Sample viewer

vx.netlux.org/Virus.DOS.Normal.789

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:17.610315989Z 254 PC: 1516b | UNKNOWN!
2018-12-17T22:44:17.611808248Z 53 PC: 1518b | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-17T22:44:17.613395672Z 53 PC: 15198 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:17.615333039Z 37 PC: 151b9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:17.617925123Z 37 PC: 151bf | Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-17T22:44:17.619428903Z 42 PC: 151c6 | Get date 0x151c6: cmp dx, 0xc01
0x151ca: jbe 0x151e2
0x151cc: cmp al, 5
0x151ce: jne 0x151e2
0x151d0: mov ah, 9
0x151d2: add si, 0x1b4
0x151d6: push si
0x151d7: pop dx
0x151d8: mov cx, 0x29
0x151db: not byte ptr [si]
0x151dd: inc si
0x151de: loop 0x151db
0x151e0: int 0x21
0x151e2: pop si
0x151e3: cmp word ptr [si + 0x1ac], 0x100
0x151e9: jne 0x151f9
0x151eb: mov ax, word ptr [si + 0x1b0]
0x151ef: mov word ptr [0x100], ax
0x151f2: mov ax, word ptr [si + 0x1b2]
0x151f6: mov word ptr [0x102], ax
2018-12-17T22:44:17.622011223Z 9 PC: 15146 | Display string (String= ' � From a collection of viruses Sergey Mastykov. � Belarus, 210008, Vitebsk-8, mailbox 6. � Voice/Data V34+, HST [+375 (0212) 33-14-58] � E-mail � FidoNet (2:453/4.14) ')
2018-12-17T22:44:17.635436912Z 76 PC: 1514a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8163,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:36.217344998Z 254 PC: 1516b | UNKNOWN!
2018-12-25T12:03:36.219092803Z 53 PC: 1518b | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:03:36.220304033Z 53 PC: 15198 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:36.221707953Z 37 PC: 151b9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:36.230819581Z 37 PC: 151bf | Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-25T12:03:36.232374497Z 42 PC: 151c6 | Get date 0x151c6: cmp dx, 0xc01
0x151ca: jbe 0x151e2
0x151cc: cmp al, 5
0x151ce: jne 0x151e2
0x151d0: mov ah, 9
0x151d2: add si, 0x1b4
0x151d6: push si
0x151d7: pop dx
0x151d8: mov cx, 0x29
0x151db: not byte ptr [si]
0x151dd: inc si
0x151de: loop 0x151db
0x151e0: int 0x21
0x151e2: pop si
0x151e3: cmp word ptr [si + 0x1ac], 0x100
0x151e9: jne 0x151f9
0x151eb: mov ax, word ptr [si + 0x1b0]
0x151ef: mov word ptr [0x100], ax
0x151f2: mov ax, word ptr [si + 0x1b2]
0x151f6: mov word ptr [0x102], ax
2018-12-25T12:03:36.234880885Z 9 PC: 15146 | Display string (String= ' � From a collection of viruses Sergey Mastykov. � Belarus, 210008, Vitebsk-8, mailbox 6. � Voice/Data V34+, HST [+375 (0212) 33-14-58] � E-mail � FidoNet (2:453/4.14) ')
2018-12-25T12:03:36.24852454Z 76 PC: 1514a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8163,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:36.314910582Z 254 PC: 1516b | UNKNOWN!
2018-12-25T12:03:36.315972637Z 53 PC: 1518b | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:03:36.317812871Z 53 PC: 15198 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:36.31934073Z 37 PC: 151b9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:36.320795877Z 37 PC: 151bf | Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-25T12:03:36.323001148Z 42 PC: 151c6 | Get date 0x151c6: cmp dx, 0xc01
0x151ca: jbe 0x151e2
0x151cc: cmp al, 5
0x151ce: jne 0x151e2
0x151d0: mov ah, 9
0x151d2: add si, 0x1b4
0x151d6: push si
0x151d7: pop dx
0x151d8: mov cx, 0x29
0x151db: not byte ptr [si]
0x151dd: inc si
0x151de: loop 0x151db
0x151e0: int 0x21
0x151e2: pop si
0x151e3: cmp word ptr [si + 0x1ac], 0x100
0x151e9: jne 0x151f9
0x151eb: mov ax, word ptr [si + 0x1b0]
0x151ef: mov word ptr [0x100], ax
0x151f2: mov ax, word ptr [si + 0x1b2]
0x151f6: mov word ptr [0x102], ax
2018-12-25T12:03:36.325445017Z 9 PC: 15146 | Display string (String= ' � From a collection of viruses Sergey Mastykov. � Belarus, 210008, Vitebsk-8, mailbox 6. � Voice/Data V34+, HST [+375 (0212) 33-14-58] � E-mail � FidoNet (2:453/4.14) ')
2018-12-25T12:03:36.337671578Z 76 PC: 1514a | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8163,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:36.397830616Z 254 PC: 1516b | UNKNOWN!
2018-12-25T12:03:36.399326644Z 53 PC: 1518b | Get interrupt vector (Interrupt = '32' AKA 'Reserved')
2018-12-25T12:03:36.400753109Z 53 PC: 15198 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:36.402176508Z 37 PC: 151b9 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:36.404740168Z 37 PC: 151bf | Set interrupt vector (Interrupt = '80' AKA 'Set current PSP')
2018-12-25T12:03:36.405971132Z 42 PC: 151c6 | Get date 0x151c6: cmp dx, 0xc01
0x151ca: jbe 0x151e2
0x151cc: cmp al, 5
0x151ce: jne 0x151e2
0x151d0: mov ah, 9
0x151d2: add si, 0x1b4
0x151d6: push si
0x151d7: pop dx
0x151d8: mov cx, 0x29
0x151db: not byte ptr [si]
0x151dd: inc si
0x151de: loop 0x151db
0x151e0: int 0x21
0x151e2: pop si
0x151e3: cmp word ptr [si + 0x1ac], 0x100
0x151e9: jne 0x151f9
0x151eb: mov ax, word ptr [si + 0x1b0]
0x151ef: mov word ptr [0x100], ax
0x151f2: mov ax, word ptr [si + 0x1b2]
0x151f6: mov word ptr [0x102], ax
2018-12-25T12:03:36.40819157Z 9 PC: 15146 | Display string (String= ' � From a collection of viruses Sergey Mastykov. � Belarus, 210008, Vitebsk-8, mailbox 6. � Voice/Data V34+, HST [+375 (0212) 33-14-58] � E-mail � FidoNet (2:453/4.14) ')
2018-12-25T12:03:36.420327889Z 76 PC: 1514a | Terminate with return code (Return code = '36')