Sample viewer

vx.netlux.org/Virus.DOS.Cryptor.3166

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:51:29.988314159Z 235 PC: 12a50 | UNKNOWN!
2018-12-17T22:51:29.990497519Z 53 PC: 12aab | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:29.992599857Z 37 PC: 12abc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:51:29.994228584Z 42 PC: 13613 | Get date 0x13613: cmp dl, 2
0x13616: jne 0x13628
0x13618: mov ah, 0x2c
0x1361a: int 0x21
0x1361c: cmp ch, cl
0x1361e: jne 0x13628
0x13620: mov ah, 9
0x13622: lea dx, word ptr [bp + 0xd13]
0x13626: int 0x21
0x13628: ret
0x13629: cld
0x1362a: mov si, dx
0x1362c: mov di, dx
0x1362e: lodsb al, byte ptr [si]
0x1362f: cmp al, 0x5c
0x13631: jne 0x13635
0x13633: mov di, si
0x13635: cmp al, 0x3a
0x13637: jne 0x1363b
0x13639: mov di, si

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:22.910778205Z 235 PC: 12a50 | UNKNOWN!
2018-12-25T12:28:22.913323481Z 53 PC: 12aab | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:22.914899015Z 37 PC: 12abc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:22.916410063Z 42 PC: 13613 | Get date 0x13613: cmp dl, 2
0x13616: jne 0x13628
0x13618: mov ah, 0x2c
0x1361a: int 0x21
0x1361c: cmp ch, cl
0x1361e: jne 0x13628
0x13620: mov ah, 9
0x13622: lea dx, word ptr [bp + 0xd13]
0x13626: int 0x21
0x13628: ret
0x13629: cld
0x1362a: mov si, dx
0x1362c: mov di, dx
0x1362e: lodsb al, byte ptr [si]
0x1362f: cmp al, 0x5c
0x13631: jne 0x13635
0x13633: mov di, si
0x13635: cmp al, 0x3a
0x13637: jne 0x1363b
0x13639: mov di, si

{"DateBased":true,"Day":2,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10567,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:28:23.151364876Z 235 PC: 12a50 | UNKNOWN!
2018-12-25T12:28:23.153856382Z 53 PC: 12aab | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:23.15519529Z 37 PC: 12abc | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:28:23.156578515Z 42 PC: 13613 | Get date 0x13613: cmp dl, 2
0x13616: jne 0x13628
0x13618: mov ah, 0x2c
0x1361a: int 0x21
0x1361c: cmp ch, cl
0x1361e: jne 0x13628
0x13620: mov ah, 9
0x13622: lea dx, word ptr [bp + 0xd13]
0x13626: int 0x21
0x13628: ret
0x13629: cld
0x1362a: mov si, dx
0x1362c: mov di, dx
0x1362e: lodsb al, byte ptr [si]
0x1362f: cmp al, 0x5c
0x13631: jne 0x13635
0x13633: mov di, si
0x13635: cmp al, 0x3a
0x13637: jne 0x1363b
0x13639: mov di, si
2018-12-25T12:28:23.159755252Z 44 PC: 1361c | Get time 0x1361c: cmp ch, cl
0x1361e: jne 0x13628
0x13620: mov ah, 9
0x13622: lea dx, word ptr [bp + 0xd13]
0x13626: int 0x21
0x13628: ret
0x13629: cld
0x1362a: mov si, dx
0x1362c: mov di, dx
0x1362e: lodsb al, byte ptr [si]
0x1362f: cmp al, 0x5c
0x13631: jne 0x13635
0x13633: mov di, si
0x13635: cmp al, 0x3a
0x13637: jne 0x1363b
0x13639: mov di, si
0x1363b: or al, al
0x1363d: jne 0x1362e
0x1363f: ret
0x13640: mov di, si