Sample viewer

vx.netlux.org/Virus.DOS.Hellish

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:35.463641395Z 53 PC: 12b4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:35.466180589Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:48:35.468195304Z 190 PC: 12b63 | UNKNOWN!
2018-12-17T22:48:35.469420302Z 74 PC: 12b6f | Reallocate memory
2018-12-17T22:48:35.471599871Z 74 PC: 12b77 | Reallocate memory
2018-12-17T22:48:35.474491184Z 72 PC: 12b7e | Allocate memory
2018-12-17T22:48:35.476647135Z 42 PC: 12bbd | Get date 0x12bbd: cmp al, 4
0x12bbf: je 0x12bc9
0x12bc1: cmp dl, 0x1f
0x12bc4: je 0x12be6
0x12bc6: jmp 0x12ef9
0x12bc9: cmp dl, 0x1f
0x12bcc: jne 0x12c27
0x12bce: mov ah, 9
0x12bd0: push cs
0x12bd1: pop ds
0x12bd2: mov dx, 0x18b
0x12bd6: int 0x21
0x12bd8: mov ax, 2
0x12bdb: mov cx, 0x1a0a
0x12bde: cli
0x12bdf: cdq
0x12be0: int 0x26
0x12be2: sti
0x12be3: jmp 0x12d46
0x12be6: mov cx, 0x29a
2018-12-17T22:48:35.481048252Z 62 PC: 1813d | Close file
2018-12-17T22:48:35.488816473Z 65 PC: 1817a | Delete file (Filename = '')
2018-12-17T22:48:35.493868662Z 17 PC: 12e29 | Find first file

{"DateBased":true,"Day":31,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9601,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:20.506171351Z 53 PC: 12b4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.507469956Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.509303688Z 190 PC: 12b63 | UNKNOWN!
2018-12-25T12:23:20.510291933Z 74 PC: 12b6f | Reallocate memory
2018-12-25T12:23:20.512206488Z 74 PC: 12b77 | Reallocate memory
2018-12-25T12:23:20.516406057Z 72 PC: 12b7e | Allocate memory
2018-12-25T12:23:20.518635788Z 42 PC: 12bbd | Get date 0x12bbd: cmp al, 4
0x12bbf: je 0x12bc9
0x12bc1: cmp dl, 0x1f
0x12bc4: je 0x12be6
0x12bc6: jmp 0x12ef9
0x12bc9: cmp dl, 0x1f
0x12bcc: jne 0x12c27
0x12bce: mov ah, 9
0x12bd0: push cs
0x12bd1: pop ds
0x12bd2: mov dx, 0x18b
0x12bd6: int 0x21
0x12bd8: mov ax, 2
0x12bdb: mov cx, 0x1a0a
0x12bde: cli
0x12bdf: cdq
0x12be0: int 0x26
0x12be2: sti
0x12be3: jmp 0x12d46
0x12be6: mov cx, 0x29a

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9601,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:20.514953905Z 53 PC: 12b4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.517162042Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.518627888Z 190 PC: 12b63 | UNKNOWN!
2018-12-25T12:23:20.51976162Z 74 PC: 12b6f | Reallocate memory
2018-12-25T12:23:20.522412237Z 74 PC: 12b77 | Reallocate memory
2018-12-25T12:23:20.523957365Z 72 PC: 12b7e | Allocate memory
2018-12-25T12:23:20.525673891Z 42 PC: 12bbd | Get date 0x12bbd: cmp al, 4
0x12bbf: je 0x12bc9
0x12bc1: cmp dl, 0x1f
0x12bc4: je 0x12be6
0x12bc6: jmp 0x12ef9
0x12bc9: cmp dl, 0x1f
0x12bcc: jne 0x12c27
0x12bce: mov ah, 9
0x12bd0: push cs
0x12bd1: pop ds
0x12bd2: mov dx, 0x18b
0x12bd6: int 0x21
0x12bd8: mov ax, 2
0x12bdb: mov cx, 0x1a0a
0x12bde: cli
0x12bdf: cdq
0x12be0: int 0x26
0x12be2: sti
0x12be3: jmp 0x12d46
0x12be6: mov cx, 0x29a
2018-12-25T12:23:20.529868306Z 62 PC: 1813d | Close file
2018-12-25T12:23:20.531848957Z 65 PC: 1817a | Delete file

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9601,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:20.561414444Z 53 PC: 12b4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.563406496Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.564921286Z 190 PC: 12b63 | UNKNOWN!
2018-12-25T12:23:20.566034713Z 74 PC: 12b6f | Reallocate memory
2018-12-25T12:23:20.568235668Z 74 PC: 12b77 | Reallocate memory
2018-12-25T12:23:20.570698504Z 72 PC: 12b7e | Allocate memory
2018-12-25T12:23:20.572408349Z 42 PC: 12bbd | Get date 0x12bbd: cmp al, 4
0x12bbf: je 0x12bc9
0x12bc1: cmp dl, 0x1f
0x12bc4: je 0x12be6
0x12bc6: jmp 0x12ef9
0x12bc9: cmp dl, 0x1f
0x12bcc: jne 0x12c27
0x12bce: mov ah, 9
0x12bd0: push cs
0x12bd1: pop ds
0x12bd2: mov dx, 0x18b
0x12bd6: int 0x21
0x12bd8: mov ax, 2
0x12bdb: mov cx, 0x1a0a
0x12bde: cli
0x12bdf: cdq
0x12be0: int 0x26
0x12be2: sti
0x12be3: jmp 0x12d46
0x12be6: mov cx, 0x29a
2018-12-25T12:23:20.575563183Z 9 PC: 12c7d | Display string (Could not find end pointer)
2018-12-25T12:23:20.582022815Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.587655744Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.593995344Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.599231063Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.604681924Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.611276849Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.618118517Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.623575044Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.629238368Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.635851589Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.648311442Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.65387625Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.661702871Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.667109277Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.672328406Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.686546229Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.692205258Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.697529033Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.703280299Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.708882949Z 9 PC: 12c7d | Display string (See above)
2018-12-25T12:23:20.714500693Z 9 PC: 12c84 | Display string (Could not find end pointer)
2018-12-25T12:23:20.71840192Z 9 PC: 12c89 | Display string (Could not find end pointer)

{"DateBased":true,"Day":31,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9601,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:20.579829949Z 53 PC: 12b4d | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.582805889Z 37 PC: 12b57 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:20.583723416Z 190 PC: 12b63 | UNKNOWN!
2018-12-25T12:23:20.584397812Z 74 PC: 12b6f | Reallocate memory
2018-12-25T12:23:20.586739192Z 74 PC: 12b77 | Reallocate memory
2018-12-25T12:23:20.587870664Z 72 PC: 12b7e | Allocate memory
2018-12-25T12:23:20.589083068Z 42 PC: 12bbd | Get date 0x12bbd: cmp al, 4
0x12bbf: je 0x12bc9
0x12bc1: cmp dl, 0x1f
0x12bc4: je 0x12be6
0x12bc6: jmp 0x12ef9
0x12bc9: cmp dl, 0x1f
0x12bcc: jne 0x12c27
0x12bce: mov ah, 9
0x12bd0: push cs
0x12bd1: pop ds
0x12bd2: mov dx, 0x18b
0x12bd6: int 0x21
0x12bd8: mov ax, 2
0x12bdb: mov cx, 0x1a0a
0x12bde: cli
0x12bdf: cdq
0x12be0: int 0x26
0x12be2: sti
0x12be3: jmp 0x12d46
0x12be6: mov cx, 0x29a
2018-12-25T12:23:20.590633349Z 9 PC: 12bd8 | Display string (String= '�U���!������B�e� �!��:It:Hu���� �VQWQP�݋D&�&������ ��XY_��R�Z�&mA���Āt ���u���j��t�s�>3UVRQS�Y�![YZ^]�>�2����s� ���t��u��>��vB����/<�u*S�߸�/[r��׹��2����E�')