Sample viewer

vx.netlux.org/Virus.DOS.Companion.Axypt.1930

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:43:53.133262922Z	26	PC: 12a47 \| Set disk transfer address
2018-12-17T22:43:53.136721237Z	71	PC: 12a6e \| Get current directory
2018-12-17T22:43:53.140670965Z	78	PC: 12b00 \| Find first file
2018-12-17T22:43:53.147198956Z	59	PC: 12ad1 \| Change current directory
2018-12-17T22:43:53.152083159Z	59	PC: 12ada \| Change current directory
2018-12-17T22:43:53.159611158Z	59	PC: 12b9e \| Change current directory
2018-12-17T22:43:53.164867079Z	59	PC: 12ba5 \| Change current directory
2018-12-17T22:43:53.167074946Z	74	PC: 12bb5 \| Reallocate memory
2018-12-17T22:43:53.171100347Z	26	PC: 12bbc \| Set disk transfer address
2018-12-17T22:43:53.172509473Z	75	PC: 12bcc \| Execute program
2018-12-17T22:43:53.17928584Z	9	PC: 12bd5 \| Display string (String= 'Befehl oder Dateiname nicht gefunden ')
2018-12-17T22:43:53.18444Z	42	PC: 12bdd \| Get date 0x12bdd: cmp dh, 6 0x12be0: jne 0x12c31 0x12be2: cmp dl, 0xe 0x12be5: jl 0x12c31 0x12be7: jg 0x12c21 0x12be9: mov dx, 0x215 0x12bec: mov ah, 9 0x12bee: int 0x21 0x12bf0: mov dx, 0x131 0x12bf3: int 0x21 0x12bf5: xor ax, ax 0x12bf7: mov dx, 0x80 0x12bfa: int 0x13 0x12bfc: mov ax, 0x201 0x12bff: mov cx, 1 0x12c02: mov bx, 0x3cd 0x12c05: int 0x13 0x12c07: mov cx, 0x200 0x12c0a: mov si, 0x3cd 0x12c0d: xor byte ptr [si], 0x28

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8027,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:12.610576666Z	26	PC: 12a47 \| Set disk transfer address
2018-12-25T12:03:12.61379798Z	71	PC: 12a6e \| Get current directory
2018-12-25T12:03:12.616384803Z	78	PC: 12b00 \| Find first file
2018-12-25T12:03:12.621944171Z	59	PC: 12ad1 \| Change current directory
2018-12-25T12:03:12.626619794Z	59	PC: 12ada \| Change current directory
2018-12-25T12:03:12.632123501Z	59	PC: 12b9e \| Change current directory
2018-12-25T12:03:12.640556157Z	59	PC: 12ba5 \| Change current directory
2018-12-25T12:03:12.642413235Z	74	PC: 12bb5 \| Reallocate memory
2018-12-25T12:03:12.643812188Z	26	PC: 12bbc \| Set disk transfer address
2018-12-25T12:03:12.644814122Z	75	PC: 12bcc \| Execute program
2018-12-25T12:03:12.656311163Z	9	PC: 12bd5 \| Display string (String= 'Befehl oder Dateiname nicht gefunden ')
2018-12-25T12:03:12.661397396Z	42	PC: 12bdd \| Get date 0x12bdd: cmp dh, 6 0x12be0: jne 0x12c31 0x12be2: cmp dl, 0xe 0x12be5: jl 0x12c31 0x12be7: jg 0x12c21 0x12be9: mov dx, 0x215 0x12bec: mov ah, 9 0x12bee: int 0x21 0x12bf0: mov dx, 0x131 0x12bf3: int 0x21 0x12bf5: xor ax, ax 0x12bf7: mov dx, 0x80 0x12bfa: int 0x13 0x12bfc: mov ax, 0x201 0x12bff: mov cx, 1 0x12c02: mov bx, 0x3cd 0x12c05: int 0x13 0x12c07: mov cx, 0x200 0x12c0a: mov si, 0x3cd 0x12c0d: xor byte ptr [si], 0x28

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8027,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:14.885128878Z	26	PC: 12a47 \| Set disk transfer address
2018-12-25T12:03:14.886735236Z	71	PC: 12a6e \| Get current directory
2018-12-25T12:03:14.88953677Z	78	PC: 12b00 \| Find first file
2018-12-25T12:03:14.895330255Z	59	PC: 12ad1 \| Change current directory
2018-12-25T12:03:14.9042129Z	59	PC: 12ada \| Change current directory
2018-12-25T12:03:14.914358273Z	59	PC: 12b9e \| Change current directory
2018-12-25T12:03:14.923001815Z	59	PC: 12ba5 \| Change current directory
2018-12-25T12:03:14.924568866Z	74	PC: 12bb5 \| Reallocate memory
2018-12-25T12:03:14.935040311Z	26	PC: 12bbc \| Set disk transfer address
2018-12-25T12:03:14.936107585Z	75	PC: 12bcc \| Execute program
2018-12-25T12:03:14.945201099Z	9	PC: 12bd5 \| Display string (String= 'Befehl oder Dateiname nicht gefunden ')
2018-12-25T12:03:14.951559365Z	42	PC: 12bdd \| Get date 0x12bdd: cmp dh, 6 0x12be0: jne 0x12c31 0x12be2: cmp dl, 0xe 0x12be5: jl 0x12c31 0x12be7: jg 0x12c21 0x12be9: mov dx, 0x215 0x12bec: mov ah, 9 0x12bee: int 0x21 0x12bf0: mov dx, 0x131 0x12bf3: int 0x21 0x12bf5: xor ax, ax 0x12bf7: mov dx, 0x80 0x12bfa: int 0x13 0x12bfc: mov ax, 0x201 0x12bff: mov cx, 1 0x12c02: mov bx, 0x3cd 0x12c05: int 0x13 0x12c07: mov cx, 0x200 0x12c0a: mov si, 0x3cd 0x12c0d: xor byte ptr [si], 0x28

{"DateBased":true,"Day":14,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8027,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:15.127106235Z	26	PC: 12a47 \| Set disk transfer address
2018-12-25T12:03:15.129255895Z	71	PC: 12a6e \| Get current directory
2018-12-25T12:03:15.132824835Z	78	PC: 12b00 \| Find first file
2018-12-25T12:03:15.13967798Z	59	PC: 12ad1 \| Change current directory
2018-12-25T12:03:15.150495032Z	59	PC: 12ada \| Change current directory
2018-12-25T12:03:15.162782377Z	59	PC: 12b9e \| Change current directory
2018-12-25T12:03:15.167526614Z	59	PC: 12ba5 \| Change current directory
2018-12-25T12:03:15.170047104Z	74	PC: 12bb5 \| Reallocate memory
2018-12-25T12:03:15.172189112Z	26	PC: 12bbc \| Set disk transfer address
2018-12-25T12:03:15.173808294Z	75	PC: 12bcc \| Execute program
2018-12-25T12:03:15.180984941Z	9	PC: 12bd5 \| Display string (String= 'Befehl oder Dateiname nicht gefunden ')
2018-12-25T12:03:15.18887223Z	42	PC: 12bdd \| Get date 0x12bdd: cmp dh, 6 0x12be0: jne 0x12c31 0x12be2: cmp dl, 0xe 0x12be5: jl 0x12c31 0x12be7: jg 0x12c21 0x12be9: mov dx, 0x215 0x12bec: mov ah, 9 0x12bee: int 0x21 0x12bf0: mov dx, 0x131 0x12bf3: int 0x21 0x12bf5: xor ax, ax 0x12bf7: mov dx, 0x80 0x12bfa: int 0x13 0x12bfc: mov ax, 0x201 0x12bff: mov cx, 1 0x12c02: mov bx, 0x3cd 0x12c05: int 0x13 0x12c07: mov cx, 0x200 0x12c0a: mov si, 0x3cd 0x12c0d: xor byte ptr [si], 0x28
2018-12-25T12:03:15.191700427Z	9	PC: 12bf0 \| Display string (String= ' [Cool Times '98] by AXYPT ')
2018-12-25T12:03:15.196530813Z	9	PC: 12bf5 \| Display string (String= 'Dedicated to all persons who have changed my life in the year 1998. Thanx a lot. ')

{"DateBased":true,"Day":15,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8027,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:15.178098337Z	26	PC: 12a47 \| Set disk transfer address
2018-12-25T12:03:15.180035746Z	71	PC: 12a6e \| Get current directory
2018-12-25T12:03:15.182846986Z	78	PC: 12b00 \| Find first file
2018-12-25T12:03:15.188607796Z	59	PC: 12ad1 \| Change current directory
2018-12-25T12:03:15.197894986Z	59	PC: 12ada \| Change current directory
2018-12-25T12:03:15.205712828Z	59	PC: 12b9e \| Change current directory
2018-12-25T12:03:15.212822093Z	59	PC: 12ba5 \| Change current directory
2018-12-25T12:03:15.214471123Z	74	PC: 12bb5 \| Reallocate memory
2018-12-25T12:03:15.217408304Z	26	PC: 12bbc \| Set disk transfer address
2018-12-25T12:03:15.218595454Z	75	PC: 12bcc \| Execute program
2018-12-25T12:03:15.228036097Z	9	PC: 12bd5 \| Display string (String= 'Befehl oder Dateiname nicht gefunden ')
2018-12-25T12:03:15.234878369Z	42	PC: 12bdd \| Get date 0x12bdd: cmp dh, 6 0x12be0: jne 0x12c31 0x12be2: cmp dl, 0xe 0x12be5: jl 0x12c31 0x12be7: jg 0x12c21 0x12be9: mov dx, 0x215 0x12bec: mov ah, 9 0x12bee: int 0x21 0x12bf0: mov dx, 0x131 0x12bf3: int 0x21 0x12bf5: xor ax, ax 0x12bf7: mov dx, 0x80 0x12bfa: int 0x13 0x12bfc: mov ax, 0x201 0x12bff: mov cx, 1 0x12c02: mov bx, 0x3cd 0x12c05: int 0x13 0x12c07: mov cx, 0x200 0x12c0a: mov si, 0x3cd 0x12c0d: xor byte ptr [si], 0x28
2018-12-25T12:03:15.237868152Z	9	PC: 12c2f \| Display string (Could not find end pointer)