Sample viewer

vx.netlux.org/Virus.DOS.SillyOR.167

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:40.112179295Z	53	PC: 12ac6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:40.113558207Z	37	PC: 12ad8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:40.1154488Z	42	PC: 12ae6 \| Get date 0x12ae6: cmp cx, 0x4b0 0x12aea: jb 0x12b00 0x12aec: cmp dh, 9 0x12aef: jne 0x12b00 0x12af1: cmp dl, 0x18 0x12af4: jne 0x12b00 0x12af6: cli 0x12af7: cdq 0x12af8: int 0x26 0x12afa: sti 0x12afb: mov al, 0x24 0x12afd: mov cx, 0x29a 0x12b00: ret 0x12b01: mov si, 0x144 0x12b04: mov cx, 0x3a 0x12b07: mov dl, 0xff 0x12b09: xor byte ptr cs:[si], dl 0x12b0c: inc si 0x12b0d: loop 0x12b09 0x12b0f: ret
2018-12-17T23:15:40.118051272Z	49	PC: 12ae2 \| Terminate and stay resident (Return code = '0' \| Memory size = '194')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8792,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:51.591888454Z	53	PC: 12ac6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:51.59378644Z	37	PC: 12ad8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:51.595105308Z	42	PC: 12ae6 \| Get date 0x12ae6: cmp cx, 0x4b0 0x12aea: jb 0x12b00 0x12aec: cmp dh, 9 0x12aef: jne 0x12b00 0x12af1: cmp dl, 0x18 0x12af4: jne 0x12b00 0x12af6: cli 0x12af7: cdq 0x12af8: int 0x26 0x12afa: sti 0x12afb: mov al, 0x24 0x12afd: mov cx, 0x29a 0x12b00: ret 0x12b01: mov si, 0x144 0x12b04: mov cx, 0x3a 0x12b07: mov dl, 0xff 0x12b09: xor byte ptr cs:[si], dl 0x12b0c: inc si 0x12b0d: loop 0x12b09 0x12b0f: ret
2018-12-25T12:21:51.598642622Z	49	PC: 12ae2 \| Terminate and stay resident (Return code = '0' \| Memory size = '17')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8792,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:51.738056754Z	53	PC: 12ac6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:51.740046449Z	37	PC: 12ad8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:51.741027711Z	42	PC: 12ae6 \| Get date 0x12ae6: cmp cx, 0x4b0 0x12aea: jb 0x12b00 0x12aec: cmp dh, 9 0x12aef: jne 0x12b00 0x12af1: cmp dl, 0x18 0x12af4: jne 0x12b00 0x12af6: cli 0x12af7: cdq 0x12af8: int 0x26 0x12afa: sti 0x12afb: mov al, 0x24 0x12afd: mov cx, 0x29a 0x12b00: ret 0x12b01: mov si, 0x144 0x12b04: mov cx, 0x3a 0x12b07: mov dl, 0xff 0x12b09: xor byte ptr cs:[si], dl 0x12b0c: inc si 0x12b0d: loop 0x12b09 0x12b0f: ret
2018-12-25T12:21:51.743526631Z	49	PC: 12ae2 \| Terminate and stay resident (Return code = '0' \| Memory size = '145')

{"DateBased":true,"Day":24,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8792,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:51.852663637Z	53	PC: 12ac6 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:51.862151486Z	37	PC: 12ad8 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:51.863292132Z	42	PC: 12ae6 \| Get date 0x12ae6: cmp cx, 0x4b0 0x12aea: jb 0x12b00 0x12aec: cmp dh, 9 0x12aef: jne 0x12b00 0x12af1: cmp dl, 0x18 0x12af4: jne 0x12b00 0x12af6: cli 0x12af7: cdq 0x12af8: int 0x26 0x12afa: sti 0x12afb: mov al, 0x24 0x12afd: mov cx, 0x29a 0x12b00: ret 0x12b01: mov si, 0x144 0x12b04: mov cx, 0x3a 0x12b07: mov dl, 0xff 0x12b09: xor byte ptr cs:[si], dl 0x12b0c: inc si 0x12b0d: loop 0x12b09 0x12b0f: ret
2018-12-25T12:21:51.865949836Z	2	PC: 12992 \| Character output (Char = '00')