Sample viewer

vx.netlux.org/Virus.DOS.Sirius.Mem.1052

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:49:20.010205154Z	48	PC: 1517c \| Get DOS version
2018-12-17T22:49:20.012330825Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15363 0x15339: cmp al, 4 0x1533b: jb 0x15363 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15363 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15363 0x1534c: call 0x15364 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x39b] 0x15355: int 0x21 0x15357: mov ax, 2 0x1535a: mov cx, 0xa 0x1535d: cli 0x1535e: cdq 0x1535f: int 0x26
2018-12-17T22:49:20.016813124Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T22:49:20.020698569Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T22:49:20.032666259Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9852,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:54.647069648Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:23:54.648854336Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15363 0x15339: cmp al, 4 0x1533b: jb 0x15363 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15363 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15363 0x1534c: call 0x15364 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x39b] 0x15355: int 0x21 0x15357: mov ax, 2 0x1535a: mov cx, 0xa 0x1535d: cli 0x1535e: cdq 0x1535f: int 0x26
2018-12-25T12:23:54.653258594Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:23:54.656501286Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:23:54.668576453Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9852,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:54.657800903Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:23:54.660405335Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15363 0x15339: cmp al, 4 0x1533b: jb 0x15363 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15363 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15363 0x1534c: call 0x15364 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x39b] 0x15355: int 0x21 0x15357: mov ax, 2 0x1535a: mov cx, 0xa 0x1535d: cli 0x1535e: cdq 0x1535f: int 0x26
2018-12-25T12:23:54.66401687Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:23:54.665700519Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:23:54.674655231Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":4,"Month":9,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9852,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:54.956417734Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:23:54.958817809Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15363 0x15339: cmp al, 4 0x1533b: jb 0x15363 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15363 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15363 0x1534c: call 0x15364 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x39b] 0x15355: int 0x21 0x15357: mov ax, 2 0x1535a: mov cx, 0xa 0x1535d: cli 0x1535e: cdq 0x1535f: int 0x26
2018-12-25T12:23:54.964489233Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:23:54.967316117Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:23:54.982141435Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":6,"Year":1995,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":9852,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:23:55.068461119Z	48	PC: 1517c \| Get DOS version
2018-12-25T12:23:55.071074799Z	42	PC: 15332 \| Get date 0x15332: add dl, 5 0x15335: cmp dh, dl 0x15337: jne 0x15363 0x15339: cmp al, 4 0x1533b: jb 0x15363 0x1533d: cmp cx, 0x7cb 0x15341: jb 0x15363 0x15343: mov ah, 0x2c 0x15345: int 0x21 0x15347: and dh, 7 0x1534a: jne 0x15363 0x1534c: call 0x15364 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x39b] 0x15355: int 0x21 0x15357: mov ax, 2 0x1535a: mov cx, 0xa 0x1535d: cli 0x1535e: cdq 0x1535f: int 0x26
2018-12-25T12:23:55.073402878Z	44	PC: 15347 \| Get time 0x15347: and dh, 7 0x1534a: jne 0x15363 0x1534c: call 0x15364 0x1534f: mov ah, 9 0x15351: lea dx, word ptr [bp + 0x39b] 0x15355: int 0x21 0x15357: mov ax, 2 0x1535a: mov cx, 0xa 0x1535d: cli 0x1535e: cdq 0x1535f: int 0x26 0x15361: cli 0x15362: hlt 0x15363: ret 0x15364: push si 0x15365: push di 0x15366: push bp 0x15367: call 0x1536a 0x1536a: pop di 0x1536b: sub di, 0x21a
2018-12-25T12:23:55.077940692Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T12:23:55.080157047Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T12:23:55.092113981Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')