Sample viewer

vx.netlux.org/Virus.DOS.Tourofduty.1600.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:06.001334596Z	61	PC: 12fe2 \| Open file (Filename = 'º')
2018-12-17T22:44:06.008559525Z	42	PC: 12ff7 \| Get date 0x12ff7: cmp cx, 0x7d0 0x12ffb: jne 0x13009 0x12ffd: cmp dx, 0x101 0x13001: jne 0x13009 0x13003: mov byte ptr cs:[bp + 0x5ca], 1 0x13009: ret 0x1300a: add byte ptr [si + 0x76], bl 0x1300d: js 0x1303d 0x1300f: jo 0x13084 0x13011: add byte ptr [bx + di + 0x4e], ah 0x13014: push sp 0x13015: imul bp, word ptr [di], 0x6956 0x13019: push dx 0x1301a: inc sp 0x1301c: inc cx 0x1301d: push sp 0x1301e: add byte ptr [bp + di + 0x48], ah 0x13021: dec bx 0x13022: dec sp 0x13023: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-17T22:44:06.011584036Z	192	PC: 12a66 \| UNKNOWN!
2018-12-17T22:44:06.012566531Z	74	PC: 12ac6 \| Reallocate memory
2018-12-17T22:44:06.014621931Z	74	PC: 12ace \| Reallocate memory
2018-12-17T22:44:06.017219961Z	72	PC: 12ad5 \| Allocate memory
2018-12-17T22:44:06.01884339Z	53	PC: 12af4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:06.020132722Z	37	PC: 12b05 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8104,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:22.853953632Z	61	PC: 12fe2 \| Open file (Filename = 'º')
2018-12-25T12:03:22.863533679Z	42	PC: 12ff7 \| Get date 0x12ff7: cmp cx, 0x7d0 0x12ffb: jne 0x13009 0x12ffd: cmp dx, 0x101 0x13001: jne 0x13009 0x13003: mov byte ptr cs:[bp + 0x5ca], 1 0x13009: ret 0x1300a: add byte ptr [si + 0x76], bl 0x1300d: js 0x1303d 0x1300f: jo 0x13084 0x13011: add byte ptr [bx + di + 0x4e], ah 0x13014: push sp 0x13015: imul bp, word ptr [di], 0x6956 0x13019: push dx 0x1301a: inc sp 0x1301c: inc cx 0x1301d: push sp 0x1301e: add byte ptr [bp + di + 0x48], ah 0x13021: dec bx 0x13022: dec sp 0x13023: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:03:22.865849061Z	192	PC: 12a66 \| UNKNOWN!
2018-12-25T12:03:22.866713852Z	74	PC: 12ac6 \| Reallocate memory
2018-12-25T12:03:22.868377612Z	74	PC: 12ace \| Reallocate memory
2018-12-25T12:03:22.870524368Z	72	PC: 12ad5 \| Allocate memory
2018-12-25T12:03:22.872089706Z	53	PC: 12af4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:22.873218152Z	37	PC: 12b05 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8104,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:23.007421683Z	61	PC: 12fe2 \| Open file (Filename = 'º')
2018-12-25T12:03:23.014600849Z	42	PC: 12ff7 \| Get date 0x12ff7: cmp cx, 0x7d0 0x12ffb: jne 0x13009 0x12ffd: cmp dx, 0x101 0x13001: jne 0x13009 0x13003: mov byte ptr cs:[bp + 0x5ca], 1 0x13009: ret 0x1300a: add byte ptr [si + 0x76], bl 0x1300d: js 0x1303d 0x1300f: jo 0x13084 0x13011: add byte ptr [bx + di + 0x4e], ah 0x13014: push sp 0x13015: imul bp, word ptr [di], 0x6956 0x13019: push dx 0x1301a: inc sp 0x1301c: inc cx 0x1301d: push sp 0x1301e: add byte ptr [bp + di + 0x48], ah 0x13021: dec bx 0x13022: dec sp 0x13023: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:03:23.01789098Z	192	PC: 12a66 \| UNKNOWN!
2018-12-25T12:03:23.018608401Z	74	PC: 12ac6 \| Reallocate memory
2018-12-25T12:03:23.02024389Z	74	PC: 12ace \| Reallocate memory
2018-12-25T12:03:23.022262479Z	72	PC: 12ad5 \| Allocate memory
2018-12-25T12:03:23.024082955Z	53	PC: 12af4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:23.025551284Z	37	PC: 12b05 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:23.027400317Z	53	PC: 12b12 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:03:23.028739517Z	37	PC: 12b22 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8104,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:23.338774507Z	61	PC: 12fe2 \| Open file (Filename = 'º')
2018-12-25T12:03:23.345294989Z	42	PC: 12ff7 \| Get date 0x12ff7: cmp cx, 0x7d0 0x12ffb: jne 0x13009 0x12ffd: cmp dx, 0x101 0x13001: jne 0x13009 0x13003: mov byte ptr cs:[bp + 0x5ca], 1 0x13009: ret 0x1300a: add byte ptr [si + 0x76], bl 0x1300d: js 0x1303d 0x1300f: jo 0x13084 0x13011: add byte ptr [bx + di + 0x4e], ah 0x13014: push sp 0x13015: imul bp, word ptr [di], 0x6956 0x13019: push dx 0x1301a: inc sp 0x1301c: inc cx 0x1301d: push sp 0x1301e: add byte ptr [bp + di + 0x48], ah 0x13021: dec bx 0x13022: dec sp 0x13023: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:03:23.34741673Z	192	PC: 12a66 \| UNKNOWN!
2018-12-25T12:03:23.348142812Z	74	PC: 12ac6 \| Reallocate memory
2018-12-25T12:03:23.350297254Z	74	PC: 12ace \| Reallocate memory
2018-12-25T12:03:23.351591862Z	72	PC: 12ad5 \| Allocate memory
2018-12-25T12:03:23.353054318Z	53	PC: 12af4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:23.354557524Z	37	PC: 12b05 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')