Sample viewer

vx.netlux.org/Virus.DOS.Yoyo.1271

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:44:24.401429955Z 75 PC: 12ab1 | Execute program
2018-12-17T22:44:24.403694591Z 53 PC: 12a8b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:24.404802076Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:44:24.40614033Z 74 PC: 12aad | Reallocate memory
2018-12-17T22:44:24.408216316Z 53 PC: 12b56 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:24.409390626Z 37 PC: 12b6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:24.410551945Z 67 PC: 12b73 | Get or set file attributes
2018-12-17T22:44:24.416847711Z 67 PC: 12b82 | Get or set file attributes
2018-12-17T22:44:24.452914171Z 61 PC: 12b8c | Open file (Filename = '')
2018-12-17T22:44:24.464369159Z 66 PC: 12b46 | Move file pointer
2018-12-17T22:44:24.467110886Z 66 PC: 12bb2 | Move file pointer
2018-12-17T22:44:24.468702282Z 63 PC: 12bbe | Read file or device (Read 50 bytes on handle 5)
2018-12-17T22:44:24.476028527Z 62 PC: 12c42 | Close file
2018-12-17T22:44:24.478605325Z 67 PC: 12c4a | Get or set file attributes
2018-12-17T22:44:24.488937997Z 37 PC: 12c59 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:44:24.490297274Z 75 PC: 12ae3 | Execute program
2018-12-17T22:44:24.504654186Z 42 PC: 12d67 | Get date 0x12d67: cmp dh, 1
0x12d6a: jne 0x12d78
0x12d6c: cmp dl, 3
0x12d6f: jl 0x12d78
0x12d71: cmp dl, 8
0x12d74: ja 0x12d78
0x12d76: jmp 0x12dbf
0x12d78: mov ax, 0xbabe
0x12d7b: add sp, 0x14
0x12d7e: mov byte ptr cs:[0x1b1], 0
0x12d84: iret
0x12d85: mov byte ptr cs:[0x1b1], 0
0x12d8b: pop bp
0x12d8c: pop ds
0x12d8d: pop es
0x12d8e: pop di
0x12d8f: pop si
0x12d90: popf
0x12d91: pop dx
0x12d92: pop cx
2018-12-17T22:44:24.509464642Z 49 PC: 12aef | Terminate and stay resident (Return code = '1' | Memory size = '96')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8203,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:39.854125902Z 75 PC: 12ab1 | Execute program
2018-12-25T12:03:39.857135286Z 53 PC: 12a8b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:39.858431036Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:39.859674829Z 74 PC: 12aad | Reallocate memory
2018-12-25T12:03:39.861236753Z 53 PC: 12b56 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:39.862878192Z 37 PC: 12b6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:39.863937209Z 67 PC: 12b73 | Get or set file attributes
2018-12-25T12:03:39.869549703Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:03:39.886683208Z 61 PC: 12b8c | Open file (Filename = '')
2018-12-25T12:03:39.893579943Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:03:39.895391224Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:03:39.897448043Z 63 PC: 12bbe | Read file or device (Read 50 bytes on handle 5)
2018-12-25T12:03:39.900673132Z 62 PC: 12c42 | Close file
2018-12-25T12:03:39.90275308Z 67 PC: 12c4a | Get or set file attributes
2018-12-25T12:03:39.913041571Z 37 PC: 12c59 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:39.914291276Z 75 PC: 12ae3 | Execute program
2018-12-25T12:03:39.928770489Z 42 PC: 12d67 | Get date 0x12d67: cmp dh, 1
0x12d6a: jne 0x12d78
0x12d6c: cmp dl, 3
0x12d6f: jl 0x12d78
0x12d71: cmp dl, 8
0x12d74: ja 0x12d78
0x12d76: jmp 0x12dbf
0x12d78: mov ax, 0xbabe
0x12d7b: add sp, 0x14
0x12d7e: mov byte ptr cs:[0x1b1], 0
0x12d84: iret
0x12d85: mov byte ptr cs:[0x1b1], 0
0x12d8b: pop bp
0x12d8c: pop ds
0x12d8d: pop es
0x12d8e: pop di
0x12d8f: pop si
0x12d90: popf
0x12d91: pop dx
0x12d92: pop cx
2018-12-25T12:03:39.933328753Z 49 PC: 12aef | Terminate and stay resident (Return code = '1' | Memory size = '96')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8203,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:39.932666377Z 75 PC: 12ab1 | Execute program
2018-12-25T12:03:39.934531246Z 53 PC: 12a8b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:39.935624128Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:39.936638417Z 74 PC: 12aad | Reallocate memory
2018-12-25T12:03:39.938028903Z 53 PC: 12b56 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:39.939259168Z 37 PC: 12b6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:39.940158258Z 67 PC: 12b73 | Get or set file attributes
2018-12-25T12:03:39.943885911Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:03:40.759398226Z 61 PC: 12b8c | Open file (Filename = '')
2018-12-25T12:03:40.772937121Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:03:40.775483504Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:03:40.777514068Z 63 PC: 12bbe | Read file or device (Read 50 bytes on handle 5)
2018-12-25T12:03:40.785458827Z 62 PC: 12c42 | Close file
2018-12-25T12:03:40.787932946Z 67 PC: 12c4a | Get or set file attributes
2018-12-25T12:03:40.800639795Z 37 PC: 12c59 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:40.802448703Z 75 PC: 12ae3 | Execute program
2018-12-25T12:03:40.818904506Z 42 PC: 12d67 | Get date 0x12d67: cmp dh, 1
0x12d6a: jne 0x12d78
0x12d6c: cmp dl, 3
0x12d6f: jl 0x12d78
0x12d71: cmp dl, 8
0x12d74: ja 0x12d78
0x12d76: jmp 0x12dbf
0x12d78: mov ax, 0xbabe
0x12d7b: add sp, 0x14
0x12d7e: mov byte ptr cs:[0x1b1], 0
0x12d84: iret
0x12d85: mov byte ptr cs:[0x1b1], 0
0x12d8b: pop bp
0x12d8c: pop ds
0x12d8d: pop es
0x12d8e: pop di
0x12d8f: pop si
0x12d90: popf
0x12d91: pop dx
0x12d92: pop cx
2018-12-25T12:03:41.15897658Z 9 PC: 12df8 | Display string (String= ' �P��H��&������X����>rt�硴;�!2��')

{"DateBased":true,"Day":9,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8203,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:40.371536924Z 75 PC: 12ab1 | Execute program
2018-12-25T12:03:40.373671901Z 53 PC: 12a8b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:40.374899623Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:40.376031929Z 74 PC: 12aad | Reallocate memory
2018-12-25T12:03:40.37779445Z 53 PC: 12b56 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:40.379031446Z 37 PC: 12b6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:40.380039269Z 67 PC: 12b73 | Get or set file attributes
2018-12-25T12:03:40.383903225Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:03:40.396727642Z 61 PC: 12b8c | Open file (Filename = '')
2018-12-25T12:03:40.40208122Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:03:40.403131239Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:03:40.404410354Z 63 PC: 12bbe | Read file or device (Read 50 bytes on handle 5)
2018-12-25T12:03:40.40637804Z 62 PC: 12c42 | Close file
2018-12-25T12:03:40.40770239Z 67 PC: 12c4a | Get or set file attributes
2018-12-25T12:03:40.414358821Z 37 PC: 12c59 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:40.417117788Z 75 PC: 12ae3 | Execute program
2018-12-25T12:03:40.433749304Z 42 PC: 12d67 | Get date 0x12d67: cmp dh, 1
0x12d6a: jne 0x12d78
0x12d6c: cmp dl, 3
0x12d6f: jl 0x12d78
0x12d71: cmp dl, 8
0x12d74: ja 0x12d78
0x12d76: jmp 0x12dbf
0x12d78: mov ax, 0xbabe
0x12d7b: add sp, 0x14
0x12d7e: mov byte ptr cs:[0x1b1], 0
0x12d84: iret
0x12d85: mov byte ptr cs:[0x1b1], 0
0x12d8b: pop bp
0x12d8c: pop ds
0x12d8d: pop es
0x12d8e: pop di
0x12d8f: pop si
0x12d90: popf
0x12d91: pop dx
0x12d92: pop cx
2018-12-25T12:03:40.43926221Z 49 PC: 12aef | Terminate and stay resident (Return code = '1' | Memory size = '96')

{"DateBased":true,"Day":1,"Month":2,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8203,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:03:43.490227759Z 75 PC: 12ab1 | Execute program
2018-12-25T12:03:43.492987012Z 53 PC: 12a8b | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:43.494468425Z 37 PC: 12a9f | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:03:43.495775034Z 74 PC: 12aad | Reallocate memory
2018-12-25T12:03:43.498450337Z 53 PC: 12b56 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:43.50037038Z 37 PC: 12b6c | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:43.501912293Z 67 PC: 12b73 | Get or set file attributes
2018-12-25T12:03:43.508952144Z 67 PC: 12b82 | Get or set file attributes
2018-12-25T12:03:43.524810903Z 61 PC: 12b8c | Open file (Filename = '')
2018-12-25T12:03:43.529545958Z 66 PC: 12b46 | Move file pointer
2018-12-25T12:03:43.530656647Z 66 PC: 12bb2 | Move file pointer
2018-12-25T12:03:43.53226835Z 63 PC: 12bbe | Read file or device (Read 50 bytes on handle 5)
2018-12-25T12:03:43.534213638Z 62 PC: 12c42 | Close file
2018-12-25T12:03:43.535501323Z 67 PC: 12c4a | Get or set file attributes
2018-12-25T12:03:43.550812317Z 37 PC: 12c59 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:03:43.566473808Z 75 PC: 12ae3 | Execute program
2018-12-25T12:03:43.581505761Z 42 PC: 12d67 | Get date 0x12d67: cmp dh, 1
0x12d6a: jne 0x12d78
0x12d6c: cmp dl, 3
0x12d6f: jl 0x12d78
0x12d71: cmp dl, 8
0x12d74: ja 0x12d78
0x12d76: jmp 0x12dbf
0x12d78: mov ax, 0xbabe
0x12d7b: add sp, 0x14
0x12d7e: mov byte ptr cs:[0x1b1], 0
0x12d84: iret
0x12d85: mov byte ptr cs:[0x1b1], 0
0x12d8b: pop bp
0x12d8c: pop ds
0x12d8d: pop es
0x12d8e: pop di
0x12d8f: pop si
0x12d90: popf
0x12d91: pop dx
0x12d92: pop cx
2018-12-25T12:03:43.590188548Z 49 PC: 12aef | Terminate and stay resident (Return code = '1' | Memory size = '96')