Sample viewer

vx.netlux.org/Virus.DOS.Livewire.220

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-17T22:51:39.5397989Z	78	PC: 12a49 \| Find first file
2018-12-17T22:51:39.546718948Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7cd 0x12a56: jb 0x12a62 0x12a58: cmp dh, 0xb 0x12a5b: jne 0x12a62 0x12a5d: cmp dl, 2 0x12a60: je 0x12a7d 0x12a62: mov ah, 0x2c 0x12a64: int 0x21 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp
2018-12-17T22:51:39.549172012Z	44	PC: 12a66 \| Get time 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp 0x12a81: mov word ptr [bp + 2], 0xa000 0x12a86: pop bp 0x12a87: pop es 0x12a88: push es 0x12a89: pop ds 0x12a8a: mov al, 0x13 0x12a8c: mov ax, 0x13 0x12a8f: int 0x10

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10634,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:40.143193619Z	78	PC: 12a49 \| Find first file
2018-12-25T12:28:40.150040892Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7cd 0x12a56: jb 0x12a62 0x12a58: cmp dh, 0xb 0x12a5b: jne 0x12a62 0x12a5d: cmp dl, 2 0x12a60: je 0x12a7d 0x12a62: mov ah, 0x2c 0x12a64: int 0x21 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp
2018-12-25T12:28:40.153395641Z	44	PC: 12a66 \| Get time 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp 0x12a81: mov word ptr [bp + 2], 0xa000 0x12a86: pop bp 0x12a87: pop es 0x12a88: push es 0x12a89: pop ds 0x12a8a: mov al, 0x13 0x12a8c: mov ax, 0x13 0x12a8f: int 0x10

{"DateBased":true,"Day":1,"Month":1,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10634,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:40.260339328Z	78	PC: 12a49 \| Find first file
2018-12-25T12:28:40.27053031Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7cd 0x12a56: jb 0x12a62 0x12a58: cmp dh, 0xb 0x12a5b: jne 0x12a62 0x12a5d: cmp dl, 2 0x12a60: je 0x12a7d 0x12a62: mov ah, 0x2c 0x12a64: int 0x21 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp
2018-12-25T12:28:40.274980106Z	44	PC: 12a66 \| Get time 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp 0x12a81: mov word ptr [bp + 2], 0xa000 0x12a86: pop bp 0x12a87: pop es 0x12a88: push es 0x12a89: pop ds 0x12a8a: mov al, 0x13 0x12a8c: mov ax, 0x13 0x12a8f: int 0x10

{"DateBased":true,"Day":1,"Month":11,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10634,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:40.282369824Z	78	PC: 12a49 \| Find first file
2018-12-25T12:28:40.289477881Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7cd 0x12a56: jb 0x12a62 0x12a58: cmp dh, 0xb 0x12a5b: jne 0x12a62 0x12a5d: cmp dl, 2 0x12a60: je 0x12a7d 0x12a62: mov ah, 0x2c 0x12a64: int 0x21 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp
2018-12-25T12:28:40.292505188Z	44	PC: 12a66 \| Get time 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp 0x12a81: mov word ptr [bp + 2], 0xa000 0x12a86: pop bp 0x12a87: pop es 0x12a88: push es 0x12a89: pop ds 0x12a8a: mov al, 0x13 0x12a8c: mov ax, 0x13 0x12a8f: int 0x10

{"DateBased":true,"Day":2,"Month":11,"Year":1997,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10634,"SideJobID":0}

.

GIF

Syscalls:

Time	Syscall Op	Syscall Name
2018-12-25T12:28:40.963810651Z	78	PC: 12a49 \| Find first file
2018-12-25T12:28:40.970382842Z	42	PC: 12a52 \| Get date 0x12a52: cmp cx, 0x7cd 0x12a56: jb 0x12a62 0x12a58: cmp dh, 0xb 0x12a5b: jne 0x12a62 0x12a5d: cmp dl, 2 0x12a60: je 0x12a7d 0x12a62: mov ah, 0x2c 0x12a64: int 0x21 0x12a66: or dl, dl 0x12a68: jne 0x12a7b 0x12a6a: mov byte ptr [0x1ca], 0x24 0x12a6f: mov ah, 9 0x12a71: mov dx, 0x1bc 0x12a74: int 0x21 0x12a76: mov dx, 0x1000 0x12a79: int 0x27 0x12a7b: int 0x20 0x12a7d: push ax 0x12a7e: push bp 0x12a7f: mov bp, sp