Sample viewer

vx.netlux.org/Virus.DOS.Hymn.1865.b

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:13.463385355Z 197 PC: 13eb9 | UNKNOWN!
2018-12-17T22:47:13.465403556Z 73 PC: 13ec7 | Release memory
2018-12-17T22:47:13.467015044Z 72 PC: 13ece | Allocate memory
2018-12-17T22:47:13.468939902Z 74 PC: 13ee0 | Reallocate memory
2018-12-17T22:47:13.471644648Z 74 PC: 13ef0 | Reallocate memory
2018-12-17T22:47:13.473114201Z 98 PC: 13f38 | Get current PSP
2018-12-17T22:47:13.474242449Z 42 PC: 13f72 | Get date 0x13f72: cmp dl, dh
0x13f74: je 0x13f8a
0x13f76: jmp 0x14006
0x13f79: imul sp, word ptr [bp + si + 0x6d], 0x4040
0x13f7e: push bx
0x13f7f: dec si
0x13f80: push bx
0x13f81: and byte ptr [bx + si], ah
0x13f83: and byte ptr [bx + si], ah
0x13f85: and byte ptr [bx + si], ah
0x13f87: and byte ptr [bx + si], ah
0x13f89: and byte ptr [0x5e1f], cl
0x13f8d: push si
0x13f8e: mov byte ptr cs:[si + 0x168], 0xcd
0x13f94: mov al, 2
0x13f96: mov cx, 1
0x13f99: xor dx, dx
0x13f9b: mov byte ptr cs:[si + 0x169], 0x25
0x13fa1: mov bx, si
0x13fa3: add bx, 0x326
2018-12-17T22:47:13.476903467Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-17T22:47:13.482768827Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9134,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:35.196033953Z 197 PC: 13eb9 | UNKNOWN!
2018-12-25T12:22:35.198026602Z 73 PC: 13ec7 | Release memory
2018-12-25T12:22:35.199440581Z 72 PC: 13ece | Allocate memory
2018-12-25T12:22:35.20126202Z 74 PC: 13ee0 | Reallocate memory
2018-12-25T12:22:35.203614003Z 74 PC: 13ef0 | Reallocate memory
2018-12-25T12:22:35.205068406Z 98 PC: 13f38 | Get current PSP
2018-12-25T12:22:35.205998685Z 42 PC: 13f72 | Get date 0x13f72: cmp dl, dh
0x13f74: je 0x13f8a
0x13f76: jmp 0x14006
0x13f79: imul sp, word ptr [bp + si + 0x6d], 0x4040
0x13f7e: push bx
0x13f7f: dec si
0x13f80: push bx
0x13f81: and byte ptr [bx + si], ah
0x13f83: and byte ptr [bx + si], ah
0x13f85: and byte ptr [bx + si], ah
0x13f87: and byte ptr [bx + si], ah
0x13f89: and byte ptr [0x5e1f], cl
0x13f8d: push si
0x13f8e: mov byte ptr cs:[si + 0x168], 0xcd
0x13f94: mov al, 2
0x13f96: mov cx, 1
0x13f99: xor dx, dx
0x13f9b: mov byte ptr cs:[si + 0x169], 0x25
0x13fa1: mov bx, si
0x13fa3: add bx, 0x326
2018-12-25T12:22:35.210302371Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:22:35.216554296Z 0 PC: 12a89 | Program terminate

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9134,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:36.200914006Z 197 PC: 13eb9 | UNKNOWN!
2018-12-25T12:22:36.202766975Z 73 PC: 13ec7 | Release memory
2018-12-25T12:22:36.204241554Z 72 PC: 13ece | Allocate memory
2018-12-25T12:22:36.206060778Z 74 PC: 13ee0 | Reallocate memory
2018-12-25T12:22:36.207756906Z 74 PC: 13ef0 | Reallocate memory
2018-12-25T12:22:36.209616066Z 98 PC: 13f38 | Get current PSP
2018-12-25T12:22:36.210713591Z 42 PC: 13f72 | Get date 0x13f72: cmp dl, dh
0x13f74: je 0x13f8a
0x13f76: jmp 0x14006
0x13f79: imul sp, word ptr [bp + si + 0x6d], 0x4040
0x13f7e: push bx
0x13f7f: dec si
0x13f80: push bx
0x13f81: and byte ptr [bx + si], ah
0x13f83: and byte ptr [bx + si], ah
0x13f85: and byte ptr [bx + si], ah
0x13f87: and byte ptr [bx + si], ah
0x13f89: and byte ptr [0x5e1f], cl
0x13f8d: push si
0x13f8e: mov byte ptr cs:[si + 0x168], 0xcd
0x13f94: mov al, 2
0x13f96: mov cx, 1
0x13f99: xor dx, dx
0x13f9b: mov byte ptr cs:[si + 0x169], 0x25
0x13fa1: mov bx, si
0x13fa3: add bx, 0x326
2018-12-25T12:22:36.213039326Z 9 PC: 12a85 | Display string (String= 'Sophos Ltd, Oxford sacrificial COM goat 1400H bytes long ')
2018-12-25T12:22:36.219464758Z 0 PC: 12a89 | Program terminate