ah, 0x2c 0x15365: int 0x21 0x15367: and dh, 7 0x1536a: jne 0x15383 0x1536c: call 0x15384 0x1536f: mov ah, 9 0x15371: lea dx, word ptr [bp + 0x3bb] 0x15375: int 0x21 0x15377: mov ax, 2 0x1537a: mov cx, 0xa 0x1537d: cli 0x1537e: cdq 0x1537f: int 0x26
2018-12-25T12:03:08.025993276Z	44	PC: 15367 \| Get time 0x15367: and dh, 7 0x1536a: jne 0x15383 0x1536c: call 0x15384 0x1536f: mov ah, 9 0x15371: lea dx, word ptr [bp + 0x3bb] 0x15375: int 0x21 0x15377: mov ax, 2 0x1537a: mov cx, 0xa 0x1537d: cli 0x1537e: cdq 0x1537f: int 0x26 0x15381: cli 0x15382: hlt 0x15383: ret 0x15384: push si 0x15385: push di 0x15386: push bp 0x15387: call 0x1538a 0x1538a: pop di 0x1538b: sub di, 0x23a
2018-12-25T12:03:08.030259119Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:03:08.033015054Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:03:08.043655151Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')