Sample viewer

vx.netlux.org/Virus.DOS.Doshunter.483

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:47:12.887003067Z	42	PC: 12a44 \| Get date 0x12a44: cmp dx, 0x61a 0x12a48: jne 0x12a99 0x12a4a: mov al, 2 0x12a4c: mov cx, 0x80 0x12a4f: xor dx, dx 0x12a51: int 0x26 0x12a53: jb 0x12a99 0x12a55: mov bx, 0x139 0x12a58: mov ah, 0x63 0x12a5a: sub byte ptr [bx], ah 0x12a5c: inc bx 0x12a5d: cmp bx, 0x159 0x12a61: jne 0x12a5a 0x12a63: mov ax, 0x600 0x12a66: xor bx, bx 0x12a68: int 0x10 0x12a6a: mov ah, 2 0x12a6c: xor dx, dx 0x12a6e: int 0x10 0x12a70: mov ah, 9
2018-12-17T22:47:12.890651361Z	198	PC: 12aaa \| UNKNOWN!
2018-12-17T22:47:12.892526584Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:12.894911335Z	37	PC: 12af6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:12.89750612Z	42	PC: 135c8 \| Get date 0x135c8: push dx 0x135c9: mov di, 0x355 0x135cc: mov ax, cx 0x135ce: sub ax, 0x76c 0x135d1: call 0x14cc8 0x135d4: mov di, 0x352 0x135d7: pop ax 0x135d8: push ax 0x135d9: xchg ah, al 0x135db: xor ah, ah 0x135dd: call 0x14cc8 0x135e0: mov di, 0x34f 0x135e3: pop ax 0x135e4: xor ah, ah 0x135e6: call 0x14cc8 0x135e9: mov byte ptr [0x156], 0 0x135ee: mov byte ptr [0x152], 0 0x135f3: mov byte ptr [0x157], 0 0x135f8: mov ax, word ptr [0x2c] 0x135fb: mov word ptr [0x334], ax
2018-12-17T22:47:12.900743883Z	51	PC: 13622 \| Get or set Ctrl-Break
2018-12-17T22:47:12.901734173Z	37	PC: 1362a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:47:12.902969614Z	25	PC: 149e9 \| Get default drive
2018-12-17T22:47:12.912875154Z	71	PC: 14a84 \| Get current directory
2018-12-17T22:47:12.916111484Z	73	PC: 1363e \| Release memory
2018-12-17T22:47:12.917602465Z	74	PC: 13645 \| Reallocate memory
2018-12-17T22:47:12.920851319Z	71	PC: 14a84 \| Get current directory
2018-12-17T22:47:12.926352785Z	78	PC: 14a01 \| Find first file
2018-12-17T22:47:12.938909156Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.943031701Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.94640035Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.950517004Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.953883339Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.956802383Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.9594674Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.962484388Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.96493354Z	79	PC: 13754 \| Find next file
2018-12-17T22:47:12.967717881Z	25	PC: 149e9 \| Get default drive
2018-12-17T22:47:12.969002484Z	71	PC: 14a84 \| Get current directory
2018-12-17T22:47:12.972112407Z	54	PC: 14a50 \| Get free disk space

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9128,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:34.890710878Z	42	PC: 12a44 \| Get date 0x12a44: cmp dx, 0x61a 0x12a48: jne 0x12a99 0x12a4a: mov al, 2 0x12a4c: mov cx, 0x80 0x12a4f: xor dx, dx 0x12a51: int 0x26 0x12a53: jb 0x12a99 0x12a55: mov bx, 0x139 0x12a58: mov ah, 0x63 0x12a5a: sub byte ptr [bx], ah 0x12a5c: inc bx 0x12a5d: cmp bx, 0x159 0x12a61: jne 0x12a5a 0x12a63: mov ax, 0x600 0x12a66: xor bx, bx 0x12a68: int 0x10 0x12a6a: mov ah, 2 0x12a6c: xor dx, dx 0x12a6e: int 0x10 0x12a70: mov ah, 9
2018-12-25T12:22:34.893796467Z	198	PC: 12aaa \| UNKNOWN!
2018-12-25T12:22:34.894885214Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:34.896331343Z	37	PC: 12af6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:34.899041267Z	42	PC: 135c8 \| Get date 0x135c8: push dx 0x135c9: mov di, 0x355 0x135cc: mov ax, cx 0x135ce: sub ax, 0x76c 0x135d1: call 0x14cc8 0x135d4: mov di, 0x352 0x135d7: pop ax 0x135d8: push ax 0x135d9: xchg ah, al 0x135db: xor ah, ah 0x135dd: call 0x14cc8 0x135e0: mov di, 0x34f 0x135e3: pop ax 0x135e4: xor ah, ah 0x135e6: call 0x14cc8 0x135e9: mov byte ptr [0x156], 0 0x135ee: mov byte ptr [0x152], 0 0x135f3: mov byte ptr [0x157], 0 0x135f8: mov ax, word ptr [0x2c] 0x135fb: mov word ptr [0x334], ax
2018-12-25T12:22:34.901535757Z	51	PC: 13622 \| Get or set Ctrl-Break
2018-12-25T12:22:34.902567124Z	37	PC: 1362a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:34.90476627Z	25	PC: 149e9 \| Get default drive
2018-12-25T12:22:34.905981881Z	71	PC: 14a84 \| Get current directory
2018-12-25T12:22:34.908746683Z	73	PC: 1363e \| Release memory
2018-12-25T12:22:34.909963346Z	74	PC: 13645 \| Reallocate memory
2018-12-25T12:22:34.912665408Z	71	PC: 14a84 \| Get current directory (See above)
2018-12-25T12:22:34.917862232Z	78	PC: 14a01 \| Find first file
2018-12-25T12:22:34.924356166Z	79	PC: 13754 \| Find next file
2018-12-25T12:22:34.927885371Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.931008811Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.934087572Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.937825Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.94312851Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.946275077Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.950791006Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.956690981Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:34.960413796Z	25	PC: 149e9 \| Get default drive (See above)
2018-12-25T12:22:34.963535233Z	71	PC: 14a84 \| Get current directory (See above)
2018-12-25T12:22:34.966581967Z	54	PC: 14a50 \| Get free disk space

{"DateBased":true,"Day":26,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9128,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:22:35.235072065Z	42	PC: 12a44 \| Get date 0x12a44: cmp dx, 0x61a 0x12a48: jne 0x12a99 0x12a4a: mov al, 2 0x12a4c: mov cx, 0x80 0x12a4f: xor dx, dx 0x12a51: int 0x26 0x12a53: jb 0x12a99 0x12a55: mov bx, 0x139 0x12a58: mov ah, 0x63 0x12a5a: sub byte ptr [bx], ah 0x12a5c: inc bx 0x12a5d: cmp bx, 0x159 0x12a61: jne 0x12a5a 0x12a63: mov ax, 0x600 0x12a66: xor bx, bx 0x12a68: int 0x10 0x12a6a: mov ah, 2 0x12a6c: xor dx, dx 0x12a6e: int 0x10 0x12a70: mov ah, 9
2018-12-25T12:22:35.238839891Z	198	PC: 12aaa \| UNKNOWN!
2018-12-25T12:22:35.239949758Z	53	PC: 12abb \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:35.241503267Z	37	PC: 12af6 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:35.243700098Z	42	PC: 135c8 \| Get date 0x135c8: push dx 0x135c9: mov di, 0x355 0x135cc: mov ax, cx 0x135ce: sub ax, 0x76c 0x135d1: call 0x14cc8 0x135d4: mov di, 0x352 0x135d7: pop ax 0x135d8: push ax 0x135d9: xchg ah, al 0x135db: xor ah, ah 0x135dd: call 0x14cc8 0x135e0: mov di, 0x34f 0x135e3: pop ax 0x135e4: xor ah, ah 0x135e6: call 0x14cc8 0x135e9: mov byte ptr [0x156], 0 0x135ee: mov byte ptr [0x152], 0 0x135f3: mov byte ptr [0x157], 0 0x135f8: mov ax, word ptr [0x2c] 0x135fb: mov word ptr [0x334], ax
2018-12-25T12:22:35.246284581Z	51	PC: 13622 \| Get or set Ctrl-Break
2018-12-25T12:22:35.247400463Z	37	PC: 1362a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:22:35.250497116Z	25	PC: 149e9 \| Get default drive
2018-12-25T12:22:35.251773891Z	71	PC: 14a84 \| Get current directory
2018-12-25T12:22:35.254489377Z	73	PC: 1363e \| Release memory
2018-12-25T12:22:35.256849635Z	74	PC: 13645 \| Reallocate memory
2018-12-25T12:22:35.258356216Z	71	PC: 14a84 \| Get current directory (See above)
2018-12-25T12:22:35.261605993Z	78	PC: 14a01 \| Find first file
2018-12-25T12:22:35.266413231Z	79	PC: 13754 \| Find next file
2018-12-25T12:22:35.270260877Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.273298317Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.276541596Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.279945954Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.282700448Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.285506277Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.289009412Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.290816047Z	79	PC: 13754 \| Find next file (See above)
2018-12-25T12:22:35.293645865Z	25	PC: 149e9 \| Get default drive (See above)
2018-12-25T12:22:35.295027337Z	71	PC: 14a84 \| Get current directory (See above)
2018-12-25T12:22:35.298411626Z	54	PC: 14a50 \| Get free disk space