Sample viewer

vx.netlux.org/Virus.DOS.IVP.Faulkner.338

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:09.677134462Z 53 PC: 12a53 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.679388812Z 37 PC: 12a64 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.681513592Z 71 PC: 12a6f | Get current directory
2018-12-17T22:48:09.684929477Z 59 PC: 12a7c | Change current directory
2018-12-17T22:48:09.689806801Z 42 PC: 12aef | Get date 0x12aef: cmp al, 2
0x12af1: jne 0x12b05
0x12af3: mov ah, 9
0x12af5: mov dx, 0x1eb
0x12af8: int 0x21
0x12afa: mov ax, 2
0x12afd: mov cx, 0x32
0x12b00: cli
0x12b01: cdq
0x12b02: int 0x26
0x12b04: sti
0x12b05: ret
0x12b06: mov ah, 0x3d
0x12b08: mov dx, 0x9e
0x12b0b: int 0x21
0x12b0d: xchg ax, bx
0x12b0e: ret
0x12b0f: mov ax, 0x4301
0x12b12: mov dx, 0x9e
0x12b15: int 0x21
2018-12-17T22:48:09.69369744Z 37 PC: 12a89 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:09.695081315Z 59 PC: 12a92 | Change current directory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9455,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:11.664263777Z 53 PC: 12a53 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:11.665458916Z 37 PC: 12a64 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:11.666789682Z 71 PC: 12a6f | Get current directory
2018-12-25T12:23:11.670307371Z 59 PC: 12a7c | Change current directory
2018-12-25T12:23:11.675320563Z 42 PC: 12aef | Get date 0x12aef: cmp al, 2
0x12af1: jne 0x12b05
0x12af3: mov ah, 9
0x12af5: mov dx, 0x1eb
0x12af8: int 0x21
0x12afa: mov ax, 2
0x12afd: mov cx, 0x32
0x12b00: cli
0x12b01: cdq
0x12b02: int 0x26
0x12b04: sti
0x12b05: ret
0x12b06: mov ah, 0x3d
0x12b08: mov dx, 0x9e
0x12b0b: int 0x21
0x12b0d: xchg ax, bx
0x12b0e: ret
0x12b0f: mov ax, 0x4301
0x12b12: mov dx, 0x9e
0x12b15: int 0x21
2018-12-25T12:23:11.678080749Z 9 PC: 12afa | Display string (Could not find end pointer)
2018-12-25T12:23:11.711882744Z 2 PC: 12992 | Character output (Char = '00')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9455,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:11.681718775Z 53 PC: 12a53 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:11.683683527Z 37 PC: 12a64 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:11.684757006Z 71 PC: 12a6f | Get current directory
2018-12-25T12:23:11.687930635Z 59 PC: 12a7c | Change current directory
2018-12-25T12:23:11.692415903Z 42 PC: 12aef | Get date 0x12aef: cmp al, 2
0x12af1: jne 0x12b05
0x12af3: mov ah, 9
0x12af5: mov dx, 0x1eb
0x12af8: int 0x21
0x12afa: mov ax, 2
0x12afd: mov cx, 0x32
0x12b00: cli
0x12b01: cdq
0x12b02: int 0x26
0x12b04: sti
0x12b05: ret
0x12b06: mov ah, 0x3d
0x12b08: mov dx, 0x9e
0x12b0b: int 0x21
0x12b0d: xchg ax, bx
0x12b0e: ret
0x12b0f: mov ax, 0x4301
0x12b12: mov dx, 0x9e
0x12b15: int 0x21
2018-12-25T12:23:11.694481292Z 37 PC: 12a89 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:11.69572884Z 59 PC: 12a92 | Change current directory