Sample viewer

vx.netlux.org/Virus.DOS.Avalanche.2812

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T21:58:55.743030638Z	48	PC: 151d0 \| Get DOS version
2018-12-17T21:58:55.744770448Z	14	PC: 151f2 \| Set default drive (Drive = 'î')
2018-12-17T21:58:55.745820722Z	78	PC: 15203 \| Find first file
2018-12-17T21:58:55.750235036Z	78	PC: 15210 \| Find first file
2018-12-17T21:58:55.754304593Z	75	PC: 15225 \| Execute program
2018-12-17T21:58:55.755476886Z	74	PC: 1527c \| Reallocate memory
2018-12-17T21:58:55.756556852Z	88	PC: 15296 \| case 0xGet or set allocation strateg:
2018-12-17T21:58:55.758186082Z	88	PC: 1529f \| case 0xGet or set allocation strateg:
2018-12-17T21:58:55.759157683Z	88	PC: 152af \| case 0xGet or set allocation strateg:
2018-12-17T21:58:55.760228227Z	88	PC: 152b7 \| case 0xGet or set allocation strateg:
2018-12-17T21:58:55.762310114Z	72	PC: 152be \| Allocate memory
2018-12-17T21:58:55.763889385Z	53	PC: 152dc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:55.765052308Z	53	PC: 152e9 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:58:55.766600006Z	37	PC: 15309 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T21:58:55.767750796Z	42	PC: 15315 \| Get date 0x15315: add dh, dl 0x15317: cmp dh, 0x1a 0x1531a: jb 0x15324 0x1531c: mov dx, 0x51b 0x1531f: mov ax, 0x2513 0x15322: int 0x21 0x15324: push word ptr [bp + 0x126] 0x15328: pop es 0x15329: mov bx, 0xffff 0x1532c: mov ah, 0x4a 0x1532e: int 0x21 0x15330: mov ah, 0x4a 0x15332: int 0x21 0x15334: mov bl, byte ptr [bp + 0x140] 0x15338: xor bh, bh 0x1533a: mov ax, 0x5803 0x1533d: int 0x21 0x1533f: mov bx, word ptr [bp + 0x13e] 0x15343: mov ax, 0x5801 0x15346: int 0x21
2018-12-17T21:58:55.769843529Z	37	PC: 15324 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-17T21:58:55.773608511Z	74	PC: 15330 \| Reallocate memory
2018-12-17T21:58:55.775460082Z	74	PC: 15334 \| Reallocate memory
2018-12-17T21:58:55.777200817Z	88	PC: 1533f \| case 0xGet or set allocation strateg:
2018-12-17T21:58:55.779425674Z	88	PC: 15348 \| case 0xGet or set allocation strateg:
2018-12-17T21:58:55.781789531Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-17T21:58:55.783155838Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-17T21:58:55.792466654Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":987,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:21.004024116Z	48	PC: 151d0 \| Get DOS version
2018-12-25T11:42:21.006478666Z	14	PC: 151f2 \| Set default drive (Drive = 'î')
2018-12-25T11:42:21.007839501Z	78	PC: 15203 \| Find first file
2018-12-25T11:42:21.014387218Z	78	PC: 15210 \| Find first file
2018-12-25T11:42:21.021324218Z	75	PC: 15225 \| Execute program
2018-12-25T11:42:21.022977587Z	74	PC: 1527c \| Reallocate memory
2018-12-25T11:42:21.024537414Z	88	PC: 15296 \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.026060261Z	88	PC: 1529f \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.027675994Z	88	PC: 152af \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.029295418Z	88	PC: 152b7 \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.031252157Z	72	PC: 152be \| Allocate memory
2018-12-25T11:42:21.036374383Z	53	PC: 152dc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:21.037776392Z	53	PC: 152e9 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:42:21.039225951Z	37	PC: 15309 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:21.041293894Z	42	PC: 15315 \| Get date 0x15315: add dh, dl 0x15317: cmp dh, 0x1a 0x1531a: jb 0x15324 0x1531c: mov dx, 0x51b 0x1531f: mov ax, 0x2513 0x15322: int 0x21 0x15324: push word ptr [bp + 0x126] 0x15328: pop es 0x15329: mov bx, 0xffff 0x1532c: mov ah, 0x4a 0x1532e: int 0x21 0x15330: mov ah, 0x4a 0x15332: int 0x21 0x15334: mov bl, byte ptr [bp + 0x140] 0x15338: xor bh, bh 0x1533a: mov ax, 0x5803 0x1533d: int 0x21 0x1533f: mov bx, word ptr [bp + 0x13e] 0x15343: mov ax, 0x5801 0x15346: int 0x21
2018-12-25T11:42:21.043812429Z	74	PC: 15330 \| Reallocate memory
2018-12-25T11:42:21.045697916Z	74	PC: 15334 \| Reallocate memory
2018-12-25T11:42:21.048266324Z	88	PC: 1533f \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.049832004Z	88	PC: 15348 \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.053405918Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T11:42:21.05680018Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T11:42:21.070513353Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":25,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":987,"SideJobID":0}

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T11:42:21.240426427Z	48	PC: 151d0 \| Get DOS version
2018-12-25T11:42:21.243103873Z	14	PC: 151f2 \| Set default drive (Drive = 'î')
2018-12-25T11:42:21.244598607Z	78	PC: 15203 \| Find first file
2018-12-25T11:42:21.251194863Z	78	PC: 15210 \| Find first file
2018-12-25T11:42:21.258282345Z	75	PC: 15225 \| Execute program
2018-12-25T11:42:21.260075321Z	74	PC: 1527c \| Reallocate memory
2018-12-25T11:42:21.261655983Z	88	PC: 15296 \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.263000364Z	88	PC: 1529f \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.26514587Z	88	PC: 152af \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.266544329Z	88	PC: 152b7 \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.268158151Z	72	PC: 152be \| Allocate memory
2018-12-25T11:42:21.271241746Z	53	PC: 152dc \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:21.272596156Z	53	PC: 152e9 \| Get interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:42:21.274286898Z	37	PC: 15309 \| Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T11:42:21.276661891Z	42	PC: 15315 \| Get date 0x15315: add dh, dl 0x15317: cmp dh, 0x1a 0x1531a: jb 0x15324 0x1531c: mov dx, 0x51b 0x1531f: mov ax, 0x2513 0x15322: int 0x21 0x15324: push word ptr [bp + 0x126] 0x15328: pop es 0x15329: mov bx, 0xffff 0x1532c: mov ah, 0x4a 0x1532e: int 0x21 0x15330: mov ah, 0x4a 0x15332: int 0x21 0x15334: mov bl, byte ptr [bp + 0x140] 0x15338: xor bh, bh 0x1533a: mov ax, 0x5803 0x1533d: int 0x21 0x1533f: mov bx, word ptr [bp + 0x13e] 0x15343: mov ax, 0x5801 0x15346: int 0x21
2018-12-25T11:42:21.291338966Z	37	PC: 15324 \| Set interrupt vector (Interrupt = '19' AKA 'Delete file')
2018-12-25T11:42:21.293216069Z	74	PC: 15330 \| Reallocate memory
2018-12-25T11:42:21.308180313Z	74	PC: 15334 \| Reallocate memory
2018-12-25T11:42:21.309837922Z	88	PC: 1533f \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.311511393Z	88	PC: 15348 \| case 0xGet or set allocation strateg:
2018-12-25T11:42:21.320489674Z	9	PC: 12bb5 \| Display string (String= '')
2018-12-25T11:42:21.323329882Z	9	PC: 12bbc \| Display string (Could not find end pointer)
2018-12-25T11:42:21.336413469Z	76	PC: 12bd2 \| Terminate with return code (Return code = '0')