Sample viewer

vx.netlux.org/Virus.DOS.LoadHigh.1467

Time	Syscall Op	Syscall Name
2018-12-17T22:45:25.702914072Z	255	PC: 12dad \| UNKNOWN!
2018-12-17T22:45:25.70433621Z	42	PC: 12de0 \| Get date 0x12de0: cmp dx, 0x206 0x12de4: jne 0x12e18 0x12de6: call 0x22d6b 0x12de9: mov ax, cs 0x12deb: mov ds, ax 0x12ded: mov es, ax 0x12def: mov ax, 0x201 0x12df2: mov cx, 1 0x12df5: mov dx, 0x80 0x12df8: mov bx, 0x6bb 0x12dfb: int 0x13 0x12dfd: jb 0x12e18 0x12dff: mov si, 0x8b9 0x12e02: mov word ptr [si], 0x206 0x12e06: mov ax, 0x203 0x12e09: mov cx, 1 0x12e0c: mov dx, 0x80 0x12e0f: mov bx, 0x6bb 0x12e12: int 0x13 0x12e14: mov al, 7
2018-12-17T22:45:25.707496491Z	88	PC: 12e1d \| case 0xGet or set allocation strateg:
2018-12-17T22:45:25.709005801Z	88	PC: 12e28 \| case 0xGet or set allocation strateg:
2018-12-17T22:45:25.71064447Z	88	PC: 12e36 \| case 0xGet or set allocation strateg:
2018-12-17T22:45:25.712976104Z	74	PC: 12f7b \| Reallocate memory
2018-12-17T22:45:25.714203369Z	75	PC: 12f90 \| Execute program
2018-12-17T22:45:25.718335387Z	65	PC: 12fae \| Delete file (Filename = '')
2018-12-17T22:45:25.732497805Z	9	PC: 12fb7 \| Display string (String= 'Bad command or file name ')
2018-12-17T22:45:25.735349098Z	76	PC: 12fbd \| Terminate with return code (Return code = '1')

Time	Syscall Op	Syscall Name
2018-12-25T12:21:12.472959266Z	255	PC: 12dad \| UNKNOWN!
2018-12-25T12:21:12.474341496Z	42	PC: 12de0 \| Get date 0x12de0: cmp dx, 0x206 0x12de4: jne 0x12e18 0x12de6: call 0x22d6b 0x12de9: mov ax, cs 0x12deb: mov ds, ax 0x12ded: mov es, ax 0x12def: mov ax, 0x201 0x12df2: mov cx, 1 0x12df5: mov dx, 0x80 0x12df8: mov bx, 0x6bb 0x12dfb: int 0x13 0x12dfd: jb 0x12e18 0x12dff: mov si, 0x8b9 0x12e02: mov word ptr [si], 0x206 0x12e06: mov ax, 0x203 0x12e09: mov cx, 1 0x12e0c: mov dx, 0x80 0x12e0f: mov bx, 0x6bb 0x12e12: int 0x13 0x12e14: mov al, 7
2018-12-25T12:21:12.476606473Z	88	PC: 12e1d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:12.477721825Z	88	PC: 12e28 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:12.478741146Z	88	PC: 12e36 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:12.480345636Z	74	PC: 12f7b \| Reallocate memory
2018-12-25T12:21:12.4815241Z	75	PC: 12f90 \| Execute program
2018-12-25T12:21:12.488176937Z	65	PC: 12fae \| Delete file (Filename = '')
2018-12-25T12:21:13.074676488Z	9	PC: 12fb7 \| Display string (String= 'Bad command or file name ')
2018-12-25T12:21:13.079505626Z	76	PC: 12fbd \| Terminate with return code (Return code = '1')

Time	Syscall Op	Syscall Name
2018-12-25T12:21:12.687596453Z	255	PC: 12dad \| UNKNOWN!
2018-12-25T12:21:12.68895846Z	42	PC: 12de0 \| Get date 0x12de0: cmp dx, 0x206 0x12de4: jne 0x12e18 0x12de6: call 0x22d6b 0x12de9: mov ax, cs 0x12deb: mov ds, ax 0x12ded: mov es, ax 0x12def: mov ax, 0x201 0x12df2: mov cx, 1 0x12df5: mov dx, 0x80 0x12df8: mov bx, 0x6bb 0x12dfb: int 0x13 0x12dfd: jb 0x12e18 0x12dff: mov si, 0x8b9 0x12e02: mov word ptr [si], 0x206 0x12e06: mov ax, 0x203 0x12e09: mov cx, 1 0x12e0c: mov dx, 0x80 0x12e0f: mov bx, 0x6bb 0x12e12: int 0x13 0x12e14: mov al, 7
2018-12-25T12:21:12.69139298Z	53	PC: 12d70 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:12.692547873Z	37	PC: 12d89 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T12:21:12.696471874Z	88	PC: 12e1d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:12.697656438Z	88	PC: 12e28 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:12.699029163Z	88	PC: 12e36 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:12.70065524Z	74	PC: 12f7b \| Reallocate memory
2018-12-25T12:21:12.702453732Z	75	PC: 12f90 \| Execute program
2018-12-25T12:21:12.710137531Z	65	PC: 12fae \| Delete file (Filename = '')
2018-12-25T12:21:13.074548587Z	9	PC: 12fb7 \| Display string (String= 'Bad command or file name ')
2018-12-25T12:21:13.080082073Z	76	PC: 12fbd \| Terminate with return code (Return code = '1')