Sample viewer

vx.netlux.org/Virus.DOS.Corea.Nambul.1079

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:49.863774801Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-17T22:50:49.868465994Z	78	PC: 13615 \| Find first file
2018-12-17T22:50:49.873561407Z	48	PC: 13632 \| Get DOS version
2018-12-17T22:50:49.875074009Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:50:49.886862044Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10356,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:47.173150593Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-25T12:27:47.176396029Z	78	PC: 13615 \| Find first file
2018-12-25T12:27:47.181873196Z	48	PC: 13632 \| Get DOS version
2018-12-25T12:27:47.184130569Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:47.198050182Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10356,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:47.520601613Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-25T12:27:47.524487391Z	78	PC: 13615 \| Find first file
2018-12-25T12:27:47.52965971Z	48	PC: 13632 \| Get DOS version
2018-12-25T12:27:47.531406599Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:47.54462018Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10356,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:47.54927341Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-25T12:27:47.552293718Z	78	PC: 13615 \| Find first file
2018-12-25T12:27:47.557663304Z	48	PC: 13632 \| Get DOS version
2018-12-25T12:27:47.558937073Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:47.571928131Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":3,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10356,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:47.823780792Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-25T12:27:47.827351076Z	78	PC: 13615 \| Find first file
2018-12-25T12:27:47.831934838Z	48	PC: 13632 \| Get DOS version
2018-12-25T12:27:47.833031047Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:47.850020633Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":4,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10356,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:47.874354116Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-25T12:27:47.877856234Z	78	PC: 13615 \| Find first file
2018-12-25T12:27:47.882370251Z	48	PC: 13632 \| Get DOS version
2018-12-25T12:27:47.883836465Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:47.902326999Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":5,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10356,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:47.891760407Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-25T12:27:47.894817485Z	78	PC: 13615 \| Find first file
2018-12-25T12:27:47.900020797Z	48	PC: 13632 \| Get DOS version
2018-12-25T12:27:47.901454974Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:47.914680323Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10356,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:47.968576359Z	44	PC: 135c7 \| Get time 0x135c7: mov byte ptr ds:[bp + 0x10e], dl 0x135cc: mov byte ptr ds:[bp + 0x10c], dl 0x135d1: mov byte ptr ds:[bp + 0x103], dl 0x135d6: mov byte ptr ds:[bp + 0x104], dl 0x135db: mov byte ptr ds:[bp + 0x105], dl 0x135e0: mov byte ptr ds:[bp + 0x106], dl 0x135e5: mov byte ptr ds:[bp + 0x107], dl 0x135ea: mov byte ptr ds:[bp + 0x108], dl 0x135ef: mov byte ptr ds:[bp + 0x109], dl 0x135f4: mov byte ptr ds:[bp + 0x10a], dl 0x135f9: lea si, word ptr [bp + 0x4bb] 0x135fd: mov cx, 0x437 0x13600: mov al, byte ptr ds:[bp + 0x4b1] 0x13605: xor byte ptr [si], al 0x13607: inc si 0x13608: loop 0x13605 0x1360a: mov ah, 0x4e 0x1360c: lea dx, word ptr [bp + 0x503] 0x13610: mov cx, 0 0x13613: int 0x21
2018-12-25T12:27:47.972790264Z	78	PC: 13615 \| Find first file
2018-12-25T12:27:47.977964442Z	48	PC: 13632 \| Get DOS version
2018-12-25T12:27:47.979553749Z	53	PC: 13641 \| Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:27:47.993480694Z	76	PC: 133c3 \| Terminate with return code (Return code = '1')