Sample viewer

vx.netlux.org/Virus.DOS.BigMouse.900.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:44:08.95499078Z	132	PC: 12e32 \| UNKNOWN!
2018-12-17T22:44:08.956910451Z	42	PC: 9f892 \| Get date 0x9f892: cmp cx, 0x7c9 0x9f896: jb 0x9f8ac 0x9f898: je 0x9f8cc 0x9f89a: cmp dl, 0x17 0x9f89d: jne 0x9f8ac 0x9f89f: mov ah, 9 0x9f8a1: mov dx, 0x428 0x9f8a4: add dx, si 0x9f8a6: int 0x21 0x9f8a8: mov ah, 8 0x9f8aa: int 0x21 0x9f8ac: cld 0x9f8ad: mov bx, es 0x9f8af: mov cx, bx 0x9f8b1: add bx, 0x10 0x9f8b4: add word ptr [si + 0x40c], bx 0x9f8b8: add bx, word ptr [si + 0x40e] 0x9f8bc: pop ax 0x9f8bd: cli 0x9f8be: mov ss, bx

{"DateBased":true,"Day":1,"Month":12,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8119,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:27.674259166Z	132	PC: 12e32 \| UNKNOWN!
2018-12-25T12:03:27.676076666Z	42	PC: 9f892 \| Get date 0x9f892: cmp cx, 0x7c9 0x9f896: jb 0x9f8ac 0x9f898: je 0x9f8cc 0x9f89a: cmp dl, 0x17 0x9f89d: jne 0x9f8ac 0x9f89f: mov ah, 9 0x9f8a1: mov dx, 0x428 0x9f8a4: add dx, si 0x9f8a6: int 0x21 0x9f8a8: mov ah, 8 0x9f8aa: int 0x21 0x9f8ac: cld 0x9f8ad: mov bx, es 0x9f8af: mov cx, bx 0x9f8b1: add bx, 0x10 0x9f8b4: add word ptr [si + 0x40c], bx 0x9f8b8: add bx, word ptr [si + 0x40e] 0x9f8bc: pop ax 0x9f8bd: cli 0x9f8be: mov ss, bx

{"DateBased":true,"Day":1,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8119,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:27.745379058Z	132	PC: 12e32 \| UNKNOWN!
2018-12-25T12:03:27.747022219Z	42	PC: 9f892 \| Get date 0x9f892: cmp cx, 0x7c9 0x9f896: jb 0x9f8ac 0x9f898: je 0x9f8cc 0x9f89a: cmp dl, 0x17 0x9f89d: jne 0x9f8ac 0x9f89f: mov ah, 9 0x9f8a1: mov dx, 0x428 0x9f8a4: add dx, si 0x9f8a6: int 0x21 0x9f8a8: mov ah, 8 0x9f8aa: int 0x21 0x9f8ac: cld 0x9f8ad: mov bx, es 0x9f8af: mov cx, bx 0x9f8b1: add bx, 0x10 0x9f8b4: add word ptr [si + 0x40c], bx 0x9f8b8: add bx, word ptr [si + 0x40e] 0x9f8bc: pop ax 0x9f8bd: cli 0x9f8be: mov ss, bx

{"DateBased":true,"Day":23,"Month":1,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8119,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:27.988120504Z	132	PC: 12e32 \| UNKNOWN!
2018-12-25T12:03:27.989641559Z	42	PC: 9f892 \| Get date 0x9f892: cmp cx, 0x7c9 0x9f896: jb 0x9f8ac 0x9f898: je 0x9f8cc 0x9f89a: cmp dl, 0x17 0x9f89d: jne 0x9f8ac 0x9f89f: mov ah, 9 0x9f8a1: mov dx, 0x428 0x9f8a4: add dx, si 0x9f8a6: int 0x21 0x9f8a8: mov ah, 8 0x9f8aa: int 0x21 0x9f8ac: cld 0x9f8ad: mov bx, es 0x9f8af: mov cx, bx 0x9f8b1: add bx, 0x10 0x9f8b4: add word ptr [si + 0x40c], bx 0x9f8b8: add bx, word ptr [si + 0x40e] 0x9f8bc: pop ax 0x9f8bd: cli 0x9f8be: mov ss, bx
2018-12-25T12:03:27.991580846Z	9	PC: 9f8a8 \| Display string (Could not find end pointer)
2018-12-25T12:03:27.99765547Z	8	PC: 9f8ac \| Console input without echo

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8119,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:28.316948835Z	132	PC: 12e32 \| UNKNOWN!
2018-12-25T12:03:28.318335245Z	42	PC: 9f892 \| Get date 0x9f892: cmp cx, 0x7c9 0x9f896: jb 0x9f8ac 0x9f898: je 0x9f8cc 0x9f89a: cmp dl, 0x17 0x9f89d: jne 0x9f8ac 0x9f89f: mov ah, 9 0x9f8a1: mov dx, 0x428 0x9f8a4: add dx, si 0x9f8a6: int 0x21 0x9f8a8: mov ah, 8 0x9f8aa: int 0x21 0x9f8ac: cld 0x9f8ad: mov bx, es 0x9f8af: mov cx, bx 0x9f8b1: add bx, 0x10 0x9f8b4: add word ptr [si + 0x40c], bx 0x9f8b8: add bx, word ptr [si + 0x40e] 0x9f8bc: pop ax 0x9f8bd: cli 0x9f8be: mov ss, bx

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8119,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:28.860366997Z	132	PC: 12e32 \| UNKNOWN!
2018-12-25T12:03:28.862949199Z	42	PC: 9f892 \| Get date 0x9f892: cmp cx, 0x7c9 0x9f896: jb 0x9f8ac 0x9f898: je 0x9f8cc 0x9f89a: cmp dl, 0x17 0x9f89d: jne 0x9f8ac 0x9f89f: mov ah, 9 0x9f8a1: mov dx, 0x428 0x9f8a4: add dx, si 0x9f8a6: int 0x21 0x9f8a8: mov ah, 8 0x9f8aa: int 0x21 0x9f8ac: cld 0x9f8ad: mov bx, es 0x9f8af: mov cx, bx 0x9f8b1: add bx, 0x10 0x9f8b4: add word ptr [si + 0x40c], bx 0x9f8b8: add bx, word ptr [si + 0x40e] 0x9f8bc: pop ax 0x9f8bd: cli 0x9f8be: mov ss, bx

{"DateBased":true,"Day":23,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8119,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:03:28.965977773Z	132	PC: 12e32 \| UNKNOWN!
2018-12-25T12:03:28.969030709Z	42	PC: 9f892 \| Get date 0x9f892: cmp cx, 0x7c9 0x9f896: jb 0x9f8ac 0x9f898: je 0x9f8cc 0x9f89a: cmp dl, 0x17 0x9f89d: jne 0x9f8ac 0x9f89f: mov ah, 9 0x9f8a1: mov dx, 0x428 0x9f8a4: add dx, si 0x9f8a6: int 0x21 0x9f8a8: mov ah, 8 0x9f8aa: int 0x21 0x9f8ac: cld 0x9f8ad: mov bx, es 0x9f8af: mov cx, bx 0x9f8b1: add bx, 0x10 0x9f8b4: add word ptr [si + 0x40c], bx 0x9f8b8: add bx, word ptr [si + 0x40e] 0x9f8bc: pop ax 0x9f8bd: cli 0x9f8be: mov ss, bx