Sample viewer

vx.netlux.org/Virus.DOS.Tremor.a.c

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:15.798527552Z	42	PC: 13730 \| Get date 0x13730: mov al, 0x72 0x13732: cmp dx, 0x504 0x13736: jb 0x1373e 0x13738: cmp cx, 0x7c9 0x1373c: jae 0x13740 0x1373e: mov al, 0xeb 0x13740: mov byte ptr cs:[si - 0xbb7], al 0x13745: mov ah, 0x30 0x13747: cld 0x13748: int 0x21 0x1374a: xchg ah, al 0x1374c: cmp ax, 0x31d 0x1374f: ja 0x13754 0x13751: jmp 0x139e0 0x13754: mov ax, 0xf1e9 0x13757: int 0x21 0x13759: cmp ax, 0xcade 0x1375c: je 0x13751 0x1375e: xor di, di 0x13760: mov ax, 0x40
2018-12-17T22:46:15.801481004Z	48	PC: 1374a \| Get DOS version
2018-12-17T22:46:15.80358019Z	241	PC: 13759 \| UNKNOWN!
2018-12-17T22:46:15.804333225Z	98	PC: 13770 \| Get current PSP
2018-12-17T22:46:15.805262415Z	88	PC: 1377d \| case 0xGet or set allocation strateg:
2018-12-17T22:46:15.807287225Z	88	PC: 13788 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:15.808961022Z	88	PC: 1378d \| case 0xGet or set allocation strateg:
2018-12-17T22:46:15.810373723Z	88	PC: 13798 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:15.813301968Z	88	PC: 13802 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:15.815073823Z	88	PC: 13808 \| case 0xGet or set allocation strateg:
2018-12-17T22:46:15.816742869Z	74	PC: 1381c \| Reallocate memory
2018-12-17T22:46:15.81980396Z	74	PC: 13828 \| Reallocate memory
2018-12-17T22:46:15.828401954Z	53	PC: 13850 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:46:15.830035393Z	53	PC: 1386e \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-17T22:46:15.832844401Z	82	PC: 13563 \| Get DOS internal pointers (SYSVARS)
2018-12-17T22:46:15.835067147Z	53	PC: 138ef \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-17T22:46:15.836447212Z	37	PC: 138fa \| Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8820,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:52.985348693Z	42	PC: 13730 \| Get date 0x13730: mov al, 0x72 0x13732: cmp dx, 0x504 0x13736: jb 0x1373e 0x13738: cmp cx, 0x7c9 0x1373c: jae 0x13740 0x1373e: mov al, 0xeb 0x13740: mov byte ptr cs:[si - 0xbb7], al 0x13745: mov ah, 0x30 0x13747: cld 0x13748: int 0x21 0x1374a: xchg ah, al 0x1374c: cmp ax, 0x31d 0x1374f: ja 0x13754 0x13751: jmp 0x139e0 0x13754: mov ax, 0xf1e9 0x13757: int 0x21 0x13759: cmp ax, 0xcade 0x1375c: je 0x13751 0x1375e: xor di, di 0x13760: mov ax, 0x40
2018-12-25T12:21:52.987686354Z	48	PC: 1374a \| Get DOS version
2018-12-25T12:21:52.988541386Z	241	PC: 13759 \| UNKNOWN!
2018-12-25T12:21:52.989151814Z	98	PC: 13770 \| Get current PSP
2018-12-25T12:21:52.990171366Z	88	PC: 1377d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.991024676Z	88	PC: 13788 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.991829662Z	88	PC: 1378d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.993058242Z	88	PC: 13798 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.994188826Z	88	PC: 13802 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.99508548Z	88	PC: 13808 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:52.995952276Z	74	PC: 1381c \| Reallocate memory
2018-12-25T12:21:52.997258756Z	74	PC: 13828 \| Reallocate memory
2018-12-25T12:21:52.998193159Z	53	PC: 13850 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:52.998966848Z	53	PC: 1386e \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:21:53.000005811Z	82	PC: 13563 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:21:53.000820916Z	53	PC: 138ef \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:21:53.001559147Z	37	PC: 138fa \| Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":4,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8820,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:53.047734847Z	42	PC: 13730 \| Get date 0x13730: mov al, 0x72 0x13732: cmp dx, 0x504 0x13736: jb 0x1373e 0x13738: cmp cx, 0x7c9 0x1373c: jae 0x13740 0x1373e: mov al, 0xeb 0x13740: mov byte ptr cs:[si - 0xbb7], al 0x13745: mov ah, 0x30 0x13747: cld 0x13748: int 0x21 0x1374a: xchg ah, al 0x1374c: cmp ax, 0x31d 0x1374f: ja 0x13754 0x13751: jmp 0x139e0 0x13754: mov ax, 0xf1e9 0x13757: int 0x21 0x13759: cmp ax, 0xcade 0x1375c: je 0x13751 0x1375e: xor di, di 0x13760: mov ax, 0x40
2018-12-25T12:21:53.049783581Z	48	PC: 1374a \| Get DOS version
2018-12-25T12:21:53.050993106Z	241	PC: 13759 \| UNKNOWN!
2018-12-25T12:21:53.05173392Z	98	PC: 13770 \| Get current PSP
2018-12-25T12:21:53.053022162Z	88	PC: 1377d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.054216779Z	88	PC: 13788 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.055309783Z	88	PC: 1378d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.056592495Z	88	PC: 13798 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.058298546Z	88	PC: 13802 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.059567186Z	88	PC: 13808 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.060630551Z	74	PC: 1381c \| Reallocate memory
2018-12-25T12:21:53.062185242Z	74	PC: 13828 \| Reallocate memory
2018-12-25T12:21:53.06352275Z	53	PC: 13850 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:53.064739371Z	53	PC: 1386e \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:21:53.069787331Z	82	PC: 13563 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:21:53.070953175Z	53	PC: 138ef \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:21:53.072071857Z	37	PC: 138fa \| Set interrupt vector (Interrupt = '1' AKA 'Character input')

{"DateBased":true,"Day":4,"Month":5,"Year":1994,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8820,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:21:53.344963808Z	42	PC: 13730 \| Get date 0x13730: mov al, 0x72 0x13732: cmp dx, 0x504 0x13736: jb 0x1373e 0x13738: cmp cx, 0x7c9 0x1373c: jae 0x13740 0x1373e: mov al, 0xeb 0x13740: mov byte ptr cs:[si - 0xbb7], al 0x13745: mov ah, 0x30 0x13747: cld 0x13748: int 0x21 0x1374a: xchg ah, al 0x1374c: cmp ax, 0x31d 0x1374f: ja 0x13754 0x13751: jmp 0x139e0 0x13754: mov ax, 0xf1e9 0x13757: int 0x21 0x13759: cmp ax, 0xcade 0x1375c: je 0x13751 0x1375e: xor di, di 0x13760: mov ax, 0x40
2018-12-25T12:21:53.347368209Z	48	PC: 1374a \| Get DOS version
2018-12-25T12:21:53.348283202Z	241	PC: 13759 \| UNKNOWN!
2018-12-25T12:21:53.349042698Z	98	PC: 13770 \| Get current PSP
2018-12-25T12:21:53.350195484Z	88	PC: 1377d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.351145432Z	88	PC: 13788 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.35208523Z	88	PC: 1378d \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.353606556Z	88	PC: 13798 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.355506421Z	88	PC: 13802 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.356768746Z	88	PC: 13808 \| case 0xGet or set allocation strateg:
2018-12-25T12:21:53.358209739Z	74	PC: 1381c \| Reallocate memory
2018-12-25T12:21:53.35955642Z	74	PC: 13828 \| Reallocate memory
2018-12-25T12:21:53.360739889Z	53	PC: 13850 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:21:53.362040686Z	53	PC: 1386e \| Get interrupt vector (Interrupt = '21' AKA 'Sequential write')
2018-12-25T12:21:53.363604476Z	82	PC: 13563 \| Get DOS internal pointers (SYSVARS)
2018-12-25T12:21:53.36499799Z	53	PC: 138ef \| Get interrupt vector (Interrupt = '1' AKA 'Character input')
2018-12-25T12:21:53.36688872Z	37	PC: 138fa \| Set interrupt vector (Interrupt = '1' AKA 'Character input')