Sample viewer

vx.netlux.org/Virus.DOS.Mvf.1896

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:01.432579404Z	44	PC: 12e76 \| Get time 0x12e76: cmp ax, 0xcdef 0x12e79: jne 0x12e80 0x12e7b: push cs 0x12e7c: pop es 0x12e7d: jmp 0x12f56 0x12e80: mov ah, 2 0x12e82: mov byte ptr [si + 0x4f], ah 0x12e85: mov ax, 0x3521 0x12e88: int 0x21 0x12e8a: push ds 0x12e8b: mov ax, 0 0x12e8e: mov ds, ax 0x12e90: mov di, 0 0x12e93: mov ax, word ptr [di] 0x12e95: mov word ptr cs:[si + 0x4c], ax 0x12e99: mov ax, word ptr [di + 2] 0x12e9c: mov word ptr cs:[si + 0x4e], ax 0x12ea0: pop ds 0x12ea1: mov word ptr [si + 9], bx 0x12ea4: mov di, si
2018-12-17T22:49:01.436436572Z	53	PC: 12e8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:01.438339517Z	80	PC: 12ee4 \| Set current PSP
2018-12-17T22:49:01.440667881Z	37	PC: 137d0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:01.442682847Z	42	PC: 12d00 \| Get date 0x12d00: cmp cx, 0x7c9 0x12d04: jb 0x12d1f 0x12d06: cmp al, 5 0x12d08: jne 0x12d1f 0x12d0a: cmp dl, 0xd 0x12d0d: jne 0x12ce7 0x12d0f: mov ah, 1 0x12d11: mov byte ptr [si + 0x4f], ah 0x12d14: lea dx, word ptr [si + 0x54] 0x12d17: mov ah, 9 0x12d19: int 0x21 0x12d1b: mov ah, 0 0x12d1d: int 0x16 0x12d1f: jmp 0x12d8e 0x12d21: nop 0x12d22: pushf 0x12d23: cmp ax, 0x2c00 0x12d26: jne 0x12d39 0x12d28: cmp bx, 0x1234 0x12d2c: jne 0x12d39
2018-12-17T22:49:01.446275457Z	9	PC: 136b6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9750,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:41.157623602Z	44	PC: 12e76 \| Get time 0x12e76: cmp ax, 0xcdef 0x12e79: jne 0x12e80 0x12e7b: push cs 0x12e7c: pop es 0x12e7d: jmp 0x12f56 0x12e80: mov ah, 2 0x12e82: mov byte ptr [si + 0x4f], ah 0x12e85: mov ax, 0x3521 0x12e88: int 0x21 0x12e8a: push ds 0x12e8b: mov ax, 0 0x12e8e: mov ds, ax 0x12e90: mov di, 0 0x12e93: mov ax, word ptr [di] 0x12e95: mov word ptr cs:[si + 0x4c], ax 0x12e99: mov ax, word ptr [di + 2] 0x12e9c: mov word ptr cs:[si + 0x4e], ax 0x12ea0: pop ds 0x12ea1: mov word ptr [si + 9], bx 0x12ea4: mov di, si
2018-12-25T12:23:41.160506067Z	53	PC: 12e8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:41.161799228Z	80	PC: 12ee4 \| Set current PSP
2018-12-25T12:23:41.163592312Z	37	PC: 137d0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:41.165234328Z	42	PC: 12d00 \| Get date 0x12d00: cmp cx, 0x7c9 0x12d04: jb 0x12d1f 0x12d06: cmp al, 5 0x12d08: jne 0x12d1f 0x12d0a: cmp dl, 0xd 0x12d0d: jne 0x12ce7 0x12d0f: mov ah, 1 0x12d11: mov byte ptr [si + 0x4f], ah 0x12d14: lea dx, word ptr [si + 0x54] 0x12d17: mov ah, 9 0x12d19: int 0x21 0x12d1b: mov ah, 0 0x12d1d: int 0x16 0x12d1f: jmp 0x12d8e 0x12d21: nop 0x12d22: pushf 0x12d23: cmp ax, 0x2c00 0x12d26: jne 0x12d39 0x12d28: cmp bx, 0x1234 0x12d2c: jne 0x12d39
2018-12-25T12:23:41.167539293Z	9	PC: 136b6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9750,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:41.501058762Z	44	PC: 12e76 \| Get time 0x12e76: cmp ax, 0xcdef 0x12e79: jne 0x12e80 0x12e7b: push cs 0x12e7c: pop es 0x12e7d: jmp 0x12f56 0x12e80: mov ah, 2 0x12e82: mov byte ptr [si + 0x4f], ah 0x12e85: mov ax, 0x3521 0x12e88: int 0x21 0x12e8a: push ds 0x12e8b: mov ax, 0 0x12e8e: mov ds, ax 0x12e90: mov di, 0 0x12e93: mov ax, word ptr [di] 0x12e95: mov word ptr cs:[si + 0x4c], ax 0x12e99: mov ax, word ptr [di + 2] 0x12e9c: mov word ptr cs:[si + 0x4e], ax 0x12ea0: pop ds 0x12ea1: mov word ptr [si + 9], bx 0x12ea4: mov di, si
2018-12-25T12:23:41.504319498Z	53	PC: 12e8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:41.506566906Z	80	PC: 12ee4 \| Set current PSP
2018-12-25T12:23:41.50862044Z	37	PC: 137d0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:41.510095604Z	42	PC: 12d00 \| Get date 0x12d00: cmp cx, 0x7c9 0x12d04: jb 0x12d1f 0x12d06: cmp al, 5 0x12d08: jne 0x12d1f 0x12d0a: cmp dl, 0xd 0x12d0d: jne 0x12ce7 0x12d0f: mov ah, 1 0x12d11: mov byte ptr [si + 0x4f], ah 0x12d14: lea dx, word ptr [si + 0x54] 0x12d17: mov ah, 9 0x12d19: int 0x21 0x12d1b: mov ah, 0 0x12d1d: int 0x16 0x12d1f: jmp 0x12d8e 0x12d21: nop 0x12d22: pushf 0x12d23: cmp ax, 0x2c00 0x12d26: jne 0x12d39 0x12d28: cmp bx, 0x1234 0x12d2c: jne 0x12d39
2018-12-25T12:23:41.513503402Z	9	PC: 12d1b \| Display string (Could not find end pointer)

{"DateBased":true,"Day":2,"Month":1,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9750,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:41.699954701Z	44	PC: 12e76 \| Get time 0x12e76: cmp ax, 0xcdef 0x12e79: jne 0x12e80 0x12e7b: push cs 0x12e7c: pop es 0x12e7d: jmp 0x12f56 0x12e80: mov ah, 2 0x12e82: mov byte ptr [si + 0x4f], ah 0x12e85: mov ax, 0x3521 0x12e88: int 0x21 0x12e8a: push ds 0x12e8b: mov ax, 0 0x12e8e: mov ds, ax 0x12e90: mov di, 0 0x12e93: mov ax, word ptr [di] 0x12e95: mov word ptr cs:[si + 0x4c], ax 0x12e99: mov ax, word ptr [di + 2] 0x12e9c: mov word ptr cs:[si + 0x4e], ax 0x12ea0: pop ds 0x12ea1: mov word ptr [si + 9], bx 0x12ea4: mov di, si
2018-12-25T12:23:41.703893759Z	53	PC: 12e8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:41.705500428Z	80	PC: 12ee4 \| Set current PSP
2018-12-25T12:23:41.707737601Z	37	PC: 137d0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:41.7098411Z	42	PC: 12d00 \| Get date 0x12d00: cmp cx, 0x7c9 0x12d04: jb 0x12d1f 0x12d06: cmp al, 5 0x12d08: jne 0x12d1f 0x12d0a: cmp dl, 0xd 0x12d0d: jne 0x12ce7 0x12d0f: mov ah, 1 0x12d11: mov byte ptr [si + 0x4f], ah 0x12d14: lea dx, word ptr [si + 0x54] 0x12d17: mov ah, 9 0x12d19: int 0x21 0x12d1b: mov ah, 0 0x12d1d: int 0x16 0x12d1f: jmp 0x12d8e 0x12d21: nop 0x12d22: pushf 0x12d23: cmp ax, 0x2c00 0x12d26: jne 0x12d39 0x12d28: cmp bx, 0x1234 0x12d2c: jne 0x12d39
2018-12-25T12:23:41.712770524Z	9	PC: 136b6 \| Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":13,"Month":8,"Year":1993,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9750,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:42.023125154Z	44	PC: 12e76 \| Get time 0x12e76: cmp ax, 0xcdef 0x12e79: jne 0x12e80 0x12e7b: push cs 0x12e7c: pop es 0x12e7d: jmp 0x12f56 0x12e80: mov ah, 2 0x12e82: mov byte ptr [si + 0x4f], ah 0x12e85: mov ax, 0x3521 0x12e88: int 0x21 0x12e8a: push ds 0x12e8b: mov ax, 0 0x12e8e: mov ds, ax 0x12e90: mov di, 0 0x12e93: mov ax, word ptr [di] 0x12e95: mov word ptr cs:[si + 0x4c], ax 0x12e99: mov ax, word ptr [di + 2] 0x12e9c: mov word ptr cs:[si + 0x4e], ax 0x12ea0: pop ds 0x12ea1: mov word ptr [si + 9], bx 0x12ea4: mov di, si
2018-12-25T12:23:42.026006056Z	53	PC: 12e8a \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:42.027429995Z	80	PC: 12ee4 \| Set current PSP
2018-12-25T12:23:42.029448475Z	37	PC: 137d0 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:42.031391708Z	42	PC: 12d00 \| Get date 0x12d00: cmp cx, 0x7c9 0x12d04: jb 0x12d1f 0x12d06: cmp al, 5 0x12d08: jne 0x12d1f 0x12d0a: cmp dl, 0xd 0x12d0d: jne 0x12ce7 0x12d0f: mov ah, 1 0x12d11: mov byte ptr [si + 0x4f], ah 0x12d14: lea dx, word ptr [si + 0x54] 0x12d17: mov ah, 9 0x12d19: int 0x21 0x12d1b: mov ah, 0 0x12d1d: int 0x16 0x12d1f: jmp 0x12d8e 0x12d21: nop 0x12d22: pushf 0x12d23: cmp ax, 0x2c00 0x12d26: jne 0x12d39 0x12d28: cmp bx, 0x1234 0x12d2c: jne 0x12d39
2018-12-25T12:23:42.034430025Z	9	PC: 12d1b \| Display string (Could not find end pointer)