Sample viewer

vx.netlux.org/Virus.DOS.SadFace.843

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:47:28.643889702Z 42 PC: 134b9 | Get date 0x134b9: cmp dh, 9
0x134bc: jne 0x134c1
0x134be: call 0x2348c
0x134c1: xor bx, bx
0x134c3: mov ax, 0xa5aa
0x134c6: int 0x21
0x134c8: cmp bx, 0xaaa5
0x134cc: je 0x13549
0x134ce: cli
0x134cf: mov ax, ds
0x134d1: dec ax
0x134d2: mov es, ax
0x134d4: mov word ptr es:[1], 0
0x134db: cmp byte ptr es:[0], 0x5a
0x134e1: je 0x13502
0x134e3: mov ah, 0x48
0x134e5: mov bx, 0xffff
0x134e8: int 0x21
0x134ea: cmp bx, 0x35
0x134ee: jb 0x13549
2018-12-17T22:47:28.647301729Z 165 PC: 134c8 | UNKNOWN!
2018-12-17T22:47:28.648958477Z 53 PC: 13539 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:28.650516855Z 37 PC: 13549 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:47:28.65215888Z 76 PC: 9fb1d | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9235,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:43.210061576Z 42 PC: 134b9 | Get date 0x134b9: cmp dh, 9
0x134bc: jne 0x134c1
0x134be: call 0x2348c
0x134c1: xor bx, bx
0x134c3: mov ax, 0xa5aa
0x134c6: int 0x21
0x134c8: cmp bx, 0xaaa5
0x134cc: je 0x13549
0x134ce: cli
0x134cf: mov ax, ds
0x134d1: dec ax
0x134d2: mov es, ax
0x134d4: mov word ptr es:[1], 0
0x134db: cmp byte ptr es:[0], 0x5a
0x134e1: je 0x13502
0x134e3: mov ah, 0x48
0x134e5: mov bx, 0xffff
0x134e8: int 0x21
0x134ea: cmp bx, 0x35
0x134ee: jb 0x13549
2018-12-25T12:22:43.21877354Z 9 PC: 1349b | Display string (String= ':-(')
2018-12-25T12:22:43.573920748Z 165 PC: 134c8 | UNKNOWN!
2018-12-25T12:22:43.575343925Z 53 PC: 13539 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:43.577868822Z 37 PC: 13549 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:43.57984288Z 76 PC: 9fb1d | Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9235,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:22:43.351951338Z 42 PC: 134b9 | Get date 0x134b9: cmp dh, 9
0x134bc: jne 0x134c1
0x134be: call 0x2348c
0x134c1: xor bx, bx
0x134c3: mov ax, 0xa5aa
0x134c6: int 0x21
0x134c8: cmp bx, 0xaaa5
0x134cc: je 0x13549
0x134ce: cli
0x134cf: mov ax, ds
0x134d1: dec ax
0x134d2: mov es, ax
0x134d4: mov word ptr es:[1], 0
0x134db: cmp byte ptr es:[0], 0x5a
0x134e1: je 0x13502
0x134e3: mov ah, 0x48
0x134e5: mov bx, 0xffff
0x134e8: int 0x21
0x134ea: cmp bx, 0x35
0x134ee: jb 0x13549
2018-12-25T12:22:43.355210288Z 165 PC: 134c8 | UNKNOWN!
2018-12-25T12:22:43.357352354Z 53 PC: 13539 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:43.359805193Z 37 PC: 13549 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:22:43.362725959Z 76 PC: 9fb1d | Terminate with return code (Return code = '0')