Sample viewer

vx.netlux.org/Virus.DOS.WeihNacht.1827

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:48:28.631115631Z	42	PC: 12eb5 \| Get date 0x12eb5: cmp dx, 0xc18 0x12eb9: jl 0x12ebe 0x12ebb: jmp 0x12f91 0x12ebe: mov ax, cs 0x12ec0: mov word ptr cs:[0xf8], ax 0x12ec4: mov word ptr cs:[0xfc], ax 0x12ec8: mov word ptr cs:[0x100], ax 0x12ecc: mov ah, 0x51 0x12ece: int 0x21 0x12ed0: mov es, bx 0x12ed2: mov es, word ptr es:[0x2c] 0x12ed7: mov word ptr cs:[0xf4], es 0x12edc: xor di, di 0x12ede: mov cx, 0x7fff 0x12ee1: mov al, 0 0x12ee3: cmp byte ptr es:[di], 0x43 0x12ee7: je 0x12eed 0x12ee9: repne scasb al, byte ptr es:[di] 0x12eeb: jmp 0x12ee3 0x12eed: mov dx, cs
2018-12-17T22:48:28.633692857Z	81	PC: 12ed0 \| Get current PSP
2018-12-17T22:48:28.635211494Z	74	PC: 12f5c \| Reallocate memory
2018-12-17T22:48:28.637633573Z	75	PC: 12f77 \| Execute program
2018-12-17T22:48:28.660470907Z	80	PC: 14859 \| Set current PSP
2018-12-17T22:48:28.66144746Z	48	PC: 1485e \| Get DOS version
2018-12-17T22:48:28.663313388Z	99	PC: 1b040 \| Get DBCS lead byte table pointer
2018-12-17T22:48:28.666106189Z	101	PC: 148e4 \| Get extended country info
2018-12-17T22:48:28.667347284Z	99	PC: 148ea \| Get DBCS lead byte table pointer
2018-12-17T22:48:28.669019511Z	74	PC: 1494c \| Reallocate memory
2018-12-17T22:48:28.670277184Z	25	PC: 14983 \| Get default drive
2018-12-17T22:48:28.671237549Z	37	PC: 14443 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:48:28.672782788Z	37	PC: 1444a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:48:28.673694506Z	37	PC: 14451 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:28.676350217Z	74	PC: 135ec \| Reallocate memory
2018-12-17T22:48:28.67794163Z	72	PC: 1362d \| Allocate memory
2018-12-17T22:48:28.679338582Z	72	PC: 13665 \| Allocate memory
2018-12-17T22:48:28.680594074Z	72	PC: 1366d \| Allocate memory

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9568,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:19.742927895Z	42	PC: 12eb5 \| Get date 0x12eb5: cmp dx, 0xc18 0x12eb9: jl 0x12ebe 0x12ebb: jmp 0x12f91 0x12ebe: mov ax, cs 0x12ec0: mov word ptr cs:[0xf8], ax 0x12ec4: mov word ptr cs:[0xfc], ax 0x12ec8: mov word ptr cs:[0x100], ax 0x12ecc: mov ah, 0x51 0x12ece: int 0x21 0x12ed0: mov es, bx 0x12ed2: mov es, word ptr es:[0x2c] 0x12ed7: mov word ptr cs:[0xf4], es 0x12edc: xor di, di 0x12ede: mov cx, 0x7fff 0x12ee1: mov al, 0 0x12ee3: cmp byte ptr es:[di], 0x43 0x12ee7: je 0x12eed 0x12ee9: repne scasb al, byte ptr es:[di] 0x12eeb: jmp 0x12ee3 0x12eed: mov dx, cs
2018-12-25T12:23:19.746032075Z	81	PC: 12ed0 \| Get current PSP
2018-12-25T12:23:19.747364302Z	74	PC: 12f5c \| Reallocate memory
2018-12-25T12:23:19.748958462Z	75	PC: 12f77 \| Execute program
2018-12-25T12:23:19.77348873Z	80	PC: 14859 \| Set current PSP
2018-12-25T12:23:19.775305892Z	48	PC: 1485e \| Get DOS version
2018-12-25T12:23:19.777419359Z	99	PC: 1b040 \| Get DBCS lead byte table pointer
2018-12-25T12:23:19.78164386Z	101	PC: 148e4 \| Get extended country info
2018-12-25T12:23:19.784044946Z	99	PC: 148ea \| Get DBCS lead byte table pointer
2018-12-25T12:23:19.785819922Z	74	PC: 1494c \| Reallocate memory
2018-12-25T12:23:19.788610217Z	25	PC: 14983 \| Get default drive
2018-12-25T12:23:19.794421186Z	37	PC: 14443 \| Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:23:19.796320258Z	37	PC: 1444a \| Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:23:19.803494318Z	37	PC: 14451 \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:19.808729261Z	74	PC: 135ec \| Reallocate memory
2018-12-25T12:23:19.810380148Z	72	PC: 1362d \| Allocate memory
2018-12-25T12:23:19.812918915Z	72	PC: 13665 \| Allocate memory
2018-12-25T12:23:19.816225188Z	72	PC: 1366d \| Allocate memory

{"DateBased":true,"Day":24,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9568,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:19.789601761Z	42	PC: 12eb5 \| Get date 0x12eb5: cmp dx, 0xc18 0x12eb9: jl 0x12ebe 0x12ebb: jmp 0x12f91 0x12ebe: mov ax, cs 0x12ec0: mov word ptr cs:[0xf8], ax 0x12ec4: mov word ptr cs:[0xfc], ax 0x12ec8: mov word ptr cs:[0x100], ax 0x12ecc: mov ah, 0x51 0x12ece: int 0x21 0x12ed0: mov es, bx 0x12ed2: mov es, word ptr es:[0x2c] 0x12ed7: mov word ptr cs:[0xf4], es 0x12edc: xor di, di 0x12ede: mov cx, 0x7fff 0x12ee1: mov al, 0 0x12ee3: cmp byte ptr es:[di], 0x43 0x12ee7: je 0x12eed 0x12ee9: repne scasb al, byte ptr es:[di] 0x12eeb: jmp 0x12ee3 0x12eed: mov dx, cs