Sample viewer

vx.netlux.org/Virus.DOS.Tourofduty.1600.a

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:14.020948126Z	61	PC: 12fd2 \| Open file (Filename = 'º')
2018-12-17T22:49:14.030316962Z	42	PC: 12fe7 \| Get date 0x12fe7: cmp cx, 0x7d0 0x12feb: jne 0x12ff9 0x12fed: cmp dx, 0x101 0x12ff1: jne 0x12ff9 0x12ff3: mov byte ptr cs:[bp + 0x5ba], 1 0x12ff9: ret 0x12ffa: add byte ptr [si + 0x76], bl 0x12ffd: js 0x1302d 0x12fff: jo 0x13074 0x13001: add byte ptr [bx + di + 0x4e], ah 0x13004: push sp 0x13005: imul bp, word ptr [di], 0x6956 0x13009: push dx 0x1300a: inc sp 0x1300c: inc cx 0x1300d: push sp 0x1300e: add byte ptr [bp + di + 0x48], ah 0x13011: dec bx 0x13012: dec sp 0x13013: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-17T22:49:14.033040971Z	192	PC: 12a56 \| UNKNOWN!
2018-12-17T22:49:14.034261535Z	74	PC: 12ab6 \| Reallocate memory
2018-12-17T22:49:14.036775145Z	74	PC: 12abe \| Reallocate memory
2018-12-17T22:49:14.039129722Z	72	PC: 12ac5 \| Allocate memory
2018-12-17T22:49:14.04239401Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:49:14.043633894Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9818,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:48.755173125Z	61	PC: 12fd2 \| Open file (Filename = 'º')
2018-12-25T12:23:48.762880053Z	42	PC: 12fe7 \| Get date 0x12fe7: cmp cx, 0x7d0 0x12feb: jne 0x12ff9 0x12fed: cmp dx, 0x101 0x12ff1: jne 0x12ff9 0x12ff3: mov byte ptr cs:[bp + 0x5ba], 1 0x12ff9: ret 0x12ffa: add byte ptr [si + 0x76], bl 0x12ffd: js 0x1302d 0x12fff: jo 0x13074 0x13001: add byte ptr [bx + di + 0x4e], ah 0x13004: push sp 0x13005: imul bp, word ptr [di], 0x6956 0x13009: push dx 0x1300a: inc sp 0x1300c: inc cx 0x1300d: push sp 0x1300e: add byte ptr [bp + di + 0x48], ah 0x13011: dec bx 0x13012: dec sp 0x13013: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:23:48.766618784Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T12:23:48.767871854Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T12:23:48.770057111Z	74	PC: 12abe \| Reallocate memory
2018-12-25T12:23:48.772612604Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T12:23:48.77444873Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:48.775887611Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9818,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:48.776243334Z	61	PC: 12fd2 \| Open file (Filename = 'º')
2018-12-25T12:23:48.782951989Z	42	PC: 12fe7 \| Get date 0x12fe7: cmp cx, 0x7d0 0x12feb: jne 0x12ff9 0x12fed: cmp dx, 0x101 0x12ff1: jne 0x12ff9 0x12ff3: mov byte ptr cs:[bp + 0x5ba], 1 0x12ff9: ret 0x12ffa: add byte ptr [si + 0x76], bl 0x12ffd: js 0x1302d 0x12fff: jo 0x13074 0x13001: add byte ptr [bx + di + 0x4e], ah 0x13004: push sp 0x13005: imul bp, word ptr [di], 0x6956 0x13009: push dx 0x1300a: inc sp 0x1300c: inc cx 0x1300d: push sp 0x1300e: add byte ptr [bp + di + 0x48], ah 0x13011: dec bx 0x13012: dec sp 0x13013: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:23:48.784920487Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T12:23:48.78569397Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T12:23:48.787766399Z	74	PC: 12abe \| Reallocate memory
2018-12-25T12:23:48.788966088Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T12:23:48.790336183Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:48.791622282Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:48.792648272Z	53	PC: 12b02 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:23:48.793531386Z	37	PC: 12b12 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9818,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:48.868614236Z	61	PC: 12fd2 \| Open file (Filename = 'º')
2018-12-25T12:23:48.875444903Z	42	PC: 12fe7 \| Get date 0x12fe7: cmp cx, 0x7d0 0x12feb: jne 0x12ff9 0x12fed: cmp dx, 0x101 0x12ff1: jne 0x12ff9 0x12ff3: mov byte ptr cs:[bp + 0x5ba], 1 0x12ff9: ret 0x12ffa: add byte ptr [si + 0x76], bl 0x12ffd: js 0x1302d 0x12fff: jo 0x13074 0x13001: add byte ptr [bx + di + 0x4e], ah 0x13004: push sp 0x13005: imul bp, word ptr [di], 0x6956 0x13009: push dx 0x1300a: inc sp 0x1300c: inc cx 0x1300d: push sp 0x1300e: add byte ptr [bp + di + 0x48], ah 0x13011: dec bx 0x13012: dec sp 0x13013: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:23:48.877637436Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T12:23:48.878470366Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T12:23:48.880944626Z	74	PC: 12abe \| Reallocate memory
2018-12-25T12:23:48.882323197Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T12:23:48.883859004Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:48.886425201Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9818,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:49.28031749Z	61	PC: 12fd2 \| Open file (Filename = 'º')
2018-12-25T12:23:49.28743091Z	42	PC: 12fe7 \| Get date 0x12fe7: cmp cx, 0x7d0 0x12feb: jne 0x12ff9 0x12fed: cmp dx, 0x101 0x12ff1: jne 0x12ff9 0x12ff3: mov byte ptr cs:[bp + 0x5ba], 1 0x12ff9: ret 0x12ffa: add byte ptr [si + 0x76], bl 0x12ffd: js 0x1302d 0x12fff: jo 0x13074 0x13001: add byte ptr [bx + di + 0x4e], ah 0x13004: push sp 0x13005: imul bp, word ptr [di], 0x6956 0x13009: push dx 0x1300a: inc sp 0x1300c: inc cx 0x1300d: push sp 0x1300e: add byte ptr [bp + di + 0x48], ah 0x13011: dec bx 0x13012: dec sp 0x13013: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:23:49.289679931Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T12:23:49.290697409Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T12:23:49.292582029Z	74	PC: 12abe \| Reallocate memory
2018-12-25T12:23:49.294264279Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T12:23:49.295735784Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:49.296876152Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:49.30405264Z	53	PC: 12b02 \| Get interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')
2018-12-25T12:23:49.305248892Z	37	PC: 12b12 \| Set interrupt vector (Interrupt = '28' AKA 'Get allocation info for specified drive')

{"DateBased":true,"Day":2,"Month":1,"Year":2000,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9818,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:49.53535629Z	61	PC: 12fd2 \| Open file (Filename = 'º')
2018-12-25T12:23:49.543212402Z	42	PC: 12fe7 \| Get date 0x12fe7: cmp cx, 0x7d0 0x12feb: jne 0x12ff9 0x12fed: cmp dx, 0x101 0x12ff1: jne 0x12ff9 0x12ff3: mov byte ptr cs:[bp + 0x5ba], 1 0x12ff9: ret 0x12ffa: add byte ptr [si + 0x76], bl 0x12ffd: js 0x1302d 0x12fff: jo 0x13074 0x13001: add byte ptr [bx + di + 0x4e], ah 0x13004: push sp 0x13005: imul bp, word ptr [di], 0x6956 0x13009: push dx 0x1300a: inc sp 0x1300c: inc cx 0x1300d: push sp 0x1300e: add byte ptr [bp + di + 0x48], ah 0x13011: dec bx 0x13012: dec sp 0x13013: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:23:49.54646503Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T12:23:49.547725597Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T12:23:49.550436152Z	74	PC: 12abe \| Reallocate memory
2018-12-25T12:23:49.557351621Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T12:23:49.559140692Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:49.56300132Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9818,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:49.600378649Z	61	PC: 12fd2 \| Open file (Filename = 'º')
2018-12-25T12:23:49.605291906Z	42	PC: 12fe7 \| Get date 0x12fe7: cmp cx, 0x7d0 0x12feb: jne 0x12ff9 0x12fed: cmp dx, 0x101 0x12ff1: jne 0x12ff9 0x12ff3: mov byte ptr cs:[bp + 0x5ba], 1 0x12ff9: ret 0x12ffa: add byte ptr [si + 0x76], bl 0x12ffd: js 0x1302d 0x12fff: jo 0x13074 0x13001: add byte ptr [bx + di + 0x4e], ah 0x13004: push sp 0x13005: imul bp, word ptr [di], 0x6956 0x13009: push dx 0x1300a: inc sp 0x1300c: inc cx 0x1300d: push sp 0x1300e: add byte ptr [bp + di + 0x48], ah 0x13011: dec bx 0x13012: dec sp 0x13013: imul dx, word ptr [bp + di + 0x54], 0x4d2e
2018-12-25T12:23:49.607310909Z	192	PC: 12a56 \| UNKNOWN!
2018-12-25T12:23:49.607959622Z	74	PC: 12ab6 \| Reallocate memory
2018-12-25T12:23:49.609103328Z	74	PC: 12abe \| Reallocate memory
2018-12-25T12:23:49.611168238Z	72	PC: 12ac5 \| Allocate memory
2018-12-25T12:23:49.612586234Z	53	PC: 12ae4 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:23:49.613572429Z	37	PC: 12af5 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')