Sample viewer

vx.netlux.org/Virus.DOS.Fellow.1019.c

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:46:05.380141608Z 208 PC: 13c45 | UNKNOWN!
2018-12-17T22:46:05.381828095Z 74 PC: 12aba | Reallocate memory
2018-12-17T22:46:05.383496597Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:05.385423343Z 37 PC: 12ae3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:05.388629181Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dh, 9
0x12aea: jne 0x12af2
0x12aec: or byte ptr cs:[0x1a], 1
0x12af2: cli
0x12af3: mov es, word ptr [0x1b]
0x12af7: xor di, di
0x12af9: mov cx, 0xffff
0x12afc: mov al, 0
0x12afe: cld
0x12aff: repne scasb al, byte ptr es:[di]
0x12b01: cmp byte ptr es:[di], al
0x12b04: jne 0x12aff
0x12b06: mov dx, di
0x12b08: add dx, 3
0x12b0b: push es
0x12b0c: pop ds
0x12b0d: mov bx, cs
0x12b0f: mov ss, bx
0x12b11: mov es, bx
0x12b13: mov sp, 0x44b
2018-12-17T22:46:05.390894338Z 75 PC: 12b23 | Execute program
2018-12-17T22:46:05.405666512Z 9 PC: 132bc | Display string (Could not find end pointer)
2018-12-17T22:46:05.427157745Z 76 PC: 132c1 | Terminate with return code (Return code = '0')
2018-12-17T22:46:05.430122547Z 73 PC: 12b2d | Release memory

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8764,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:49.554224629Z 208 PC: 13c45 | UNKNOWN!
2018-12-25T12:21:49.556081306Z 74 PC: 12aba | Reallocate memory
2018-12-25T12:21:49.557653179Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:49.559035813Z 37 PC: 12ae3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:49.562704463Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dh, 9
0x12aea: jne 0x12af2
0x12aec: or byte ptr cs:[0x1a], 1
0x12af2: cli
0x12af3: mov es, word ptr [0x1b]
0x12af7: xor di, di
0x12af9: mov cx, 0xffff
0x12afc: mov al, 0
0x12afe: cld
0x12aff: repne scasb al, byte ptr es:[di]
0x12b01: cmp byte ptr es:[di], al
0x12b04: jne 0x12aff
0x12b06: mov dx, di
0x12b08: add dx, 3
0x12b0b: push es
0x12b0c: pop ds
0x12b0d: mov bx, cs
0x12b0f: mov ss, bx
0x12b11: mov es, bx
0x12b13: mov sp, 0x44b
2018-12-25T12:21:49.568418759Z 75 PC: 12b23 | Execute program
2018-12-25T12:21:49.583826442Z 9 PC: 132bc | Display string (Could not find end pointer)
2018-12-25T12:21:49.589861092Z 76 PC: 132c1 | Terminate with return code (Return code = '0')
2018-12-25T12:21:49.593027921Z 73 PC: 12b2d | Release memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8764,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:21:49.663636327Z 208 PC: 13c45 | UNKNOWN!
2018-12-25T12:21:49.666113571Z 74 PC: 12aba | Reallocate memory
2018-12-25T12:21:49.680634002Z 53 PC: 12ad3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:49.68242086Z 37 PC: 12ae3 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:49.685619719Z 42 PC: 12ae7 | Get date 0x12ae7: cmp dh, 9
0x12aea: jne 0x12af2
0x12aec: or byte ptr cs:[0x1a], 1
0x12af2: cli
0x12af3: mov es, word ptr [0x1b]
0x12af7: xor di, di
0x12af9: mov cx, 0xffff
0x12afc: mov al, 0
0x12afe: cld
0x12aff: repne scasb al, byte ptr es:[di]
0x12b01: cmp byte ptr es:[di], al
0x12b04: jne 0x12aff
0x12b06: mov dx, di
0x12b08: add dx, 3
0x12b0b: push es
0x12b0c: pop ds
0x12b0d: mov bx, cs
0x12b0f: mov ss, bx
0x12b11: mov es, bx
0x12b13: mov sp, 0x44b
2018-12-25T12:21:49.689168328Z 75 PC: 12b23 | Execute program
2018-12-25T12:21:49.708369878Z 9 PC: 132bc | Display string (Could not find end pointer)
2018-12-25T12:21:49.716231095Z 76 PC: 132c1 | Terminate with return code (Return code = '0')
2018-12-25T12:21:49.721307624Z 73 PC: 12b2d | Release memory