Sample viewer

vx.netlux.org/Virus.DOS.FlashLight.966

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:50:51.525604618Z	221	PC: 12d35 \| UNKNOWN!
2018-12-17T22:50:51.527180751Z	74	PC: 12d50 \| Reallocate memory
2018-12-17T22:50:51.528494982Z	72	PC: 12d59 \| Allocate memory
2018-12-17T22:50:51.530103535Z	42	PC: 12da2 \| Get date 0x12da2: cli 0x12da3: cmp al, 1 0x12da5: jne 0x12db6 0x12da7: cmp dl, 0x14 0x12daa: jb 0x12db6 0x12dac: mov word ptr [0x20], 0xa 0x12db2: mov word ptr [0x22], es 0x12db6: mov si, es 0x12db8: dec si 0x12db9: mov es, si 0x12dbb: mov word ptr es:[1], 0x70 0x12dc2: sti 0x12dc3: cmp word ptr cs:[bp + 0x3be], 0 0x12dc9: je 0x12df6 0x12dcb: mov ax, es 0x12dcd: add ax, 0x10 0x12dd0: add word ptr cs:[bp + 0x3be], ax 0x12dd5: add word ptr cs:[bp + 0x3c2], ax 0x12dda: pop ds 0x12ddb: pop es
2018-12-17T22:50:51.533064958Z	76	PC: 12dfe \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10359,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:48.19911296Z	221	PC: 12d35 \| UNKNOWN!
2018-12-25T12:27:48.200551807Z	74	PC: 12d50 \| Reallocate memory
2018-12-25T12:27:48.202075744Z	72	PC: 12d59 \| Allocate memory
2018-12-25T12:27:48.203772225Z	42	PC: 12da2 \| Get date 0x12da2: cli 0x12da3: cmp al, 1 0x12da5: jne 0x12db6 0x12da7: cmp dl, 0x14 0x12daa: jb 0x12db6 0x12dac: mov word ptr [0x20], 0xa 0x12db2: mov word ptr [0x22], es 0x12db6: mov si, es 0x12db8: dec si 0x12db9: mov es, si 0x12dbb: mov word ptr es:[1], 0x70 0x12dc2: sti 0x12dc3: cmp word ptr cs:[bp + 0x3be], 0 0x12dc9: je 0x12df6 0x12dcb: mov ax, es 0x12dcd: add ax, 0x10 0x12dd0: add word ptr cs:[bp + 0x3be], ax 0x12dd5: add word ptr cs:[bp + 0x3c2], ax 0x12dda: pop ds 0x12ddb: pop es
2018-12-25T12:27:48.20616382Z	76	PC: 12dfe \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":7,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10359,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:48.479285743Z	221	PC: 12d35 \| UNKNOWN!
2018-12-25T12:27:48.480172576Z	74	PC: 12d50 \| Reallocate memory
2018-12-25T12:27:48.482519329Z	72	PC: 12d59 \| Allocate memory
2018-12-25T12:27:48.484807473Z	42	PC: 12da2 \| Get date 0x12da2: cli 0x12da3: cmp al, 1 0x12da5: jne 0x12db6 0x12da7: cmp dl, 0x14 0x12daa: jb 0x12db6 0x12dac: mov word ptr [0x20], 0xa 0x12db2: mov word ptr [0x22], es 0x12db6: mov si, es 0x12db8: dec si 0x12db9: mov es, si 0x12dbb: mov word ptr es:[1], 0x70 0x12dc2: sti 0x12dc3: cmp word ptr cs:[bp + 0x3be], 0 0x12dc9: je 0x12df6 0x12dcb: mov ax, es 0x12dcd: add ax, 0x10 0x12dd0: add word ptr cs:[bp + 0x3be], ax 0x12dd5: add word ptr cs:[bp + 0x3c2], ax 0x12dda: pop ds 0x12ddb: pop es
2018-12-25T12:27:48.488730679Z	76	PC: 12dfe \| Terminate with return code (Return code = '0')

{"DateBased":true,"Day":21,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10359,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:27:49.033392374Z	221	PC: 12d35 \| UNKNOWN!
2018-12-25T12:27:49.034834221Z	74	PC: 12d50 \| Reallocate memory
2018-12-25T12:27:49.03724543Z	72	PC: 12d59 \| Allocate memory
2018-12-25T12:27:49.039328529Z	42	PC: 12da2 \| Get date 0x12da2: cli 0x12da3: cmp al, 1 0x12da5: jne 0x12db6 0x12da7: cmp dl, 0x14 0x12daa: jb 0x12db6 0x12dac: mov word ptr [0x20], 0xa 0x12db2: mov word ptr [0x22], es 0x12db6: mov si, es 0x12db8: dec si 0x12db9: mov es, si 0x12dbb: mov word ptr es:[1], 0x70 0x12dc2: sti 0x12dc3: cmp word ptr cs:[bp + 0x3be], 0 0x12dc9: je 0x12df6 0x12dcb: mov ax, es 0x12dcd: add ax, 0x10 0x12dd0: add word ptr cs:[bp + 0x3be], ax 0x12dd5: add word ptr cs:[bp + 0x3c2], ax 0x12dda: pop ds 0x12ddb: pop es
2018-12-25T12:27:49.042736459Z	76	PC: 12dfe \| Terminate with return code (Return code = '0')