Sample viewer

vx.netlux.org/Virus.DOS.Methyl.2419

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T23:15:46.497235495Z	53	PC: 12a60 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:46.498669329Z	42	PC: 12b0b \| Get date 0x12b0b: cmp dx, 0x307 0x12b0f: jne 0x12b1d 0x12b11: lea dx, word ptr [bp + 0x14f] 0x12b15: mov ah, 9 0x12b17: push cs 0x12b18: pop ds 0x12b19: int 0x21 0x12b1b: jmp 0x12b1b 0x12b1d: mov ax, 0x4b00 0x12b20: int 0x21 0x12b22: pop es 0x12b23: pop cx 0x12b24: pop bx 0x12b25: cmp byte ptr [bp + 0x60f], 0 0x12b2a: jne 0x12b2f 0x12b2c: jmp 0x12a68 0x12b2f: mov ax, es 0x12b31: mov ds, ax 0x12b33: add ax, 0x10 0x12b36: add word ptr cs:[bp + 0x116], ax
2018-12-17T23:15:46.500863294Z	44	PC: 9f961 \| Get time 0x9f961: cmp dl, 0 0x9f964: je 0x9f95d 0x9f966: mov byte ptr cs:[0x93e], dl 0x9f96b: pop dx 0x9f96c: call 0x9fb4e 0x9f96f: call 0x9fae1 0x9f972: jae 0x9f977 0x9f974: jmp 0x9facd 0x9f977: mov ax, 0x4300 0x9f97a: int 0x21 0x9f97c: mov word ptr cs:[0x5eb], cx 0x9f981: jae 0x9f986 0x9f983: jmp 0x9facd 0x9f986: mov ax, 0x4301 0x9f989: xor cx, cx 0x9f98b: int 0x21 0x9f98d: jae 0x9f992 0x9f98f: jmp 0x9facd 0x9f992: mov ax, 0x3d02 0x9f995: int 0x21
2018-12-17T23:15:46.502653509Z	53	PC: 9fb58 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:46.503885161Z	37	PC: 9fb6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:46.505796601Z	37	PC: 9fb80 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:46.507162362Z	67	PC: 9f97c \| Get or set file attributes
2018-12-17T23:15:46.510380512Z	37	PC: 9fb9a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:15:46.51184857Z	37	PC: 9fba4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T23:15:46.512875284Z	75	PC: 12b22 \| Execute program

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:40.875154619Z	53	PC: 12a60 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.876656795Z	42	PC: 12b0b \| Get date 0x12b0b: cmp dx, 0x307 0x12b0f: jne 0x12b1d 0x12b11: lea dx, word ptr [bp + 0x14f] 0x12b15: mov ah, 9 0x12b17: push cs 0x12b18: pop ds 0x12b19: int 0x21 0x12b1b: jmp 0x12b1b 0x12b1d: mov ax, 0x4b00 0x12b20: int 0x21 0x12b22: pop es 0x12b23: pop cx 0x12b24: pop bx 0x12b25: cmp byte ptr [bp + 0x60f], 0 0x12b2a: jne 0x12b2f 0x12b2c: jmp 0x12a68 0x12b2f: mov ax, es 0x12b31: mov ds, ax 0x12b33: add ax, 0x10 0x12b36: add word ptr cs:[bp + 0x116], ax
2018-12-25T12:23:40.878890413Z	44	PC: 9f961 \| Get time 0x9f961: cmp dl, 0 0x9f964: je 0x9f95d 0x9f966: mov byte ptr cs:[0x93e], dl 0x9f96b: pop dx 0x9f96c: call 0x9fb4e 0x9f96f: call 0x9fae1 0x9f972: jae 0x9f977 0x9f974: jmp 0x9facd 0x9f977: mov ax, 0x4300 0x9f97a: int 0x21 0x9f97c: mov word ptr cs:[0x5eb], cx 0x9f981: jae 0x9f986 0x9f983: jmp 0x9facd 0x9f986: mov ax, 0x4301 0x9f989: xor cx, cx 0x9f98b: int 0x21 0x9f98d: jae 0x9f992 0x9f98f: jmp 0x9facd 0x9f992: mov ax, 0x3d02 0x9f995: int 0x21
2018-12-25T12:23:40.884891609Z	53	PC: 9fb58 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:40.887982658Z	37	PC: 9fb6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:40.890297576Z	37	PC: 9fb80 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.893556143Z	67	PC: 9f97c \| Get or set file attributes
2018-12-25T12:23:40.899859806Z	37	PC: 9fb9a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:40.901525627Z	37	PC: 9fba4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.907185896Z	75	PC: 12b22 \| Execute program

{"DateBased":true,"Day":7,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:40.844579893Z	53	PC: 12a60 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.846664038Z	42	PC: 12b0b \| Get date 0x12b0b: cmp dx, 0x307 0x12b0f: jne 0x12b1d 0x12b11: lea dx, word ptr [bp + 0x14f] 0x12b15: mov ah, 9 0x12b17: push cs 0x12b18: pop ds 0x12b19: int 0x21 0x12b1b: jmp 0x12b1b 0x12b1d: mov ax, 0x4b00 0x12b20: int 0x21 0x12b22: pop es 0x12b23: pop cx 0x12b24: pop bx 0x12b25: cmp byte ptr [bp + 0x60f], 0 0x12b2a: jne 0x12b2f 0x12b2c: jmp 0x12a68 0x12b2f: mov ax, es 0x12b31: mov ds, ax 0x12b33: add ax, 0x10 0x12b36: add word ptr cs:[bp + 0x116], ax
2018-12-25T12:23:40.849322777Z	9	PC: 12b1b \| Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:40.91183287Z	53	PC: 12a60 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.914110601Z	42	PC: 12b0b \| Get date 0x12b0b: cmp dx, 0x307 0x12b0f: jne 0x12b1d 0x12b11: lea dx, word ptr [bp + 0x14f] 0x12b15: mov ah, 9 0x12b17: push cs 0x12b18: pop ds 0x12b19: int 0x21 0x12b1b: jmp 0x12b1b 0x12b1d: mov ax, 0x4b00 0x12b20: int 0x21 0x12b22: pop es 0x12b23: pop cx 0x12b24: pop bx 0x12b25: cmp byte ptr [bp + 0x60f], 0 0x12b2a: jne 0x12b2f 0x12b2c: jmp 0x12a68 0x12b2f: mov ax, es 0x12b31: mov ds, ax 0x12b33: add ax, 0x10 0x12b36: add word ptr cs:[bp + 0x116], ax
2018-12-25T12:23:40.915704189Z	44	PC: 9f961 \| Get time 0x9f961: cmp dl, 0 0x9f964: je 0x9f95d 0x9f966: mov byte ptr cs:[0x93e], dl 0x9f96b: pop dx 0x9f96c: call 0x9fb4e 0x9f96f: call 0x9fae1 0x9f972: jae 0x9f977 0x9f974: jmp 0x9facd 0x9f977: mov ax, 0x4300 0x9f97a: int 0x21 0x9f97c: mov word ptr cs:[0x5eb], cx 0x9f981: jae 0x9f986 0x9f983: jmp 0x9facd 0x9f986: mov ax, 0x4301 0x9f989: xor cx, cx 0x9f98b: int 0x21 0x9f98d: jae 0x9f992 0x9f98f: jmp 0x9facd 0x9f992: mov ax, 0x3d02 0x9f995: int 0x21
2018-12-25T12:23:40.917301599Z	53	PC: 9fb58 \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:40.918757526Z	37	PC: 9fb6f \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:40.92113025Z	37	PC: 9fb80 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.922984141Z	67	PC: 9f97c \| Get or set file attributes
2018-12-25T12:23:40.927142894Z	37	PC: 9fb9a \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:40.928592823Z	37	PC: 9fba4 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.930678939Z	75	PC: 12b22 \| Execute program

{"DateBased":true,"Day":7,"Month":3,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9731,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:40.934390297Z	53	PC: 12a60 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:40.936410897Z	42	PC: 12b0b \| Get date 0x12b0b: cmp dx, 0x307 0x12b0f: jne 0x12b1d 0x12b11: lea dx, word ptr [bp + 0x14f] 0x12b15: mov ah, 9 0x12b17: push cs 0x12b18: pop ds 0x12b19: int 0x21 0x12b1b: jmp 0x12b1b 0x12b1d: mov ax, 0x4b00 0x12b20: int 0x21 0x12b22: pop es 0x12b23: pop cx 0x12b24: pop bx 0x12b25: cmp byte ptr [bp + 0x60f], 0 0x12b2a: jne 0x12b2f 0x12b2c: jmp 0x12a68 0x12b2f: mov ax, es 0x12b31: mov ds, ax 0x12b33: add ax, 0x10 0x12b36: add word ptr cs:[bp + 0x116], ax
2018-12-25T12:23:40.940583427Z	9	PC: 12b1b \| Display string (Could not find end pointer)