Sample viewer

vx.netlux.org/Virus.DOS.April30.419.b

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:46:40.861355609Z	42	PC: 12b69 \| Get date 0x12b69: cmp dh, 4 0x12b6c: jne 0x12b7e 0x12b6e: cmp dl, 0x1e 0x12b71: jne 0x12b7e 0x12b73: mov ah, 9 0x12b75: lea dx, word ptr [bp + 0x266] 0x12b79: int 0x21 0x12b7b: cli 0x12b7c: jmp 0x12b7b 0x12b7e: mov ax, 0x3524 0x12b81: int 0x21 0x12b83: mov word ptr [bp + 0x254], es 0x12b87: mov word ptr [bp + 0x256], bx 0x12b8b: push cs 0x12b8c: pop es 0x12b8d: mov ax, 0x2524 0x12b90: mov dx, 0x251 0x12b93: int 0x21 0x12b95: mov ah, 0x1a 0x12b97: mov dx, 0xfc00
2018-12-17T22:46:40.863926384Z	53	PC: 12b83 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:40.865434069Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:40.866733617Z	26	PC: 12b9c \| Set disk transfer address
2018-12-17T22:46:40.868288754Z	78	PC: 12ba6 \| Find first file
2018-12-17T22:46:40.870882171Z	37	PC: 12c6b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:40.872214407Z	26	PC: 12c74 \| Set disk transfer address
2018-12-17T22:46:40.873656001Z	42	PC: 12b69 \| Get date 0x12b69: cmp dh, 4 0x12b6c: jne 0x12b7e 0x12b6e: cmp dl, 0x1e 0x12b71: jne 0x12b7e 0x12b73: mov ah, 9 0x12b75: lea dx, word ptr [bp + 0x266] 0x12b79: int 0x21 0x12b7b: cli 0x12b7c: jmp 0x12b7b 0x12b7e: mov ax, 0x3524 0x12b81: int 0x21 0x12b83: mov word ptr [bp + 0x254], es 0x12b87: mov word ptr [bp + 0x256], bx 0x12b8b: push cs 0x12b8c: push di 0x12b8d: adc word ptr [di + 1], dx 0x12b90: mov dx, 0x251 0x12b93: int 0x21 0x12b95: mov ah, 0x1a 0x12b97: mov dx, 0xfc00
2018-12-17T22:46:40.877672344Z	53	PC: 12b83 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:40.879203171Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:46:40.880702572Z	26	PC: 12b9c \| Set disk transfer address
2018-12-17T22:46:40.882751661Z	78	PC: 12ba6 \| Find first file
2018-12-17T22:46:40.884024502Z	66	PC: 11732 \| Move file pointer

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8955,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:17.557530699Z	42	PC: 12b69 \| Get date 0x12b69: cmp dh, 4 0x12b6c: jne 0x12b7e 0x12b6e: cmp dl, 0x1e 0x12b71: jne 0x12b7e 0x12b73: mov ah, 9 0x12b75: lea dx, word ptr [bp + 0x266] 0x12b79: int 0x21 0x12b7b: cli 0x12b7c: jmp 0x12b7b 0x12b7e: mov ax, 0x3524 0x12b81: int 0x21 0x12b83: mov word ptr [bp + 0x254], es 0x12b87: mov word ptr [bp + 0x256], bx 0x12b8b: push cs 0x12b8c: pop es 0x12b8d: mov ax, 0x2524 0x12b90: mov dx, 0x251 0x12b93: int 0x21 0x12b95: mov ah, 0x1a 0x12b97: mov dx, 0xfc00
2018-12-25T12:22:17.560665525Z	53	PC: 12b83 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:17.564641907Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:17.565948952Z	26	PC: 12b9c \| Set disk transfer address
2018-12-25T12:22:17.568384062Z	78	PC: 12ba6 \| Find first file
2018-12-25T12:22:17.575914169Z	37	PC: 12c6b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:17.577878562Z	26	PC: 12c74 \| Set disk transfer address
2018-12-25T12:22:17.579768993Z	42	PC: 12b69 \| Get date (See above)
2018-12-25T12:22:17.584068609Z	53	PC: 12b83 \| Get interrupt vector (See above)
2018-12-25T12:22:17.585987141Z	53	PC: 12b95 \| Get interrupt vector (See above)
2018-12-25T12:22:17.587928736Z	26	PC: 12b9c \| Set disk transfer address (See above)
2018-12-25T12:22:17.591746415Z	78	PC: 12ba6 \| Find first file (See above)
2018-12-25T12:22:17.593161056Z	66	PC: 11732 \| Move file pointer

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8955,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:17.584722769Z	42	PC: 12b69 \| Get date 0x12b69: cmp dh, 4 0x12b6c: jne 0x12b7e 0x12b6e: cmp dl, 0x1e 0x12b71: jne 0x12b7e 0x12b73: mov ah, 9 0x12b75: lea dx, word ptr [bp + 0x266] 0x12b79: int 0x21 0x12b7b: cli 0x12b7c: jmp 0x12b7b 0x12b7e: mov ax, 0x3524 0x12b81: int 0x21 0x12b83: mov word ptr [bp + 0x254], es 0x12b87: mov word ptr [bp + 0x256], bx 0x12b8b: push cs 0x12b8c: pop es 0x12b8d: mov ax, 0x2524 0x12b90: mov dx, 0x251 0x12b93: int 0x21 0x12b95: mov ah, 0x1a 0x12b97: mov dx, 0xfc00
2018-12-25T12:22:17.588011364Z	53	PC: 12b83 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:17.590441195Z	53	PC: 12b95 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:17.591845771Z	26	PC: 12b9c \| Set disk transfer address
2018-12-25T12:22:17.594382799Z	78	PC: 12ba6 \| Find first file
2018-12-25T12:22:17.598243366Z	37	PC: 12c6b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:17.59972158Z	26	PC: 12c74 \| Set disk transfer address
2018-12-25T12:22:17.60096821Z	42	PC: 12b69 \| Get date (See above)
2018-12-25T12:22:17.611184036Z	53	PC: 12b83 \| Get interrupt vector (See above)
2018-12-25T12:22:17.612925406Z	53	PC: 12b95 \| Get interrupt vector (See above)
2018-12-25T12:22:17.61494519Z	26	PC: 12b9c \| Set disk transfer address (See above)
2018-12-25T12:22:17.616856353Z	78	PC: 12ba6 \| Find first file (See above)
2018-12-25T12:22:17.618329918Z	66	PC: 11732 \| Move file pointer

{"DateBased":true,"Day":30,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":8955,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:17.628385932Z	42	PC: 12b69 \| Get date 0x12b69: cmp dh, 4 0x12b6c: jne 0x12b7e 0x12b6e: cmp dl, 0x1e 0x12b71: jne 0x12b7e 0x12b73: mov ah, 9 0x12b75: lea dx, word ptr [bp + 0x266] 0x12b79: int 0x21 0x12b7b: cli 0x12b7c: jmp 0x12b7b 0x12b7e: mov ax, 0x3524 0x12b81: int 0x21 0x12b83: mov word ptr [bp + 0x254], es 0x12b87: mov word ptr [bp + 0x256], bx 0x12b8b: push cs 0x12b8c: pop es 0x12b8d: mov ax, 0x2524 0x12b90: mov dx, 0x251 0x12b93: int 0x21 0x12b95: mov ah, 0x1a 0x12b97: mov dx, 0xfc00
2018-12-25T12:22:17.631234676Z	9	PC: 12b7b \| Display string (String= '�NP�]��X��*�!��u��u� ��f�!��')