Sample viewer

vx.netlux.org/Virus.DOS.Sundevil.762

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:45:29.941881934Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dx, 0x508 0x12a50: je 0x12a54 0x12a52: jmp 0x12a94 0x12a54: mov al, 0x1a 0x12a56: lea bx, word ptr [bp + 0x117] 0x12a5a: mov cx, 0xffff 0x12a5d: push ax 0x12a5e: int 0x26 0x12a60: jb 0x12a63 0x12a62: popf 0x12a63: pop ax 0x12a64: cmp al, 0 0x12a66: je 0x12a86 0x12a68: dec al 0x12a6a: cmp al, 1 0x12a6c: je 0x12a70 0x12a6e: jmp 0x12a5d 0x12a70: xor al, al 0x12a72: lea dx, word ptr [bp + 0x1c1] 0x12a76: mov ah, 9
2018-12-17T22:45:29.944674085Z	74	PC: 12abc \| Reallocate memory
2018-12-17T22:45:29.946013054Z	53	PC: 12ac1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:45:29.947136919Z	53	PC: 12ace \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-17T22:45:29.951367743Z	88	PC: 12adb \| case 0xGet or set allocation strateg:
2018-12-17T22:45:29.952916925Z	88	PC: 12ae4 \| case 0xGet or set allocation strateg:
2018-12-17T22:45:29.954396885Z	72	PC: 12aeb \| Allocate memory
2018-12-17T22:45:29.956414706Z	88	PC: 12af5 \| case 0xGet or set allocation strateg:

{"DateBased":true,"Day":8,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:21.680202263Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dx, 0x508 0x12a50: je 0x12a54 0x12a52: jmp 0x12a94 0x12a54: mov al, 0x1a 0x12a56: lea bx, word ptr [bp + 0x117] 0x12a5a: mov cx, 0xffff 0x12a5d: push ax 0x12a5e: int 0x26 0x12a60: jb 0x12a63 0x12a62: popf 0x12a63: pop ax 0x12a64: cmp al, 0 0x12a66: je 0x12a86 0x12a68: dec al 0x12a6a: cmp al, 1 0x12a6c: je 0x12a70 0x12a6e: jmp 0x12a5d 0x12a70: xor al, al 0x12a72: lea dx, word ptr [bp + 0x1c1] 0x12a76: mov ah, 9
2018-12-25T12:21:21.682216219Z	9	PC: 12a7d \| Display string (String= 'Insert disk with COMMAND.COM in drive A: and press any key.')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:21.943353416Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dx, 0x508 0x12a50: je 0x12a54 0x12a52: jmp 0x12a94 0x12a54: mov al, 0x1a 0x12a56: lea bx, word ptr [bp + 0x117] 0x12a5a: mov cx, 0xffff 0x12a5d: push ax 0x12a5e: int 0x26 0x12a60: jb 0x12a63 0x12a62: popf 0x12a63: pop ax 0x12a64: cmp al, 0 0x12a66: je 0x12a86 0x12a68: dec al 0x12a6a: cmp al, 1 0x12a6c: je 0x12a70 0x12a6e: jmp 0x12a5d 0x12a70: xor al, al 0x12a72: lea dx, word ptr [bp + 0x1c1] 0x12a76: mov ah, 9
2018-12-25T12:21:21.945125248Z	74	PC: 12abc \| Reallocate memory
2018-12-25T12:21:21.94592759Z	53	PC: 12ac1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:21.946661081Z	53	PC: 12ace \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:21.947711508Z	88	PC: 12adb \| case 0xGet or set allocation strateg:
2018-12-25T12:21:21.948439517Z	88	PC: 12ae4 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:21.949113654Z	72	PC: 12aeb \| Allocate memory
2018-12-25T12:21:21.95030242Z	88	PC: 12af5 \| case 0xGet or set allocation strateg:

{"DateBased":true,"Day":8,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:22.185719765Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dx, 0x508 0x12a50: je 0x12a54 0x12a52: jmp 0x12a94 0x12a54: mov al, 0x1a 0x12a56: lea bx, word ptr [bp + 0x117] 0x12a5a: mov cx, 0xffff 0x12a5d: push ax 0x12a5e: int 0x26 0x12a60: jb 0x12a63 0x12a62: popf 0x12a63: pop ax 0x12a64: cmp al, 0 0x12a66: je 0x12a86 0x12a68: dec al 0x12a6a: cmp al, 1 0x12a6c: je 0x12a70 0x12a6e: jmp 0x12a5d 0x12a70: xor al, al 0x12a72: lea dx, word ptr [bp + 0x1c1] 0x12a76: mov ah, 9
2018-12-25T12:21:22.188490543Z	9	PC: 12a7d \| Display string (String= 'Insert disk with COMMAND.COM in drive A: and press any key.')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8563,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:22.453172177Z	42	PC: 12a4c \| Get date 0x12a4c: cmp dx, 0x508 0x12a50: je 0x12a54 0x12a52: jmp 0x12a94 0x12a54: mov al, 0x1a 0x12a56: lea bx, word ptr [bp + 0x117] 0x12a5a: mov cx, 0xffff 0x12a5d: push ax 0x12a5e: int 0x26 0x12a60: jb 0x12a63 0x12a62: popf 0x12a63: pop ax 0x12a64: cmp al, 0 0x12a66: je 0x12a86 0x12a68: dec al 0x12a6a: cmp al, 1 0x12a6c: je 0x12a70 0x12a6e: jmp 0x12a5d 0x12a70: xor al, al 0x12a72: lea dx, word ptr [bp + 0x1c1] 0x12a76: mov ah, 9
2018-12-25T12:21:22.455065135Z	74	PC: 12abc \| Reallocate memory
2018-12-25T12:21:22.455978516Z	53	PC: 12ac1 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:22.456726789Z	53	PC: 12ace \| Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address')
2018-12-25T12:21:22.457791014Z	88	PC: 12adb \| case 0xGet or set allocation strateg:
2018-12-25T12:21:22.458561111Z	88	PC: 12ae4 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:22.459284985Z	72	PC: 12aeb \| Allocate memory
2018-12-25T12:21:22.460508988Z	88	PC: 12af5 \| case 0xGet or set allocation strateg: